kiduc
/
bibiuc.com
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 59 Wiki Activity
Browse Source

Merge a2c661e135 into 3c42ea9f67

pull/148/merge
Joe 10 years ago
parent
3c42ea9f67 a2c661e135
commit
46cf3b33b6
1 changed files with 34 additions and 16 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +34
    -16
      system/admin/admin.php

+ 34
- 16
system/admin/admin.php View File

@ -27,25 +27,43 @@ function create_user($userName, $password)
}
// Create a session
function session($user, $pass)
{
$user_file = 'config/users/' . $user . '.ini';
$user_enc = user('encryption', $user);
$user_pass = user('password', $user);
$password = (strlen($user_enc) > 0 && $user_enc !== 'clear' && $user_enc !== 'none') ? hash($user_enc, $pass) : $pass;
if (file_exists($user_file)) {
if ($password === $user_pass) {
$_SESSION[config("site.url")]['user'] = $user;
header('location: admin');
} else {
return $str = '<li>Your username and password mismatch.</li>';
function session($user, $pass, $str = null) {
$user_file = 'config/users/' . $user . '.ini';
$user_enc = user('encryption', $user);
$user_pass = user('password', $user);
// Is the password hashed?
if (strlen($user_enc) > 0 && $user_enc !== 'clear' && $user_enc !== 'none') {
// If the hash algo bcrypt?
if ($user_enc == 'bcrypt') {
// DON'T DO A FUCKING THING BECAUSE WE'RE USING THE APSSWORDV_ERIFY FUCNTION BITJESK.
$password = $pass;
}
else {
// Yay, we're using a hashing algorithm designed to be FAST so brute forcers can exert less effort
$password = hash($user_enc,$pass);
}
}
else {
// Wow, we really like plaintext stuff. Hope your /config/user/admin.ini isn't web-accessible
$password = $pass;
}
if(file_exists($user_file)) {
if($password === $user_pass || password_verify($password, $user_pass)) {
$_SESSION[config("site.url")]['user'] = $user;
header('location: admin');
}
else {
return $str = '<li>Your username and password mismatch.</li>';
}
}
else {
return $str = '<li>Username not found in our record.</li>';
}
} else {
return $str = '<li>Username not found in our record.</li>';
}
}
// Clean URLs
function remove_accent($str)
{


Write Preview
Loading…
Cancel
Save