full-text-rss/admin/login.php
2013-04-18 16:11:06 +02:00

38 lines
1.8 KiB
PHP

<?php
session_start();
require_once(dirname(dirname(__FILE__)).'/config.php');
if (!isset($options->admin_credentials) || $options->admin_credentials['username'] == '' || $options->admin_credentials['password'] == '') {
die('<h2>Admin privileges required</h2><p>This page requires admin privileges but Full-Text RSS has not been configured with admin credentials.</p><p>If you are the administrator, please edit your <tt>custom_config.php</tt> file and enter the credentials in the appropriate section. When you\'ve done that, this page will prompt you for your admin credentials.</p>');
}
$name = @$_POST['username'];
$pass = @$_POST['pass'];
$invalid_login = false;
if ($name || $pass) {
if ($name == $options->admin_credentials['username'] && $pass == $options->admin_credentials['password']) {
// Authentication successful - set session
$_SESSION['auth'] = 1;
if (isset($_POST['redirect']) && preg_match('/^[0-9a-z]+$/', $_POST['redirect'])) {
header('Location: '.$_POST['redirect'].'.php');
} else {
header('Location: index.php');
}
exit;
}
$invalid_login = true;
}
?>
<!DOCTYPE html>
<html>
<head><title>Login</title></head>
<body>
<?php if ($invalid_login) echo '<p><strong>Invalid login, please try again.</strong> If you can\'t remember your admin credentials, open your <tt>custom_config.php</tt> and you\'ll find them in there.</p>'; ?>
<form method="post" action="login.php">
<?php if (isset($_GET['redirect'])) echo '<input type="hidden" name="redirect" value="'.htmlspecialchars($_GET['redirect']).'" />'; ?>
<label>Username: <input type="text" name="username" value="<?php echo @$_POST['username']; ?>" /></label>
<label>Password: <input type="password" name="pass" /></label>
<input type="submit" name="submit" value="Log In" />
</form>
</body>
</html>