connect_errno) { if (defined('headless')) { header('HTTP/1.1 503 Service Unavailable', true, 503); } else { printf("Connect failed: %s\n", $mysqli->connect_error); } exit(); } $mysqli->set_charset("utf8"); session_name('ulogger'); session_start(); $sid = session_id(); // check for forced login to authorize admin in case of public access $force_login = (isset($_REQUEST['force_login']) ? $_REQUEST['force_login'] : 0); if ($force_login) { $require_authentication = 1; } $auth = (isset($_SESSION['auth']) ? $_SESSION['auth'] : NULL); $admin = (isset($_SESSION['admin']) ? $_SESSION['admin'] : NULL); if ($auth || $require_authentication || defined('headless')) { /* authentication */ $user = (isset($_REQUEST['user']) ? $_REQUEST['user'] : ""); $pass = (isset($_REQUEST['pass']) ? $_REQUEST['pass'] : ""); $ssl = ((!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "" || $_SERVER['HTTPS'] == "off") ? "http" : "https"); $auth_error = (isset($_REQUEST['auth_error']) ? $_REQUEST['auth_error'] : 0); // not authenticated and username not submited // load form if ((!$auth) && (!$user)){ if (defined('headless')) { header('HTTP/1.1 401 Unauthorized', true, 401); } else { print ' '.$lang_title.'
'.$lang_title.'
'.$lang_private.'
'.$lang_username.':

'.$lang_password.':


'.(($force_login==1) ? "" : "").'
'.(($auth_error==1) ? $lang_authfail : "").'
'; } $mysqli->close(); exit(); } // username submited if ((!$auth) && ($user)){ $query = $mysqli->prepare("SELECT id, login, password FROM users WHERE login=? LIMIT 1"); $query->bind_param('s', $user); $query->execute(); $query->bind_result($rec_id, $rec_user, $rec_pass); $query->fetch(); $query->free_result(); //correct pass if (($user == $rec_user) && password_verify($pass, $rec_pass)) { // login successful //delete old session $_SESSION = NULL; session_destroy(); // start new session session_name('ulogger'); session_start(); if (($user == $admin_user) && !empty($admin_user)) { $_SESSION['admin'] = $admin_user; } $_SESSION['auth'] = $rec_id; $url = str_replace("//", "/", $_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php"); header("Location: $ssl://$url"); exit(); } else { // unsuccessful $error = "?auth_error=1"; // destroy session $_SESSION = NULL; if (isset($_COOKIE[session_name('ulogger')])) { setcookie(session_name('ulogger'),'',time()-42000,'/'); } session_destroy(); $mysqli->close(); if (defined('headless')) { header('HTTP/1.1 401 Unauthorized', true, 401); } else { $url = str_replace("//", "/", $_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php"); header("Location: $ssl://$url$error"); } exit(); } } /* end of authentication */ } ?>