opensmtpdadmin/users/login.php

<?php
// 
// OpenSMTPD Admin 
// by Mischa Peters <mischa at high5 dot nl>
// Copyright (c) 2022 High5!
// License Info: LICENSE.TXT
//
// File: login.php
//
// Template File: login.tpl
//
// Template variables:
//
//  message
//  username
//
// GET / POST variables:  
//
//  username
//  password
//
require_once '../functions.inc.php';
include '../languages/' . check_language () . '.lang';
 
if ($_SERVER['REQUEST_METHOD'] == "POST") {
	$username = filter_input(INPUT_POST, 'username', FILTER_VALIDATE_EMAIL);
	$password = filter_input(INPUT_POST, 'password', FILTER_DEFAULT);

	if (!empty($username) && !empty($password)) {
		$dbh = pdo_connect();
		$sth = $dbh->prepare("SELECT password FROM mailbox WHERE username=?");
		$sth->bindParam(1, $username, PDO::PARAM_STR);
		$sth->execute();
		$row = $sth->fetch(PDO::FETCH_COLUMN);
	}

	if (!empty($row)) {
		if (!password_verify($password, $row)) {
			$message = $LANG['Login_incorrect'];
		}
	} else {
		$message = $LANG['Login_incorrect'];
	}

	if (empty($message)) {
		session_start();
		$_SESSION['userid']['username'] = $username;
		header("Location: password.php");
		exit;
	}
} 
include '../templates/header.tpl';
include '../templates/users_login.tpl';
include '../templates/footer.tpl';
?>
Initial commit 2022-08-18 14:01:52 +02:00			`<?php`
			`//`
			`// OpenSMTPD Admin`
			`// by Mischa Peters <mischa at high5 dot nl>`
			`// Copyright (c) 2022 High5!`
			`// License Info: LICENSE.TXT`
			`//`
			`// File: login.php`
			`//`
			`// Template File: login.tpl`
			`//`
more users things done 2022-09-04 19:17:50 +02:00			`// Template variables:`
Initial commit 2022-08-18 14:01:52 +02:00			`//`
more users things done 2022-09-04 19:17:50 +02:00			`// message`
			`// username`
Initial commit 2022-08-18 14:01:52 +02:00			`//`
more users things done 2022-09-04 19:17:50 +02:00			`// GET / POST variables:`
Initial commit 2022-08-18 14:01:52 +02:00			`//`
more users things done 2022-09-04 19:17:50 +02:00			`// username`
			`// password`
Initial commit 2022-08-18 14:01:52 +02:00			`//`
more users things done 2022-09-04 19:17:50 +02:00			`require_once '../functions.inc.php';`
			`include '../languages/' . check_language () . '.lang';`
Initial commit 2022-08-18 14:01:52 +02:00
			`if ($_SERVER['REQUEST_METHOD'] == "POST") {`
more users things done 2022-09-04 19:17:50 +02:00			`$username = filter_input(INPUT_POST, 'username', FILTER_VALIDATE_EMAIL);`
			`$password = filter_input(INPUT_POST, 'password', FILTER_DEFAULT);`
Initial commit 2022-08-18 14:01:52 +02:00
more users things done 2022-09-04 19:17:50 +02:00			`if (!empty($username) && !empty($password)) {`
connect_db -> pdo_connect 2022-09-04 20:50:21 +02:00			`$dbh = pdo_connect();`
more users things done 2022-09-04 19:17:50 +02:00			`$sth = $dbh->prepare("SELECT password FROM mailbox WHERE username=?");`
			`$sth->bindParam(1, $username, PDO::PARAM_STR);`
			`$sth->execute();`
			`$row = $sth->fetch(PDO::FETCH_COLUMN);`
			`}`

			`if (!empty($row)) {`
			`if (!password_verify($password, $row)) {`
			`$message = $LANG['Login_incorrect'];`
Initial commit 2022-08-18 14:01:52 +02:00			`}`
			`} else {`
more users things done 2022-09-04 19:17:50 +02:00			`$message = $LANG['Login_incorrect'];`
Initial commit 2022-08-18 14:01:52 +02:00			`}`

more users things done 2022-09-04 19:17:50 +02:00			`if (empty($message)) {`
Initial commit 2022-08-18 14:01:52 +02:00			`session_start();`
more users things done 2022-09-04 19:17:50 +02:00			`$_SESSION['userid']['username'] = $username;`
remove main 2022-09-05 08:20:02 +02:00			`header("Location: password.php");`
Initial commit 2022-08-18 14:01:52 +02:00			`exit;`
			`}`
			`}`
more users things done 2022-09-04 19:17:50 +02:00			`include '../templates/header.tpl';`
			`include '../templates/users_login.tpl';`
			`include '../templates/footer.tpl';`
Initial commit 2022-08-18 14:01:52 +02:00			`?>`