opensmtpdadmin/login.php

<?php
// 
// OpenSMTPD Admin 
// by Mischa Peters <mischa at high5 dot nl>
// Copyright (c) 2022 High5!
// License Info: LICENSE.TXT
//
// File: login.php
//
// Template File: login.tpl
//
// Template variables:
//
//  message
//  username
//
// GET / POST variables:  
//
//  username
//  password
//
require_once './functions.inc.php';
include './languages/' . check_language () . '.lang';
 
if ($_SERVER['REQUEST_METHOD'] == "POST") {
	$username = filter_input(INPUT_POST, 'username', FILTER_VALIDATE_EMAIL);
	$password = filter_input(INPUT_POST, 'password', FILTER_DEFAULT);

	if (!empty($username) && !empty($password)) {
		$dbh = pdo_connect();
		$sth = $dbh->prepare("SELECT password FROM admin WHERE username=?");
		$sth->bindParam(1, $username, PDO::PARAM_STR);
		$sth->execute();
		$row = $sth->fetch(PDO::FETCH_ASSOC);
		if (empty($row)) {
			$sth = $dbh->prepare("SELECT password FROM mailbox WHERE username=?");
			$sth->bindParam(1, $username, PDO::PARAM_STR);
			$sth->execute();
			$row = $sth->fetch(PDO::FETCH_ASSOC);
			$location = "password.php";
		} else {
			$location = "list-domain.php";
		}
	}

	if (!empty($row['password'])) {
		if (!password_verify($password, $row['password'])) {
			$message = $LANG['Login_incorrect'];
		}
	} else {
		$message = $LANG['Login_incorrect'];
	}

	if (empty($message)) {
		session_start();
		$_SESSION['sessid']['username'] = $username;
		header("Location: $location");
		exit;
	}
} 
include './templates/header.tpl';
include './templates/login.tpl';
include './templates/footer.tpl';
?>
Initial commit 2022-08-18 14:01:52 +02:00			`<?php`
			`//`
			`// OpenSMTPD Admin`
			`// by Mischa Peters <mischa at high5 dot nl>`
			`// Copyright (c) 2022 High5!`
			`// License Info: LICENSE.TXT`
			`//`
			`// File: login.php`
			`//`
			`// Template File: login.tpl`
			`//`
rip and replace.. start 2022-09-02 23:06:08 +02:00			`// Template variables:`
Initial commit 2022-08-18 14:01:52 +02:00			`//`
refactored login.php 2022-09-04 12:10:27 +02:00			`// message`
			`// username`
Initial commit 2022-08-18 14:01:52 +02:00			`//`
rip and replace.. start 2022-09-02 23:06:08 +02:00			`// GET / POST variables:`
Initial commit 2022-08-18 14:01:52 +02:00			`//`
refactored login.php 2022-09-04 12:10:27 +02:00			`// username`
			`// password`
Initial commit 2022-08-18 14:01:52 +02:00			`//`
refactored login.php 2022-09-04 12:10:27 +02:00			`require_once './functions.inc.php';`
			`include './languages/' . check_language () . '.lang';`
Initial commit 2022-08-18 14:01:52 +02:00
			`if ($_SERVER['REQUEST_METHOD'] == "POST") {`
refactored login.php 2022-09-04 12:10:27 +02:00			`$username = filter_input(INPUT_POST, 'username', FILTER_VALIDATE_EMAIL);`
			`$password = filter_input(INPUT_POST, 'password', FILTER_DEFAULT);`
Initial commit 2022-08-18 14:01:52 +02:00
refactored login.php 2022-09-04 12:10:27 +02:00			`if (!empty($username) && !empty($password)) {`
connect_db -> pdo_connect 2022-09-04 20:50:21 +02:00			`$dbh = pdo_connect();`
change check_role() to query 2022-09-06 13:56:05 +02:00			`$sth = $dbh->prepare("SELECT password FROM admin WHERE username=?");`
refactored login.php 2022-09-04 12:10:27 +02:00			`$sth->bindParam(1, $username, PDO::PARAM_STR);`
			`$sth->execute();`
merge admin + superadmin 2022-09-05 20:29:41 +02:00			`$row = $sth->fetch(PDO::FETCH_ASSOC);`
merge /users 2022-09-06 10:32:25 +02:00			`if (empty($row)) {`
			`$sth = $dbh->prepare("SELECT password FROM mailbox WHERE username=?");`
			`$sth->bindParam(1, $username, PDO::PARAM_STR);`
			`$sth->execute();`
			`$row = $sth->fetch(PDO::FETCH_ASSOC);`
			`$location = "password.php";`
			`} else {`
			`$location = "list-domain.php";`
			`}`
refactored login.php 2022-09-04 12:10:27 +02:00			`}`
more users things done 2022-09-04 19:17:50 +02:00
merge admin + superadmin 2022-09-05 20:29:41 +02:00			`if (!empty($row['password'])) {`
			`if (!password_verify($password, $row['password'])) {`
refactored login.php 2022-09-04 12:10:27 +02:00			`$message = $LANG['Login_incorrect'];`
Initial commit 2022-08-18 14:01:52 +02:00			`}`
			`} else {`
refactored login.php 2022-09-04 12:10:27 +02:00			`$message = $LANG['Login_incorrect'];`
Initial commit 2022-08-18 14:01:52 +02:00			`}`

refactored login.php 2022-09-04 12:10:27 +02:00			`if (empty($message)) {`
Initial commit 2022-08-18 14:01:52 +02:00			`session_start();`
refactored login.php 2022-09-04 12:10:27 +02:00			`$_SESSION['sessid']['username'] = $username;`
merge /users 2022-09-06 10:32:25 +02:00			`header("Location: $location");`
Initial commit 2022-08-18 14:01:52 +02:00			`exit;`
			`}`
			`}`
refactored login.php 2022-09-04 12:10:27 +02:00			`include './templates/header.tpl';`
			`include './templates/login.tpl';`
			`include './templates/footer.tpl';`
Initial commit 2022-08-18 14:01:52 +02:00			`?>`