<?php
// 
// OpenSMTPD Admin 
// by Mischa Peters <mischa at high5 dot nl>
// Copyright (c) 2022 High5!
// License Info: LICENSE.TXT
//
// File: login.php
//
// Template File: login.tpl
//
// Template variables:
//
//  message
//  username
//
// GET / POST variables:  
//
//  username
//  password
//
require_once '../functions.inc.php';
include '../languages/' . check_language () . '.lang';
 
if ($_SERVER['REQUEST_METHOD'] == "POST") {
	$username = filter_input(INPUT_POST, 'username', FILTER_VALIDATE_EMAIL);
	$password = filter_input(INPUT_POST, 'password', FILTER_DEFAULT);

	if (!empty($username) && !empty($password)) {
		$dbh = pdo_connect();
		$sth = $dbh->prepare("SELECT password FROM mailbox WHERE username=?");
		$sth->bindParam(1, $username, PDO::PARAM_STR);
		$sth->execute();
		$row = $sth->fetch(PDO::FETCH_COLUMN);
	}

	if (!empty($row)) {
		if (!password_verify($password, $row)) {
			$message = $LANG['Login_incorrect'];
		}
	} else {
		$message = $LANG['Login_incorrect'];
	}

	if (empty($message)) {
		session_start();
		$_SESSION['userid']['username'] = $username;
		header("Location: password.php");
		exit;
	}
} 
include '../templates/header.tpl';
include '../templates/users_login.tpl';
include '../templates/footer.tpl';
?>