<?php
-function passwd($login,$pass)
-{
- return md5(md5($pass).$login);
-}
-
function check_passwd()
{
if (empty($_POST['login']) || empty($_POST['passwd']))
if ($sth === false) return false;
+ if (substr($_SERVER['HTTP_REFERER'],-12) != '/?login=true'
+ || substr($_SERVER['SCRIPT_FILENAME'],-10) != '/index.php') {
+ error_log('Wrong referrer or wrong request uri');
+ return false;
+ }
+
if ($row = pg_fetch_assoc($sth)) {
$_SESSION['sys'] = array('uid' => $row['id'],
'login' => $row['login'],
'name' => $row['name'],
- 'email' => $row['email']);
+ 'email' => $row['email'],
+ 'group' => $row['gid'],
+ 'basedir' => substr($_SERVER['SCRIPT_FILENAME'],0,-9));
return true;
}