Add cleaned flag
[misc/kostenrechnung] / lib / login.php
index e45b4ec..4ba192f 100644 (file)
@@ -1,10 +1,5 @@
 <?php
 
-function passwd($login,$pass)
-{
-  return md5(md5($pass).$login);
-}
-
 function check_passwd()
 {
   if (empty($_POST['login']) || empty($_POST['passwd']))
@@ -17,11 +12,19 @@ function check_passwd()
 
   if ($sth === false) return false;
 
+  if (substr($_SERVER['HTTP_REFERER'],-12) != '/?login=true'
+      || substr($_SERVER['SCRIPT_FILENAME'],-10) != '/index.php') {
+    error_log('Wrong referrer or wrong request uri');
+    return false;
+  }
+
   if ($row = pg_fetch_assoc($sth)) {
     $_SESSION['sys'] = array('uid' => $row['id'],
                             'login' => $row['login'],
                             'name' => $row['name'],
-                            'email' => $row['email']);
+                            'email' => $row['email'],
+                            'group' => $row['gid'],
+                            'basedir' => substr($_SERVER['SCRIPT_FILENAME'],0,-9));
     return true;
   }