<?php
+function check_session()
+{
+ if (!empty($_POST['login']) && !empty($_POST['passwd'])) {
+ require_once('lib/login.php');
+ if (check_passwd()) {
+ header('Location: ./');
+ exit();
+ }
+ }
+
+ if (empty($_SESSION['sys']['login']) && empty($_GET['login'])) {
+ header('Location: ./?login=true');
+ exit();
+ }
+}
+
function sanitise_filename($file)
{
return str_replace('./','x',$file);
function process()
{
+ if (!empty($_GET['login'])) {
+ require_once('lib/login.php');
+ return mask_login();
+ }
+
if (!empty($_GET['mask'])) {
require_once('lib/mask.php');
return mask($_GET['mask']);
--- /dev/null
+<?php
+
+function passwd($login,$pass)
+{
+ return md5(md5($pass).$login);
+}
+
+function check_passwd()
+{
+ if (empty($_POST['login']) || empty($_POST['passwd']))
+ return false;
+
+ $sql = sprintf("SELECT * FROM sys_user WHERE login = '%s' AND passwd = '%s'",
+ pg_escape_string($_POST['login']), passwd($_POST['login'], $_POST['passwd']));
+
+ $sth = pg_query($sql);
+
+ if ($sth === false) return false;
+
+ if ($row = pg_fetch_assoc($sth)) {
+ $_SESSION['sys'] = array('uid' => $row['id'],
+ 'login' => $row['login'],
+ 'name' => $row['name'],
+ 'email' => $row['email']);
+ return true;
+ }
+
+ error_log('Failed login attempt for user ' . $_POST['login']);
+ return false;
+}
+
+function mask_login()
+{
+ $ret = '<div class="login">';
+
+ $ret .= '<div align="center">';
+ $ret .= '<form action="index.php" method="POST">';
+ $ret .= '<table class="login" cellpadding="5">';
+ $ret .= '<tr><th align="left" colspan="2" style="background: #BBD9EE;">Anmeldung</th></tr>';
+
+ $ret .= '<tr><th align="right">Login</th><td><input type="text" name="login" size="15"></td></tr>';
+ $ret .= '<tr><th align="right">Passwort</th><td><input type="password" name="passwd" size="15"></td></tr>';
+
+ $ret .= '<tr><td colspan="2" align="center"><input type="submit" value="Anmelden"></td></tr>';
+
+ $ret .= '</table>';
+ $ret .= '</form>';
+ $ret .= '</div>';
+ $ret .= '</div>';
+
+ return $ret;
+}
+
+?>
border: 1px solid #AAA;
}
-div.form input {
- border: 1px solid #AAA;
+input, select {
+ border: 1px solid #CCC;
}
-div.form button {
- border: 1px solid #AAA;
+button {
+ border: 1px solid #CCC;
+}
+
+div.login {
+ background-image: url('lib/login.jpg');
+ background-repeat: no-repeat;
+ background-position: center center;
+ margin: -15px;
+ height: 600px;
+}
+
+table.login {
+ border: 1px solid #7b7b7b;
+ background: #f7f7f7;
+ position: relative;
+ top: 290px;
}