Blame


1 386bf42a 2022-08-18 mischa <?php
2 386bf42a 2022-08-18 mischa //
3 386bf42a 2022-08-18 mischa // OpenSMTPD Admin
4 386bf42a 2022-08-18 mischa // by Mischa Peters <mischa at high5 dot nl>
5 386bf42a 2022-08-18 mischa // Copyright (c) 2022 High5!
6 386bf42a 2022-08-18 mischa // License Info: LICENSE.TXT
7 386bf42a 2022-08-18 mischa //
8 386bf42a 2022-08-18 mischa // File: login.php
9 386bf42a 2022-08-18 mischa //
10 386bf42a 2022-08-18 mischa // Template File: login.tpl
11 386bf42a 2022-08-18 mischa //
12 461ed9a5 2022-09-02 mischa // Template variables:
13 386bf42a 2022-08-18 mischa //
14 bf2c7356 2022-09-04 mischa // message
15 bf2c7356 2022-09-04 mischa // username
16 386bf42a 2022-08-18 mischa //
17 461ed9a5 2022-09-02 mischa // GET / POST variables:
18 386bf42a 2022-08-18 mischa //
19 bf2c7356 2022-09-04 mischa // username
20 bf2c7356 2022-09-04 mischa // password
21 386bf42a 2022-08-18 mischa //
22 bf2c7356 2022-09-04 mischa require_once './functions.inc.php';
23 bf2c7356 2022-09-04 mischa include './languages/' . check_language () . '.lang';
24 386bf42a 2022-08-18 mischa
25 386bf42a 2022-08-18 mischa if ($_SERVER['REQUEST_METHOD'] == "POST") {
26 bf2c7356 2022-09-04 mischa $username = filter_input(INPUT_POST, 'username', FILTER_VALIDATE_EMAIL);
27 bf2c7356 2022-09-04 mischa $password = filter_input(INPUT_POST, 'password', FILTER_DEFAULT);
28 386bf42a 2022-08-18 mischa
29 bf2c7356 2022-09-04 mischa if (!empty($username) && !empty($password)) {
30 759223e7 2022-09-04 mischa $dbh = pdo_connect();
31 1575a178 2022-09-06 mischa $sth = $dbh->prepare("SELECT password FROM admin WHERE username=?");
32 bf2c7356 2022-09-04 mischa $sth->bindParam(1, $username, PDO::PARAM_STR);
33 bf2c7356 2022-09-04 mischa $sth->execute();
34 ff6266ff 2022-09-05 mischa $row = $sth->fetch(PDO::FETCH_ASSOC);
35 bbe1f756 2022-09-06 mischa if (empty($row)) {
36 bbe1f756 2022-09-06 mischa $sth = $dbh->prepare("SELECT password FROM mailbox WHERE username=?");
37 bbe1f756 2022-09-06 mischa $sth->bindParam(1, $username, PDO::PARAM_STR);
38 bbe1f756 2022-09-06 mischa $sth->execute();
39 bbe1f756 2022-09-06 mischa $row = $sth->fetch(PDO::FETCH_ASSOC);
40 bbe1f756 2022-09-06 mischa $location = "password.php";
41 bbe1f756 2022-09-06 mischa } else {
42 bbe1f756 2022-09-06 mischa $location = "list-domain.php";
43 bbe1f756 2022-09-06 mischa }
44 bf2c7356 2022-09-04 mischa }
45 6322a7e7 2022-09-04 mischa
46 ff6266ff 2022-09-05 mischa if (!empty($row['password'])) {
47 ff6266ff 2022-09-05 mischa if (!password_verify($password, $row['password'])) {
48 bf2c7356 2022-09-04 mischa $message = $LANG['Login_incorrect'];
49 386bf42a 2022-08-18 mischa }
50 386bf42a 2022-08-18 mischa } else {
51 bf2c7356 2022-09-04 mischa $message = $LANG['Login_incorrect'];
52 386bf42a 2022-08-18 mischa }
53 386bf42a 2022-08-18 mischa
54 bf2c7356 2022-09-04 mischa if (empty($message)) {
55 386bf42a 2022-08-18 mischa session_start();
56 bf2c7356 2022-09-04 mischa $_SESSION['sessid']['username'] = $username;
57 bbe1f756 2022-09-06 mischa header("Location: $location");
58 386bf42a 2022-08-18 mischa exit;
59 386bf42a 2022-08-18 mischa }
60 386bf42a 2022-08-18 mischa }
61 bf2c7356 2022-09-04 mischa include './templates/header.tpl';
62 bf2c7356 2022-09-04 mischa include './templates/login.tpl';
63 bf2c7356 2022-09-04 mischa include './templates/footer.tpl';
64 386bf42a 2022-08-18 mischa ?>