1 <?php
2 // 
3 // Postfix Admin 
4 // by Mischa Peters <mischa at high5 dot nl>
5 // Copyright (c) 2002 - 2005, 2021 High5!
6 // License Info: http://www.postfixadmin.com/?file=LICENSE.TXT
7 //
8 // File: login.php
9 //
10 // Template File: login.tpl
11 //
12 // Template Variables:
13 //
14 //  tMessage
15 //  tUsername
16 //
17 // Form POST \ GET Variables:  
18 //
19 //  fUsername
20 //  fPassword
21 //
22 require ("./variables.inc.php");
23 require ("./config.inc.php");
24 require ("./functions.inc.php");
25 include ("./languages/" . check_language () . ".lang");
26  
27 if ($_SERVER['REQUEST_METHOD'] == "GET")
28 {
29    include ("./templates/header.tpl");
30    include ("./templates/login.tpl");
31    include ("./templates/footer.tpl");
32 }
33 
34 if ($_SERVER['REQUEST_METHOD'] == "POST")
35 {
36    $fUsername = escape_string ($_POST['fUsername']);
37    $fPassword = escape_string ($_POST['fPassword']);
38 
39    $result = db_query ("SELECT password FROM admin WHERE username='$fUsername' AND active='1'");
40    if ($result['rows'] == 1)
41    {
42       $row = db_array ($result['result']);
43       if (!password_verify($fPassword, $row['password']))
44       {
45          $error = 1;
46          $tMessage = $PALANG['pLogin_password_incorrect'];
47          $tUsername = $fUsername;
48       }
49    }
50    else
51    {
52       $error = 1;
53       $tMessage = $PALANG['pLogin_username_incorrect'];
54    }
55 
56    if ($error != 1)
57    {
58       session_start();
59 #      session_register("sessid");
60       $_SESSION['sessid']['username'] = $fUsername;
61 
62       header("Location: main.php");
63       exit;
64    }
65    
66    include ("./templates/header.tpl");
67    include ("./templates/login.tpl");
68    include ("./templates/footer.tpl");
69 } 
70 ?>