Blob


1 <?php
2 //
3 // OpenSMTPD Admin
4 // by Mischa Peters <mischa at high5 dot nl>
5 // Copyright (c) 2022 High5!
6 // License Info: LICENSE.TXT
7 //
8 // File: login.php
9 //
10 // Template File: login.tpl
11 //
12 // Template variables:
13 //
14 // message
15 // username
16 //
17 // GET / POST variables:
18 //
19 // username
20 // password
21 //
22 require_once './functions.inc.php';
23 include './languages/' . check_language () . '.lang';
25 if ($_SERVER['REQUEST_METHOD'] == "POST") {
26 $username = filter_input(INPUT_POST, 'username', FILTER_VALIDATE_EMAIL);
27 $password = filter_input(INPUT_POST, 'password', FILTER_DEFAULT);
29 if (!empty($username) && !empty($password)) {
30 $dbh = pdo_connect();
31 $sth = $dbh->prepare("SELECT password FROM admin WHERE username=?");
32 $sth->bindParam(1, $username, PDO::PARAM_STR);
33 $sth->execute();
34 $row = $sth->fetch(PDO::FETCH_ASSOC);
35 if (empty($row)) {
36 $sth = $dbh->prepare("SELECT password FROM mailbox WHERE username=?");
37 $sth->bindParam(1, $username, PDO::PARAM_STR);
38 $sth->execute();
39 $row = $sth->fetch(PDO::FETCH_ASSOC);
40 $location = "password.php";
41 } else {
42 $location = "list-domain.php";
43 }
44 }
46 if (!empty($row['password'])) {
47 if (!password_verify($password, $row['password'])) {
48 $message = $LANG['Login_incorrect'];
49 }
50 } else {
51 $message = $LANG['Login_incorrect'];
52 }
54 if (empty($message)) {
55 session_start();
56 $_SESSION['sessid']['username'] = $username;
57 header("Location: $location");
58 exit;
59 }
60 }
61 include './templates/header.tpl';
62 include './templates/login.tpl';
63 include './templates/footer.tpl';
64 ?>