commit - a3641a1896dc110cab0e135514391a8628bffdb1
commit + bf2c7356d0a434a37989c3496e5c0b9d969316e2
blob - 560f8c63730e48fe1b24ccf2a3ad91142563acd1
blob + 2134f1bbab01519099cf1cda2dc31101df12d59d
--- admin/list-domain.php
+++ admin/list-domain.php
//
// list_domains
//
-// Form GET Variables:
+// Form POST \ GET Variables:
//
// username
//
blob - 0f84adaee1988711ada6fcfc8114036f00ab0fba
blob + c9e46062bd0305b15094b7503456b6f111e71934
--- admin/list-virtual.php
+++ admin/list-virtual.php
// list_alias
// list_mailbox
//
-// Form GET Variables:
+// Form POST \ GET Variables:
//
// domain
// offset
blob - 27076b6d349215df63a8923ec58b0a5431dbaf24
blob + 6c5ec0a45f6797f3dccae5d19a442852b56ff1e6
--- functions.inc.php
+++ functions.inc.php
global $CONF;
$row = "";
if ($CONF['database_type'] == "mysqli") $row = mysqli_fetch_array($result);
- return $row;
-}
-
-// db_assoc
-// Action: Returns a row from a table
-// Call: db_assoc(int result)
-//
-function db_assoc($result) {
- global $CONF;
- $row = "";
- if ($CONF['database_type'] == "mysqli") $row = mysqli_fetch_assoc($result);
return $row;
}
-//
-// db_delete
-// Action: Deletes a row from a specified table
-// Call: db_delete(string table, string where, string delete)
-//
-function db_delete($table,$where,$delete) {
- $result = db_query("DELETE FROM $table WHERE $where='$delete'");
- if ($result['rows'] >= 1) {
- return $result['rows'];
- } else {
- return true;
- }
-}
-
// logging
// Action: Logs actions from admin
// Call: logging(string username, string domain, string action, string data)
blob - 2fed86b52ac92e334b6a780b00992f96e3edd945
blob + ecfb976921b9ff791face38ae31ce882f7bf0f95
--- languages/en.lang
+++ languages/en.lang
$LANG['Login_username'] = 'Login (email)';
$LANG['Login_password'] = 'Password';
$LANG['Login_button'] = 'Login';
-$LANG['Login_username_incorrect'] = '<span class="error_msg">Your login is not correct. Make sure that you login with your email address.</span>';
-$LANG['Login_password_incorrect'] = '<span class="error_msg">Your password is not correct.</span>';
+$LANG['Login_incorrect'] = '<span class="error_msg">Your login or password is not correct.</span>';
$LANG['Login_login_users'] = 'Users click here to login to the user section.';
$LANG['Menu_overview'] = 'Overview';
blob - 23672c8164d5e6bdb960d0a8b4a966f2a4384902
blob + e7d90844402520ce7e16dc8a761c09fb9d6f5111
--- login.php
+++ login.php
//
// Template variables:
//
-// tMessage
-// tUsername
+// message
+// username
//
// GET / POST variables:
//
-// fUsername
-// fPassword
+// username
+// password
//
-require("./variables.inc.php");
-require("./config.inc.php");
-require("./functions.inc.php");
-include("./languages/" . check_language () . ".lang");
+require_once './functions.inc.php';
+include './languages/' . check_language () . '.lang';
if ($_SERVER['REQUEST_METHOD'] == "POST") {
- $fUsername = escape_string ($_POST['fUsername']);
- $fPassword = escape_string ($_POST['fPassword']);
+ $username = filter_input(INPUT_POST, 'username', FILTER_VALIDATE_EMAIL);
+ $password = filter_input(INPUT_POST, 'password', FILTER_DEFAULT);
- $result = db_query("SELECT password FROM admin WHERE username='$fUsername' AND active='1'");
- if ($result['rows'] == 1) {
- $row = db_array($result['result']);
- if (!password_verify($fPassword, $row['assword'])) {
- $error = 1;
- $tMessage = $LANG['Login_password_incorrect'];
- $tUsername = $fUsername;
+ if (!empty($username) && !empty($password)) {
+ $dbh = connect_db();
+ $sth = $dbh->prepare("SELECT password FROM admin WHERE username=?");
+ $sth->bindParam(1, $username, PDO::PARAM_STR);
+ $sth->execute();
+ $row = $sth->fetch(PDO::FETCH_COLUMN);
+ }
+ if (!empty($row)) {
+ if (!password_verify($password, $row)) {
+ $message = $LANG['Login_incorrect'];
}
} else {
- $error = 1;
- $tMessage = $LANG['Login_username_incorrect'];
+ $message = $LANG['Login_incorrect'];
}
- if ($error != 1) {
+ if (empty($message)) {
session_start();
- $_SESSION['sessid']['username'] = $fUsername;
+ $_SESSION['sessid']['username'] = $username;
header("Location: main.php");
exit;
}
}
-include("./templates/header.tpl");
-include("./templates/login.tpl");
-include("./templates/footer.tpl");
+include './templates/header.tpl';
+include './templates/login.tpl';
+include './templates/footer.tpl';
?>
blob - dc50f053fca0a2dc9df386fbe41627df8937c0af
blob + 6b88d83083eaf94e26ebe26ad847e0b272f6325a
--- templates/login.tpl
+++ templates/login.tpl
</tr>
<tr>
<td><?php echo $LANG['Login_username'] . ":"; ?></td>
- <td><input class="flat" type="text" name="fUsername" value="<?php echo $tUsername; ?>" /></td>
+ <td><input class="flat" type="text" name="username" value="<?php echo $username ?? ''; ?>" /></td>
</tr>
<tr>
<td><?php echo $LANG['Login_password'] . ":"; ?></td>
- <td><input class="flat" type="password" name="fPassword" /></td>
+ <td><input class="flat" type="password" name="password" /></td>
</tr>
<tr>
<td colspan="2" class="hlp_center"><input class="button" type="submit" name="submit" value="<?php echo $LANG['Login_button']; ?>" /></td>
</tr>
<tr>
- <td colspan="2" class="standout"><?php echo $tMessage; ?></td>
+ <td colspan="2" class="standout"><?php echo $message ?? ' '; ?></td>
</tr>
<tr>
<td colspan="2"><a href="users/"><?php echo $LANG['Login_login_users']; ?></a></td>
