]> andersk Git - sql-web.git/blobdiff - login.php
andersk / sql-web.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix CSRF vulnerabilities
[sql-web.git] / login.php
diff --git a/login.php b/login.php
index fa91e4e053ca03c5ba96dcdceb58a3c0b3c9803b..32a4461b6db6726b133e3e93ec66888d85c2d1d8 100644 (file)
--- a/login.php
+++ b/login.php
@@ -1,26 +1,42 @@
 <?php
+/*
+       (c) 2005 Joe Presbrey
+*/
 
 require_once('mitsql.cfg.php');
 require_once('mitsql.lib.php');
 
-if (isPost() && isSSL()) {
-    $cred = getSSLCert();
-    if (count($cred)) {
-        $Login = new Login($cred['Username']);
-        if (!$Login->exists()) {
-            addUser($cred);
-            $Login->refresh();
-        }
-    } else {
-               $err[] = 'Your SSL certificate failed to identify you.';
+if (isSSL()) {
+       if (is_null($SSLCred)) {
+               $err[] = 'Please install a valid certificate.';
        }
-} elseif (isPost()) {
-} elseif (isSSL()) {
-       require('tpl/login_ssl.php');
-} else {
 }
 
-if (isLoggedIn())
-    redirect('main');
+if (isPost() && empty($err)) {
+
+       if (isSSL()) {
+               $Login = $LoginSSL;
+       } else {
+               $Login = new Login($i_u, $i_p);
+       }
+       
+       if ($Login->exists() && !$Login->isEnabled()) {
+               $err[] = 'Account not active.';
+       } elseif (!$Login->exists()) {
+               $err[] = 'Nonexistant account or invalid password.';
+       } elseif (!$Login->canLogin()) {
+               $err[] = 'That account is no longer valid. Please contact the staff (sql@mit.edu).';
+       }
+
+       if (empty($err)) {
+               sess('UserId', $Login->getUserId());
+               redirect('main?refresh');
+       }
+
+}
+
+isLoggedIn() && redirect('main');
+
+include 'tpl/login.php';
 
 ?>
Unnamed repository; edit this file 'description' to name the repository.
This page took 0.032276 seconds and 4 git commands to generate.