]> andersk Git - sql-web.git/blobdiff - login.php
andersk / sql-web.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix CSRF vulnerabilities
[sql-web.git] / login.php
diff --git a/login.php b/login.php
index 441c778ddbf24d855f5ed214fe6a7de249ae6f2e..32a4461b6db6726b133e3e93ec66888d85c2d1d8 100644 (file)
--- a/login.php
+++ b/login.php
@@ -1,4 +1,7 @@
 <?php
+/*
+       (c) 2005 Joe Presbrey
+*/
 
 require_once('mitsql.cfg.php');
 require_once('mitsql.lib.php');
@@ -6,32 +9,28 @@ require_once('mitsql.lib.php');
 if (isSSL()) {
        if (is_null($SSLCred)) {
                $err[] = 'Please install a valid certificate.';
-       } else {
-           $Login2 = new Login($SSLUsername);
-           if (!(empty($SSLUsername) || $Login2->exists())) {
-               addUser($cred);
-               $Login = new Login($SSLUsername);
-           }
        }
 }
 
-if (empty($err) && isPost()) {
-       
+if (isPost() && empty($err)) {
+
        if (isSSL()) {
-           $Login = new Login($SSLUsername);
-               $Login->update($cred['Name'],$cred['Email']);
-               sess('Login', $Login);
+               $Login = $LoginSSL;
        } else {
                $Login = new Login($i_u, $i_p);
-               if ($Login->exists() && !$Login->isEnabled()) {
-                       $err[] = 'Account not active. <a href="signup">Did you signup yet?</a>.';
-               } elseif (!$Login->exists()) {
-                       $err[] = 'Nonexistant account or invalid password.';
-               } elseif (!$Login->canLogin()) {
-                       $err[] = 'That account is no longer valid. Please contact the staff.';
-               } else {
-                       sess('Login', $Login);
-               }
+       }
+       
+       if ($Login->exists() && !$Login->isEnabled()) {
+               $err[] = 'Account not active.';
+       } elseif (!$Login->exists()) {
+               $err[] = 'Nonexistant account or invalid password.';
+       } elseif (!$Login->canLogin()) {
+               $err[] = 'That account is no longer valid. Please contact the staff (sql@mit.edu).';
+       }
+
+       if (empty($err)) {
+               sess('UserId', $Login->getUserId());
+               redirect('main?refresh');
        }
 
 }
Unnamed repository; edit this file 'description' to name the repository.
This page took 0.041371 seconds and 4 git commands to generate.