2 date_default_timezone_set('Europe/Amsterdam');
4 function login_password_verify($input, $test)
6 if (substr($test, 0, 1) != '$') {
7 # plaintext match for uncrypted passwords
8 return $input === $test;
10 return password_verify($input, $test);
13 function login_setcookie()
16 return setcookie('login', $User['auth'], 0, '/');
19 function login($inuser, $inpass = NULL)
21 if (empty($inuser)) return;
22 if (!isset($inpass)) {
23 @list ($inuser, $inauth) = explode(':', $inuser, 2);
26 # find password data by user name
27 $userdir = 'profile/'.strtolower($inuser);
28 $pwfile = "$userdir/.passwd";
29 if (!file_exists($pwfile)) return;
30 $usertest = trim(file_get_contents($pwfile));
31 if (!$usertest) return;
34 $authhash = md5($usertest);
36 if (!login_password_verify($inpass, $usertest)) return;
39 if ($inauth !== $authhash) return;
42 if (function_exists('apache_note')) apache_note('user', $inuser);
44 if ($log = @fopen("$userdir/last.log", 'w')) {
45 fwrite($log, "{$_SERVER['REMOTE_ADDR']} {$_SERVER['HTTP_USER_AGENT']}\n");
51 'admin' => file_exists("$userdir/.admin"),
53 'auth' => "$inuser:$authhash",
57 if (isset($_COOKIE['login'])) {
59 $User = login($_COOKIE['login']);