2 function login_password_verify($input, $test)
4 if (substr($test, 0, 1) != '$') {
5 # plaintext match for uncrypted passwords
6 return $input === $test;
8 return password_verify($input, $test);
11 function login_setcookie()
14 return setcookie('login', $User['auth'], 0, '/');
17 function login($inuser, $inpass = NULL)
19 if (empty($inuser)) return;
20 if (!isset($inpass)) {
21 @list ($inuser, $inauth) = explode(':', $inuser, 2);
24 # find password data by user name
25 $userdir = 'profile/'.strtolower($inuser);
26 $pwfile = "$userdir/.passwd";
27 if (!file_exists($pwfile)) return;
28 $usertest = trim(file_get_contents($pwfile));
29 if (!$usertest) return;
32 $authhash = md5($usertest);
34 if (!login_password_verify($inpass, $usertest)) return;
37 if ($inauth !== $authhash) return;
40 if (function_exists('apache_note')) apache_note('user', $inuser);
42 if ($log = @fopen("$userdir/last.log", 'w')) {
43 fwrite($log, "{$_SERVER['REMOTE_ADDR']} {$_SERVER['HTTP_USER_AGENT']}\n");
49 'admin' => file_exists("$userdir/.admin"),
51 'auth' => "$inuser:$authhash",
55 if (isset($_COOKIE['login'])) {
57 $User = login($_COOKIE['login']);