<?php
+function login_password_verify($input, $test)
+{
+ if (substr($test, 0, 1) != '$') {
+ # plaintext match for uncrypted passwords
+ return $input === $test;
+ }
+ return password_verify($input, $test);
+}
+
+function login_setcookie()
+{
+ global $User;
+ return setcookie('login', $User['auth'], 0, '/');
+}
+
function login($inuser, $inpass = NULL)
{
if (empty($inuser)) return;
# verify password
$authhash = md5($usertest);
if (isset($inpass)) {
- if (substr($usertest, 0, 1) == '$') {
- if (!password_verify($inpass, $usertest)) return;
- }
- else {
- if ($inpass !== $usertest) return;
- }
+ if (!login_password_verify($inpass, $usertest)) return;
}
else {
if ($inauth !== $authhash) return;
if (isset($_POST['login'])) {
if ($User = login($_POST['login'], $_POST['pass'])) {
- setcookie('login', $User['auth'], 0, '/');
+ login_setcookie();
}
else {
$message = 'Ongeldige gebruikersnaam of wachtwoord.';