X-Git-Url: https://jfr.im/git/irc/unrealircd/unrealircd-webpanel.git/blobdiff_plain/4225314ca50f26eaecfc828a1608b7d81c274a82..33f512fa30c06fa488c42e68f9bc9f401300a5ab:/plugins/sql_auth/login.php diff --git a/plugins/sql_auth/login.php b/plugins/sql_auth/login.php index 7f2dff7..830b3e0 100644 --- a/plugins/sql_auth/login.php +++ b/plugins/sql_auth/login.php @@ -7,37 +7,40 @@ $logout = false; if (!empty($_GET['logout'])) { if (!isset($_SESSION['id'])) - $failmsg = "Nothing to logout from"; + $failmsg = "Nothing to logout from"; else { - session_destroy(); - $logout = true; + session_destroy(); + $logout = true; } } if (!empty($_POST)) { if ($_POST['username'] && $_POST['password']) - { - - $user = new SQLA_User($_POST['username']); - - /* not being too informative with the login error in case of attackers */ - if (!$user->id) - { - $failmsg = "Incorrect login"; - } - else if ($user->password_verify($_POST['password'])) - { - $_SESSION['id'] = $user->id; - header('Location: ' . BASE_URL); - } - else - { - $failmsg = "Incorrect login"; - } +{ + + /* securitah */ + security_check(); + $user = new SQLA_User($_POST['username']); + + /* not being too informative with the login error in case of attackers */ + if (!$user->id) + { + $failmsg = "Incorrect login"; + } + else if ($user->password_verify($_POST['password'])) + { + $_SESSION['id'] = $user->id; + header('Location: ' . BASE_URL); + $user->add_meta("last_login", date("Y-m-d m:i:s")); + } + else + { + $failmsg = "Incorrect login"; + } } else - $failmsg = "Couldn't log you in: Missing credentials"; + $failmsg = "Couldn't log you in: Missing credentials"; } ?> @@ -67,40 +70,40 @@ if (!empty($_POST))