- 01
- 02
- 03
- 04
- 05
- 06
- 07
- 08
- 09
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
// Admin login
if(isset($_POST['login_submit'])) {
// Sleep TEMPLATE_CMS_LOGIN_SLEEP seconds for blocking Brute Force Attacks
sleep(TEMPLATE_CMS_LOGIN_SLEEP);
$user_xml_db = getXMLdb('../data/system/users.xml');
$user = selectXMLRecord($user_xml_db, "/root/user[login='".post('login')."']");
if($user !== null) {
if($user->login == post('login')) {
if(trim($user->password) == encryptPassword(trim(post('password')))) {
if($user->role == 'admin') {
$_SESSION['admin'] = true;
$_SESSION['user_id'] = (int)$user['id'];
$_SESSION['user_login'] = (string)$user->login;
}
} else {
$login_error = 'Wrong <b>login</b> or <b>password</b>';
}
}
} else {
$login_error = 'Wrong <b>login</b> or <b>password</b>';
}
}
Комментарии (0) RSS
Добавить комментарий