admin/login.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

<?php

require_once __DIR__ . '/../app/app.php';

if (isset($_POST['password'])) {
    session_regenerate_id();

    $hash_pwd = hash('sha256', $_POST['password']);

    // check if old moonmoon was installed and convert stored password
    // from md5 to current hash function
    $md5_pwd  = md5($_POST['password']);
    $passfile = dirname(__FILE__) . '/inc/pwd.inc.php';
    include($passfile);

    if ($md5_pwd == $password) {
        error_log("Migrating password from md5 to sha256");
        file_put_contents($passfile, sprintf('<?php $login="admin"; $password="%s"; ?>', $hash_pwd));
    }

    setcookie('auth', $hash_pwd);
    header('Location: index.php');
}

$page_content = <<<FRAGMENT
            <form action="" method="post" class="login">
                <fieldset>
                    <p class="field">
                        <label for="password">{$l10n->getString('Password:')}</label>
                        <input type="password" name="password" id="password"/>
                        <input type="submit" class="submit" value="{$l10n->getString('OK')}"/>
                    </p>
                </fieldset>
            </form>
FRAGMENT;

$footer_extra = <<<FRAGMENT
    <script type="text/javascript">
    <!--
    window.onload = function() {
        document.getElementById('password').focus();
    }
    -->
    </script>

FRAGMENT;

$page_id      = 'admin-login';
$admin_access = 0;

require_once __DIR__ . '/template.php';