added login thing

config.php

@@ -68,6 +68,10 @@ if (!isset($notemplate)) {
   $res = $sql->query("SELECT `value` FROM `config` WHERE `key` = \"sitename\";")->fetch_assoc();
   $site_name = htmlspecialchars($res['value']);
   
+  // user name
+  $res = $sql->query("SELECT `value` FROM `config` WHERE `key` = \"username\";")->fetch_assoc();
+  $user_name = htmlspecialchars($res['value']);
+  
   // the flash
   $message = null;
   if (isset($_SESSION['flash'])) {
@@ -77,6 +81,7 @@ if (!isset($notemplate)) {
   
   $tpl->assign("logged_in", $_SESSION['logged_in']);
   $tpl->assign("site_name", $site_name);
+  $tpl->assign("user_name", $user_name);
   $tpl->assign("words_total", $words_total_count);
   $tpl->assign("inbox_count", $new_words_count);
   $tpl->assign("message", $message);

ucp.php

@@ -20,12 +20,47 @@
 
 include_once 'config.php';
 
+function check_privileges() {
+  if (!$_SESSION['logged_in']) {
+    $_SESSION['flash'] = "Log in to continue.";
+    header('Location: ucp.php?page=login');
+    exit();
+  }
+}
+
 switch ($_GET['page']) {
   case "login": {
-    $tpl->draw("login");
+    if ($_SESSION['logged_in']) {
+      $_SESSION['flash'] = "You're already logged in.";
+      header('Location: ucp.php');
+      exit();
+    }
+    if (!isset($_POST['login'])) {
+      $tpl->draw("login");
+    } else {
+      $res = $sql->query("SELECT `value` FROM `config` WHERE `key` = \"username\";")->fetch_assoc();
+      $username = $res['value'];
+      $res = $sql->query("SELECT `value` FROM `config` WHERE `key` = \"password\";")->fetch_assoc();
+      $password = $res['value'];
+      $post_pass = crypt($_POST['password'], $password);
+      if (($_POST['username'] === $username) && ($post_pass === $password)) {
+        // successful login
+        $_SESSION['logged_in'] = true;
+        $_SESSION['flash'] = "You are now logged in.";
+        header('Location: ucp.php');
+        exit();
+      } else {
+        // failed login
+        $_SESSION['flash'] = "Wrong user name or password";
+        header('Location: ucp.php?page=login');
+        exit();
+      }
+    }
     break;
   }
   case "logout": {
+    check_privileges();
+    
     session_destroy();
     session_start();
     $_SESSION['flash'] = "Sucessfully logged out";
@@ -34,11 +69,15 @@ switch ($_GET['page']) {
     break;
   }
   case "settings": {
+    check_privileges();
+    
     $tpl->draw("settings");
     break;
   }
   case "inbox":
   default: {
+    check_privileges();
+    
     $tpl->draw("inbox");
   }
 }

views/login.html

@@ -4,10 +4,10 @@
 {if="$message"}
 <div class="alert alert-info">{$message}</div>
 {/if}
-  <form role="form" method="POST">
+  <form role="form" method="POST" action="ucp.php?page=login">
     <div class="form-group">
       <label for="InputUsername">Username</label>
-      <input type="text" class="form-control" id="InputUsername" name="user_name" placeholder="Enter username">
+      <input type="text" class="form-control" id="InputUsername" name="username" placeholder="Enter username">
     </div>
     <div class="form-group">
       <label for="InputPassword">Password</label>

views/navbar.html

@@ -18,8 +18,10 @@
           <li class="dropdown">
           <a href="#" class="dropdown-toggle" data-toggle="dropdown">{$user_name}<b class="caret"></b></a>
           <ul class="dropdown-menu">
-          <li><a href="ucp.php">Inbox{if="$new_words_count > 0"}{$new_words_count}{/if}</a></li>
+          <li><a href="ucp.php">Inbox{if="$new_words_count > 0"} ({$new_words_count}){/if}</a></li>
           <li><a href="ucp.php?page=settings">Settings</a></li>
+          <li class="divider"></li>
+          <li><a href="ucp.php?page=logout">Logout</a></li>
         {else}
           <li><a href="ucp.php?page=login">Login</a></li>
         {/if}