diff --git a/config.php b/config.php index 7203949..2d75ee9 100644 --- a/config.php +++ b/config.php @@ -68,6 +68,10 @@ if (!isset($notemplate)) { $res = $sql->query("SELECT `value` FROM `config` WHERE `key` = \"sitename\";")->fetch_assoc(); $site_name = htmlspecialchars($res['value']); + // user name + $res = $sql->query("SELECT `value` FROM `config` WHERE `key` = \"username\";")->fetch_assoc(); + $user_name = htmlspecialchars($res['value']); + // the flash $message = null; if (isset($_SESSION['flash'])) { @@ -77,6 +81,7 @@ if (!isset($notemplate)) { $tpl->assign("logged_in", $_SESSION['logged_in']); $tpl->assign("site_name", $site_name); + $tpl->assign("user_name", $user_name); $tpl->assign("words_total", $words_total_count); $tpl->assign("inbox_count", $new_words_count); $tpl->assign("message", $message); diff --git a/ucp.php b/ucp.php index 1689b24..86182a9 100644 --- a/ucp.php +++ b/ucp.php @@ -20,12 +20,47 @@ include_once 'config.php'; +function check_privileges() { + if (!$_SESSION['logged_in']) { + $_SESSION['flash'] = "Log in to continue."; + header('Location: ucp.php?page=login'); + exit(); + } +} + switch ($_GET['page']) { case "login": { - $tpl->draw("login"); + if ($_SESSION['logged_in']) { + $_SESSION['flash'] = "You're already logged in."; + header('Location: ucp.php'); + exit(); + } + if (!isset($_POST['login'])) { + $tpl->draw("login"); + } else { + $res = $sql->query("SELECT `value` FROM `config` WHERE `key` = \"username\";")->fetch_assoc(); + $username = $res['value']; + $res = $sql->query("SELECT `value` FROM `config` WHERE `key` = \"password\";")->fetch_assoc(); + $password = $res['value']; + $post_pass = crypt($_POST['password'], $password); + if (($_POST['username'] === $username) && ($post_pass === $password)) { + // successful login + $_SESSION['logged_in'] = true; + $_SESSION['flash'] = "You are now logged in."; + header('Location: ucp.php'); + exit(); + } else { + // failed login + $_SESSION['flash'] = "Wrong user name or password"; + header('Location: ucp.php?page=login'); + exit(); + } + } break; } case "logout": { + check_privileges(); + session_destroy(); session_start(); $_SESSION['flash'] = "Sucessfully logged out"; @@ -34,11 +69,15 @@ switch ($_GET['page']) { break; } case "settings": { + check_privileges(); + $tpl->draw("settings"); break; } case "inbox": default: { + check_privileges(); + $tpl->draw("inbox"); } } \ No newline at end of file diff --git a/views/login.html b/views/login.html index b5b0a70..05d83af 100644 --- a/views/login.html +++ b/views/login.html @@ -4,10 +4,10 @@ {if="$message"}
{$message}
{/if} -
+
- +
diff --git a/views/navbar.html b/views/navbar.html index f45ab80..65097d0 100644 --- a/views/navbar.html +++ b/views/navbar.html @@ -18,8 +18,10 @@
  • {$user_name}