diff options
Diffstat (limited to 'include/login.php')
| -rw-r--r-- | include/login.php | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/include/login.php b/include/login.php index ab7b48a..eb7d5b8 100644 --- a/include/login.php +++ b/include/login.php @@ -85,21 +85,27 @@ else if(myisset('email','password')) $password = $_REQUEST['password']; /* verify password and email */ - if(strlen($password)!=32) - $password = md5($password); $ok = 1; - $myid = DB_get_userid('email-password',$email,$password); - if(!$myid) - $ok = 0; + $myid = DB_get_userid('email',$email); - if($ok) + $result = verify_password($email, $password); + switch($result) { - /* user information is ok, set session variabel */ - $myname = DB_get_name('email',$email); + case 0: + /* user information is ok, set session variable */ + $myname = DB_get_name('email',$email); + $hashedpassword = DB_get_passwd_by_userid($myid); $_SESSION['name'] = $myname; $_SESSION['id'] = $myid; - $_SESSION['pass'] = $password; + $_SESSION['pass'] = $hashedpassword; + break; + case 1: + echo "Can't find you in the database\n"; + break; + case 2: + echo "Problem creating password hash, please contact $ADMIN at $ADMIN_EMAIL\n"; + break; } } else |