1 | <?php |
||
2 | // No direct call |
||
3 | if( !defined( 'YOURLS_ABSPATH' ) ) die(); |
||
4 | |||
5 | $auth = yourls_is_valid_user(); |
||
6 | |||
7 | if( $auth !== true ) { |
||
8 | |||
9 | // API mode, |
||
10 | if ( yourls_is_API() ) { |
||
11 | $format = ( isset($_REQUEST['format']) ? $_REQUEST['format'] : 'xml' ); |
||
12 | $callback = ( isset($_REQUEST['callback']) ? $_REQUEST['callback'] : '' ); |
||
13 | yourls_api_output( $format, array( |
||
14 | 'simple' => $auth, |
||
15 | 'message' => $auth, |
||
16 | 'errorCode' => 403, |
||
17 | 'callback' => $callback, |
||
18 | ) ); |
||
19 | |||
20 | // Regular mode |
||
21 | } else { |
||
22 | yourls_login_screen( $auth ); |
||
23 | } |
||
24 | |||
25 | die(); |
||
26 | } |
||
27 | |||
28 | yourls_do_action( 'auth_successful' ); |
||
29 | |||
30 | /* |
||
31 | * The following code is a shim that helps users store passwords securely in config.php |
||
32 | * by storing a password hash and removing the plaintext. |
||
33 | * |
||
34 | * TODO: Remove this once real user management is implemented |
||
35 | */ |
||
36 | |||
37 | // Did we just fail at encrypting passwords ? |
||
38 | if ( isset( $_GET['dismiss'] ) && $_GET['dismiss'] == 'hasherror' ) { |
||
0 ignored issues
–
show
Coding Style
introduced
by
Loading history...
|
|||
39 | yourls_update_option( 'defer_hashing_error', time() + 86400 * 7 ); // now + 1 week |
||
40 | |||
41 | } else { |
||
42 | |||
43 | // Encrypt passwords that are clear text |
||
44 | if ( !defined( 'YOURLS_NO_HASH_PASSWORD' ) && yourls_has_cleartext_passwords() ) { |
||
45 | $hash = yourls_hash_passwords_now( YOURLS_CONFIGFILE ); |
||
46 | if ( $hash === true ) { |
||
47 | // Hashing succesful. Remove flag from DB if any. |
||
48 | if( yourls_get_option( 'defer_hashing_error' ) ) |
||
49 | yourls_delete_option( 'defer_hashing_error' ); |
||
50 | } else { |
||
51 | // It failed, display message for first time or if last time was a week ago |
||
52 | if ( time() > yourls_get_option( 'defer_hashing_error' ) or !yourls_get_option( 'defer_hashing_error' ) ) { |
||
53 | $message = yourls_s( 'Could not auto-encrypt passwords. Error was: "%s".', $hash ); |
||
54 | $message .= ' '; |
||
55 | $message .= yourls_s( '<a href="%s">Get help</a>.', 'http://yourls.org/userpassword' ); |
||
56 | $message .= '</p><p>'; |
||
57 | $message .= yourls_s( '<a href="%s">Click here</a> to dismiss this message for one week.', '?dismiss=hasherror' ); |
||
58 | |||
59 | yourls_add_notice( $message ); |
||
60 | } |
||
61 | } |
||
62 | } |
||
63 | } |