Skip to content
Snippets Groups Projects
Normal view History Permalink
login.php 1.39 KiB
Newer Older
Jared Hancock's avatar
1.7 Developer Pre-Release
Jared Hancock committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 
<?php
/*********************************************************************
    login.php

    Handles staff authentication/logins

    Peter Rotich <peter@osticket.com>
    Copyright (c)  2006-2012 osTicket
    http://www.osticket.com

    Released under the GNU General Public License WITHOUT ANY WARRANTY.
    See LICENSE.TXT for details.

    vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
require_once('../main.inc.php');
if(!defined('INCLUDE_DIR')) die('Fatal Error. Kwaheri!');

require_once(INCLUDE_DIR.'class.staff.php');
Jared Hancock's avatar
Don't forget the staff login and emailtest pages  
Jared Hancock committed
20 
require_once(INCLUDE_DIR.'class.csrf.php');
Jared Hancock's avatar
1.7 Developer Pre-Release
Jared Hancock committed
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 

$msg=$_SESSION['_staff']['auth']['msg'];
$msg=$msg?$msg:'Authentication Required';
if($_POST && (!empty($_POST['username']) && !empty($_POST['passwd']))){
    //$_SESSION['_staff']=array(); #Uncomment to disable login strikes.
    $msg='Invalid login';
    if(($user=Staff::login($_POST['username'],$_POST['passwd'],$errors))){
        $dest=$_SESSION['_user']['auth']['dest'];
        $dest=($dest && (!strstr($dest,'login.php') && !strstr($dest,'ajax.php')))?$dest:'index.php';
        @header("Location: $dest");
        require_once('index.php'); //Just incase header is messed up.
        exit;
    }elseif(!$errors['err']){
        $errors['err']='Login error - try again';
    }
}
define("OSTSCPINC",TRUE); //Make includes happy!
include_once(INCLUDE_DIR.'staff/login.tpl.php');
?>