<?php
/*
 *      Copyright 2012 Douglas Robbins <hide@address.com>
 *      
 *      This file is part of Blite, a blogging application, available at
 *      <http://blite.ca/>.
 * 
 *      Blite is free software; you can redistribute it and/or modify
 *      it under the terms of the GNU General Public License as published by
 *      the Free Software Foundation; either version 3 of the License, or
 *      (at your option) any later version.
 *      
 *      This program is distributed in the hope that it will be useful,
 *      but WITHOUT ANY WARRANTY; without even the implied warranty of
 *      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *      GNU General Public License for more details.
 *      
 *      You should have received a copy of the GNU General Public License
 *      along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

require('configure.php');
$returnto = $cfg['home'];
if ($_SESSION['lastpage']) {
	$returnto = $_SESSION['lastpage'];
}
// The HTML hash (e.g. #comment-2) is passed as a GET variable, so we can
// restore the page position after login/logout.

$hash = '';
if (!empty($_GET['h'])) {
	$hash = '#'.$_GET['h'];
	$h = '?h=' . $_GET['h'];
}

$now = time();
// Cookie will expire in 30 days.
$expire = $now + 2592000;

// Logout process.

if (!empty($_GET['logout'])) {
	setcookie('admin', '', '0', '', '');
	// Unset comment form values if 'protectadmin' is enabled in settings.
	if ($cfg['protectadmin'] == '1') {
		if (!empty($_SESSION['com_name'])) {
			unset($_SESSION['com_name']);
		}
		if (!empty($_SESSION['com_email'])) {
			unset($_SESSION['com_email']);
		}
		if (!empty($_SESSION['com_web'])) {
			unset($_SESSION['com_web']);
		}
	}
	$page['title'] = $lang['adminlogout'];
	$page['redirect'] = "<meta http-equiv='refresh' content='1;URL=${returnto}${hash}'>";
	$page['msg'] = $lang['logoutmsg'];
}

// Login process.

elseif (!empty($_POST['loginsubmit'])) {
	$password = $_POST['password'];
	$username = $_POST['username'];
	if (!empty($username) && !empty($password)) {
		$encpassword = sha1($password);
		if($username == $cfg['adminuser'] && $encpassword == $cfg['adminpass']) {
			$cookieval = sha1($encpassword . $_SERVER['REMOTE_ADDR'] .  $_SERVER['HTTP_USER_AGENT']);
			setcookie('admin', $cookieval, $expire, '', '');
			$page['title'] = $lang['adminlogin'];
			$page['redirect'] = "<meta http-equiv='refresh' content='1;URL=${returnto}${hash}'>";
			$page['msg'] = $lang['loginmsg'];
		}
		else {
			$page['title'] = $lang['adminlogin'];
			$page['redirect'] = "<meta http-equiv='refresh' content='2;URL=login.php'>";
			$page['msg'] = 'Wrong username or password';
		}
	}
}

// Display login/logout result.

if (!empty($page['msg'])) {
	$template = file_get_contents('themes/' . $cfg['theme'] . '/templates/message.tpl');
	foreach ($page as $key => $val) {
		$template = str_replace("#${key}#",$val,$template);
	}
	echo $template;
	exit;
}

// Display the login form.

$page['blogname'] = $cfg['sitename'];
$page['pagetitle'] = $lang['adminlogin'];
$page['username'] = $lang['username'];
$page['password'] = $lang['password'];
$page['returnto'] = $returnto;
$page['contentclass'] = 'login';
$page['navbottom'] = '';

$subtemplate = file_get_contents('themes/' . $cfg['theme'] . '/templates/sub_login.tpl');
$template = file_get_contents('themes/' . $cfg['theme'] . '/templates/main.tpl');
$template = str_replace("#maincontent#", $subtemplate, $template);

foreach ($page as $key => $val) {
	$template = str_replace("#${key}#",$val,$template);
}
echo $template;
?>