<?php
/* Copyright (c) 2009 Arnaud Renevier, Inc, published under the modified BSD
   license. */

require ("./inc/errors.php");
require ("./inc/settings.php");
require ("./inc/db/mysql.php");
require ("./inc/utils.php");

function logout () {
    $cookie_name = sprintf ("%sauth", DBPREFIX);
    if (isset ($_COOKIE [$cookie_name])) {
        setcookie ($cookie_name, "", time () - 3600, "" , "",false, true);
        header ('Location: index.php');
    }
    exit();
}

function main ($con) {
    $pwd = unquote ($_POST["user_pwd"]);
    if (!isset ($pwd)) {
        access_denied ();
        return;
    }
    $con->connect (DBHOST, DBUSER, DBPWD, DBNAME, DBPREFIX);
    if ($con->checkpwdmd5 ("admin", md5 ($pwd))) {
        // cookie will be valid for 2 weeks. I've chosen that value
        // arbitrarily, and it may change in the future.
        $time = time () + 14 * 60 * 24 * 60;
        $cookie_name = sprintf ("%sauth", DBPREFIX);
        setcookie ($cookie_name, md5 ($pwd), $time, "" , "", false, true);
        access_allowed ();
    } else {
        access_denied ();
    }
}

if ($_GET ["logout"] == "true" || $_GET ["logout"] == "1") {
    logout ();
}

try {
    main ($connection);
} catch (Exception $e) {
    access_denied ();
}
?>