- if (!($con->checkpwdmd5 ("admin",
- $_COOKIE [sprintf ("%sauth", DBPREFIX)]))) {
- unauthorized_error ();
+
+ if (!$authentificated && !($con->checkpwdmd5 (
+ $_COOKIE [sprintf ("%suser", DBPREFIX)],
+ $_COOKIE [sprintf ("%sauth", DBPREFIX)]))) {
+ error_unauthorized ();
+ }
+}
+
+function main ($con) {
+ if (!isset ($_POST ["request"])) {
+ error_request ();
+ }
+
+ $pwd = unquote ($_POST ["password"]);
+ $user = unquote ($_POST ["user"]);
+ // does user only want authentication or does he want to do other things
+ $auth_only = ($_POST ["request"] == "auth");
+ check_auth ($con, $user, $pwd, $auth_only);
+ if (!$user) {
+ $user = $_COOKIE [sprintf ("%suser", DBPREFIX)];