2009-06-24 23:46:34 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
|
|
|
|
|
header("Cache-Control: no-store, no-cache, must-revalidate");
|
|
|
|
|
header("Cache-Control: post-check=0, pre-check=0", false);
|
|
|
|
|
header("Pragma: no-cache");
|
2010-07-09 08:02:51 +00:00
|
|
|
require_once "lib/functions.php";
|
|
|
|
|
require_once "lib/security.php";
|
|
|
|
|
require_once "security/jsonwrapper.php";
|
2009-06-24 23:46:34 +00:00
|
|
|
|
|
|
|
|
if(isset($_GET["logout"]) or isset($_POST["logout"])){
|
|
|
|
|
logout();
|
|
|
|
|
//insertLogin();
|
|
|
|
|
}
|
|
|
|
|
if (isset($_REQUEST["password"])) {
|
|
|
|
|
$_SESSION=array(); #Clear data from session. prevent session data from migrating in a hijacking?
|
|
|
|
|
session_regenerate_id(true);#Zap existing session entirely..
|
|
|
|
|
setpassword($_REQUEST["password"]);
|
|
|
|
|
$_SESSION["xcatpassvalid"]=-1; #unproven password
|
|
|
|
|
}
|
|
|
|
|
if (isset($_REQUEST["username"])) {
|
|
|
|
|
$_SESSION["username"]=$_REQUEST["username"];
|
|
|
|
|
$_SESSION["xcatpassvalid"]=-1; #unproven password
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$jdata=array();
|
|
|
|
|
if (isAuthenticated()) { $jdata["authenticated"]="yes"; }
|
|
|
|
|
else { $jdata["authenticated"]="no"; }
|
|
|
|
|
|
|
|
|
|
echo json_encode($jdata);
|
|
|
|
|
?>
|
|
|
|
|
|
