<?php session_start(); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); include "functions.php"; $successfullogin=0; if (isset($_GET["logout"]) or isset($_POST["logout"])) { logout(); } if (isset($_POST["password"])) { $_SESSION=array(); #Clear data from session. prevent session data from migrating in a hijacking? session_regenerate_id(true);#Zap existing session entirely.. setpassword($_POST["password"]); $_SESSION["xcatpassvalid"]=-1; #unproven password } if (isset($_POST["username"])) { $_SESSION["username"]=$_POST["username"]; $_SESSION["xcatpassvalid"]=-1; #unproven password } if (is_logged()) { if ($_SESSION["xcatpassvalid"] != 1) { $testcred=docmd("authcheck","",""); if (isset($testcred->{'xcatresponse'}->{'data'})) { $result="".$testcred->{'xcatresponse'}->{'data'}; if (is_numeric(strpos("Authenticated",$result))) { $_SESSION["xcatpassvalid"]=1; #proven good } else { $_SESSION["xcatpassvalid"]=0; #proven bad } } } } $jdata=array(); if (isset($_SESSION["xcatpassvalid"]) and $_SESSION["xcatpassvalid"]==1) { $jdata["authenticated"]="yes"; } else { $jdata["authenticated"]="no"; } echo json_encode($jdata); ?>