<?php

include 'inc/init_db.php';
include 'inc/init_session.php';
include 'inc/init_leany.php';

if ( ! empty( $_SESSION['user'] ) ) {
	header( "Location: {$GLOBALS['BaseUrl']}/server" );
	exit;
}

$url = empty( $_GET['url'] ) ? '' : $_GET['url'];

if ( empty( $_POST['username'] ) || empty( $_POST['password'] ) ) {
	$message = empty( $_POST ) ? '' : 'Unvollständige Angaben';
	eval( '?'.'>' . $tpl->compile('login.html') );
	exit;
}
else {
	$user = $auth->login( $_POST['username'], $_POST['password'], ! empty( $_POST['permanent'] ) );
	if ( ! $user ) {
		$message = 'Benutzername oder Passwort falsch';
		eval( '?'.'>' . $tpl->compile('login.html') );
		exit;
	}
   session_regenerate_id();
   $newSession = session_id();
   session_write_close();
   session_id( $newSession );
	session_start();
	$_SESSION['user'] = $user;
	//$_SESSION['user']['passwordChecked'] = TRUE;
	$url = ! empty( $_POST['url'] ) ? $_POST['url'] :
		( empty( $user['settings']['identities'] ) ? '/identities' : '/server' );
	header( "Location: {$BaseUrl}{$url}" );
}


// end of file login.php