# mis n�uab sisselogimist, siis n�idata # sisselogimise akent. Kui kasutaja on sisselogitud ja # kui objekt on peidetud ja piiratud kasutajale # siis n�idata 404 error page ############################################################## ####### check permissions $perm = get_obj_permission(array("objekt_id" => $leht->id)); # kas useril on �igus objekti n�ha? 1/0 if (!$perm['R'] && !$leht->site->in_editor) { if ($leht->site->user) { # POOLELI in ver 4 # header("Location: ".$site->CONF['protocol'].$site->CONF['hostname'].$site->CONF['wwwroot']."?id=".$site->alias("404error")); } else { $leht->site->fdat[op] = ""; include_once $class_path . "login_html.inc.php"; admin_login_form(array("site" => $site, "auth_error" => 0)); } } #$leht->parents->debug->print_msg(); #$leht->topmeny->debug->print_msg(); #$site->debug->print_hash($site->fdat,1,"FDAT"); #$leht->debug->print_msg(); ############################## # create template $template = new Template($leht); ########################### # 1. CONTENT TEMPLATE, kui master template on SAPI template # tr�kkida: admin-header & page-html (kas parenti oma v�i master) & content-html if (!$template->on_page_templ && $site->master_tpl['ttyyp_id']) { ####################### # hoiame meeles sisumalli - see kutsutakse hiljem v�lja smarty tag-iga {print_content}
$now = time(); if (isset($_SESSION['_amember_sess_expires']) && isset($_SESSION['_admin_pass'])) { if ($_SESSION['_amember_sess_expires'] < $now) { if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 42000, '/'); } session_destroy(); admin_html_redirect($config['root_url'] . '/admin/', "Admin session expired", "Admin session expired, please login again", $target_top = true); exit; } } $_SESSION['_amember_sess_expires'] = $now + 3600; } /////////////////////////////////////////////////////////////////////////////// $t = new_smarty(); $vars = get_input_vars(); admin_check_session(); // check if session expired and User Agent if ($err = admin_auth()) { // authentication failed admin_login_form($err); // display login form exit; } if ($_SESSION['amember_admin']['last_session'] != session_id()) { $db->admin_update_login_info($_SESSION['amember_admin']['admin_id']); } if ($t) { $t->assign('SID', session_name() . '=' . session_id()); } unset($vars);
function create_user($args = array()) { global $class_path; # if tulek useri LOGIN VORMIST: # OK: save cookie & redirect # not OK: show sys article ######## FORGOTTEN PASSWORD form (bug #2296) if ($this->fdat["op"] == 'remindpass' || $this->fdat["op"] == 'saadaparool') { include_once $class_path . "login_html.inc.php"; # step2: send e-mail $this->fdat['form_error'] = send_remindpass(array("site" => $this)); # step1: show default entire page form (if no custom templates used) if (!$site->fdat['tpl'] && !$site->fdat['c_tpl']) { print_remindpass_form(array("site" => $this)); exit; } } if ($this->fdat["op"] == 'login' && $this->fdat["url"]) { $this->user = new User(array(user => $this->fdat["user"], pass => $this->fdat["pass"], "site" => &$this)); $user_id = $this->user->user_id; # kui ???nnelikult sisse loginud user, siis redirect if ($user_id) { # kirjuta log new Log(array('action' => 'log in', 'component' => 'Users', 'user_id' => $user_id, 'message' => "User '" . $this->user->all['firstname'] . " " . $this->user->all['lastname'] . "' logged in from IP: '" . $_SERVER["REMOTE_ADDR"] . "'" . ($this->user->auth_type ? ' (Authentication: ' . $this->user->auth_type . ')' : ''))); # tee redirect $this->sess_save(array(user_id => $user_id)); setcookie("logged", "1"); // need for cache header("Location: " . (empty($_SERVER['HTTPS']) ? 'http://' : 'https://') . $this->CONF['hostname'] . urldecode($this->fdat["url"])); exit; } else { # kirjuta logi new Log(array('action' => 'log in', 'component' => 'Users', 'type' => 'NOTICE', 'message' => "Unauthorized access to CMS: username '" . $this->fdat["user"] . "', IP: '" . $_SERVER["REMOTE_ADDR"] . "'")); $this->debug->msg("USER login by username & password => failed"); # nullida sessioonimuutuja $this->sess_save(array(user_id => 0)); # veateade: kui ollakse admin-osas siis n???idatakse seda admin login vormis if ($this->in_admin || $this->in_editor) { include_once $class_path . "login_html.inc.php"; admin_login_form(array("site" => $this, "auth_error" => $this->user->is_locked ? 2 : 1)); } else { # leida ???ige s???steemiartikkel if ($this->user && $this->user->all['is_locked']) { $this->sys_alias = "kasutaja_locked"; } else { $this->sys_alias = "login_incorrect"; } } $this->user = 0; } } ####################### # USERI LOOMINE: kas SESSION p???hjal v???i AUTOLOGIN IP p???hjal # 1. first auth by session $this->user = new user(array("user_id" => $this->sess_get("user_id"), "site" => &$this)); $this->debug->msg("USER from session => " . ($this->user->user_id ? 'Found: ' . $this->user->name : 'NONE')); ######## ADMIN are login form # if attempt to admin/ area but user doesn't exist then show login form if (($this->in_admin || $this->in_editor) && !$this->user->user_id) { include_once $class_path . "login_html.inc.php"; admin_login_form(array("site" => $this, "auth_error" => 0)); } ######## LOAD PERMISSIONS # if no user created then unset user instance if (!$this->user->user_id) { $this->user = 0; # create guest instance; guest has also name and permissions and group info $this->guest = new guest(array("site" => &$this)); # get *object* permissions $this->guest->permissions = $this->guest->load_objpermissions(); } else { # permissionite loadimise funktsioone tuleks teha s???ltuvalt asukohast, kas asutakse admin osas vms: # load *object* permissions $this->user->permissions = $this->user->load_objpermissions(); # load *admin pages* permissions $this->user->adminpermissions = $this->user->load_adminpermissions(); # juhul kui user parool vajab vahetamist (ja tegemist pole styles.php-ga) # viia registreerumisvormile if ($this->user->all['pass_expired'] && $this->fdat[op] != "register" && $this->script_name != 'styles.php') { if ($this->in_admin) { # if logging into admin-area header("Location: " . (empty($_SERVER['HTTPS']) ? 'http://' : 'https://') . $this->CONF['hostname'] . $this->CONF['wwwroot'] . "?op=register"); } else { header("Location: " . (empty($_SERVER['HTTPS']) ? 'http://' : 'https://') . $this->CONF['hostname'] . $this->URI . ($_SERVER["QUERY_STRING"] ? '&' : '?') . "op=register"); } exit; } } # ALIAS for compability with ver 3 : $this->kasutaja =& $this->user; # / $this->user ##################### }