Beispiel #1
0
 private function _adminAccess()
 {
     require BASE_DIR . BACKEND_DIR . 'db.php';
     if (!isset($_REQUEST['username'])) {
         return false;
     }
     if (!isset($_REQUEST['password'])) {
         return false;
     }
     //check log in
     if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
         if (\Backend\Db::incorrectLoginCount($_REQUEST['username'] . '(' . $_SERVER['REMOTE_ADDR'] . ')') > 2) {
             \Backend\Db::log('system', 'backend login suspended (menu management)', $_REQUEST['username'] . '(' . $_SERVER['REMOTE_ADDR'] . ')', 2);
             return false;
         } else {
             $id = \Backend\Db::userId($_REQUEST['username'], $_REQUEST['password']);
             if ($id !== false) {
                 $module = \Db::getModule(null, $groupName = 'standard', $moduleName = 'menu_management');
                 if (\Backend\Db::allowedModule($moduleId = $module['id'], $userId = $id)) {
                     \Backend\Db::log('system', 'backend login (menu management)', $_REQUEST['username'] . ' (' . $_SERVER['REMOTE_ADDR'] . ')', 0);
                     return true;
                 } else {
                     \Backend\Db::log('system', 'this user is not allowed to access menu management module', $_REQUEST['username'] . '(' . $_SERVER['REMOTE_ADDR'] . ')', 1);
                     return false;
                 }
             } else {
                 \Backend\Db::log('system', 'backend login incorrect (menu management)', $_REQUEST['username'] . '(' . $_SERVER['REMOTE_ADDR'] . ')', 1);
                 return false;
             }
         }
     }
     //check log in
     return false;
 }
Beispiel #2
0
 /**
  * Output management tools
  *
  * @access public
  * @return string Option
  */
 function manage()
 {
     global $parametersMod;
     //log off
     if (isset($_REQUEST['action']) && $_REQUEST['action'] == "logout" && !isset($_REQUEST['module_id'])) {
         $this->session->logout();
         $this->html->headerModules();
         $this->html->html('<script type="text/javascript">window.top.location=\'admin.php\';</script>');
         $this->deleteTmpFiles();
         $this->html->footer();
         $this->html->send();
         \db::disconnect();
         exit;
     }
     //eof log off
     //log in
     if (isset($_REQUEST['action']) && isset($_REQUEST['f_name']) && isset($_REQUEST['f_pass']) && $_REQUEST['action'] == "login" && !isset($_REQUEST['module_id'])) {
         if (\Backend\Db::incorrectLoginCount($_REQUEST['f_name'] . '(' . $_SERVER['REMOTE_ADDR'] . ')') > 2) {
             $this->loginError = $parametersMod->getValue('standard', 'configuration', 'system_translations', 'login_suspended');
             \Backend\Db::log('system', 'backend login suspended', $_REQUEST['f_name'] . '(' . $_SERVER['REMOTE_ADDR'] . ')', 2);
         } else {
             $id = \Backend\Db::userId($_REQUEST['f_name'], $_REQUEST['f_pass']);
             if ($id !== false) {
                 $this->session->login($id);
                 \Backend\Db::log('system', 'backend login', $_REQUEST['f_name'] . ' (' . $_SERVER['REMOTE_ADDR'] . ')', 0);
                 header("location:ip_backend_frames.php");
             } else {
                 $this->loginError = $parametersMod->getValue('standard', 'configuration', 'system_translations', 'login_incorrect');
                 \Backend\Db::log('system', 'backend login incorrect', $_REQUEST['f_name'] . '(' . $_SERVER['REMOTE_ADDR'] . ')', 1);
             }
         }
     }
     //eof log in
     if ($this->session->loggedIn()) {
         //login check
         //create module
         if (isset($_GET['module_id']) && $_GET['module_id'] != '' && \Backend\Db::allowedModule($_GET['module_id'], $this->session->userId())) {
             /*new module*/
             $newModule = \Db::getModule($_GET['module_id']);
             if ($newModule['core']) {
                 require MODULE_DIR . $newModule['g_name'] . '/' . $newModule['m_name'] . '/manager.php';
             } else {
                 require PLUGIN_DIR . $newModule['g_name'] . '/' . $newModule['m_name'] . '/manager.php';
             }
             $this->curModId = $newModule['id'];
             eval('$this->module = new \\Modules\\' . $newModule['g_name'] . '\\' . $newModule['m_name'] . '\\Manager();');
         } else {
             if (isset($_GET['action']) && $_GET['action'] == 'first_module') {
                 /*first module*/
                 $newModule = \Backend\Db::firstAllowedModule($this->session->userId());
                 if ($newModule != false) {
                     $this->curModId = $newModule['id'];
                     if ($newModule['core']) {
                         require MODULE_DIR . $newModule['g_name'] . '/' . $newModule['m_name'] . '/manager.php';
                     } else {
                         require PLUGIN_DIR . $newModule['g_name'] . '/' . $newModule['m_name'] . '/manager.php';
                     }
                     eval('$this->module = new \\Modules\\' . $newModule['g_name'] . '\\' . $newModule['m_name'] . '\\Manager();');
                 }
             } elseif (isset($_GET['action']) && ($_GET['action'] = 'ping')) {
                 $this->html->html('');
             } elseif (!isset($_GET['action'])) {
                 $this->html->html('<html><body><script type="text/javascript">parent.window.top.location=\'ip_backend_frames.php\';</script></body></html>');
             }
         }
         //eof create module
         if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'tep_modules') {
             $this->html->headerModules();
             $this->html->modules(\Backend\Db::modules(true, $this->session->userId()));
             $this->html->footer();
         } else {
             if ($this->module) {
                 $this->html->html($this->module->manage());
             }
         }
     } else {
         if (strpos(BASE_URL, $_SERVER['HTTP_HOST']) != 7 && strpos(BASE_URL, $_SERVER['HTTP_HOST']) != 8) {
             /*check if we are in correct subdomain. www.yoursite.com not allways equal to yoursite.com from session perspective)*/
             header("location: " . BASE_URL . "admin.php");
             \db::disconnect();
             exit;
         }
         $this->html->headerLogin();
         $this->html->html('<script type="text/javascript">if(parent.header && parent.content)parent.window.top.location=\'admin.php\';</script>');
         $this->html->loginForm($this->loginError);
         //login window
         $this->html->footer();
     }
     $this->html->send();
 }