/** * Check if we are admin * @return boolean */ function isParvulaAdmin() { if (session_id() === '') { session_start(); } if (isset($_SESSION, $_SESSION['login']) && $_SESSION['login'] === true) { session_regenerate_id(true); $logged = $_SESSION['login']; $sid = uidSession(); if (isset($_SESSION['id']) && $_SESSION['id'] !== $sid) { session_destroy(); return false; } return true; } else { return false; } }
} $adminConf = (require DATA . 'admin.conf.php'); if ($adminConf['password'] === "_Your_Password_") { die('You MUST change the default password in `' . DATA . 'admin.conf.php`.'); } $view = new View(ADMIN . 'view'); $view->assign('baseUrl', Parvula::getRelativeURIToRoot()); $view->assign('templateUrl', Parvula::getRelativeURIToRoot() . TMPL . Config::get('template')); // Check password if (isset($_POST, $_POST['password'])) { if ($_POST['password'] === $adminConf['password']) { if (session_id() === '') { session_id(uniqid()); session_start(); } $_SESSION['id'] = uidSession(); $_SESSION['login'] = true; // Post/Redirect/Get pattern header("Location: ./", true, 303); } else { $view->assign('notice', true); } } if (true === isParvulaAdmin()) { $parvula = new Parvula(); $pagesList = $parvula->listPages(true); $view->assign('pagesList', $pagesList); $view->assign('_page', 'admin'); } else { $view->assign('_page', 'login'); }