function manage_auth() { global $CONF, $CONF_PAGE, $DB; if (!isset($_POST["login"]) && !isset($_POST["password"]) && ($CONF[auth_required] == "always" || $CONF_PAGE[auth_required] == "yes" && $CONF[auth_required] == "perpage") && !$_SESSION[fw_logged]) { header("location: " . $CONF[url_base] . $CONF[auth_login_page] . "?post_login="******"login"]) && isset($_POST["password"])) { switch ($CONF[auth_type]) { case "db": $auth_check = check_auth_db(); break; //ADD here other auth method like ldap } //If Auth Failed send back to login page with failed=1 flag if (!$auth_check) { header("location: " . $CONF[url_base] . $CONF[auth_login_page] . "?failed=1"); die; } elseif ($auth_check == -1) { header("location: " . $CONF[url_base] . $CONF[auth_login_page] . "?alreadyin=1"); die; } else { //Start Session, check for page to open after login, set language and template fw_init_session($auth_check[id]); //Set user as logged $_SESSION[fw_logged] = 1; $_SESSION[fw_userid] = $auth_check[id]; // Set user as logged in $DB->Execute("UPDATE users SET last_action=NOW(), sid='" . session_id() . "' WHERE id=" . $auth_check[id]); // LOG Access log_event("L", "", ""); // Redefine language. Since we user Constant for language definition, new language will be applied only after the forward. if (strlen($auth_check[lang]) > 0) { $CUR_LANG = $auth_check[lang]; $_SESSION[cur_lang] = $auth_check[lang]; } //REDEFINE TEMPLATE HERE !!!! if (strlen($auth_check[template]) > 0) { $CUR_TEMPL = $auth_check[template]; $_SESSION[cur_templ] = $auth_check[template]; } //Check for user group if CONF is set if (isset($CONF[auth_group_table])) { $group_query = $DB->Execute("SELECT groupid FROM " . $CONF[auth_group_table] . " WHERE userid=" . $auth_check[id]); if ($group_query && $group_query->RecordCount() > 0) { $cnt = 0; while (!$group_query->EOF) { if ($cnt > 0) { $group .= ","; } $group .= $group_query->fields[groupid]; $cnt++; $group_query->MoveNext(); } } $_SESSION[fw_user_groups] = $group; } if (strlen($_GET[post_login]) > 0) { header("location: " . $CONF[url_base] . ereg_replace("^" . quotemeta($CONF[abs_url]), '', urldecode($_GET[post_login]))); } elseif (strlen($CONF[auth_force_home]) > 0) { //originale //header("location: ".$CONF[url_base].$CONF[auth_force_home]); //modifica knomos plus if ($_POST[mobile] == 1) { $_SESSION[mobile] = true; } else { $_SESSION[mobile] = false; } header("location: " . $CONF[url_base] . $CONF[auth_force_home]); //header("location: ".$CONF[url_base].$CONF[auth_force_home]."?modalita=".$_POST[modalita]."--".$_SESSION[mobile]);//per test } } } }
session_start(); $_SESSION[fw_session_started] = 1; } $table_to_load = explode(",,", $CONF[session_table_preload]); foreach ($table_to_load as $tab_init) { unset($rs); if (strstr($tab_init, "||")) { $table_init_options = explode("||", $tab_init); $sql = "SELECT * FROM " . $table_init_options[0] . " WHERE " . $table_init_options[1] . "={$id}"; $rs = $DB->Execute($sql); if ($rs) { $_SESSION[$table_init_options[0]] = $rs->FetchRow(); } } else { $sql = "SELECT * FROM " . $table_init_options[0] . "order by id asc"; $rs = $DB->Execute($sql); if ($rs) { $_SESSION[$table_init_options[0]] = $rs->GetArray(); } } } } if ($CONF[session_start] != "never") { session_start(); if ($CONF[session_start] == "onauth" && !$_SESSION[fw_logged]) { session_unset(); } elseif ($CONF[session_start] == "always" && !$_SESSION[fw_session_started]) { session_unset(); fw_init_session(); } }