if ($use_db) { // == 2. Initialize DB connection: == require dirname(__FILE__) . '/_init_db.inc.php'; // == 3. Initialize Modules: == // Let the modules load/register what they need: $Timer->resume('init modules'); modules_call_method('init'); $Timer->pause('init modules'); // == 4. Initialize Plugins: == // At this point, the first hook is "SessionLoaded" // The dnsbl_antispam plugin is an example that uses this to check the user's IP against a list of DNS blacklists. load_class('plugins/model/_plugins.class.php', 'Plugins'); /** * @global Plugins The Plugin management object */ $Plugins = new Plugins(); // This is the earliest event you can use $Plugins->trigger_event('AfterPluginsInit'); // == 5. Initialize WWW HIT: == if (!$is_cli) { require dirname(__FILE__) . '/_init_hit.inc.php'; } $Plugins->trigger_event('AfterMainInit'); } if (!$is_cli) { // Move user to suspect group by IP address antispam_suspect_user_by_IP(); } $Timer->pause('_MAIN.inc'); // LOG with APM: $Timer->log_duration('_MAIN.inc');
$action = param('action', 'string', NULL); // Check if the user needs to be validated, but is not yet: if (check_user_status('can_be_validated') && $action != 'logout' && $action != 'req_validatemail' && $action != 'validatemail' && $validate_required) { // we're not in that action already: $action = 'req_validatemail'; // for login.php if ($is_admin_page) { $login_error = T_('In order to access the admin interface, you must first activate your account by clicking on the activation link in the email we sent you. <b>See below:</b>'); } } // asimo> If login action is not empty and there was no login error, and action is not logut the we must log in if (!empty($login_action) && empty($login_error) && $action != 'logout') { // Trigger plugin event that allows the plugins to re-act on the login event: // TODO: dh> these events should provide a flag "login_attempt_failed". if (empty($current_User)) { $Plugins->trigger_event('AfterLoginAnonymousUser', array()); } else { $Plugins->trigger_event('AfterLoginRegisteredUser', array()); if (!empty($login_action)) { // We're coming from the Login form and need to redirect to the requested page: $redirect_to = param('redirect_to', 'url', $baseurl); if (empty($redirect_to) || preg_match('#/login.php([&?].*)?$#', $redirect_to) || preg_match('#/register.php([&?].*)?$#', $redirect_to) || preg_match('#disp=(login|register|lostpassword)#', $redirect_to)) { // avoid redirect back to login/register screen. This shouldn't occur. $redirect_to = $baseurl; } if ($email_login) { $Messages->add(sprintf(T_('You are now logged in as <b>%s</b>'), $login), $exists_more ? 'error' : 'success'); } header_redirect($redirect_to); exit(0); }