Example #1
0
/* If the authentication was a success */
if (isset($auth) && $auth['success'] && isset($user)) {
    // $auth->info are the fields specified in the config file
    //   to retrieve for each user
    Session::create($auth);
    // Not sure if it was me or php tripping out,
    //   but naming this 'user' didn't work at all
    $_SESSION['userdata'] = $auth;
    // Record the IP of this person!
    if (AmpConfig::get('track_user_ip')) {
        $user->insert_ip_history();
    }
    if (isset($username)) {
        Session::create_user_cookie($username);
        if ($_POST['rememberme']) {
            Session::create_remember_cookie($username);
        }
    }
    // Update data from this auth if ours are empty
    if (empty($user->fullname) && !empty($auth['name'])) {
        $user->update_fullname($auth['name']);
    }
    if (empty($user->email) && !empty($auth['email'])) {
        $user->update_email($auth['email']);
    }
    if (empty($user->website) && !empty($auth['website'])) {
        $user->update_website($auth['website']);
    }
    $GLOBALS['user'] = $user;
    // If an admin, check for update
    if (AmpConfig::get('autoupdate') && Access::check('interface', '100')) {
Example #2
0
 */
if (AmpConfig::get('access_control')) {
    if (!Access::check_network('interface', '', '5')) {
        debug_event('UI::access_denied', 'Access Denied:' . $_SERVER['REMOTE_ADDR'] . ' is not in the Interface Access list', '3');
        UI::access_denied();
        exit;
    }
}
// access_control is enabled
/* Clean Auth values */
unset($auth);
if (empty($_REQUEST['step'])) {
    /* Check for posted username and password, or appropriate environment variable if using HTTP auth */
    if ($_POST['username'] || in_array('http', AmpConfig::get('auth_methods')) && ($_SERVER['REMOTE_USER'] || $_SERVER['HTTP_REMOTE_USER'])) {
        if ($_POST['rememberme']) {
            Session::create_remember_cookie();
        }
        /* If we are in demo mode let's force auth success */
        if (AmpConfig::get('demo_mode')) {
            $auth['success'] = true;
            $auth['info']['username'] = 'Admin - DEMO';
            $auth['info']['fullname'] = 'Administrative User';
            $auth['info']['offset_limit'] = 25;
        } else {
            if ($_POST['username']) {
                $username = scrub_in($_POST['username']);
                $password = $_POST['password'];
            } else {
                if ($_SERVER['REMOTE_USER']) {
                    $username = $_SERVER['REMOTE_USER'];
                } elseif ($_SERVER['HTTP_REMOTE_USER']) {