stopError($conf['l']['admin:msg:NeedLogin']); } $view->setMaster('adminloginpage'); $view->setWorkFlow(array('adminloginpage')); $authX = $view->getOutput(); $view->setMaster('plainpage'); $view->setPassData(array('plainContent' => $authX)); $view->setWorkFlow(array('plainpage')); $view->finalize(); } else { $admin->verifySessionToken($_SESSION['login-token']); } if (!$admin->verified) { stopError($conf['l']['admin:msg:NeedLogin']); } else { $view->setPassData(array('logoutCSRFCode' => $admin->getCSRFCode('logout'), 'navCSRFCode' => $admin->getCSRFCode('navibar'))); } } if ($canonical->currentArgs['mainAction'] == '1') { if (defined('ajax')) { if (isset($_SERVER['HTTP_X_REQUESTED_WITH'])) { if ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') { ajaxSuccess($admin->getCSRFCode('navibar')); } else { stopError(bw::$conf['l']['admin:msg:CSRF']); } } else { stopError(bw::$conf['l']['admin:msg:CSRF']); } } else { header("Location: {$conf['siteURL']}/{$conf['linkPrefixAdmin']}/dashboard/{$conf['linkConj']}CSRFCode=" . $admin->getCSRFCode('navibar'));
} elseif ($canonical->currentArgs['mainAction'] == 'nasearch') { //Authorize a mobile phone if (!isset($_REQUEST['inPC'])) { stopError('6'); } if (strlen($_REQUEST['inPC']) != 6) { stopError(''); } $inPC2 = bw::$db->getSingleRow('SELECT * FROM cache WHERE caID=?', array('nalogin')); if ($inPC2) { if ($inPC2['caContent'] == $_REQUEST['inPC']) { @session_start(); $admin = new bwAdmin(); $admin->storeMobileToken(); bw::$db->dbExec('DELETE FROM cache WHERE caID=?', array('nalogin')); ajaxSuccess($admin->getCSRFCode('navibar')); } } stopError(''); } //Rest is comment if ($conf['commentOpt'] != 0) { loadServices(); if ($conf['commentOpt'] == 1 || $conf['commentOpt'] == 2) { //Build-in comment @session_start(); $comment = new bwComment(); } elseif ($conf['commentOpt'] == 3) { die('Access Denied.'); } } else {