function manage_auth()
{
global $CONF, $CONF_PAGE, $DB;
if (!isset($_POST["login"]) && !isset($_POST["password"]) && ($CONF[auth_required] == "always" || $CONF_PAGE[auth_required] == "yes" && $CONF[auth_required] == "perpage") && !$_SESSION[fw_logged]) {
header("location: " . $CONF[url_base] . $CONF[auth_login_page] . "?post_login="******"login"]) && isset($_POST["password"])) {
switch ($CONF[auth_type]) {
case "db":
$auth_check = check_auth_db();
break;
//ADD here other auth method like ldap
}
//If Auth Failed send back to login page with failed=1 flag
if (!$auth_check) {
header("location: " . $CONF[url_base] . $CONF[auth_login_page] . "?failed=1");
die;
} elseif ($auth_check == -1) {
header("location: " . $CONF[url_base] . $CONF[auth_login_page] . "?alreadyin=1");
die;
} else {
//Start Session, check for page to open after login, set language and template
fw_init_session($auth_check[id]);
//Set user as logged
$_SESSION[fw_logged] = 1;
$_SESSION[fw_userid] = $auth_check[id];
// Set user as logged in
$DB->Execute("UPDATE users SET last_action=NOW(), sid='" . session_id() . "' WHERE id=" . $auth_check[id]);
// LOG Access
log_event("L", "", "");
// Redefine language. Since we user Constant for language definition, new language will be applied only after the forward.
if (strlen($auth_check[lang]) > 0) {
$CUR_LANG = $auth_check[lang];
$_SESSION[cur_lang] = $auth_check[lang];
}
//REDEFINE TEMPLATE HERE !!!!
if (strlen($auth_check[template]) > 0) {
$CUR_TEMPL = $auth_check[template];
$_SESSION[cur_templ] = $auth_check[template];
}
//Check for user group if CONF is set
if (isset($CONF[auth_group_table])) {
$group_query = $DB->Execute("SELECT groupid FROM " . $CONF[auth_group_table] . " WHERE userid=" . $auth_check[id]);
if ($group_query && $group_query->RecordCount() > 0) {
$cnt = 0;
while (!$group_query->EOF) {
if ($cnt > 0) {
$group .= ",";
}
$group .= $group_query->fields[groupid];
$cnt++;
$group_query->MoveNext();
}
}
$_SESSION[fw_user_groups] = $group;
}
if (strlen($_GET[post_login]) > 0) {
header("location: " . $CONF[url_base] . ereg_replace("^" . quotemeta($CONF[abs_url]), '', urldecode($_GET[post_login])));
} elseif (strlen($CONF[auth_force_home]) > 0) {
//originale
//header("location: ".$CONF[url_base].$CONF[auth_force_home]);
//modifica knomos plus
if ($_POST[mobile] == 1) {
$_SESSION[mobile] = true;
} else {
$_SESSION[mobile] = false;
}
header("location: " . $CONF[url_base] . $CONF[auth_force_home]);
//header("location: ".$CONF[url_base].$CONF[auth_force_home]."?modalita=".$_POST[modalita]."--".$_SESSION[mobile]);//per test
}
}
}
}
session_start();
$_SESSION[fw_session_started] = 1;
}
$table_to_load = explode(",,", $CONF[session_table_preload]);
foreach ($table_to_load as $tab_init) {
unset($rs);
if (strstr($tab_init, "||")) {
$table_init_options = explode("||", $tab_init);
$sql = "SELECT * FROM " . $table_init_options[0] . " WHERE " . $table_init_options[1] . "={$id}";
$rs = $DB->Execute($sql);
if ($rs) {
$_SESSION[$table_init_options[0]] = $rs->FetchRow();
}
} else {
$sql = "SELECT * FROM " . $table_init_options[0] . "order by id asc";
$rs = $DB->Execute($sql);
if ($rs) {
$_SESSION[$table_init_options[0]] = $rs->GetArray();
}
}
}
}
if ($CONF[session_start] != "never") {
session_start();
if ($CONF[session_start] == "onauth" && !$_SESSION[fw_logged]) {
session_unset();
} elseif ($CONF[session_start] == "always" && !$_SESSION[fw_session_started]) {
session_unset();
fw_init_session();
}
}
