# mis n�uab sisselogimist, siis n�idata
# sisselogimise akent. Kui kasutaja on sisselogitud ja
# kui objekt on peidetud ja piiratud kasutajale
# siis n�idata 404 error page
##############################################################
####### check permissions
$perm = get_obj_permission(array("objekt_id" => $leht->id));
# kas useril on �igus objekti n�ha? 1/0
if (!$perm['R'] && !$leht->site->in_editor) {
if ($leht->site->user) {
# POOLELI in ver 4
# header("Location: ".$site->CONF['protocol'].$site->CONF['hostname'].$site->CONF['wwwroot']."?id=".$site->alias("404error"));
} else {
$leht->site->fdat[op] = "";
include_once $class_path . "login_html.inc.php";
admin_login_form(array("site" => $site, "auth_error" => 0));
}
}
#$leht->parents->debug->print_msg();
#$leht->topmeny->debug->print_msg();
#$site->debug->print_hash($site->fdat,1,"FDAT");
#$leht->debug->print_msg();
##############################
# create template
$template = new Template($leht);
###########################
# 1. CONTENT TEMPLATE, kui master template on SAPI template
# tr�kkida: admin-header & page-html (kas parenti oma v�i master) & content-html
if (!$template->on_page_templ && $site->master_tpl['ttyyp_id']) {
#######################
# hoiame meeles sisumalli - see kutsutakse hiljem v�lja smarty tag-iga {print_content}
$now = time();
if (isset($_SESSION['_amember_sess_expires']) && isset($_SESSION['_admin_pass'])) {
if ($_SESSION['_amember_sess_expires'] < $now) {
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() - 42000, '/');
}
session_destroy();
admin_html_redirect($config['root_url'] . '/admin/', "Admin session expired", "Admin session expired, please login again", $target_top = true);
exit;
}
}
$_SESSION['_amember_sess_expires'] = $now + 3600;
}
///////////////////////////////////////////////////////////////////////////////
$t = new_smarty();
$vars = get_input_vars();
admin_check_session();
// check if session expired and User Agent
if ($err = admin_auth()) {
// authentication failed
admin_login_form($err);
// display login form
exit;
}
if ($_SESSION['amember_admin']['last_session'] != session_id()) {
$db->admin_update_login_info($_SESSION['amember_admin']['admin_id']);
}
if ($t) {
$t->assign('SID', session_name() . '=' . session_id());
}
unset($vars);
function create_user($args = array())
{
global $class_path;
# if tulek useri LOGIN VORMIST:
# OK: save cookie & redirect
# not OK: show sys article
######## FORGOTTEN PASSWORD form (bug #2296)
if ($this->fdat["op"] == 'remindpass' || $this->fdat["op"] == 'saadaparool') {
include_once $class_path . "login_html.inc.php";
# step2: send e-mail
$this->fdat['form_error'] = send_remindpass(array("site" => $this));
# step1: show default entire page form (if no custom templates used)
if (!$site->fdat['tpl'] && !$site->fdat['c_tpl']) {
print_remindpass_form(array("site" => $this));
exit;
}
}
if ($this->fdat["op"] == 'login' && $this->fdat["url"]) {
$this->user = new User(array(user => $this->fdat["user"], pass => $this->fdat["pass"], "site" => &$this));
$user_id = $this->user->user_id;
# kui ???nnelikult sisse loginud user, siis redirect
if ($user_id) {
# kirjuta log
new Log(array('action' => 'log in', 'component' => 'Users', 'user_id' => $user_id, 'message' => "User '" . $this->user->all['firstname'] . " " . $this->user->all['lastname'] . "' logged in from IP: '" . $_SERVER["REMOTE_ADDR"] . "'" . ($this->user->auth_type ? ' (Authentication: ' . $this->user->auth_type . ')' : '')));
# tee redirect
$this->sess_save(array(user_id => $user_id));
setcookie("logged", "1");
// need for cache
header("Location: " . (empty($_SERVER['HTTPS']) ? 'http://' : 'https://') . $this->CONF['hostname'] . urldecode($this->fdat["url"]));
exit;
} else {
# kirjuta logi
new Log(array('action' => 'log in', 'component' => 'Users', 'type' => 'NOTICE', 'message' => "Unauthorized access to CMS: username '" . $this->fdat["user"] . "', IP: '" . $_SERVER["REMOTE_ADDR"] . "'"));
$this->debug->msg("USER login by username & password => failed");
# nullida sessioonimuutuja
$this->sess_save(array(user_id => 0));
# veateade: kui ollakse admin-osas siis n???idatakse seda admin login vormis
if ($this->in_admin || $this->in_editor) {
include_once $class_path . "login_html.inc.php";
admin_login_form(array("site" => $this, "auth_error" => $this->user->is_locked ? 2 : 1));
} else {
# leida ???ige s???steemiartikkel
if ($this->user && $this->user->all['is_locked']) {
$this->sys_alias = "kasutaja_locked";
} else {
$this->sys_alias = "login_incorrect";
}
}
$this->user = 0;
}
}
#######################
# USERI LOOMINE: kas SESSION p???hjal v???i AUTOLOGIN IP p???hjal
# 1. first auth by session
$this->user = new user(array("user_id" => $this->sess_get("user_id"), "site" => &$this));
$this->debug->msg("USER from session => " . ($this->user->user_id ? 'Found: ' . $this->user->name : 'NONE'));
######## ADMIN are login form
# if attempt to admin/ area but user doesn't exist then show login form
if (($this->in_admin || $this->in_editor) && !$this->user->user_id) {
include_once $class_path . "login_html.inc.php";
admin_login_form(array("site" => $this, "auth_error" => 0));
}
######## LOAD PERMISSIONS
# if no user created then unset user instance
if (!$this->user->user_id) {
$this->user = 0;
# create guest instance; guest has also name and permissions and group info
$this->guest = new guest(array("site" => &$this));
# get *object* permissions
$this->guest->permissions = $this->guest->load_objpermissions();
} else {
# permissionite loadimise funktsioone tuleks teha s???ltuvalt asukohast, kas asutakse admin osas vms:
# load *object* permissions
$this->user->permissions = $this->user->load_objpermissions();
# load *admin pages* permissions
$this->user->adminpermissions = $this->user->load_adminpermissions();
# juhul kui user parool vajab vahetamist (ja tegemist pole styles.php-ga)
# viia registreerumisvormile
if ($this->user->all['pass_expired'] && $this->fdat[op] != "register" && $this->script_name != 'styles.php') {
if ($this->in_admin) {
# if logging into admin-area
header("Location: " . (empty($_SERVER['HTTPS']) ? 'http://' : 'https://') . $this->CONF['hostname'] . $this->CONF['wwwroot'] . "?op=register");
} else {
header("Location: " . (empty($_SERVER['HTTPS']) ? 'http://' : 'https://') . $this->CONF['hostname'] . $this->URI . ($_SERVER["QUERY_STRING"] ? '&' : '?') . "op=register");
}
exit;
}
}
# ALIAS for compability with ver 3 :
$this->kasutaja =& $this->user;
# / $this->user
#####################
}
