/**
* @param array admin_lang
* @access private
*/
function saveUser($admin_lang)
{
$user_id = GetPostOrGet('user_id');
if (is_numeric($user_id)) {
$auth = new Auth_User($user_id);
if (!$auth->is_admin) {
$auth_view = GetPostOrGet('auth_view');
$auth_edit = GetPostOrGet('auth_edit');
$auth_delete = GetPostOrGet('auth_delete');
$auth_new_sub = GetPostOrGet('auth_new_sub');
$auth->view = $auth_view == 'true';
$auth->edit = $auth_edit == 'true';
$auth->delete = $auth_delete == 'true';
$auth->new_sub = $auth_new_sub == 'true';
$auth->Save();
}
}
header('Location: admin.php?page=rights');
die;
}
/**
* Auth and start user session.
*
* @param string $username
* @param string $password
* @return int
*
* @throws Auth_LoginException if login fails
*/
public function login($username = null, $password = null)
{
if (!$this->canStoreInfo()) {
throw new Exception("Logging in through PHP is not supported with store option '{$this->store['driver']}'.");
}
$this->loggedIn = false;
$this->user = null;
$this->storeInfo(null);
if ($this->isBlocked(null, true)) {
$result = self::HOST_BLOCKED;
} elseif (!isset($username)) {
$result = self::NO_USERNAME;
} elseif (!isset($password)) {
$result = self::NO_PASSWORD;
} else {
$result = $this->authUser($username, $password);
}
if (is_object($result)) {
$this->user = $result;
if (!$this->user->isActive()) {
$result = self::INACTIVE_USER;
} elseif ($this->user->getExpires() < time()) {
$result = self::PASSWORD_EXPIRED;
} else {
$result = self::OK;
}
}
$this->status = $result;
$this->logEvent('login', $result);
if ($result == self::PASSWORD_EXPIRED) {
throw new Auth_ExpiredException();
} elseif ($result != self::OK) {
throw new Auth_LoginException($result == self::INCORRECT_PASSWORD ? self::UNKNOWN_USER : $result);
}
// Never output incorrect password, to prevent dictionary attacks
$this->storeInfo();
$this->isBlocked(null, 0);
$this->onLogin();
}