/** * @param array admin_lang * @access private */ function saveUser($admin_lang) { $user_id = GetPostOrGet('user_id'); if (is_numeric($user_id)) { $auth = new Auth_User($user_id); if (!$auth->is_admin) { $auth_view = GetPostOrGet('auth_view'); $auth_edit = GetPostOrGet('auth_edit'); $auth_delete = GetPostOrGet('auth_delete'); $auth_new_sub = GetPostOrGet('auth_new_sub'); $auth->view = $auth_view == 'true'; $auth->edit = $auth_edit == 'true'; $auth->delete = $auth_delete == 'true'; $auth->new_sub = $auth_new_sub == 'true'; $auth->Save(); } } header('Location: admin.php?page=rights'); die; }
/** * Auth and start user session. * * @param string $username * @param string $password * @return int * * @throws Auth_LoginException if login fails */ public function login($username = null, $password = null) { if (!$this->canStoreInfo()) { throw new Exception("Logging in through PHP is not supported with store option '{$this->store['driver']}'."); } $this->loggedIn = false; $this->user = null; $this->storeInfo(null); if ($this->isBlocked(null, true)) { $result = self::HOST_BLOCKED; } elseif (!isset($username)) { $result = self::NO_USERNAME; } elseif (!isset($password)) { $result = self::NO_PASSWORD; } else { $result = $this->authUser($username, $password); } if (is_object($result)) { $this->user = $result; if (!$this->user->isActive()) { $result = self::INACTIVE_USER; } elseif ($this->user->getExpires() < time()) { $result = self::PASSWORD_EXPIRED; } else { $result = self::OK; } } $this->status = $result; $this->logEvent('login', $result); if ($result == self::PASSWORD_EXPIRED) { throw new Auth_ExpiredException(); } elseif ($result != self::OK) { throw new Auth_LoginException($result == self::INCORRECT_PASSWORD ? self::UNKNOWN_USER : $result); } // Never output incorrect password, to prevent dictionary attacks $this->storeInfo(); $this->isBlocked(null, 0); $this->onLogin(); }