/* If the authentication was a success */ if (isset($auth) && $auth['success'] && isset($user)) { // $auth->info are the fields specified in the config file // to retrieve for each user Session::create($auth); // Not sure if it was me or php tripping out, // but naming this 'user' didn't work at all $_SESSION['userdata'] = $auth; // Record the IP of this person! if (AmpConfig::get('track_user_ip')) { $user->insert_ip_history(); } if (isset($username)) { Session::create_user_cookie($username); if ($_POST['rememberme']) { Session::create_remember_cookie($username); } } // Update data from this auth if ours are empty if (empty($user->fullname) && !empty($auth['name'])) { $user->update_fullname($auth['name']); } if (empty($user->email) && !empty($auth['email'])) { $user->update_email($auth['email']); } if (empty($user->website) && !empty($auth['website'])) { $user->update_website($auth['website']); } $GLOBALS['user'] = $user; // If an admin, check for update if (AmpConfig::get('autoupdate') && Access::check('interface', '100')) {
*/ if (AmpConfig::get('access_control')) { if (!Access::check_network('interface', '', '5')) { debug_event('UI::access_denied', 'Access Denied:' . $_SERVER['REMOTE_ADDR'] . ' is not in the Interface Access list', '3'); UI::access_denied(); exit; } } // access_control is enabled /* Clean Auth values */ unset($auth); if (empty($_REQUEST['step'])) { /* Check for posted username and password, or appropriate environment variable if using HTTP auth */ if ($_POST['username'] || in_array('http', AmpConfig::get('auth_methods')) && ($_SERVER['REMOTE_USER'] || $_SERVER['HTTP_REMOTE_USER'])) { if ($_POST['rememberme']) { Session::create_remember_cookie(); } /* If we are in demo mode let's force auth success */ if (AmpConfig::get('demo_mode')) { $auth['success'] = true; $auth['info']['username'] = '******'; $auth['info']['fullname'] = 'Administrative User'; $auth['info']['offset_limit'] = 25; } else { if ($_POST['username']) { $username = scrub_in($_POST['username']); $password = $_POST['password']; } else { if ($_SERVER['REMOTE_USER']) { $username = $_SERVER['REMOTE_USER']; } elseif ($_SERVER['HTTP_REMOTE_USER']) {