public function SessionStart()
{
common::GetConfig();
$username = '******';
$users = gpFiles::Get('_site/users');
$userinfo = $users[$username];
$session_id = gpsession::create($userinfo, $username, $sessions);
$logged_in = gpsession::start($session_id, $sessions);
self::AssertTrue($logged_in, 'Not Logged In');
}
function LogIn()
{
global $dataDir, $langmessage, $gp_internal_redir, $config;
// check nonce
// expire the nonce after 10 minutes
if (!common::verify_nonce('login_nonce', $_POST['login_nonce'], true, 300)) {
message($langmessage['OOPS'] . ' (Expired Nonce)');
return;
}
if (!isset($_COOKIE['g']) && !isset($_COOKIE[gp_session_cookie])) {
message($langmessage['COOKIES_REQUIRED']);
$gp_internal_redir = 'Admin_Main';
return false;
}
//delete the entry in $sessions if we're going to create another one with login
if (isset($_COOKIE[gp_session_cookie])) {
gpsession::CleanSession($_COOKIE[gp_session_cookie]);
}
include $dataDir . '/data/_site/users.php';
$username = gpsession::GetLoginUser($users);
if ($username === false) {
gpsession::IncorrectLogin('1');
return false;
}
$users[$username] += array('attempts' => 0, 'granted' => '', 'editing' => '');
$userinfo = $users[$username];
//Check Attempts
if ($userinfo['attempts'] >= 5) {
$timeDiff = (time() - $userinfo['lastattempt']) / 60;
//minutes
if ($timeDiff < 10) {
message($langmessage['LOGIN_BLOCK'], ceil(10 - $timeDiff));
$gp_internal_redir = 'Admin_Main';
return false;
}
}
//check against password sent to a user's email address from the forgot_password form
$passed = false;
if (!empty($userinfo['newpass']) && gpsession::CheckPassword($userinfo['newpass'])) {
$userinfo['password'] = $userinfo['newpass'];
$passed = true;
//check password
} elseif (gpsession::CheckPassword($userinfo['password'])) {
$passed = true;
}
//if passwords don't match
if ($passed !== true) {
gpsession::IncorrectLogin('2');
gpsession::UpdateAttempts($users, $username);
return false;
}
//will be saved in UpdateAttempts
if (isset($userinfo['newpass'])) {
unset($userinfo['newpass']);
}
$session_id = gpsession::create($userinfo, $username);
if (!$session_id) {
message($langmessage['OOPS'] . ' (Data Not Saved)');
gpsession::UpdateAttempts($users, $username, true);
return false;
}
$logged_in = gpsession::start($session_id);
if ($logged_in === true) {
message($langmessage['logged_in']);
} elseif ($logged_in === 'locked') {
$logged_in = false;
}
//need to save the user info regardless of success or not
//also saves file_name in users.php
$users[$username] = $userinfo;
gpsession::UpdateAttempts($users, $username, true);
return $logged_in;
}
/**
* Handle admin login/logout/session_start if admin session parameters exist
*
*/
function sessions()
{
$update_cookies = false;
$cmd = '';
if (isset($_GET['cmd']) && $_GET['cmd'] == 'logout') {
$cmd = 'logout';
} elseif (isset($_POST['cmd']) && $_POST['cmd'] == 'login') {
$cmd = $_POST['cmd'];
} elseif (isset($_COOKIE[gp_session_cookie])) {
$cmd = 'start';
} elseif (isset($_COOKIE['gpEasy'])) {
$_COOKIE[gp_session_cookie] = $_COOKIE['gpEasy'];
$update_cookies = true;
$cmd = 'start';
}
if (empty($cmd)) {
return;
}
includeFile('tool/sessions.php');
includeFile('admin/admin_tools.php');
includeFile('tool/editing.php');
if ($update_cookies) {
gpsession::cookie(gp_session_cookie, $_COOKIE['gpEasy']);
gpsession::cookie('gpEasy', '', time() - 42000);
}
switch ($cmd) {
case 'logout':
gpsession::LogOut();
return;
case 'login':
gpsession::LogIn();
return;
}
if (isset($_COOKIE[gp_session_cookie])) {
gpsession::CheckPosts($_COOKIE[gp_session_cookie]);
gpsession::start($_COOKIE[gp_session_cookie]);
}
}
