//echo $_SESSION[$_GET['project']]['root'].' / '.md5($_SERVER['REMOTE_ADDR'] . $super[1]);
function L($s)
{
return str_replace('_', ' ', $s);
}
if (!isset($super) || isset($_GET['project']) && isset($_SESSION[$_GET['project']]['root']) && $_SESSION[$_GET['project']]['root'] == md5($_SERVER['REMOTE_ADDR'] . $super[1])) {
if (is_writable('../')) {
// save Settings to File
if (isset($_POST['pass'])) {
$templates = glob('./tpl_*.php');
$tpl = array();
foreach ($templates as $template) {
$tpl[] = basename($template);
}
$salt = substr(md5(mt_rand()), 0, 12);
$crpt = explode(':', crpt($_POST['pass'], $salt));
// save the Settings to inc/global_configuration.php
file_put_contents('../global_configuration.php', '<?php
// auto-generated: do not edit!
$super = array(\'' . $salt . '\', \'' . array_pop($crpt) . '\');
$config = array(
\'theme\' => array(\'' . $_POST['theme'] . '\'), // default jQuery-UI-theme
\'template\' => array(\'' . $_POST['template'] . '\'), // default backend-template
\'autolog\' => ' . (strlen($_POST['pass']) > 0 ? 'false' : 'true') . ', // automatic login without password
\'login\' => \'' . $_POST['login'] . '\', // use login-extension
);
');
chmod('../global_configuration.php', 0776);
echo '<div id="wrapper">
<h2>' . L('Password_saved') . '!</h2>
<a href="../../">' . L('Login-Page') . '</a></div>';
/**
* @param $projectPath
* @param $projectName
*/
function verifyUser($mysession, $post, $projectPath, $projectName)
{
global $log, $objects, $action, $mysession;
// Array containing Hook-Names to be processed (should be filled in hooks.php)
$loginHooks = array();
// set the Check-Variable to false
$log = false;
// dummy
$filter = '';
$super = array();
// includes
$includes = array(array(true, 'inc/global_configuration.php'), array(true, $projectPath . '/objects/__model.php'), array(true, $projectPath . '/objects/__filter.php'), array(true, $projectPath . '/objects/__database.php'), array(false, 'extensions/default/hooks.php'), array(false, $projectPath . '/extensions/default/hooks.php'));
foreach ($includes as $a) {
if ($a[0] && file_exists($a[1]) != $a[0]) {
exit('"' . $a[1] . '" is missing');
}
//echo $a[1].'<br>';
@(include $a[1]);
}
$mainConfig = $config;
$_CONF = $projectName . '\\Configuration';
// define/reset the main Session-Array
$mysession = array('sys_secret' => md5($_CONF::SECRET), 'usr_secret' => md5($post['pass']), 'login' => time(), 'special' => array(), 'lang' => $post['lang'], 'client' => json_decode(stripcslashes(htmlspecialchars_decode($post['client'])), true), 'filter' => $filter, 'sort' => array(), 'fields' => array(), 'messages' => array(), 'settings' => array('interface' => array('theme' => $mainConfig['theme'], 'default' => $mainConfig['template']), 'templates' => array('default' => array('columns' => array(55, 200, 200, 20, 1))), 'objects' => array('sort' => array())));
//$projectConfiguration = new $i();
//$_SESSION[$projectName]['projectConfiguration'] = ;
// collect global backend templates from backend and -optional- project
$templateFolders = glob('{templates/*,../projects/' . $projectName . '/templates/*}', GLOB_ONLYDIR | GLOB_BRACE);
$mainConfig['templates'] = array();
foreach ($templateFolders as $templatePath) {
if (file_exists($templatePath . '/backend.php')) {
$mainConfig['templates'][basename($templatePath)] = $templatePath;
}
}
// load configs
foreach (array('extensions/default/config/config.php', $projectPath . '/extensions/default/config/config.php') as $configFile) {
if (include $configFile) {
$mainConfig = array_merge_recursive($mainConfig, json_decode($config, true));
// print_r($mainConfig);exit(); // test if config is merged correctly (swap $configFiles above)
}
}
$mysession['config'] = $mainConfig;
// check for superroot //////////////////////////////////////////////////////////////
if (crpt(substr($post['pass'], 0, 200), $super[0]) === $super[0] . ':' . $super[1] && (in_array($_SERVER['SERVER_NAME'], array('localhost', '127.0.0.1')) || isset($_SESSION['captcha_answer']) && $post['name'] == $_SESSION['captcha_answer']) || end($mainConfig['autolog']) === 1) {
// try to load a previously saved configuration
@(include $projectPath . '/extensions/default/config/superroot.php');
// define User as "Super-Root" and put some infos into the user-array
$mysession['root'] = md5($_SERVER['REMOTE_ADDR'] . $super[1]);
// if the super-password is older than 2 months
if (time() - filemtime('inc/global_configuration.php') > 5259487) {
$mysession['messages'][] = 'Hello admin: please refresh your super-password!';
}
// settings
$mysession['settings'][0] = array('default' => array('objects' => array()));
$mysession['special']['user'] = array('id' => 0, 'username' => 'superroot', 'prename' => 'superroot', 'lastname' => 'superroot', 'profiles' => array(0 => 'superroot'), 'lastlogin' => 0, 'logintime' => time(), 'wizards' => array(), 'fileaccess' => array(array('driver' => 'LocalFileSystem', 'path' => 'files/', 'tmbPath' => 'files/.tmb')));
$log = true;
}
// super-root END
// (try to) call Login-Hooks
foreach ($loginHooks as $hook) {
if (function_exists($hook)) {
$mysession = call_user_func($hook, $mysession);
}
}
//
// collect Admin-Wizards from backend and -optional- project
if (isset($mysession['root'])) {
$mysession['adminfolders'] = array();
foreach (glob('{admin/*,../projects/' . $projectName . '/admin/*}', GLOB_ONLYDIR | GLOB_BRACE) as $f) {
$bf = basename($f);
// Admin-Wizards beginning with "_" are for Super-Admins only
if ($mysession['root'] != 1 || substr($bf, 0, 1) != '_') {
$mysession['special']['user']['wizards'][] = array('name' => $bf, 'url' => $f . '/index.php?project=' . $projectName);
}
}
}
// login failed
if (!$log) {
$errormsg = 'please_log_in';
goToIndex($projectName, $errormsg);
} else {
// Login-Check was successful
$mysession['objects'] = $objects;
$mysession['loginTime'] = time();
// create Check to prevent Session-Hijacking in crud.php
$mysession['user_fingerprint'] = md5($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . date('z'));
}
// reset Captcha-Answer if exists
if (isset($_SESSION['captcha_answer'])) {
unset($_SESSION['captcha_answer']);
}
return $mysession;
}
