ini_set('display_errors', 0);
ini_set('display_startup_errors', 0);
ini_set('log_errors', 1);
//ini_set('error_reporting', 0); // Default
} else {
define('OBS_DEBUG', 1);
}
}
$permissions = permissions_cache($_SESSION['user_id']);
// Add feeds & api keys after first auth
if ($mcrypt_exists && !get_user_pref($_SESSION['user_id'], 'atom_key')) {
// Generate unique token
do {
$atom_key = md5(strgen());
} while (dbFetchCell("SELECT COUNT(*) FROM `users_prefs` WHERE `pref` = ? AND `value` = ?;", array('atom_key', $atom_key)) > 0);
set_user_pref($_SESSION['user_id'], 'atom_key', $atom_key);
}
}
if ($auth_success) {
// If just logged in go to request uri, unless we're debugging, in which case we want to see authentication module output first.
if (!OBS_DEBUG) {
header("Location: " . $_SERVER['REQUEST_URI']);
} else {
print_message("Debugging mode has disabled redirect to front page; please click <a href=\"" . $_SERVER['REQUEST_URI'] . "\">here</a> to continue.");
}
exit;
}
}
///r($_SESSION);
///r($_COOKIE);
///r($permissions);
unset($prefs);
if (is_numeric($_SESSION['user_id'])) {
$user_id = $_SESSION['user_id'];
$prefs = get_user_prefs($user_id);
// Reset RSS/Atom key
if ($vars['atom_key'] == "toggle") {
if (set_user_pref($user_id, 'atom_key', md5(strgen()))) {
print_success('RSS/Atom key updated.');
$prefs = get_user_prefs($user_id);
} else {
print_error('Error generating RSS/Atom key.');
}
}
// Reset API key
if ($vars['api_key'] == "toggle") {
if (set_user_pref($user_id, 'api_key', md5(strgen()))) {
print_success('API key updated.');
$prefs = get_user_prefs($user_id);
} else {
print_error('Error generating API key.');
}
}
}
$atom_key_updated = isset($prefs['atom_key']['updated']) ? formatUptime(time() - strtotime($prefs['atom_key']['updated']), 'shorter') . ' ago' : 'Never';
$api_key_updated = isset($prefs['api_key']['updated']) ? formatUptime(time() - strtotime($prefs['api_key']['updated']), 'shorter') . ' ago' : 'Never';
$filename = $config['html_dir'] . '/pages/preferences/' . $vars['section'] . '.inc.php';
if (is_file($filename)) {
$vars = get_vars('POST');
// Note, on edit pages use only method POST!
include $filename;
} else {
dbInsert(array('user_encpass' => $encpass, 'expire' => $lifetime, 'username' => $_SESSION['username'], 'user_uniq' => $user_unique_id, 'user_ckey' => $ckey), 'users_ckeys');
setcookie("ckey", $ckey, $lifetime, $cookie_path, $cookie_domain, $cookie_https, $cookie_httponly);
setcookie("dkey", $dkey, $lifetime, $cookie_path, $cookie_domain, $cookie_https, $cookie_httponly);
unset($_SESSION['user_ckey_id']);
}
}
// Retrieve user ID and permissions
if ($_SESSION['authenticated']) {
if (!is_numeric($_SESSION['userlevel']) || !is_numeric($_SESSION['user_id'])) {
$_SESSION['userlevel'] = auth_user_level($_SESSION['username']);
$_SESSION['user_id'] = auth_user_id($_SESSION['username']);
}
$permissions = permissions_cache($_SESSION['user_id']);
// Add feeds & api keys after first auth
if ($mcrypt_exists && !get_user_pref($_SESSION['user_id'], 'atom_key')) {
set_user_pref($_SESSION['user_id'], 'atom_key', md5(strgen()));
}
} else {
if (isset($_SESSION['username'])) {
$auth_message = "认证失败";
//dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Authentication Failure'), 'authlog');
session_logout(function_exists('auth_require_login'));
}
}
if ($config['auth_mechanism'] != 'ldap') {
// Duh.. for LDAP still need store password :(
unset($_SESSION['password']);
// Remove password so that it's not saved in $_SESSION in plaintext on the disk.
}
if ($auth_success) {
// If just logged in go to request uri