stopError($conf['l']['admin:msg:NeedLogin']);
}
$view->setMaster('adminloginpage');
$view->setWorkFlow(array('adminloginpage'));
$authX = $view->getOutput();
$view->setMaster('plainpage');
$view->setPassData(array('plainContent' => $authX));
$view->setWorkFlow(array('plainpage'));
$view->finalize();
} else {
$admin->verifySessionToken($_SESSION['login-token']);
}
if (!$admin->verified) {
stopError($conf['l']['admin:msg:NeedLogin']);
} else {
$view->setPassData(array('logoutCSRFCode' => $admin->getCSRFCode('logout'), 'navCSRFCode' => $admin->getCSRFCode('navibar')));
}
}
if ($canonical->currentArgs['mainAction'] == '1') {
if (defined('ajax')) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH'])) {
if ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
ajaxSuccess($admin->getCSRFCode('navibar'));
} else {
stopError(bw::$conf['l']['admin:msg:CSRF']);
}
} else {
stopError(bw::$conf['l']['admin:msg:CSRF']);
}
} else {
header("Location: {$conf['siteURL']}/{$conf['linkPrefixAdmin']}/dashboard/{$conf['linkConj']}CSRFCode=" . $admin->getCSRFCode('navibar'));
} elseif ($canonical->currentArgs['mainAction'] == 'nasearch') {
//Authorize a mobile phone
if (!isset($_REQUEST['inPC'])) {
stopError('6');
}
if (strlen($_REQUEST['inPC']) != 6) {
stopError('');
}
$inPC2 = bw::$db->getSingleRow('SELECT * FROM cache WHERE caID=?', array('nalogin'));
if ($inPC2) {
if ($inPC2['caContent'] == $_REQUEST['inPC']) {
@session_start();
$admin = new bwAdmin();
$admin->storeMobileToken();
bw::$db->dbExec('DELETE FROM cache WHERE caID=?', array('nalogin'));
ajaxSuccess($admin->getCSRFCode('navibar'));
}
}
stopError('');
}
//Rest is comment
if ($conf['commentOpt'] != 0) {
loadServices();
if ($conf['commentOpt'] == 1 || $conf['commentOpt'] == 2) {
//Build-in comment
@session_start();
$comment = new bwComment();
} elseif ($conf['commentOpt'] == 3) {
die('Access Denied.');
}
} else {
