function login_handle_login($save_session = true)
{
session_set_cookie_params(2592000);
// 1 month
session_name(SESSION_NAME);
if (empty($_REQUEST["iframe"]) and empty($_REQUEST["export"]) and empty($_REQUEST["import"]) and !isset($_REQUEST["plain"]) and $save_session) {
session_set_save_handler("_login_session_none", "_login_session_none", "_login_session_read", "_login_session_write", "_login_session_destroy", "_login_session_none");
register_shutdown_function("session_write_close");
} else {
session_set_save_handler("_login_session_none", "_login_session_none", "_login_session_read", "_login_session_none", "_login_session_none", "_login_session_none");
}
session_start();
header("Cache-Control: private, max-age=1, must-revalidate");
header("Pragma: private");
if (!empty($_COOKIE[SESSION_NAME]) and empty($_SESSION)) {
session_regenerate_id();
}
if (!empty($_SESSION["timezone"])) {
date_default_timezone_set($_SESSION["timezone"]);
}
if (file_exists(SIMPLE_STORE . "/maintenance.lck")) {
$maintenance = true;
} else {
$maintenance = false;
}
if (!DISABLE_BASIC_AUTH and empty($_SESSION["username"]) and !empty($_SERVER["PHP_AUTH_USER"]) and !empty($_SERVER["PHP_AUTH_PW"])) {
$_REQUEST["username"] = modify::strip_ntdomain($_SERVER["PHP_AUTH_USER"]);
$_REQUEST["password"] = $_SERVER["PHP_AUTH_PW"];
}
$ip = _login_get_remoteaddr();
if (!empty($_REQUEST["username"]) and !empty($_REQUEST["password"]) and (!$maintenance or sys_is_super_admin($_REQUEST["username"]))) {
if (!isset($_COOKIE[SESSION_NAME]) and !empty($_REQUEST["loginform"])) {
sys_die('{t}Please activate cookies.{/t} <a href="index.php?logout">{t}Back{/t}</a>');
}
$file = SIMPLE_CACHE . "/ip/" . str_replace(array(".", ":"), "-", $ip);
if (file_exists($file . "_3") and $trials = file_get_contents($file . "_3") and strlen($trials) > 3 and filemtime($file . "_3") > time() - 900) {
$_REQUEST["logout"] = true;
sys_alert("{t}Too many wrong logins. Please wait 15 minutes.{/t}");
} else {
if (login::validate_login($_REQUEST["username"], $_REQUEST["password"])) {
login::process_login($_REQUEST["username"], $_REQUEST["password"]);
} else {
touch($file, time() + 3);
$_REQUEST["logout"] = true;
if (file_exists($file . "_3") and filemtime($file . "_3") < time() - 1800) {
unlink($file . "_3");
}
sys_file_append($file . "_3", "1");
sys_log_stat("wrong_login", 1);
}
}
}
if (!isset($_REQUEST["logout"]) and empty($_SESSION["username"]) and SETUP_AUTH == "htaccess" and !empty($_SERVER["REMOTE_USER"])) {
$_SERVER["REMOTE_USER"] = modify::strip_ntdomain($_SERVER["REMOTE_USER"]);
if (login::validate_login($_SERVER["REMOTE_USER"], "")) {
login::process_login($_SERVER["REMOTE_USER"]);
}
}
if ($maintenance and (empty($_SESSION["username"]) or !sys_is_super_admin($_SESSION["username"]))) {
$_REQUEST["logout"] = true;
sys_alert("{t}Maintenance mode{/t}: {t}Active{/t}.");
}
if (empty($_SESSION["username"]) and ENABLE_ANONYMOUS) {
login_anonymous_session();
}
if (empty($_SESSION["username"]) and ENABLE_ANONYMOUS_CMS and MAIN_SCRIPT == "download.php") {
login_anonymous_session();
}
if (isset($_REQUEST["logout"]) or empty($_SESSION["username"]) and !ENABLE_ANONYMOUS or isset($_SESSION["ip"]) and $_SESSION["ip"] != $ip and $ip != $_SERVER["SERVER_ADDR"]) {
login::show_login();
}
}
header("Pragma: private");
readfile(cms::$cache_file);
exit;
}
if (!empty($_REQUEST["file"]) and !empty($_REQUEST["page"])) {
header("Location: {$base_dir}/download.php?find=asset|simple_cms|1|pagename=" . $_REQUEST["page"] . "&view=details&field=attachment&subitem=" . $_REQUEST["file"]);
exit;
}
if (CHECK_DOS and APC and !DEBUG) {
cms::checkdos();
}
$cms = new cms();
if (isset($_REQUEST["logout"])) {
if (!empty($_SESSION["username"])) {
login::process_logout();
}
if (isset($_COOKIE[SESSION_NAME])) {
unset($_COOKIE[SESSION_NAME]);
}
$_SESSION = array();
}
if ((ENABLE_ANONYMOUS or ENABLE_ANONYMOUS_CMS) and empty($_SESSION["username"])) {
login_anonymous_session();
}
if (empty($_SESSION["username"])) {
sys_redirect("{$base_dir}/index.php?logout&page=" . $_REQUEST["page"]);
}
error_reporting(E_ALL);
require_once "lib/pmwiki/pmwiki.php";
$cms->render_page();
$cms->output();
