Context Navigation

← Previous Change
Next Change →

Changeset 2256 for branches

Timestamp:

11/26/10 15:59:08 (18 months ago)

Author:

petsagouris

Message:

[Branch 1.5] Various too small edits out of me being a code monkey (code formatting).

Files:

: 1 modified

branches/1.5/libs/AdminAuth.php (modified) (11 diffs)

Legend:

: Unmodified
: Added
: Removed

branches/1.5/libs/AdminAuth.php

r1912	r2256
32	32	{
33	33	// Authenticate the admin if the User Signin plugin is INACTIVE:
34		if (!$h->isActive('signin'))
35		{
36		if (($h->pageName != 'admin_login') && !$this->isAdminCookie($h))
37		{
38		header('Location: ' . SITEURL . 'admin_index.php?page=admin_login');
39		die; exit;
40		}
41		}
42
	34	if (!$h->isActive('signin')) {
	35	if (($h->pageName != 'admin_login') && !$this->isAdminCookie($h)) {
	36	header('Location: '.SITEURL.'admin_index.php?page=admin_login');
	37	die;
	38	exit;
	39	}
	40	}
	41
43	42	// Authenticate the admin if a Signin plugin is ACTIVE and site is OPEN:
44		if (is_object($h->currentUser) && $h->isActive('signin') && (SITE_OPEN == 'true'))
45		{
	43	if (is_object($h->currentUser) && $h->isActive('signin') && (SITE_OPEN == 'true')) {
46	44	// This first condition happens when the Users plugin is activated
47	45	// and there's no cookie for the Admin yet.
48		if (($h->currentUser->name == "") && $h->isActive('signin'))
49		{
50		header('Location: ' . SITEURL . 'index.php?page=login');
51		die; exit;
52		}
53		elseif ($h->currentUser->getPermission('can_access_admin') != 'yes')
54		{
	46	if (($h->currentUser->name == "") && $h->isActive('signin')) {
	47	header('Location: '.SITEURL.'index.php?page=login');
	48	die;
	49	exit;
	50	} elseif ($h->currentUser->getPermission('can_access_admin') != 'yes') {
55	51	// maybe the user has permission to access a specific plugin settings page?
56	52	$plugin = $h->cage->get->testAlnumLines('plugin');
57	53	if ($plugin && ($h->pageName == "plugin_settings")) {
58		$permission = "can_" ~~. $plugin .~~ "_settings";
	54	$permission = "can_".$plugin."_settings";
59	55	if ($h->currentUser->getPermission($permission) == 'yes') {
60		$h->sidebars = ~~false~~; // hide sidebars
	56	$h->sidebars = FALSE; // hide sidebars
61	57	$h->displayTemplate('index');
62		die(); exit;
	58	die();
	59	exit;
63	60	}
64	61	}
65
	62
66	63	// User doesn't have permission to access Admin
67	64	$h->messages[$h->lang['main_access_denied']] = 'red';
68	65	$h->displayTemplate('admin_denied');
69		die(); exit;
70		}
71		}
72
	66	die();
	67	exit;
	68	}
	69	}
	70
73	71	// If we get this far, we know that the user has admin access.
74
	72
75	73	return $h->pageName;
76	74	}
77
78
79		/**
	75
	76	/**
80	77	* Admin login
81	78	*
…	…
85	82	{
86	83	// Check username
87		if (!$username_check = $h->cage->post->testUsername('username')) {
88		$username_check = '';
89		}
90
	84	if (!$username_check = $h->cage->post->testUsername('username')) {
	85	$username_check = '';
	86	}
	87
91	88	// Check password
92	89	if (!$password_check = $h->cage->post->testPassword('password')) {
93		$password_check = '';
94		}
95
	90	$password_check = '';
	91	}
	92
96	93	if ($h->cage->post->keyExists('login_attempted') \|\| $h->cage->post->keyExists('forgotten_password')) {
97	94	// if either the login or forgot password form is submitted, check the CSRF key
98
	95
99	96	if (!$h->csrf()) {
100	97	$h->message = $h->lang["error_csrf"];
101	98	$h->messageType = "red";
102		return false;
103		}
104		}
105
106		if ($username_check != '' \|\| $password_check != '')
107		{
	99	return FALSE;
	100	}
	101	}
	102
	103	if ($username_check != '' \|\| $password_check != '') {
108	104	$login_result = $h->currentUser->loginCheck($h, $username_check, $password_check);
109
	105
110	106	if ($login_result) {
111	107	//success
…	…
113	109	$h->currentUser->getUser($h, 0, $username_check);
114	110	$this->setAdminCookie($h, $username_check);
115		$h->currentUser->loggedIn = ~~true~~;
	111	$h->currentUser->loggedIn = TRUE;
116	112	$h->currentUser->updateUserLastLogin($h);
117		$h->sidebars = ~~true~~;
	113	$h->sidebars = TRUE;
118	114	$h->pageName = 'admin_home'; // a wee hack
119		return ~~true~~;
	115	return TRUE;
120	116	} else {
121	117	// login failed
…	…
123	119	$h->messageType = "red";
124	120	}
125		}
126		else
127		{
	121	} else {
128	122	if ($h->cage->post->keyExists('login_attempted')) {
129	123	$h->message = $h->lang["admin_login_failed"];
…	…
132	126	$username_check = '';
133	127	$password_check = '';
134
	128
135	129	// forgotten password request
136	130	if ($h->cage->post->keyExists('forgotten_password')) {
137	131	$this->adminPassword($h);
138	132	}
139
	133
140	134	// confirming forgotten password email
141	135	$passconf = $h->cage->get->getAlnum('passconf');
142	136	$userid = $h->cage->get->testInt('userid');
143
	137
144	138	if ($passconf && $userid) {
145	139	if ($h->currentUser->newRandomPassword($h, $userid, $passconf)) {
…	…
152	146	}
153	147	}
154
155		return false;
156		}
157
158
159		/**
	148
	149	return FALSE;
	150	}
	151
	152	/**
160	153	* Admin password forgotten
161	154	*
…	…
165	158	{
166	159	// Check email
167		if (!$email_check = $h->cage->post->testEmail('email')) {
168		$email_check = '';
	160	if (!$email_check = $h->cage->post->testEmail('email')) {
	161	$email_check = '';
169	162	// login failed
170	163	$h->message = $h->lang["admin_login_email_invalid"];
171	164	$h->messageType = "red";
172		return ~~false~~;
173		}
	165	return FALSE;
	166	}
174	167
175	168	$valid_email = $h->emailExists($email_check, 'admin');
176	169	$userid = $h->getUserIdFromEmail($valid_email);
177
	170
178	171	if ($valid_email && $userid) {
179	172	//success
…	…
181	174	$h->message = $h->lang['admin_email_password_conf_sent'];
182	175	$h->messageType = "green";
183		return ~~true~~;
	176	return TRUE;
184	177	} else {
185	178	// login failed
186	179	$h->message = $h->lang["admin_login_email_invalid"];
187	180	$h->messageType = "red";
188		return false;
189		}
190		}
191
192
193		/**
	181	return FALSE;
	182	}
	183	}
	184
	185	/**
194	186	* Admin login form
195	187	*/
…	…
199	191	if (!$username_check = $h->cage->post->testUsername('username')) {
200	192	$username_check = '';
201		}
202
	193	}
	194
203	195	// Check password
204	196	if (!$password_check = $h->cage->post->testPassword('password')) {
205		$password_check = '';
206		}
207
	197	$password_check = '';
	198	}
	199
208	200	// Check email (for forgotten password form)
209	201	if (!$email_check = $h->cage->post->testEmail('email')) {
210		$email_check = '';
211		}
212
213		require_once(ADMIN_THEMES . ADMIN_THEME . 'admin_login.php');
214		}
215
216
	202	$email_check = '';
	203	}
	204
	205	require_once(ADMIN_THEMES.ADMIN_THEME.'admin_login.php');
	206	}
	207
217	208	/**
218	209	* Set a 30-day cookie for the administrator
…	…
222	213	public function setAdminCookie($h)
223	214	{
224		if (!$h->currentUser->name)
225		{
	215	if (!$h->currentUser->name) {
226	216	echo $this->lang["admin_login_error_cookie"];
227		return false;
228		}
229		else
230		{
231		$strCookie=base64_encode(
232		join(':', array($h->currentUser->name,
233		$h->currentUser->generateHash($h->currentUser->name, md5(SITEURL)),
234		md5($h->currentUser->password)))
	217	return FALSE;
	218	} else {
	219	$strCookie = base64_encode(
	220	join(':', array($h->currentUser->name,
	221	$h->currentUser->generateHash($h->currentUser->name, md5(SITEURL)),
	222	md5($h->currentUser->password)))
235	223	);
236
	224
237	225	// (2592000 = 60 seconds * 60 mins * 24 hours * 30 days.)
238	226	$month = 2592000 + time();
239
	227
240	228	if (strpos(SITEURL, "localhost") !== false) {
241		setcookie("hotaru_user", $h->currentUser->name, $month, "/");
242		setcookie("hotaru_key", $strCookie, $month, "/");
	229	setcookie("hotaru_user", $h->currentUser->name, $month, "/");
	230	setcookie("hotaru_key", $strCookie, $month, "/");
243	231	} else {
244		$parsed = parse_url(SITEURL);
245
246		// now we need a dot in front of that so cookies work across subdomains:
247		setcookie("hotaru_user", $h->currentUser->name, $month, "/", "." . $parsed['host']);
248		setcookie("hotaru_key", $strCookie, $month, "/", "." . $parsed['host']);
249		}
250
251		return true;
252		}
253		}
254
255		/**
256		* Checks if a cookie exists and if it belongs to an Admin user
	232	$parsed = parse_url(SITEURL);
	233
	234	// now we need a dot in front of that so cookies work across subdomains:
	235	setcookie("hotaru_user", $h->currentUser->name, $month, "/", ".".$parsed['host']);
	236	setcookie("hotaru_key", $strCookie, $month, "/", ".".$parsed['host']);
	237	}
	238
	239	return TRUE;
	240	}
	241	}
	242
	243	/**
	244	* Checks if a cookie exists and if it belongs to an Admin user
	245	* NOTE: This is ONLY used if the User Signin plugin is inactive.
257	246	*
258	247	* @return bool
259		*
260		* NOTE!!! This is ONLY used if the User Signin plugin is inactive.
261	248	*/
262	249	public function isAdminCookie($h)
263	250	{
264		if (!$h->currentUser->checkCookie($h)) { return false; }
265
266		if (!$h->isAdmin($h->currentUser->name)) { return false; }
	251	if (!$h->currentUser->checkCookie($h)) {
	252	return FALSE;
	253	}
	254
	255	if (!$h->isAdmin($h->currentUser->name)) {
	256	return FALSE;
	257	}
267	258
268	259	//success...
269		return ~~true~~;
270		}
271
272		/**
	260	return TRUE;
	261	}
	262
	263	/**
273	264	* Admin logout
274	265	*
…	…
278	269	{
279	270	$h->currentUser->destroyCookieAndSession();
280		header("Location: " . SITEURL);
281		return true;
282		}
	271	header("Location: ".SITEURL);
	272	return TRUE;
	273	}
	274
283	275	}
284		?>

Hotaru CMS

Context Navigation

Changeset 2256 for branches

Legend:

branches/1.5/libs/AdminAuth.php

Download in other formats: