芝麻web文件管理V1.00
编辑当前文件:/home/p/r/i/prismawe/clients/canaldegap.fr_old/admin/login.php
GetDb(); $error = ""; $forgotmessage = ""; $changepwhash = ""; //Redirect to the normal login screen if we hit cancel on the forgot pw one //Otherwise, see if we have a forgotpw hit if ((isset($_REQUEST['forgotpwform']) || isset($_REQUEST['forgotpwchangeform'])) && isset($_REQUEST['logincancel'])) { redirect('login.php'); } else if (isset($_REQUEST['forgotpwform']) && isset($_REQUEST['loginsubmit'])) { global $gCms; $userops =& $gCms->GetUserOperations(); $oneuser = $userops->LoadUserByUsername($_REQUEST['forgottenusername']); if ($oneuser != null) { if ($oneuser->email == '') { $error = lang('nopasswordforrecovery'); } else if (send_recovery_email($_REQUEST['forgottenusername'])) { $warningLogin = lang('recoveryemailsent'); } else { $error = lang('errorsendingemail'); } } else { $error = lang('usernotfound'); } } else if (isset($_REQUEST['recoverme']) && $_REQUEST['recoverme']) { $user = find_recovery_user($_REQUEST['recoverme']); if ($user == null) { $error = lang('usernotfound'); } else { $changepwhash = $_REQUEST['recoverme']; } } else if (isset($_REQUEST['forgotpwchangeform']) && $_REQUEST['forgotpwchangeform']) { $user = find_recovery_user($_REQUEST['changepwhash']); if ($user == null) { $error = lang('usernotfound'); } else { if ($_REQUEST['password'] != '') { if ($_REQUEST['password'] == $_REQUEST['passwordagain']) { $user->password = md5($_REQUEST['password']); $user->Save(); $acceptLogin = lang('passwordchangedlogin'); $changepwhash = ''; } else { $error = lang('nopasswordmatch'); $changepwhash = $_REQUEST['changepwhash']; } } else { $error = lang('nofieldgiven', array(lang('password'))); $changepwhash = $_REQUEST['changepwhash']; } } } if (isset($_SESSION['logout_user_now'])) { debug_buffer("Logging out. Clearning cookies and session variables."); unset($_SESSION['logout_user_now']); unset($_SESSION['cms_admin_user_id']); unset($_SESSION[CMS_USER_KEY]); setcookie('cms_admin_user_id', '', time() - 3600); setcookie('cms_passhash', '', time() - 3600); setcookie(CMS_SECURE_PARAM_NAME,'',time()-3600); } else if ( isset($_SESSION['redirect_url']) ) { $_SESSION["t_redirect_url"] = $_SESSION["redirect_url"]; $no_redirect = true; $is_logged_in = check_login($no_redirect); $_SESSION["redirect_url"] = $_SESSION["t_redirect_url"]; unset($_SESSION["t_redirect_url"]); if (true == $is_logged_in) { $userid = get_userid(); $dest = $config['root_url'].'/'.$config['admin_dir']; $homepage = get_preference($userid,'homepage'); if( $homepage == '' ) { $homepage = 'index.php'; } { $tmp = explode('?',$homepage); if( !file_exists($tmp[0]) ) $homepage = 'index.php'; } $dest = $dest.'/'.$homepage; $dest .= '?'.CMS_SECURE_PARAM_NAME.'='.$_SESSION[CMS_USER_KEY]; redirect($dest); } } if (isset($_POST["logincancel"])) { debug_buffer("Login cancelled. Returning to content."); redirect($config["root_url"].'/index.php', true); } if (isset($_POST["username"]) && isset($_POST["password"])) { $username = ""; if (isset($_POST["username"])) $username = cleanValue($_POST["username"]); $password = ""; if (isset($_POST["password"])) $password = $_POST["password"]; global $gCms; $userops =& $gCms->GetUserOperations(); $oneuser =& $userops->LoadUserByUsername($username, $password, true, true); debug_buffer("Got user by username"); debug_buffer($oneuser); if ($username != "" && $password != "" && isset($oneuser) && $oneuser == true && isset($_POST["loginsubmit"])) { debug_buffer("Starting login procedure. Setting userid so that other pages will pick it up and set a cookie."); generate_user_object($oneuser->id); $_SESSION['login_user_id'] = $oneuser->id; $_SESSION['login_user_username'] = $oneuser->username; $default_cms_lang = get_preference($oneuser->id, 'default_cms_language'); if ($default_cms_lang != '') { #setcookie('cms_language', $default_cms_lang); $_SESSION['login_cms_language'] = $default_cms_lang; } audit($oneuser->id, $oneuser->username, 'User Login'); #Perform the login_post callback TODO: Remove me foreach($gCms->modules as $key=>$value) { if ($gCms->modules[$key]['installed'] == true && $gCms->modules[$key]['active'] == true) { $gCms->modules[$key]['object']->LoginPost($oneuser); } } #Now call the event Events::SendEvent('Core', 'LoginPost', array('user' => &$oneuser)); // redirect to upgrade if db_schema it's old $current_version = $CMS_SCHEMA_VERSION; $query = "SELECT version from ".cms_db_prefix()."version"; $row = $db->GetRow($query); if ($row) $current_version = $row["version"]; if ($current_version < $CMS_SCHEMA_VERSION) { redirect($gCms->config['root_url'] . "/install/upgrade.php"); } if (isset($_POST['redirect_url'])) { $_SESSION['redirect_url'] = $_POST['redirect_url']; } if (isset($_SESSION["redirect_url"])) { if (isset($gCms->config) and $gCms->config['debug'] == true) { echo "Debug is on. Redirecting disabled... Please click this link to continue.
"; echo "
".$_SESSION["redirect_url"]."
"; foreach ($gCms->errors as $globalerror) { echo $globalerror; } } else { // attempt to redirect to the originally requested page $tmp = $_SESSION["redirect_url"]; unset($_SESSION["redirect_url"]); if( !strstr('.php',$tmp) || endswith($tmp,'/') ) { // force the url to go to index.php $tmp = $config['root_url'].'/'.$config['admin_dir']. '/index.php?'.CMS_SECURE_PARAM_NAME.'='.$_SESSION[CMS_USER_KEY]; } redirect($tmp); } unset($_SESSION["redirect_url"]); } else { if (isset($config) and $config['debug'] == true) { $url = 'index.php?'.CMS_SECURE_PARAM_NAME.'='.$_SESSION[CMS_USER_KEY]; echo "Debug is on. Redirecting disabled... Please click this link to continue.
"; echo "
{$url}
"; foreach ($gCms->errors as $globalerror) { echo $globalerror; } } else { $homepage = get_preference($oneuser->id,'homepage'); if( $homepage == '' ) { $homepage = 'index.php'; } $tmp = explode('?',$homepage); if( !file_exists($tmp[0]) ) $homepage = 'index.php'; // quick hack to remove old secure param name from homepage url $pos = strpos($homepage,'?_s_'); if( $pos !== FALSE ) { $homepage = substr($homepage,0,$pos); } $pos = strpos($homepage,CMS_SECURE_PARAM_NAME); if( $pos !== FALSE ) { $str = substr($homepage,$pos-1,strlen(CMS_SECURE_PARAM_NAME)+strlen($_SESSION[CMS_USER_KEY])+2); $rep = '?'.CMS_SECURE_PARAM_NAME.'='.$_SESSION[CMS_USER_KEY]; $homepage = str_replace($str,$rep,$homepage); } else { $homepage .= '?'.CMS_SECURE_PARAM_NAME.'='.$_SESSION[CMS_USER_KEY]; } $homepage = html_entity_decode($homepage); redirect($homepage); } } return; #redirect("index.php"); } else if (isset($_POST['loginsubmit'])) { //No error if changing languages $error .= lang('usernameincorrect'); debug_buffer("Login failed. Error is: " . $error); audit($username, $username, 'User Login Failed'); #Perform the login_post callback TODO: Remove me foreach($gCms->modules as $key=>$value) { if ($gCms->modules[$key]['installed'] == true && $gCms->modules[$key]['active'] == true) { $gCms->modules[$key]['object']->LoginPost($username); } } #Now call the event Events::SendEvent('Core', 'LoginPost', $username); } else { debug_buffer($_POST["loginsubmit"]); } } // Language shizzle //header("Content-Encoding: " . get_encoding()); header("Content-Language: " . $current_language); header("Content-Type: text/html; charset=" . get_encoding()); //CHANGED $theme=get_site_preference('logintheme', 'default'); //echo "theme:$theme"; debug_buffer('debug is:' . $error); if (file_exists(dirname(__FILE__)."/themes/$theme/login.php")) { include(dirname(__FILE__)."/themes/$theme/login.php"); } else { include(dirname(__FILE__)."/themes/default/login.php"); } //STOP ?> config) and $gCms->config['debug'] == true) { foreach ($gCms->errors as $globalerror) { echo $globalerror; } } # vim:ts=4 sw=4 noet ?>