show_change_password) { $this->show_login = false; $this->show_form = false; if (isset ($_REQUEST['password'])) { if (strlen ($_REQUEST['password']) < 6) { $this->messages[] = $this->tr ("password is to short"); return; } if (!preg_match ("/[a-zA-Z](\W|\d)|(\W|\d)[a-zA-Z]/", $_REQUEST['password'])) { $this->messages[] = $this->tr ("password must contain a-Z and 0-9 or special characters"); return; } if (empty ($_REQUEST['password2']) || $_REQUEST['password'] != $_REQUEST['password2']) { $this->messages[] = $this->tr ("passwords not equal"); return; } User::set (User::get ('id'), array ('password' => $_REQUEST['password'], 'must_change_password' => "")); $this->openStartpage (); } $this->messages[] = $this->tr ("change your password"); return; } if (empty ($_COOKIE[session_name()]) && (!empty ($_SESSION) || !empty ($_POST))) { $this->messages[] = $this->tr ("cookies needed"); return; } User::logout (); if (isset ($_REQUEST['logintype'])) { setcookie ('cms_logintype', $_REQUEST['logintype'], time()+60*60*24*30, Setting::get ("config", "cmsPath")); $_COOKIE['cms_logintype'] = $_REQUEST['logintype']; } $smf = Setting::get ("config", "smf"); if (!empty ($smf)) { session_write_close (); ini_set ('session.auto_start', 1); require_once($_SERVER['DOCUMENT_ROOT'].$smf['path']."/SSI.php"); $_SESSION['login_url'] = preg_replace("|[^/]*$|", "", $_SERVER['HTTP_REFERER']); session_write_close (); ini_set ('session.save_handler', 'files'); session_start (); $user = new User (); if (isset($context['user']) && $user->smfLogin ($context['user'])) { $this->openStartpage (); } $this->plain_password = true; } if ((isset ($_REQUEST['username']) && isset ($_REQUEST['password'])) || (!empty ($_SESSION['cms']['auth']) && is_string ($_SESSION['cms']['auth']))) { if (isset ($_REQUEST['username'])) { setcookie ('cms_username', $_REQUEST['username'], time()+60*60*24*30, Setting::get ("config", "cmsPath")); $_COOKIE['cms_username'] = $_REQUEST['username']; } $user = new User (); if ((!empty ($_SESSION['cms']['auth']) && is_string ($_SESSION['cms']['auth'])) ? $user->login ($_SESSION['cms']['auth']) :( (!empty ($_REQUEST['pass']) && $user->login ($_REQUEST['username'], $_REQUEST['pass'])) || $user->login ($_REQUEST['username'], $_REQUEST['password']))) { $_SESSION['cms']['auth'] = true; if ($user->must_change_password) { $this->messages[] = $this->tr ("change your password"); $this->show_login = false; $this->show_form = false; unset ($_REQUEST['password']); return; } else { $this->openStartpage (); } } else { $this->messages[] = $user->login_err ? $user->login_err : $this->tr ("Invalid credentials"); } } // Datenbank zugang prüfen $errmsg = Database::check (); if ($errmsg) { $this->show_form = false; $this->show_login = false; $this->show_install = !Setting::get ("config", "disable_install"); $this->dbOk = false; $this->messages[] = $this->tr ("Database connection error:"); $this->messages[] = $this->tr ($errmsg); return; } // Datenbank installation prüfen if (Setting::get ("db", "version") == "") { $this->show_form = false; $this->show_login = false; $this->show_install = !Setting::get ("config", "disable_install"); $this->dbOk = false; $this->messages[] = $this->tr ("Database installation error:"); return; } // Datenbank Version prüfen if (Setting::get ("db", "version") != Setting::VERSION_DB) { $this->show_form = false; $this->show_login = false; $this->show_update = true; $this->messages[] = $this->tr ("wrong database version"); return; } // Browser prüfen if (!preg_match ("/Gecko\/|Chrome\//", $_SERVER["HTTP_USER_AGENT"])) { $this->show_form = false; $this->show_login = false; $this->messages[] = $this->tr ("wrong browser"); return; } // Login über ldap aktivieren $ldap = Setting::get ("config", "ldap"); if ($ldap && empty ($ldap['http_auth'])) { $this->plain_password = true; } if ($ldap && !empty ($ldap['http_auth'])) { if (isset ($_REQUEST['login']) && $_REQUEST['logintype'] == "ldap") { if (!empty ($_SESSION['cms']['auth'])) { unset ($_SESSION['cms']['auth']); Header ("Location: http://logout:logout@" . $_SERVER['SERVER_NAME'] . Setting::get ("config", "cmsPath") . "/login/ldap/index.php"); } else { Header ("Location: http://" . $_SERVER['SERVER_NAME'] . Setting::get ("config", "cmsPath") . "/login/ldap/index.php"); } exit; } $this->show_logintype = true; // $this->show_form = false; } // Erster Login (Default Username und Passwort anzeigen) $user = new User (); if ($user->login ("admin", MD5 (MD5 ("admin").$this->scrambler))) { User::logout (); $_COOKIE['cms_logintype'] = "local"; $this->messages[] = $this->tr ("you can login as 'admin' with password 'admin'"); } } //*************************** // GETTER / SETTER //*************************** public function __get ($name) { switch ($name) { case "version": return I18n::replace ($this->tr ("version [version]"), array ('version' => Setting::VERSION.".".Setting::REVISION)); case "logintype": return isset ($_COOKIE['cms_logintype']) ? $_COOKIE['cms_logintype'] : ""; case "username": return isset ($_COOKIE['cms_username']) ? $_COOKIE['cms_username'] : ""; case "password": return isset ($_REQUEST['password']) ? $_REQUEST['password'] : ""; case "password2": return isset ($_REQUEST['password2']) ? $_REQUEST['password2'] : ""; case "show_change_password": return User::get ('must_change_password'); case "manual": $lc = I18n::lc (); $lc = (file_exists ("docu/usermanual_$lc.pdf")) ? $lc : "en"; return "docu/usermanual_$lc.pdf"; case "scrambler": $user = new User (); return $user->scrambler; default: return $this->$name; } } private function openStartpage () { // get referer content site $_SESSION['cms']['referer'] = isset ($_SESSION['cms']['referer']) ? $_SESSION['cms']['referer'] : Setting::get ("system", "startPage", "/"); // open content site if (User::get ('hide_sidebar')) { Header ("Location: " . Setting::get ("system", "startPage", "/")); } else { Header ("Location: " . Setting::get ("config", "cmsPath")); } exit; } public function tr ($name, $defaultvalue="") { return I18n::tr ("login", $name, $defaultvalue); } } ?>