. */ if (defined('headless')) { ob_get_contents(); ob_end_clean(); error_reporting(0); } define('ROOT_DIR', __DIR__); require_once(ROOT_DIR . "/helpers/config.php"); require_once(ROOT_DIR . "/lang.php"); require_once(ROOT_DIR . "/helpers/user.php"); session_name('ulogger'); session_start(); $sid = session_id(); // check for forced login to authorize admin in case of public access $force_login = isset($_REQUEST['force_login']) ? $_REQUEST['force_login'] : false; if ($force_login) { uConfig::$require_authentication = true; } $user = new uUser(); $user->getFromSession(); if (!$user->isValid && (uConfig::$require_authentication || defined('client'))) { /* authentication */ $login = isset($_REQUEST['user']) ? $_REQUEST['user'] : NULL; $pass = isset($_REQUEST['pass']) ? $_REQUEST['pass'] : NULL; $ssl = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "" || $_SERVER['HTTPS'] == "off") ? "http" : "https"; $auth_error = isset($_REQUEST['auth_error']) ? $_REQUEST['auth_error'] : false; if (!$login) { // not authenticated and username not submited // load form if (defined('headless')) { header('WWW-Authenticate: OAuth realm="users@ulogger"'); header('HTTP/1.1 401 Unauthorized', true, 401); } else { print ' ' . $lang["title"] . '
' . $lang["title"] . '
' . $lang["private"] . '
' . $lang["username"] . ':

' . $lang["password"] . ':


' . (($force_login) ? ' ' : '') . '
' . (($auth_error) ? $lang["authfail"] : "") . '
'; } exit(); } else { // username submited $user = new uUser($login); //correct pass if ($user->isValid && $user->validPassword($pass)) { // login successful //delete old session $_SESSION = NULL; session_destroy(); // start new session session_name('ulogger'); session_start(); $user->storeInSession(); $url = str_replace("//", "/", $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']) . "/index.php"); header("Location: $ssl://$url"); } else { // unsuccessful $error = "?auth_error=1"; if ($force_login) { $error .= "&force_login=1"; } // destroy session $_SESSION = NULL; if (isset($_COOKIE[session_name('ulogger')])) { setcookie(session_name('ulogger'), '', time() - 42000, '/'); } session_destroy(); if (defined('headless')) { header('WWW-Authenticate: OAuth realm="users@ulogger"'); header('HTTP/1.1 401 Unauthorized', true, 401); } else { $url = str_replace("//", "/", $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']) . "/index.php"); header("Location: $ssl://$url$error"); } } exit(); } /* end of authentication */ } ?>