. */ define("ROOT_DIR", __DIR__); require_once(ROOT_DIR . "/helpers/config.php"); $config = new uConfig(); require_once(ROOT_DIR . "/lang.php"); require_once(ROOT_DIR . "/helpers/db.php"); $mysqli = uDb::getInstance(); require_once(ROOT_DIR . "/helpers/user.php"); session_name('ulogger'); session_start(); $sid = session_id(); // check for forced login to authorize admin in case of public access $force_login = (isset($_REQUEST['force_login']) ? $_REQUEST['force_login'] : false); if ($force_login) { $config::$require_authentication = true; } $user = new uUser(); $user->getFromSession(); if (!$user->isValid && ($config::$require_authentication || defined('headless'))) { /* authentication */ $login = (isset($_REQUEST['user']) ? $_REQUEST['user'] : NULL); $pass = (isset($_REQUEST['pass']) ? $_REQUEST['pass'] : NULL); $ssl = ((!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "" || $_SERVER['HTTPS'] == "off") ? "http" : "https"); $auth_error = (isset($_REQUEST['auth_error']) ? $_REQUEST['auth_error'] : 0); if (!$login) { // not authenticated and username not submited // load form if (defined('headless')) { header('HTTP/1.1 401 Unauthorized', true, 401); } else { print ' ' . $lang["title"] . '
' . $lang["title"] . '
' . $lang["private"] . '
' . $lang["username"] . ':

' . $lang["password"] . ':


' . (($force_login == 1) ? "" : "") . '
' . (($auth_error == 1) ? $lang["authfail"] : "") . '
'; } $mysqli->close(); exit(); } else { // username submited $user = new uUser($login); //correct pass if ($user->isValid && $user->validPassword($pass)) { // login successful //delete old session $_SESSION = NULL; session_destroy(); // start new session session_name('ulogger'); session_start(); $user->storeInSession(); $url = str_replace("//", "/", $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']) . "/index.php"); header("Location: $ssl://$url"); } else { // unsuccessful $error = "?auth_error=1"; // destroy session $_SESSION = NULL; if (isset($_COOKIE[session_name('ulogger')])) { setcookie(session_name('ulogger'), '', time() - 42000, '/'); } session_destroy(); if (defined('headless')) { header('HTTP/1.1 401 Unauthorized', true, 401); } else { $url = str_replace("//", "/", $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']) . "/index.php"); header("Location: $ssl://$url$error"); } } $mysqli->close(); exit(); } /* end of authentication */ } ?>