. */ require_once("helpers/config.php"); $config = new uConfig(); require_once("lang.php"); require_once("helpers/db.php"); $mysqli = uDb::getInstance(); require_once($config::$rootDir . "/helpers/user.php"); session_name('ulogger'); session_start(); $sid = session_id(); // check for forced login to authorize admin in case of public access $force_login = (isset($_REQUEST['force_login']) ? $_REQUEST['force_login'] : false); if ($force_login) { $config::$require_authentication = true; } $user = new uUser(); $user->getFromSession(); if (!$user->isValid && ($config::$require_authentication || defined('headless'))) { /* authentication */ $login = (isset($_REQUEST['user']) ? $_REQUEST['user'] : NULL); $pass = (isset($_REQUEST['pass']) ? $_REQUEST['pass'] : NULL); $ssl = ((!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "" || $_SERVER['HTTPS'] == "off") ? "http" : "https"); $auth_error = (isset($_REQUEST['auth_error']) ? $_REQUEST['auth_error'] : 0); if (!$login){ // not authenticated and username not submited // load form if (defined('headless')) { header('HTTP/1.1 401 Unauthorized', true, 401); } else { print ' '.$lang_title.'
'.$lang_title.'
'.$lang_private.'
'.$lang_username.':

'.$lang_password.':


'.(($force_login==1) ? "" : "").'
'.(($auth_error==1) ? $lang_authfail : "").'
'; } $mysqli->close(); exit(); } else { // username submited $user = new uUser($login); //correct pass if ($user->isValid && $user->validPassword($pass)) { // login successful //delete old session $_SESSION = NULL; session_destroy(); // start new session session_name('ulogger'); session_start(); $user->storeInSession(); $url = str_replace("//", "/", $_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php"); header("Location: $ssl://$url"); exit(); } else { // unsuccessful $error = "?auth_error=1"; // destroy session $_SESSION = NULL; if (isset($_COOKIE[session_name('ulogger')])) { setcookie(session_name('ulogger'),'',time()-42000,'/'); } session_destroy(); if (defined('headless')) { header('HTTP/1.1 401 Unauthorized', true, 401); } else { $url = str_replace("//", "/", $_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php"); header("Location: $ssl://$url$error"); } } $mysqli->close(); exit(); } /* end of authentication */ } ?>