Session in admin area and when you create the Login object
This commit is contained in:
parent
f01528bf75
commit
8cfd7df062
|
@ -7,10 +7,10 @@
|
||||||
if (!checkRole(array('admin','moderator'), false)) {
|
if (!checkRole(array('admin','moderator'), false)) {
|
||||||
$pageKey = isset($_POST['key']) ? $_POST['key'] : $layout['parameters'];
|
$pageKey = isset($_POST['key']) ? $_POST['key'] : $layout['parameters'];
|
||||||
$page = buildPage($pageKey);
|
$page = buildPage($pageKey);
|
||||||
if (!$page || $page->username()!==$Login->username()) {
|
if (!$page || $page->username()!==$login->username()) {
|
||||||
$syslog->add(array(
|
$syslog->add(array(
|
||||||
'dictionaryKey'=>'access-deny',
|
'dictionaryKey'=>'access-deny',
|
||||||
'notes'=>$Login->username()
|
'notes'=>$login->username()
|
||||||
));
|
));
|
||||||
Alert::set($Language->g('You do not have sufficient permissions'));
|
Alert::set($Language->g('You do not have sufficient permissions'));
|
||||||
Redirect::page('dashboard');
|
Redirect::page('dashboard');
|
||||||
|
|
|
@ -14,8 +14,8 @@
|
||||||
|
|
||||||
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||||
// Prevent non-administrators to change other users
|
// Prevent non-administrators to change other users
|
||||||
if ($Login->role()!=='admin') {
|
if ($login->role()!=='admin') {
|
||||||
$_POST['username'] = $Login->username();
|
$_POST['username'] = $login->username();
|
||||||
unset($_POST['role']);
|
unset($_POST['role']);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -40,8 +40,8 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||||
// ============================================================================
|
// ============================================================================
|
||||||
|
|
||||||
// Prevent non-administrators to change other users
|
// Prevent non-administrators to change other users
|
||||||
if ($Login->role()!=='admin') {
|
if ($login->role()!=='admin') {
|
||||||
$layout['parameters'] = $Login->username();
|
$layout['parameters'] = $login->username();
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the user to edit
|
// Get the user to edit
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
function checkLogin($args)
|
function checkLogin($args)
|
||||||
{
|
{
|
||||||
global $Security;
|
global $Security;
|
||||||
global $Login;
|
global $login;
|
||||||
global $Language;
|
global $Language;
|
||||||
|
|
||||||
if ($Security->isBlocked()) {
|
if ($Security->isBlocked()) {
|
||||||
|
@ -19,9 +19,9 @@ function checkLogin($args)
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($Login->verifyUser($_POST['username'], $_POST['password'])) {
|
if ($login->verifyUser($_POST['username'], $_POST['password'])) {
|
||||||
if (isset($_POST['remember'])) {
|
if (isset($_POST['remember'])) {
|
||||||
$Login->setRememberMe($_POST['username']);
|
$login->setRememberMe($_POST['username']);
|
||||||
}
|
}
|
||||||
// Renew the token. This token will be the same inside the session for multiple forms.
|
// Renew the token. This token will be the same inside the session for multiple forms.
|
||||||
$Security->generateTokenCSRF();
|
$Security->generateTokenCSRF();
|
||||||
|
@ -41,13 +41,13 @@ function checkLogin($args)
|
||||||
function checkRememberMe()
|
function checkRememberMe()
|
||||||
{
|
{
|
||||||
global $Security;
|
global $Security;
|
||||||
global $Login;
|
global $login;
|
||||||
|
|
||||||
if ($Security->isBlocked()) {
|
if ($Security->isBlocked()) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($Login->verifyUserByRemember()) {
|
if ($login->verifyUserByRemember()) {
|
||||||
$Security->generateTokenCSRF();
|
$Security->generateTokenCSRF();
|
||||||
Redirect::page('dashboard');
|
Redirect::page('dashboard');
|
||||||
return true;
|
return true;
|
||||||
|
|
|
@ -20,6 +20,6 @@
|
||||||
// Main after POST
|
// Main after POST
|
||||||
// ============================================================================
|
// ============================================================================
|
||||||
|
|
||||||
if ($Login->logout()) {
|
if ($login->logout()) {
|
||||||
Redirect::home();
|
Redirect::home();
|
||||||
}
|
}
|
||||||
|
|
|
@ -29,8 +29,8 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||||
// ============================================================================
|
// ============================================================================
|
||||||
|
|
||||||
// Prevent non-administrators to change other users
|
// Prevent non-administrators to change other users
|
||||||
if ($Login->role()!=='admin') {
|
if ($login->role()!=='admin') {
|
||||||
$layout['parameters'] = $Login->username();
|
$layout['parameters'] = $login->username();
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the user to edit
|
// Get the user to edit
|
||||||
|
|
|
@ -1,161 +0,0 @@
|
||||||
<div class="uk-block dashboard-links">
|
|
||||||
<div class="uk-grid uk-grid-match" data-uk-grid-margin="{target:'.uk-panel'}">
|
|
||||||
|
|
||||||
<div class="uk-width-medium-1-3">
|
|
||||||
|
|
||||||
<div class="uk-panel">
|
|
||||||
<h4><a href="<?php echo HTML_PATH_ADMIN_ROOT.'new-content' ?>"><i class="uk-icon-pencil"></i> <?php $L->p('New content') ?></a></h4>
|
|
||||||
<p><?php $L->p('Create new content for your site') ?></p>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
<div class="uk-panel">
|
|
||||||
<h4><a href="<?php echo HTML_PATH_ADMIN_ROOT.'content' ?>"><i class="uk-icon-folder-o"></i> <?php $L->p('Manage content') ?></a></h4>
|
|
||||||
<p><?php $L->p('Edit or delete content from your site') ?></p>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
</div>
|
|
||||||
<?php if($Login->role() == 'admin') { ?>
|
|
||||||
<div class="uk-width-medium-1-3" style="border-right: 1px solid #E6E6E6; border-left: 1px solid #E6E6E6">
|
|
||||||
|
|
||||||
<div class="uk-panel">
|
|
||||||
<h4><a href="<?php echo HTML_PATH_ADMIN_ROOT.'new-category' ?>"><i class="uk-icon-file-text-o"></i> <?php $L->p('New category') ?></a></h4>
|
|
||||||
<p><?php $L->p('Create a new category to organize your content') ?></p>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
<div class="uk-panel">
|
|
||||||
<h4><a href="<?php echo HTML_PATH_ADMIN_ROOT.'categories' ?>"><i class="uk-icon-folder-o"></i> <?php $L->p('Manage categories') ?></a></h4>
|
|
||||||
<p><?php $L->p('Edit or delete your categories') ?></p>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
</div>
|
|
||||||
<?php } ?>
|
|
||||||
|
|
||||||
<div class="uk-width-medium-1-3">
|
|
||||||
|
|
||||||
<?php if($Login->role() == 'admin') { ?>
|
|
||||||
|
|
||||||
<div class="uk-panel">
|
|
||||||
<h4><a href="<?php echo HTML_PATH_ADMIN_ROOT.'add-user' ?>"><i class="uk-icon-user-plus"></i> <?php $L->p('Add a new user') ?></a></h4>
|
|
||||||
<p><?php $L->p('Invite a friend to collaborate on your site') ?></p>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
<div class="uk-panel">
|
|
||||||
<h4><a href="<?php echo HTML_PATH_ADMIN_ROOT.'settings-regional' ?>"><i class="uk-icon-globe"></i> <?php $L->p('Language and timezone') ?></a></h4>
|
|
||||||
<p><?php $L->p('Change your language and region settings') ?></p>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
<?php } else { ?>
|
|
||||||
|
|
||||||
<div class="uk-panel">
|
|
||||||
<h4><a href="<?php echo HTML_PATH_ADMIN_ROOT.'edit-user/'.$Login->username() ?>"><i class="uk-icon-user"></i> <?php $L->p('Profile') ?></a></h4>
|
|
||||||
<p><?php $L->p('View and edit your profile') ?></p>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
<?php } ?>
|
|
||||||
|
|
||||||
</div>
|
|
||||||
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
<div id="dashboard-panel" class="uk-grid uk-grid-small">
|
|
||||||
|
|
||||||
<div class="uk-width-1-3">
|
|
||||||
|
|
||||||
<div class="uk-panel">
|
|
||||||
<h4 class="panel-title"><?php $L->p('Notifications') ?></h4>
|
|
||||||
<ul class="uk-list uk-list-line">
|
|
||||||
<?php
|
|
||||||
// Print Notifications
|
|
||||||
$logs = array_slice($syslog->db, 0, NOTIFICATIONS_AMOUNT);
|
|
||||||
foreach($logs as $log) {
|
|
||||||
$dict = $L->g($log['dictionaryKey']);
|
|
||||||
echo '<li>';
|
|
||||||
echo $dict;
|
|
||||||
if( !empty($log['notes'])) {
|
|
||||||
echo ' « <b>'.$log['notes'].'</b> »';
|
|
||||||
}
|
|
||||||
echo '<br><span class="notification-date">';
|
|
||||||
echo Date::format($log['date'], DB_DATE_FORMAT, NOTIFICATIONS_DATE_FORMAT);
|
|
||||||
echo ' - by '.$log['username'];
|
|
||||||
echo '</span>';
|
|
||||||
echo '</li>';
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
</ul>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
</div>
|
|
||||||
|
|
||||||
<div class="uk-width-1-3">
|
|
||||||
|
|
||||||
<?php if (pluginEnabled('pluginSimpleStats')) {
|
|
||||||
$SimpleStats = getPlugin('pluginSimpleStats');
|
|
||||||
echo '<div class="uk-panel">';
|
|
||||||
echo '<h4 class="panel-title">'.$SimpleStats->getValue('label').'</h4>';
|
|
||||||
echo $SimpleStats->dashboard();
|
|
||||||
echo '</div>';
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
|
|
||||||
|
|
||||||
<div class="uk-panel">
|
|
||||||
<h4 class="panel-title"><?php $L->p('Statistics') ?></h4>
|
|
||||||
<table class="uk-table statistics">
|
|
||||||
<tbody>
|
|
||||||
<tr>
|
|
||||||
<td><?php $Language->p('Published') ?></td>
|
|
||||||
<td><?php echo count($dbPages->getPublishedDB(false)) ?></td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td><?php $Language->p('Static') ?></td>
|
|
||||||
<td><?php echo count($dbPages->getStaticDB(false)) ?></td>
|
|
||||||
</tr>
|
|
||||||
<td><?php $Language->p('Users') ?></td>
|
|
||||||
<td><?php echo $dbUsers->count() ?></td>
|
|
||||||
</tr>
|
|
||||||
</tbody>
|
|
||||||
</table>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
</div>
|
|
||||||
|
|
||||||
<div class="uk-width-1-3">
|
|
||||||
|
|
||||||
<div class="uk-panel">
|
|
||||||
<h4 class="panel-title"><?php $L->p('Scheduled content') ?></h4>
|
|
||||||
<ul class="uk-list">
|
|
||||||
<?php
|
|
||||||
$scheduledPages = $dbPages->getScheduledDB(true);
|
|
||||||
if (empty($scheduledPages)) {
|
|
||||||
echo '<li>'.$Language->g('There are no scheduled content').'</li>';
|
|
||||||
} else {
|
|
||||||
foreach ($scheduledPages as $key) {
|
|
||||||
$page = buildPage($key);
|
|
||||||
echo '<li><span class="label-time">'.$page->dateRaw(SCHEDULED_DATE_FORMAT).'</span><a href="'.HTML_PATH_ADMIN_ROOT.'edit-content/'.$page->key().'">'.($page->title()?$page->title():'['.$Language->g('Empty title').'] ').'</a></li>';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
</ul>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
<div class="uk-panel">
|
|
||||||
<h4 class="panel-title"><?php $L->p('Draft content') ?></h4>
|
|
||||||
<ul class="uk-list">
|
|
||||||
<?php
|
|
||||||
$draftPages = $dbPages->getDraftDB(true);
|
|
||||||
if (empty($draftPages)) {
|
|
||||||
echo '<li>'.$Language->g('There are no draft content').'</li>';
|
|
||||||
} else {
|
|
||||||
foreach ($draftPages as $key) {
|
|
||||||
$page = buildPage($key);
|
|
||||||
echo '<li><a href="'.HTML_PATH_ADMIN_ROOT.'edit-content/'.$page->key().'">'.($page->title()?$page->title():'['.$Language->g('Empty title').'] ').'</a></li>';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
</ul>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
</div>
|
|
||||||
|
|
||||||
</div>
|
|
|
@ -1,204 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
HTML::title(array('title'=>$L->g('Edit user'), 'icon'=>'user'));
|
|
||||||
|
|
||||||
echo '<div class="uk-grid">';
|
|
||||||
echo '<div class="uk-width-7-10">';
|
|
||||||
|
|
||||||
HTML::formOpen(array('id'=>'edit-user-profile-form','class'=>'uk-form-horizontal'));
|
|
||||||
|
|
||||||
// Security token
|
|
||||||
HTML::formInputHidden(array(
|
|
||||||
'name'=>'tokenCSRF',
|
|
||||||
'value'=>$Security->getTokenCSRF()
|
|
||||||
));
|
|
||||||
|
|
||||||
// Security token
|
|
||||||
HTML::formInputHidden(array(
|
|
||||||
'name'=>'username',
|
|
||||||
'value'=>$User->username()
|
|
||||||
));
|
|
||||||
|
|
||||||
HTML::legend(array('value'=>$L->g('Profile'), 'class'=>'first-child'));
|
|
||||||
|
|
||||||
HTML::formInputText(array(
|
|
||||||
'name'=>'usernameDisable',
|
|
||||||
'label'=>$L->g('Username'),
|
|
||||||
'value'=>$User->username(),
|
|
||||||
'class'=>'uk-width-1-2 uk-form-medium',
|
|
||||||
'disabled'=>true,
|
|
||||||
'tip'=>''
|
|
||||||
));
|
|
||||||
|
|
||||||
HTML::formInputText(array(
|
|
||||||
'name'=>'firstName',
|
|
||||||
'label'=>$L->g('First name'),
|
|
||||||
'value'=>$User->firstName(),
|
|
||||||
'class'=>'uk-width-1-2 uk-form-medium',
|
|
||||||
'tip'=>''
|
|
||||||
));
|
|
||||||
|
|
||||||
HTML::formInputText(array(
|
|
||||||
'name'=>'lastName',
|
|
||||||
'label'=>$L->g('Last name'),
|
|
||||||
'value'=>$User->lastName(),
|
|
||||||
'class'=>'uk-width-1-2 uk-form-medium',
|
|
||||||
'tip'=>''
|
|
||||||
));
|
|
||||||
|
|
||||||
echo '<div class="uk-form-row">
|
|
||||||
<label class="uk-form-label">'.$L->g('password').'</label>
|
|
||||||
<div class="uk-form-controls">
|
|
||||||
<a href="'.HTML_PATH_ADMIN_ROOT.'user-password/'.$User->username().'">'.$L->g('Change password').'</a>
|
|
||||||
</div>
|
|
||||||
</div>';
|
|
||||||
|
|
||||||
if($Login->role()==='admin') {
|
|
||||||
|
|
||||||
HTML::formSelect(array(
|
|
||||||
'name'=>'role',
|
|
||||||
'label'=>$L->g('Role'),
|
|
||||||
'options'=>array('editor'=>$L->g('Editor'), 'admin'=>$L->g('Administrator')),
|
|
||||||
'selected'=>$User->role(),
|
|
||||||
'tip'=>''
|
|
||||||
));
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
HTML::formInputText(array(
|
|
||||||
'name'=>'email',
|
|
||||||
'label'=>$L->g('Email'),
|
|
||||||
'value'=>$User->email(),
|
|
||||||
'class'=>'uk-width-1-2 uk-form-medium',
|
|
||||||
'tip'=>$L->g('Recommended for recovery password and notifications')
|
|
||||||
));
|
|
||||||
|
|
||||||
HTML::legend(array('value'=>$L->g('Social networks links')));
|
|
||||||
|
|
||||||
HTML::formInputText(array(
|
|
||||||
'name'=>'twitter',
|
|
||||||
'label'=>'Twitter',
|
|
||||||
'value'=>$User->twitter(),
|
|
||||||
'class'=>'uk-width-1-2 uk-form-medium',
|
|
||||||
'tip'=>''
|
|
||||||
));
|
|
||||||
|
|
||||||
HTML::formInputText(array(
|
|
||||||
'name'=>'facebook',
|
|
||||||
'label'=>'Facebook',
|
|
||||||
'value'=>$User->facebook(),
|
|
||||||
'class'=>'uk-width-1-2 uk-form-medium',
|
|
||||||
'tip'=>''
|
|
||||||
));
|
|
||||||
|
|
||||||
HTML::formInputText(array(
|
|
||||||
'name'=>'codepen',
|
|
||||||
'label'=>'Codepen',
|
|
||||||
'value'=>$User->codepen(),
|
|
||||||
'class'=>'uk-width-1-2 uk-form-medium',
|
|
||||||
'tip'=>''
|
|
||||||
));
|
|
||||||
|
|
||||||
HTML::formInputText(array(
|
|
||||||
'name'=>'googlePlus',
|
|
||||||
'label'=>'Google+',
|
|
||||||
'value'=>$User->googlePlus(),
|
|
||||||
'class'=>'uk-width-1-2 uk-form-medium',
|
|
||||||
'tip'=>''
|
|
||||||
));
|
|
||||||
|
|
||||||
HTML::formInputText(array(
|
|
||||||
'name'=>'instagram',
|
|
||||||
'label'=>'Instagram',
|
|
||||||
'value'=>$User->instagram(),
|
|
||||||
'class'=>'uk-width-1-2 uk-form-medium',
|
|
||||||
'tip'=>''
|
|
||||||
));
|
|
||||||
|
|
||||||
echo '<div class="uk-form-row">
|
|
||||||
<div class="uk-form-controls">
|
|
||||||
<button type="submit" class="uk-button uk-button-primary">'.$L->g('Save').'</button>
|
|
||||||
<a href="'.HTML_PATH_ADMIN_ROOT.'users" class="uk-button">'.$L->g('Cancel').'</a>
|
|
||||||
</div>
|
|
||||||
</div>';
|
|
||||||
|
|
||||||
HTML::legend(array('value'=>$L->g('Authentication Token')));
|
|
||||||
|
|
||||||
HTML::formInputText(array(
|
|
||||||
'name'=>'tokenAuth',
|
|
||||||
'label'=>$L->g('Token'),
|
|
||||||
'value'=>$User->tokenAuth(),
|
|
||||||
'class'=>'uk-width-1-2 uk-form-medium',
|
|
||||||
'tip'=>$L->g('this-token-is-similar-to-a-password-it-should-not-be-shared')
|
|
||||||
));
|
|
||||||
|
|
||||||
HTML::legend(array('value'=>$L->g('Status')));
|
|
||||||
|
|
||||||
HTML::formInputText(array(
|
|
||||||
'name'=>'status',
|
|
||||||
'label'=>$L->g('Current status'),
|
|
||||||
'value'=>$User->enabled()?$L->g('Enabled'):$L->g('Disabled'),
|
|
||||||
'class'=>'uk-width-1-2 uk-form-medium',
|
|
||||||
'disabled'=>true,
|
|
||||||
'tip'=>$User->enabled()?'':$L->g('To enable the user you must set a new password')
|
|
||||||
));
|
|
||||||
|
|
||||||
if( $User->enabled() ) {
|
|
||||||
echo '<div class="uk-form-row">
|
|
||||||
<div class="uk-form-controls">
|
|
||||||
<button type="submit" id="jsdisable-user" class="delete-button" name="disable-user"><i class="uk-icon-ban"></i> '.$L->g('Disable the user').'</button>
|
|
||||||
</div>
|
|
||||||
</div>';
|
|
||||||
}
|
|
||||||
|
|
||||||
if( ($Login->role()==='admin') && ($User->username()!='admin') ) {
|
|
||||||
|
|
||||||
HTML::legend(array('value'=>$L->g('Delete')));
|
|
||||||
|
|
||||||
echo '<div class="uk-form-row">
|
|
||||||
<div class="uk-form-controls">
|
|
||||||
<button type="submit" id="jsdelete-user-associate" class="delete-button" name="delete-user-associate"><i class="uk-icon-ban"></i> '.$L->g('Delete the user and associate his pages to admin user').'</button>
|
|
||||||
<button type="submit" id="jsdelete-user-all" class="delete-button" name="delete-user-all"><i class="uk-icon-ban"></i> '.$L->g('Delete the user and all his pages').'</button>
|
|
||||||
</div>
|
|
||||||
</div>';
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
HTML::formClose();
|
|
||||||
|
|
||||||
echo '</div>';
|
|
||||||
|
|
||||||
echo '<div class="uk-width-3-10" style="margin-top: 50px; text-align: center;">';
|
|
||||||
|
|
||||||
HTML::profileUploader($User->username());
|
|
||||||
|
|
||||||
echo '</div>';
|
|
||||||
echo '</div>';
|
|
||||||
|
|
||||||
?>
|
|
||||||
|
|
||||||
<script>
|
|
||||||
|
|
||||||
$(document).ready(function() {
|
|
||||||
|
|
||||||
$("#jsdelete-user-associate").click(function() {
|
|
||||||
if(confirm("<?php $Language->p('Confirm delete this action cannot be undone') ?>")==false) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
$("#jsdelete-user-all").click(function() {
|
|
||||||
if(confirm("<?php $Language->p('Confirm delete this action cannot be undone') ?>")==false) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
$("#jsdisable-user").click(function() {
|
|
||||||
if(confirm("<?php $Language->p('Do you want to disable the user') ?>")==false) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
});
|
|
||||||
|
|
||||||
</script>
|
|
|
@ -24,7 +24,7 @@ echo Bootstrap::formOpen(array());
|
||||||
'tip'=>''
|
'tip'=>''
|
||||||
));
|
));
|
||||||
|
|
||||||
if ($Login->role()==='admin') {
|
if ($login->role()==='admin') {
|
||||||
echo Bootstrap::formSelect(array(
|
echo Bootstrap::formSelect(array(
|
||||||
'name'=>'role',
|
'name'=>'role',
|
||||||
'label'=>$L->g('Role'),
|
'label'=>$L->g('Role'),
|
||||||
|
|
|
@ -8,7 +8,7 @@ header('Content-Type: application/json');
|
||||||
*/
|
*/
|
||||||
|
|
||||||
// Check UUID
|
// Check UUID
|
||||||
if ($Login->isLogged()) {
|
if ($login->isLogged()) {
|
||||||
exit (json_encode(array(
|
exit (json_encode(array(
|
||||||
'status'=>1,
|
'status'=>1,
|
||||||
'message'=>'The user is logged.'
|
'message'=>'The user is logged.'
|
||||||
|
|
|
@ -6,6 +6,8 @@ if (Session::started()===false) {
|
||||||
exit('Bludit CMS. Session initialization failure.');
|
exit('Bludit CMS. Session initialization failure.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$login = $Login = new Login($dbUsers);
|
||||||
|
|
||||||
$layout = array(
|
$layout = array(
|
||||||
'controller'=>null,
|
'controller'=>null,
|
||||||
'view'=>null,
|
'view'=>null,
|
||||||
|
@ -34,7 +36,7 @@ include(PATH_RULES.'60.plugins.php');
|
||||||
|
|
||||||
// --- AJAX ---
|
// --- AJAX ---
|
||||||
if ($layout['slug']==='ajax') {
|
if ($layout['slug']==='ajax') {
|
||||||
if ($Login->isLogged()) {
|
if ($login->isLogged()) {
|
||||||
// Rules: Security check CSRF
|
// Rules: Security check CSRF
|
||||||
include(PATH_RULES.'99.security.php');
|
include(PATH_RULES.'99.security.php');
|
||||||
|
|
||||||
|
@ -60,7 +62,7 @@ else
|
||||||
// User not logged.
|
// User not logged.
|
||||||
// Slug is login.
|
// Slug is login.
|
||||||
// Slug is login-email.
|
// Slug is login-email.
|
||||||
if($Url->notFound() || !$Login->isLogged() || ($Url->slug()==='login') || ($Url->slug()==='login-email') ) {
|
if($Url->notFound() || !$login->isLogged() || ($Url->slug()==='login') || ($Url->slug()==='login-email') ) {
|
||||||
$layout['controller'] = 'login';
|
$layout['controller'] = 'login';
|
||||||
$layout['view'] = 'login';
|
$layout['view'] = 'login';
|
||||||
$layout['template'] = 'login.php';
|
$layout['template'] = 'login.php';
|
||||||
|
|
|
@ -182,8 +182,7 @@ define('HTML_PATH_UPLOADS_THUMBNAILS', HTML_PATH_UPLOADS.'thumbnails/');
|
||||||
define('HTML_PATH_PLUGINS', HTML_PATH_ROOT.'bl-plugins/');
|
define('HTML_PATH_PLUGINS', HTML_PATH_ROOT.'bl-plugins/');
|
||||||
|
|
||||||
// --- Objects with dependency ---
|
// --- Objects with dependency ---
|
||||||
$language = $Language = new dbLanguage( $Site->language() );
|
$language = $Language = new dbLanguage( $Site->language() );
|
||||||
$login = $Login = new Login( $dbUsers );
|
|
||||||
$Url->checkFilters( $Site->uriFilters() );
|
$Url->checkFilters( $Site->uriFilters() );
|
||||||
|
|
||||||
// --- CONSTANTS with dependency ---
|
// --- CONSTANTS with dependency ---
|
||||||
|
|
|
@ -536,14 +536,14 @@ function editUser($args) {
|
||||||
|
|
||||||
function disableUser($args) {
|
function disableUser($args) {
|
||||||
global $dbUsers;
|
global $dbUsers;
|
||||||
global $Login;
|
global $login;
|
||||||
global $syslog;
|
global $syslog;
|
||||||
|
|
||||||
// Arguments
|
// Arguments
|
||||||
$username = $args['username'];
|
$username = $args['username'];
|
||||||
|
|
||||||
// Only administrators can disable users
|
// Only administrators can disable users
|
||||||
if ($Login->role()!=='admin') {
|
if ($login->role()!=='admin') {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -566,7 +566,7 @@ function disableUser($args) {
|
||||||
|
|
||||||
function deleteUser($args) {
|
function deleteUser($args) {
|
||||||
global $dbUsers, $dbPages;
|
global $dbUsers, $dbPages;
|
||||||
global $Login;
|
global $login;
|
||||||
global $syslog;
|
global $syslog;
|
||||||
|
|
||||||
// Arguments
|
// Arguments
|
||||||
|
@ -574,7 +574,7 @@ function deleteUser($args) {
|
||||||
$deleteContent = isset($args['deleteContent']) ? $args['deleteContent'] : false;
|
$deleteContent = isset($args['deleteContent']) ? $args['deleteContent'] : false;
|
||||||
|
|
||||||
// Only administrators can delete users
|
// Only administrators can delete users
|
||||||
if ($Login->role()!=='admin') {
|
if ($login->role()!=='admin') {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -750,11 +750,11 @@ function changeUserPassword($args) {
|
||||||
|
|
||||||
// Returns true if the user is allowed to procceded
|
// Returns true if the user is allowed to procceded
|
||||||
function checkRole($allowRoles, $redirect=true) {
|
function checkRole($allowRoles, $redirect=true) {
|
||||||
global $Login;
|
global $login;
|
||||||
global $Language;
|
global $Language;
|
||||||
global $syslog;
|
global $syslog;
|
||||||
|
|
||||||
$userRole = $Login->role();
|
$userRole = $login->role();
|
||||||
if (in_array($userRole, $allowRoles)) {
|
if (in_array($userRole, $allowRoles)) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -762,7 +762,7 @@ function checkRole($allowRoles, $redirect=true) {
|
||||||
if ($redirect) {
|
if ($redirect) {
|
||||||
$syslog->add(array(
|
$syslog->add(array(
|
||||||
'dictionaryKey'=>'access-deny',
|
'dictionaryKey'=>'access-deny',
|
||||||
'notes'=>$Login->username()
|
'notes'=>$login->username()
|
||||||
));
|
));
|
||||||
Alert::set($Language->g('You do not have sufficient permissions'));
|
Alert::set($Language->g('You do not have sufficient permissions'));
|
||||||
Redirect::page('dashboard');
|
Redirect::page('dashboard');
|
||||||
|
|
|
@ -3,15 +3,10 @@
|
||||||
class Session {
|
class Session {
|
||||||
|
|
||||||
private static $started = false;
|
private static $started = false;
|
||||||
|
private static $sessionName = 'BLUDIT-KEY';
|
||||||
|
|
||||||
public static function start()
|
public static function start()
|
||||||
{
|
{
|
||||||
//if(self::$started)
|
|
||||||
// return true;
|
|
||||||
|
|
||||||
// DEBUG: Ver un nombre con alguna llave random al momentode instalar.
|
|
||||||
$session_name = 'BLUDIT-KEY';
|
|
||||||
|
|
||||||
// Try to set the session timeout on server side, 1 hour of timeout
|
// Try to set the session timeout on server side, 1 hour of timeout
|
||||||
ini_set('session.gc_maxlifetime', SESSION_GC_MAXLIFETIME);
|
ini_set('session.gc_maxlifetime', SESSION_GC_MAXLIFETIME);
|
||||||
|
|
||||||
|
@ -33,7 +28,7 @@
|
||||||
);
|
);
|
||||||
|
|
||||||
// Sets the session name to the one set above.
|
// Sets the session name to the one set above.
|
||||||
session_name($session_name);
|
session_name(self::$sessionName);
|
||||||
|
|
||||||
// Start session.
|
// Start session.
|
||||||
self::$started = session_start();
|
self::$started = session_start();
|
||||||
|
@ -55,6 +50,8 @@
|
||||||
{
|
{
|
||||||
session_destroy();
|
session_destroy();
|
||||||
unset($_SESSION);
|
unset($_SESSION);
|
||||||
|
unset($_COOKIE[self::$sessionName]);
|
||||||
|
Cookie::set(self::$sessionName, '', -1);
|
||||||
self::$started = false;
|
self::$started = false;
|
||||||
Log::set(__METHOD__.LOG_SEP.'Session destroyed.');
|
Log::set(__METHOD__.LOG_SEP.'Session destroyed.');
|
||||||
return !isset($_SESSION);
|
return !isset($_SESSION);
|
||||||
|
|
|
@ -4,9 +4,18 @@ class Login {
|
||||||
|
|
||||||
private $dbUsers;
|
private $dbUsers;
|
||||||
|
|
||||||
function __construct($dbUsers)
|
function __construct()
|
||||||
{
|
{
|
||||||
$this->dbUsers = $dbUsers;
|
if (isset($GLOBALS['dbUsers'])) {
|
||||||
|
$this->dbUsers = $GLOBALS['dbUsers'];
|
||||||
|
} else {
|
||||||
|
$this->dbUsers = new dbUsers();
|
||||||
|
}
|
||||||
|
|
||||||
|
// Start the Session
|
||||||
|
if (!Session::started()) {
|
||||||
|
Session::start();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Returns the username of the user logged
|
// Returns the username of the user logged
|
||||||
|
|
|
@ -47,7 +47,7 @@ class pluginAPI extends Plugin {
|
||||||
global $Url;
|
global $Url;
|
||||||
global $dbPages;
|
global $dbPages;
|
||||||
global $dbUsers;
|
global $dbUsers;
|
||||||
global $Login;
|
global $login;
|
||||||
|
|
||||||
// CHECK URL
|
// CHECK URL
|
||||||
// ------------------------------------------------------------
|
// ------------------------------------------------------------
|
||||||
|
@ -105,7 +105,7 @@ class pluginAPI extends Plugin {
|
||||||
if (($user->role()=='admin') && ($user->enabled())) {
|
if (($user->role()=='admin') && ($user->enabled())) {
|
||||||
|
|
||||||
// Loggin the user to create the session
|
// Loggin the user to create the session
|
||||||
$Login->setLogin($username, 'admin');
|
$login->setLogin($username, 'admin');
|
||||||
// Enable write permissions
|
// Enable write permissions
|
||||||
$writePermissions = true;
|
$writePermissions = true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -174,9 +174,9 @@ EOF;
|
||||||
public function addVisitor()
|
public function addVisitor()
|
||||||
{
|
{
|
||||||
// Exclude administrators visits
|
// Exclude administrators visits
|
||||||
global $Login;
|
global $login;
|
||||||
if ($this->getValue('excludeAdmins') && defined('BLUDIT_PRO')) {
|
if ($this->getValue('excludeAdmins') && defined('BLUDIT_PRO')) {
|
||||||
if ($Login->role()=='admin') {
|
if ($login->role()=='admin') {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue