1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
<?php
/*
* File: ratatoeskr/backend/main.php
* Main file for the backend.
*
* License:
* This file is part of Ratatöskr.
* Ratatöskr is licensed unter the MIT / X11 License.
* See "ratatoeskr/licenses/ratatoeskr" for more information.
*/
require_once(dirname(__FILE__) . "/../sys/models.php");
require_once(dirname(__FILE__) . "/../sys/pwhash.php");
$admin_grp = Group::by_name("admins");
$backend_subactions = url_action_subactions(array(
"_index" => url_action_alias(array("login")),
"index" => url_action_alias(array("login")),
/* _prelude guarantees that the user is logged in properly, so we do not have to care about that later. */
"_prelude" => function(&$data, $url_now, &$url_next)
{
global $ratatoeskr_settings, $admin_grp, $ste;
/* Check authentification */
if(isset($_SESSION["ratatoeskr_uid"]))
{
try
{
$user = User::by_id($_SESSION["ratatoeskr_uid"]);
if(($user->pwhash == $_SESSION["ratatoeskr_pwhash"]) and $user->member_of($admin_grp))
{
if(empty($user->language))
{
$user->language = $ratatoeskr_settings["default_language"];
$user->save();
}
load_language($user->language);
if($url_next[0] == "login")
$url_next = array("content", "write");
$data["user"] = $user;
$ste->vars["user"] = array("name" => $user->username);
return; /* Authentification successful, continue */
}
else
unset($_SESSION["ratatoeskr_uid"]);
}
catch(DoesNotExistError $e)
{
unset($_SESSION["uid"]);
}
}
load_language();
/* If we are here, user is not logged in... */
$url_next = array("login");
},
"login" => url_action_simple(function($data)
{
global $ste, $admin_grp;
if(!empty($_POST["user"]))
{
try
{
$user = User::by_name($_POST["user"]);
if(!PasswordHash::validate($_POST["password"], $user->pwhash))
throw new Exception();
if(!$user->member_of($admin_grp))
throw new Exception();
$_SESSION["ratatoeskr_uid"] = $user->get_id();
$_SESSION["ratatoeskr_pwhash"] = $user->pwhash;
}
catch(Exception $e)
{
$ste->vars["login_failed"] = True;
}
/* Login successful. */
$data["user"] = $user;
$ste->vars["user"] = array("name" => $user->username);
throw new Redirect(array("content", "write"));
}
echo $ste->exectemplate("systemtemplates/backend_login.html");
}),
"logout" => url_action_simple(function($data)
{
echo "foo";
unset($_SESSION["ratatoeskr_uid"]);
unset($_SESSION["ratatoeskr_pwhash"]);
throw new Redirect(array("login"));
}),
"content" => url_action_subactions(array(
"write" => function(&$data, $url_now, &$url_next)
{
global $ste, $translation;
$article = array_slice($url_next, 0);
$url_next = array();
$ste->vars["section"] = "content";
$ste->vars["submenu"] = "newarticle";
if(empty($article))
{
/* New Article */
$ste->vars["pagetitle"] = $translation["new_article"];
}
echo $ste->exectemplate("systemtemplates/content_write.html");
}
))
));
?>
|
