diff options
Diffstat (limited to 'ratatoeskr/backend/main.php')
-rw-r--r-- | ratatoeskr/backend/main.php | 61 |
1 files changed, 47 insertions, 14 deletions
diff --git a/ratatoeskr/backend/main.php b/ratatoeskr/backend/main.php index cd7bb35..9767cb4 100644 --- a/ratatoeskr/backend/main.php +++ b/ratatoeskr/backend/main.php @@ -12,18 +12,23 @@ require_once(dirname(__FILE__) . "/../sys/models.php"); require_once(dirname(__FILE__) . "/../sys/pwhash.php"); +$admin_grp = Group::by_name("admins"); + $backend_subactions = url_action_subactions(array( - "_default" => url_action_alias(array("login")), + "_index" => url_action_alias(array("login")), + "index" => url_action_alias(array("login")), + /* _prelude guarantees that the user is logged in properly, so we do not have to care about that later. */ "_prelude" => function(&$data, $url_now, &$url_next) { - global $ratatoeskr_settings; + global $ratatoeskr_settings, $admin_grp, $ste; + /* Check authentification */ - if(isset($_SESSION["uid"])) + if(isset($_SESSION["ratatoeskr_uid"])) { try { - $user = User::by_id($_SESSION["uid"]); - if($user->pwhash == $_SESSION["pwhash"]) + $user = User::by_id($_SESSION["ratatoeskr_uid"]); + if(($user->pwhash == $_SESSION["ratatoeskr_pwhash"]) and $user->member_of($admin_grp)) { if(empty($user->language)) { @@ -34,10 +39,12 @@ $backend_subactions = url_action_subactions(array( if($url_next[0] == "login") $url_next = array("content", "write"); + $data["user"] = $user; + $ste->vars["user"] = array("name" => $user->username); return; /* Authentification successful, continue */ } else - unset($_SESSION["uid"]); + unset($_SESSION["ratatoeskr_uid"]); } catch(DoesNotExistError $e) { @@ -48,10 +55,9 @@ $backend_subactions = url_action_subactions(array( /* If we are here, user is not logged in... */ $url_next = array("login"); }, - "index" => url_action_alias(array("login")), "login" => url_action_simple(function($data) { - global $ste; + global $ste, $admin_grp; if(!empty($_POST["user"])) { try @@ -59,24 +65,51 @@ $backend_subactions = url_action_subactions(array( $user = User::by_name($_POST["user"]); if(!PasswordHash::validate($_POST["password"], $user->pwhash)) throw new Exception(); - $_SESSION["uid"] = $user->get_id(); - $_SESSION["pwhash"] = $user->pwhash; + if(!$user->member_of($admin_grp)) + throw new Exception(); + $_SESSION["ratatoeskr_uid"] = $user->get_id(); + $_SESSION["ratatoeskr_pwhash"] = $user->pwhash; } catch(Exception $e) { $ste->vars["login_failed"] = True; } - /* Login successful. Now redirect... */ + /* Login successful. */ + $data["user"] = $user; + $ste->vars["user"] = array("name" => $user->username); throw new Redirect(array("content", "write")); } echo $ste->exectemplate("systemtemplates/backend_login.html"); }), - "content" => url_action_simple(function($data) + "logout" => url_action_simple(function($data) { - print "hi"; - }) + echo "foo"; + unset($_SESSION["ratatoeskr_uid"]); + unset($_SESSION["ratatoeskr_pwhash"]); + throw new Redirect(array("login")); + }), + "content" => url_action_subactions(array( + "write" => function(&$data, $url_now, &$url_next) + { + global $ste, $translation; + + $article = array_slice($url_next, 0); + $url_next = array(); + + $ste->vars["section"] = "content"; + $ste->vars["submenu"] = "newarticle"; + + if(empty($article)) + { + /* New Article */ + $ste->vars["pagetitle"] = $translation["new_article"]; + } + + echo $ste->exectemplate("systemtemplates/content_write.html"); + } + )) )); ?> |