2010-10-29 13:19:51 +00:00
|
|
|
<?php
|
2010-12-06 20:00:18 +00:00
|
|
|
/**
|
|
|
|
* Do authentication of users and session management
|
|
|
|
*
|
|
|
|
* @category DMS
|
2013-02-14 11:10:53 +00:00
|
|
|
* @package SeedDMS
|
2010-12-06 20:00:18 +00:00
|
|
|
* @license GPL 2
|
|
|
|
* @version @version@
|
|
|
|
* @author Markus Westphal, Malcolm Cowe, Uwe Steinmann <uwe@steinmann.cx>
|
|
|
|
* @copyright Copyright (C) 2002-2005 Markus Westphal,
|
|
|
|
* 2006-2008 Malcolm Cowe, 2010 Uwe Steinmann
|
|
|
|
* @version Release: @package_version@
|
|
|
|
*/
|
2010-10-29 13:19:51 +00:00
|
|
|
|
|
|
|
$refer=urlencode($_SERVER["REQUEST_URI"]);
|
|
|
|
if (!strncmp("/op", $refer, 3)) {
|
|
|
|
$refer="";
|
|
|
|
}
|
2011-01-11 08:03:38 +00:00
|
|
|
if (!isset($_COOKIE["mydms_session"])) {
|
2010-10-29 13:19:51 +00:00
|
|
|
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer);
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
2010-11-17 07:41:35 +00:00
|
|
|
require_once("inc.Utils.php");
|
|
|
|
require_once("inc.ClassEmail.php");
|
2011-01-11 08:03:38 +00:00
|
|
|
require_once("inc.ClassSession.php");
|
2010-10-29 13:19:51 +00:00
|
|
|
|
2011-01-11 08:03:38 +00:00
|
|
|
/* Load session */
|
2011-11-29 07:16:04 +00:00
|
|
|
$dms_session = $_COOKIE["mydms_session"];
|
2013-02-14 11:10:53 +00:00
|
|
|
$session = new SeedDMS_Session($db);
|
2011-01-11 08:03:38 +00:00
|
|
|
if(!$resArr = $session->load($dms_session)) {
|
2010-10-29 13:19:51 +00:00
|
|
|
setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot); //delete cookie
|
|
|
|
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer);
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
2011-01-11 08:03:38 +00:00
|
|
|
/* Load user data */
|
2010-11-15 12:01:21 +00:00
|
|
|
$user = $dms->getUser($resArr["userID"]);
|
2013-04-19 06:44:51 +00:00
|
|
|
if($user->isAdmin()) {
|
|
|
|
if($resArr["su"]) {
|
|
|
|
$user = $dms->getUser($resArr["su"]);
|
|
|
|
}
|
|
|
|
}
|
2010-10-29 13:19:51 +00:00
|
|
|
if (!is_object($user)) {
|
|
|
|
setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot); //delete cookie
|
|
|
|
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer);
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
2010-11-15 12:01:21 +00:00
|
|
|
$dms->setUser($user);
|
2013-03-08 17:20:45 +00:00
|
|
|
if($settings->_enableEmail) {
|
2013-09-13 12:55:34 +00:00
|
|
|
$notifier = new SeedDMS_Email($settings->_smtpSendFrom, $settings->_smtpServer, $settings->_smtpPort, $settings->_smtpUser, $settings->_smtpPassword);
|
2013-03-08 17:20:45 +00:00
|
|
|
$notifier->setSender($user);
|
|
|
|
} else {
|
|
|
|
$notifier = null;
|
|
|
|
}
|
2010-11-15 12:01:21 +00:00
|
|
|
|
2013-01-24 08:02:58 +00:00
|
|
|
/* Include the language file as specified in the session. If that is not
|
|
|
|
* available use the language from the settings
|
|
|
|
*/
|
2013-02-28 13:55:26 +00:00
|
|
|
/*
|
|
|
|
if(file_exists($settings->_rootDir . "languages/" . $resArr["language"] . "/lang.inc")) {
|
2013-01-24 08:02:58 +00:00
|
|
|
include $settings->_rootDir . "languages/" . $resArr["language"] . "/lang.inc";
|
2013-02-28 13:55:26 +00:00
|
|
|
$session->setLanguage($resArr["language"]);
|
|
|
|
} else {
|
2013-01-24 08:02:58 +00:00
|
|
|
include $settings->_rootDir . "languages/" . $settings->_language . "/lang.inc";
|
2013-02-28 13:55:26 +00:00
|
|
|
$session->setLanguage($settings->_language);
|
|
|
|
}
|
|
|
|
*/
|
2013-01-24 08:02:58 +00:00
|
|
|
|
2010-10-29 13:19:51 +00:00
|
|
|
$theme = $resArr["theme"];
|
2012-12-13 21:33:15 +00:00
|
|
|
if(file_exists($settings->_rootDir . "view/".$theme."/languages/" . $resArr["language"] . "/lang.inc")) {
|
|
|
|
include $settings->_rootDir . "view/".$theme."/languages/" . $resArr["language"] . "/lang.inc";
|
|
|
|
}
|
2010-10-29 13:19:51 +00:00
|
|
|
|
2012-08-28 06:36:33 +00:00
|
|
|
/* Check if password needs to be changed because it expired. If it needs
|
|
|
|
* to be changed redirect to out/out.ForcePasswordChange.php. Do this
|
|
|
|
* check only if password expiration is turned on, we are not on the
|
|
|
|
* page to change the password or the page that changes the password, and
|
|
|
|
* it is not admin */
|
|
|
|
|
|
|
|
if (!$user->isAdmin()) {
|
|
|
|
if($settings->_passwordExpiration > 0) {
|
|
|
|
if(basename($_SERVER['SCRIPT_NAME']) != 'out.ForcePasswordChange.php' && basename($_SERVER['SCRIPT_NAME']) != 'op.EditUserData.php') {
|
|
|
|
$pwdexp = $user->getPwdExpiration();
|
|
|
|
if(substr($pwdexp, 0, 10) != '0000-00-00') {
|
|
|
|
$pwdexpts = strtotime($pwdexp); // + $pwdexp*86400;
|
|
|
|
if($pwdexpts > 0 && $pwdexpts < time()) {
|
|
|
|
header("Location: ../out/out.ForcePasswordChange.php");
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2014-03-06 10:32:45 +00:00
|
|
|
|
|
|
|
/* Update cookie lifetime */
|
|
|
|
if($settings->_cookieLifetime) {
|
|
|
|
$lifetime = time() + intval($settings->_cookieLifetime);
|
|
|
|
setcookie("mydms_session", $dms_session, $lifetime, $settings->_httpRoot, null, null, true);
|
|
|
|
}
|
2010-10-29 13:19:51 +00:00
|
|
|
?>
|