* @copyright 2012-2013 Romanenko Sergey / Awilum * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ // Main engine defines define('DS', DIRECTORY_SEPARATOR); define('ROOT', rtrim(str_replace(array('admin'), array(''), dirname(__FILE__)), '\\/')); define('BACKEND', true); define('MONSTRA_ACCESS', true); // Load Monstra engine _init.php file require_once ROOT. DS .'engine'. DS .'_init.php'; // Errors var when users login failed $login_error = ''; // Get users Table $users = new Table('users'); // Admin login if (Request::post('login_submit')) { $user = $users->select("[login='" . trim(Request::post('login')) . "']", null); if (count($user) !== 0) { if ($user['login'] == Request::post('login')) { if (trim($user['password']) == Security::encryptPassword(Request::post('password'))) { if ($user['role'] == 'admin' || $user['role'] == 'editor') { Session::set('admin', true); Session::set('user_id', (int) $user['id']); Session::set('user_login', (string) $user['login']); Session::set('user_role', (string) $user['role']); Request::redirect('index.php'); } } else { $login_error = __('Wrong username or password', 'users'); } } } else { $login_error = __('Wrong username or password', 'users'); } } // Errors $errors = array(); $site_url = Option::get('siteurl'); $site_name = Option::get('sitename'); $user_login = trim(Request::post('login')); // Reset Password Form Submit if (Request::post('reset_password_submit')) { if (Option::get('captcha_installed') == 'true' && ! CryptCaptcha::check(Request::post('answer'))) $errors['users_captcha_wrong'] = __('Captcha code is wrong', 'users'); if ($user_login == '') $errors['users_empty_field'] = __('Required field', 'users'); if ($user_login != '' && ! $users->select("[login='".$user_login."']")) $errors['users_user_doesnt_exists'] = __('This user doesnt exist', 'users'); if (count($errors) == 0) { // Get user $user = $users->select("[login='" . $user_login . "']", null); // Generate new hash $new_hash = Text::random('alnum', 12); // Update user hash $users->updateWhere("[login='" . $user_login . "']", array('hash' => $new_hash)); // Message $message = View::factory('box/users/views/frontend/reset_password_email') ->assign('site_url', $site_url) ->assign('site_name', $site_name) ->assign('user_id', $user['id']) ->assign('user_login', $user['login']) ->assign('new_hash', $new_hash) ->render(); // Send @mail($user['email'], __('Your login details for :site_name', 'users', array(':site_name' => $site_name)), $message); // Set notification Notification::set('success', __('Your login details for :site_name has been sent', 'users', array(':site_name' => $site_name))); Notification::set('reset_password', 'reset_password'); // Redirect to password-reset page Request::redirect(Site::url().'admin'); } Notification::setNow('reset_password', 'reset_password'); } // If admin user is login = true then set is_admin = true if (Session::exists('admin') && Session::get('admin') == true) { $is_admin = true; } else { $is_admin = false; } // Logout user from system if (Request::get('logout') && Request::get('logout') == 'do') { Session::destroy(); } // If is admin then load admin area if ($is_admin) { // If id is empty then redirect to default plugin PAGES if (Request::get('id')) { $area = Request::get('id'); } else { Request::redirect('index.php?id=pages'); } $plugins_registered = Plugin::$plugins; foreach ($plugins_registered as $plugin) { $plugins_registered_areas[] = $plugin['id']; } // Show plugins admin area only for registered plugins if (in_array($area, $plugins_registered_areas)) { $plugin_admin_area = true; } else { $plugin_admin_area = false; } // Backend pre render Action::run('admin_pre_render'); // Display admin template require 'themes'. DS . Option::get('theme_admin_name') . DS . 'index.template.php'; // Backend post render Action::run('admin_post_render'); } else { // Display login template require 'themes'. DS . Option::get('theme_admin_name') . DS . 'login.template.php'; } // Flush (send) the output buffer and turn off output buffering ob_end_flush();