CoreLibs/development
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update Login class to return login screen with reset _POST

Browse Source 
Login class checks if AJAX_PAGE is set to true and then does not print
the login html to the screen directly, but returns it in the _POST array
login_html, _POST action is set to login
It also resets _POST & _GET arrays before hand to avoid any misuese.
All _SESSION array access needs to be checked in any following class as
the _SESSION is unset in this moment

html element should be overwritten with this JS:
document.getElementsByTagName('html')[0].innerHTML  =
data.content.login_html;
This commit is contained in:
Clemens Schwaighofer
2019-10-03 15:37:06 +09:00
parent fd8caaf5de
commit fd0af5a294
3 changed files with 87 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
www/includes/admin_header.php
View File

@@ -92,7 +92,7 @@ if (!$login->login) {
//------------------------------ page rights start
// flag if to show the edit access id drop down list
// check if we have more than one EA ID
$cms->DATA['show_ea_extra'] = $login->acl['show_ea_extra'];
$cms->DATA['show_ea_extra'] = isset($login->acl['show_ea_extra']) ? $login->acl['show_ea_extra'] : false;
//------------------------------ page rights ned
// automatic hide for DEBUG messages on live server

159
www/lib/CoreLibs/ACL/Login.php
View File

@@ -105,6 +105,9 @@ class Login extends \CoreLibs\DB\IO
// acl vars
public $acl = array();
public $default_acl_list = array();
// login html, if we are on an ajax page
private $login_html = '';
private $login_is_ajax_page = false;
// language
public $l;
@@ -145,6 +148,10 @@ class Login extends \CoreLibs\DB\IO
exit;
}
// set global is ajax page for if we show the data directly, or need to pass it back
// to the continue AJAX class for output back to the user
$this->login_is_ajax_page = isset($GLOBALS['AJAX_PAGE']) && $GLOBALS['AJAX_PAGE'] ? true : false;
$this->l = new \CoreLibs\Language\L10n($lang);
// if we have a search path we need to set it, to use the correct DB to login
@@ -250,22 +257,41 @@ class Login extends \CoreLibs\DB\IO
$this->loginPasswordForgot();
}
// if !$euid || permission not okay, print login screan
echo $this->loginPrintLogin();
$this->login_html = $this->loginPrintLogin();
// closing all connections, depending on error status, exit
if (!$this->loginCloseClass()) {
// do not go anywhere, quit processing here
// do something with possible debug data?
if (TARGET == 'live' || TARGET == 'remote') {
// login
$this->debug_output_all = DEBUG ? 1 : 0;
$this->echo_output_all = 0;
$this->print_output_all = DEBUG ? 1 : 0;
// if variable AJAX flag is not set, show output, else pass through for ajax work
if ($this->login_is_ajax_page !== true) {
// the login screen if we hav no login permission & login screen html data
if ($this->login_html !== null) {
echo $this->login_html;
}
// do not go anywhere, quit processing here
// do something with possible debug data?
if (TARGET == 'live' || TARGET == 'remote') {
// login
$this->debug_output_all = DEBUG ? 1 : 0;
$this->echo_output_all = 0;
$this->print_output_all = DEBUG ? 1 : 0;
}
$status_msg = $this->printErrorMsg();
if ($this->echo_output_all) {
echo $status_msg;
}
// exit so we don't process anything further, at all
exit;
} else {
// if we are on an ajax page reset any POST/GET array data to avoid
// any accidentical processing going on
$_POST = array();
$_GET = array();
// set the action to login so we can trigger special login html return
$_POST['action'] = 'login';
$_POST['login_html'] = $this->login_html;
// NOTE: this part needs to be catched by the frontend AJAX
// and some function needs to then set something like this
// document.getElementsByTagName('html')[0].innerHTML = data.content.login_html;
}
$status_msg = $this->printErrorMsg();
if ($this->echo_output_all) {
echo $status_msg;
}
exit;
}
// set acls for this user/group and this page
$this->loginSetAcl();
@@ -737,9 +763,9 @@ class Login extends \CoreLibs\DB\IO
}
// flag if to show extra edit access drop downs (because user has multiple groups assigned)
if (count($_SESSION['UNIT']) > 1) {
$this->acl['show_ea_extra'] = 1;
$this->acl['show_ea_extra'] = true;
} else {
$this->acl['show_ea_extra'] = 0;
$this->acl['show_ea_extra'] = false;
}
// set the default edit access
$this->acl['default_edit_access'] = $_SESSION['UNIT_DEFAULT'];
@@ -902,76 +928,61 @@ class Login extends \CoreLibs\DB\IO
{
$html_string = null;
if (!$this->permission_okay) {
// get global AJAX page trigger
// if true, return error ajax
global $AJAX_PAGE;
if ($AJAX_PAGE === true) {
$data = array(
'status' => 'error',
'error_code' => $this->login_error,
'msg' => array(
'level' => 'error',
'str' => $this->l->__('Login necessary')
)
);
$html_string = json_encode($data);
// set the templates now
$this->loginSetTemplates();
// if there is a global logout target ...
if (file_exists($this->logout_target) && $this->logout_target) {
$LOGOUT_TARGET = $this->logout_target;
} else {
// set the templates now
$this->loginSetTemplates();
// if there is a global logout target ...
if (file_exists($this->logout_target) && $this->logout_target) {
$LOGOUT_TARGET = $this->logout_target;
} else {
$LOGOUT_TARGET = "";
}
$LOGOUT_TARGET = "";
}
$html_string = $this->login_template['template'];
$html_string = $this->login_template['template'];
// if password change is okay
if ($this->password_change) {
$html_string_password_change = $this->login_template['password_change'];
// if password change is okay
if ($this->password_change) {
$html_string_password_change = $this->login_template['password_change'];
// pre change the data in the PASSWORD_CHANGE_DIV first
foreach ($this->login_template['strings'] as $string => $data) {
if ($data) {
$html_string_password_change = str_replace('{'.$string.'}', $data, $html_string_password_change);
}
// pre change the data in the PASSWORD_CHANGE_DIV first
foreach ($this->login_template['strings'] as $string => $data) {
if ($data) {
$html_string_password_change = str_replace('{'.$string.'}', $data, $html_string_password_change);
}
// print error messagae
if ($this->login_error) {
$html_string_password_change = str_replace('{ERROR_MSG}', $this->login_error_msg[$this->login_error].'<br>', $html_string_password_change);
} else {
$html_string_password_change = str_replace('{ERROR_MSG}', '<br>', $html_string_password_change);
}
// if pw change action, show the float again
if ($this->change_password && !$this->password_change_ok) {
$html_string_password_change = str_replace('{PASSWORD_CHANGE_SHOW}', '<script language="JavaScript">ShowHideDiv(\'pw_change_div\');</script>', $html_string_password_change);
} else {
$html_string_password_change = str_replace('{PASSWORD_CHANGE_SHOW}', '', $html_string_password_change);
}
$this->login_template['strings']['PASSWORD_CHANGE_DIV'] = $html_string_password_change;
}
// put in the logout redirect string
if ($this->logout && $LOGOUT_TARGET) {
$html_string = str_replace('{LOGOUT_TARGET}', '<meta http-equiv="refresh" content="0; URL='.$LOGOUT_TARGET.'">', $html_string);
} else {
$html_string = str_replace('{LOGOUT_TARGET}', '', $html_string);
}
// print error messagae
if ($this->login_error) {
$html_string = str_replace('{ERROR_MSG}', $this->login_error_msg[$this->login_error].'<br>', $html_string);
} elseif ($this->password_change_ok && $this->password_change) {
$html_string = str_replace('{ERROR_MSG}', $this->login_error_msg[300].'<br>', $html_string);
$html_string_password_change = str_replace('{ERROR_MSG}', $this->login_error_msg[$this->login_error].'<br>', $html_string_password_change);
} else {
$html_string = str_replace('{ERROR_MSG}', '<br>', $html_string);
$html_string_password_change = str_replace('{ERROR_MSG}', '<br>', $html_string_password_change);
}
// if pw change action, show the float again
if ($this->change_password && !$this->password_change_ok) {
$html_string_password_change = str_replace('{PASSWORD_CHANGE_SHOW}', '<script language="JavaScript">ShowHideDiv(\'pw_change_div\');</script>', $html_string_password_change);
} else {
$html_string_password_change = str_replace('{PASSWORD_CHANGE_SHOW}', '', $html_string_password_change);
}
$this->login_template['strings']['PASSWORD_CHANGE_DIV'] = $html_string_password_change;
}
// create the replace array context
foreach ($this->login_template['strings'] as $string => $data) {
$html_string = str_replace('{'.$string.'}', $data, $html_string);
}
// put in the logout redirect string
if ($this->logout && $LOGOUT_TARGET) {
$html_string = str_replace('{LOGOUT_TARGET}', '<meta http-equiv="refresh" content="0; URL='.$LOGOUT_TARGET.'">', $html_string);
} else {
$html_string = str_replace('{LOGOUT_TARGET}', '', $html_string);
}
// print error messagae
if ($this->login_error) {
$html_string = str_replace('{ERROR_MSG}', $this->login_error_msg[$this->login_error].'<br>', $html_string);
} elseif ($this->password_change_ok && $this->password_change) {
$html_string = str_replace('{ERROR_MSG}', $this->login_error_msg[300].'<br>', $html_string);
} else {
$html_string = str_replace('{ERROR_MSG}', '<br>', $html_string);
}
// create the replace array context
foreach ($this->login_template['strings'] as $string => $data) {
$html_string = str_replace('{'.$string.'}', $data, $html_string);
}
} // if permission is 0 then print out login
// return the created HTML here or null for nothing

2
www/lib/CoreLibs/Admin/Backend.php
View File

@@ -193,7 +193,7 @@ class Backend extends \CoreLibs\DB\IO
}
// get the session pages array
$PAGES = $_SESSION['PAGES'];
$PAGES = isset($_SESSION['PAGES']) ? $_SESSION['PAGES'] : null;
if (!isset($PAGES) || !is_array($PAGES)) {
$PAGES = array();
}