diff --git a/www/includes/admin_header.php b/www/includes/admin_header.php
index ec99cf5d..c1895de2 100644
--- a/www/includes/admin_header.php
+++ b/www/includes/admin_header.php
@@ -92,7 +92,7 @@ if (!$login->login) {
//------------------------------ page rights start
// flag if to show the edit access id drop down list
// check if we have more than one EA ID
-$cms->DATA['show_ea_extra'] = $login->acl['show_ea_extra'];
+$cms->DATA['show_ea_extra'] = isset($login->acl['show_ea_extra']) ? $login->acl['show_ea_extra'] : false;
//------------------------------ page rights ned
// automatic hide for DEBUG messages on live server
diff --git a/www/lib/CoreLibs/ACL/Login.php b/www/lib/CoreLibs/ACL/Login.php
index 99eb6eda..b88e574d 100644
--- a/www/lib/CoreLibs/ACL/Login.php
+++ b/www/lib/CoreLibs/ACL/Login.php
@@ -105,6 +105,9 @@ class Login extends \CoreLibs\DB\IO
// acl vars
public $acl = array();
public $default_acl_list = array();
+ // login html, if we are on an ajax page
+ private $login_html = '';
+ private $login_is_ajax_page = false;
// language
public $l;
@@ -145,6 +148,10 @@ class Login extends \CoreLibs\DB\IO
exit;
}
+ // set global is ajax page for if we show the data directly, or need to pass it back
+ // to the continue AJAX class for output back to the user
+ $this->login_is_ajax_page = isset($GLOBALS['AJAX_PAGE']) && $GLOBALS['AJAX_PAGE'] ? true : false;
+
$this->l = new \CoreLibs\Language\L10n($lang);
// if we have a search path we need to set it, to use the correct DB to login
@@ -250,22 +257,41 @@ class Login extends \CoreLibs\DB\IO
$this->loginPasswordForgot();
}
// if !$euid || permission not okay, print login screan
- echo $this->loginPrintLogin();
+ $this->login_html = $this->loginPrintLogin();
// closing all connections, depending on error status, exit
if (!$this->loginCloseClass()) {
- // do not go anywhere, quit processing here
- // do something with possible debug data?
- if (TARGET == 'live' || TARGET == 'remote') {
- // login
- $this->debug_output_all = DEBUG ? 1 : 0;
- $this->echo_output_all = 0;
- $this->print_output_all = DEBUG ? 1 : 0;
+ // if variable AJAX flag is not set, show output, else pass through for ajax work
+ if ($this->login_is_ajax_page !== true) {
+ // the login screen if we hav no login permission & login screen html data
+ if ($this->login_html !== null) {
+ echo $this->login_html;
+ }
+ // do not go anywhere, quit processing here
+ // do something with possible debug data?
+ if (TARGET == 'live' || TARGET == 'remote') {
+ // login
+ $this->debug_output_all = DEBUG ? 1 : 0;
+ $this->echo_output_all = 0;
+ $this->print_output_all = DEBUG ? 1 : 0;
+ }
+ $status_msg = $this->printErrorMsg();
+ if ($this->echo_output_all) {
+ echo $status_msg;
+ }
+ // exit so we don't process anything further, at all
+ exit;
+ } else {
+ // if we are on an ajax page reset any POST/GET array data to avoid
+ // any accidentical processing going on
+ $_POST = array();
+ $_GET = array();
+ // set the action to login so we can trigger special login html return
+ $_POST['action'] = 'login';
+ $_POST['login_html'] = $this->login_html;
+ // NOTE: this part needs to be catched by the frontend AJAX
+ // and some function needs to then set something like this
+ // document.getElementsByTagName('html')[0].innerHTML = data.content.login_html;
}
- $status_msg = $this->printErrorMsg();
- if ($this->echo_output_all) {
- echo $status_msg;
- }
- exit;
}
// set acls for this user/group and this page
$this->loginSetAcl();
@@ -737,9 +763,9 @@ class Login extends \CoreLibs\DB\IO
}
// flag if to show extra edit access drop downs (because user has multiple groups assigned)
if (count($_SESSION['UNIT']) > 1) {
- $this->acl['show_ea_extra'] = 1;
+ $this->acl['show_ea_extra'] = true;
} else {
- $this->acl['show_ea_extra'] = 0;
+ $this->acl['show_ea_extra'] = false;
}
// set the default edit access
$this->acl['default_edit_access'] = $_SESSION['UNIT_DEFAULT'];
@@ -902,76 +928,61 @@ class Login extends \CoreLibs\DB\IO
{
$html_string = null;
if (!$this->permission_okay) {
- // get global AJAX page trigger
- // if true, return error ajax
- global $AJAX_PAGE;
- if ($AJAX_PAGE === true) {
- $data = array(
- 'status' => 'error',
- 'error_code' => $this->login_error,
- 'msg' => array(
- 'level' => 'error',
- 'str' => $this->l->__('Login necessary')
- )
- );
- $html_string = json_encode($data);
+ // set the templates now
+ $this->loginSetTemplates();
+ // if there is a global logout target ...
+ if (file_exists($this->logout_target) && $this->logout_target) {
+ $LOGOUT_TARGET = $this->logout_target;
} else {
- // set the templates now
- $this->loginSetTemplates();
- // if there is a global logout target ...
- if (file_exists($this->logout_target) && $this->logout_target) {
- $LOGOUT_TARGET = $this->logout_target;
- } else {
- $LOGOUT_TARGET = "";
- }
+ $LOGOUT_TARGET = "";
+ }
- $html_string = $this->login_template['template'];
+ $html_string = $this->login_template['template'];
- // if password change is okay
- if ($this->password_change) {
- $html_string_password_change = $this->login_template['password_change'];
+ // if password change is okay
+ if ($this->password_change) {
+ $html_string_password_change = $this->login_template['password_change'];
- // pre change the data in the PASSWORD_CHANGE_DIV first
- foreach ($this->login_template['strings'] as $string => $data) {
- if ($data) {
- $html_string_password_change = str_replace('{'.$string.'}', $data, $html_string_password_change);
- }
+ // pre change the data in the PASSWORD_CHANGE_DIV first
+ foreach ($this->login_template['strings'] as $string => $data) {
+ if ($data) {
+ $html_string_password_change = str_replace('{'.$string.'}', $data, $html_string_password_change);
}
- // print error messagae
- if ($this->login_error) {
- $html_string_password_change = str_replace('{ERROR_MSG}', $this->login_error_msg[$this->login_error].'
', $html_string_password_change);
- } else {
- $html_string_password_change = str_replace('{ERROR_MSG}', '
', $html_string_password_change);
- }
- // if pw change action, show the float again
- if ($this->change_password && !$this->password_change_ok) {
- $html_string_password_change = str_replace('{PASSWORD_CHANGE_SHOW}', '', $html_string_password_change);
- } else {
- $html_string_password_change = str_replace('{PASSWORD_CHANGE_SHOW}', '', $html_string_password_change);
- }
- $this->login_template['strings']['PASSWORD_CHANGE_DIV'] = $html_string_password_change;
}
-
- // put in the logout redirect string
- if ($this->logout && $LOGOUT_TARGET) {
- $html_string = str_replace('{LOGOUT_TARGET}', '', $html_string);
- } else {
- $html_string = str_replace('{LOGOUT_TARGET}', '', $html_string);
- }
-
// print error messagae
if ($this->login_error) {
- $html_string = str_replace('{ERROR_MSG}', $this->login_error_msg[$this->login_error].'
', $html_string);
- } elseif ($this->password_change_ok && $this->password_change) {
- $html_string = str_replace('{ERROR_MSG}', $this->login_error_msg[300].'
', $html_string);
+ $html_string_password_change = str_replace('{ERROR_MSG}', $this->login_error_msg[$this->login_error].'
', $html_string_password_change);
} else {
- $html_string = str_replace('{ERROR_MSG}', '
', $html_string);
+ $html_string_password_change = str_replace('{ERROR_MSG}', '
', $html_string_password_change);
}
+ // if pw change action, show the float again
+ if ($this->change_password && !$this->password_change_ok) {
+ $html_string_password_change = str_replace('{PASSWORD_CHANGE_SHOW}', '', $html_string_password_change);
+ } else {
+ $html_string_password_change = str_replace('{PASSWORD_CHANGE_SHOW}', '', $html_string_password_change);
+ }
+ $this->login_template['strings']['PASSWORD_CHANGE_DIV'] = $html_string_password_change;
+ }
- // create the replace array context
- foreach ($this->login_template['strings'] as $string => $data) {
- $html_string = str_replace('{'.$string.'}', $data, $html_string);
- }
+ // put in the logout redirect string
+ if ($this->logout && $LOGOUT_TARGET) {
+ $html_string = str_replace('{LOGOUT_TARGET}', '', $html_string);
+ } else {
+ $html_string = str_replace('{LOGOUT_TARGET}', '', $html_string);
+ }
+
+ // print error messagae
+ if ($this->login_error) {
+ $html_string = str_replace('{ERROR_MSG}', $this->login_error_msg[$this->login_error].'
', $html_string);
+ } elseif ($this->password_change_ok && $this->password_change) {
+ $html_string = str_replace('{ERROR_MSG}', $this->login_error_msg[300].'
', $html_string);
+ } else {
+ $html_string = str_replace('{ERROR_MSG}', '
', $html_string);
+ }
+
+ // create the replace array context
+ foreach ($this->login_template['strings'] as $string => $data) {
+ $html_string = str_replace('{'.$string.'}', $data, $html_string);
}
} // if permission is 0 then print out login
// return the created HTML here or null for nothing
diff --git a/www/lib/CoreLibs/Admin/Backend.php b/www/lib/CoreLibs/Admin/Backend.php
index a3dec7db..c27c68b9 100644
--- a/www/lib/CoreLibs/Admin/Backend.php
+++ b/www/lib/CoreLibs/Admin/Backend.php
@@ -193,7 +193,7 @@ class Backend extends \CoreLibs\DB\IO
}
// get the session pages array
- $PAGES = $_SESSION['PAGES'];
+ $PAGES = isset($_SESSION['PAGES']) ? $_SESSION['PAGES'] : null;
if (!isset($PAGES) || !is_array($PAGES)) {
$PAGES = array();
}