Update Login class to return login screen with reset _POST
Login class checks if AJAX_PAGE is set to true and then does not print
the login html to the screen directly, but returns it in the _POST array
login_html, _POST action is set to login
It also resets _POST & _GET arrays before hand to avoid any misuese.
All _SESSION array access needs to be checked in any following class as
the _SESSION is unset in this moment
html element should be overwritten with this JS:
document.getElementsByTagName('html')[0].innerHTML =
data.content.login_html;
This commit is contained in:
Clemens Schwaighofer
@@ -92,7 +92,7 @@ if (!$login->login) {
|
|||||||
//------------------------------ page rights start
|
//------------------------------ page rights start
|
||||||
// flag if to show the edit access id drop down list
|
// flag if to show the edit access id drop down list
|
||||||
// check if we have more than one EA ID
|
// check if we have more than one EA ID
|
||||||
$cms->DATA['show_ea_extra'] = $login->acl['show_ea_extra'];
|
$cms->DATA['show_ea_extra'] = isset($login->acl['show_ea_extra']) ? $login->acl['show_ea_extra'] : false;
|
||||||
//------------------------------ page rights ned
|
//------------------------------ page rights ned
|
||||||
|
|
||||||
// automatic hide for DEBUG messages on live server
|
// automatic hide for DEBUG messages on live server
|
||||||
|
|||||||
@@ -105,6 +105,9 @@ class Login extends \CoreLibs\DB\IO
|
|||||||
// acl vars
|
// acl vars
|
||||||
public $acl = array();
|
public $acl = array();
|
||||||
public $default_acl_list = array();
|
public $default_acl_list = array();
|
||||||
|
// login html, if we are on an ajax page
|
||||||
|
private $login_html = '';
|
||||||
|
private $login_is_ajax_page = false;
|
||||||
|
|
||||||
// language
|
// language
|
||||||
public $l;
|
public $l;
|
||||||
@@ -145,6 +148,10 @@ class Login extends \CoreLibs\DB\IO
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// set global is ajax page for if we show the data directly, or need to pass it back
|
||||||
|
// to the continue AJAX class for output back to the user
|
||||||
|
$this->login_is_ajax_page = isset($GLOBALS['AJAX_PAGE']) && $GLOBALS['AJAX_PAGE'] ? true : false;
|
||||||
|
|
||||||
$this->l = new \CoreLibs\Language\L10n($lang);
|
$this->l = new \CoreLibs\Language\L10n($lang);
|
||||||
|
|
||||||
// if we have a search path we need to set it, to use the correct DB to login
|
// if we have a search path we need to set it, to use the correct DB to login
|
||||||
@@ -250,9 +257,15 @@ class Login extends \CoreLibs\DB\IO
|
|||||||
$this->loginPasswordForgot();
|
$this->loginPasswordForgot();
|
||||||
}
|
}
|
||||||
// if !$euid || permission not okay, print login screan
|
// if !$euid || permission not okay, print login screan
|
||||||
echo $this->loginPrintLogin();
|
$this->login_html = $this->loginPrintLogin();
|
||||||
// closing all connections, depending on error status, exit
|
// closing all connections, depending on error status, exit
|
||||||
if (!$this->loginCloseClass()) {
|
if (!$this->loginCloseClass()) {
|
||||||
|
// if variable AJAX flag is not set, show output, else pass through for ajax work
|
||||||
|
if ($this->login_is_ajax_page !== true) {
|
||||||
|
// the login screen if we hav no login permission & login screen html data
|
||||||
|
if ($this->login_html !== null) {
|
||||||
|
echo $this->login_html;
|
||||||
|
}
|
||||||
// do not go anywhere, quit processing here
|
// do not go anywhere, quit processing here
|
||||||
// do something with possible debug data?
|
// do something with possible debug data?
|
||||||
if (TARGET == 'live' || TARGET == 'remote') {
|
if (TARGET == 'live' || TARGET == 'remote') {
|
||||||
@@ -265,7 +278,20 @@ class Login extends \CoreLibs\DB\IO
|
|||||||
if ($this->echo_output_all) {
|
if ($this->echo_output_all) {
|
||||||
echo $status_msg;
|
echo $status_msg;
|
||||||
}
|
}
|
||||||
|
// exit so we don't process anything further, at all
|
||||||
exit;
|
exit;
|
||||||
|
} else {
|
||||||
|
// if we are on an ajax page reset any POST/GET array data to avoid
|
||||||
|
// any accidentical processing going on
|
||||||
|
$_POST = array();
|
||||||
|
$_GET = array();
|
||||||
|
// set the action to login so we can trigger special login html return
|
||||||
|
$_POST['action'] = 'login';
|
||||||
|
$_POST['login_html'] = $this->login_html;
|
||||||
|
// NOTE: this part needs to be catched by the frontend AJAX
|
||||||
|
// and some function needs to then set something like this
|
||||||
|
// document.getElementsByTagName('html')[0].innerHTML = data.content.login_html;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
// set acls for this user/group and this page
|
// set acls for this user/group and this page
|
||||||
$this->loginSetAcl();
|
$this->loginSetAcl();
|
||||||
@@ -737,9 +763,9 @@ class Login extends \CoreLibs\DB\IO
|
|||||||
}
|
}
|
||||||
// flag if to show extra edit access drop downs (because user has multiple groups assigned)
|
// flag if to show extra edit access drop downs (because user has multiple groups assigned)
|
||||||
if (count($_SESSION['UNIT']) > 1) {
|
if (count($_SESSION['UNIT']) > 1) {
|
||||||
$this->acl['show_ea_extra'] = 1;
|
$this->acl['show_ea_extra'] = true;
|
||||||
} else {
|
} else {
|
||||||
$this->acl['show_ea_extra'] = 0;
|
$this->acl['show_ea_extra'] = false;
|
||||||
}
|
}
|
||||||
// set the default edit access
|
// set the default edit access
|
||||||
$this->acl['default_edit_access'] = $_SESSION['UNIT_DEFAULT'];
|
$this->acl['default_edit_access'] = $_SESSION['UNIT_DEFAULT'];
|
||||||
@@ -902,20 +928,6 @@ class Login extends \CoreLibs\DB\IO
|
|||||||
{
|
{
|
||||||
$html_string = null;
|
$html_string = null;
|
||||||
if (!$this->permission_okay) {
|
if (!$this->permission_okay) {
|
||||||
// get global AJAX page trigger
|
|
||||||
// if true, return error ajax
|
|
||||||
global $AJAX_PAGE;
|
|
||||||
if ($AJAX_PAGE === true) {
|
|
||||||
$data = array(
|
|
||||||
'status' => 'error',
|
|
||||||
'error_code' => $this->login_error,
|
|
||||||
'msg' => array(
|
|
||||||
'level' => 'error',
|
|
||||||
'str' => $this->l->__('Login necessary')
|
|
||||||
)
|
|
||||||
);
|
|
||||||
$html_string = json_encode($data);
|
|
||||||
} else {
|
|
||||||
// set the templates now
|
// set the templates now
|
||||||
$this->loginSetTemplates();
|
$this->loginSetTemplates();
|
||||||
// if there is a global logout target ...
|
// if there is a global logout target ...
|
||||||
@@ -972,7 +984,6 @@ class Login extends \CoreLibs\DB\IO
|
|||||||
foreach ($this->login_template['strings'] as $string => $data) {
|
foreach ($this->login_template['strings'] as $string => $data) {
|
||||||
$html_string = str_replace('{'.$string.'}', $data, $html_string);
|
$html_string = str_replace('{'.$string.'}', $data, $html_string);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
} // if permission is 0 then print out login
|
} // if permission is 0 then print out login
|
||||||
// return the created HTML here or null for nothing
|
// return the created HTML here or null for nothing
|
||||||
return $html_string;
|
return $html_string;
|
||||||
|
|||||||
@@ -193,7 +193,7 @@ class Backend extends \CoreLibs\DB\IO
|
|||||||
}
|
}
|
||||||
|
|
||||||
// get the session pages array
|
// get the session pages array
|
||||||
$PAGES = $_SESSION['PAGES'];
|
$PAGES = isset($_SESSION['PAGES']) ? $_SESSION['PAGES'] : null;
|
||||||
if (!isset($PAGES) || !is_array($PAGES)) {
|
if (!isset($PAGES) || !is_array($PAGES)) {
|
||||||
$PAGES = array();
|
$PAGES = array();
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user