Update Login class to return login screen with reset _POST
Login class checks if AJAX_PAGE is set to true and then does not print
the login html to the screen directly, but returns it in the _POST array
login_html, _POST action is set to login
It also resets _POST & _GET arrays before hand to avoid any misuese.
All _SESSION array access needs to be checked in any following class as
the _SESSION is unset in this moment
html element should be overwritten with this JS:
document.getElementsByTagName('html')[0].innerHTML =
data.content.login_html;
This commit is contained in:
Clemens Schwaighofer
@@ -92,7 +92,7 @@ if (!$login->login) {
|
||||
//------------------------------ page rights start
|
||||
// flag if to show the edit access id drop down list
|
||||
// check if we have more than one EA ID
|
||||
$cms->DATA['show_ea_extra'] = $login->acl['show_ea_extra'];
|
||||
$cms->DATA['show_ea_extra'] = isset($login->acl['show_ea_extra']) ? $login->acl['show_ea_extra'] : false;
|
||||
//------------------------------ page rights ned
|
||||
|
||||
// automatic hide for DEBUG messages on live server
|
||||
|
||||
@@ -105,6 +105,9 @@ class Login extends \CoreLibs\DB\IO
|
||||
// acl vars
|
||||
public $acl = array();
|
||||
public $default_acl_list = array();
|
||||
// login html, if we are on an ajax page
|
||||
private $login_html = '';
|
||||
private $login_is_ajax_page = false;
|
||||
|
||||
// language
|
||||
public $l;
|
||||
@@ -145,6 +148,10 @@ class Login extends \CoreLibs\DB\IO
|
||||
exit;
|
||||
}
|
||||
|
||||
// set global is ajax page for if we show the data directly, or need to pass it back
|
||||
// to the continue AJAX class for output back to the user
|
||||
$this->login_is_ajax_page = isset($GLOBALS['AJAX_PAGE']) && $GLOBALS['AJAX_PAGE'] ? true : false;
|
||||
|
||||
$this->l = new \CoreLibs\Language\L10n($lang);
|
||||
|
||||
// if we have a search path we need to set it, to use the correct DB to login
|
||||
@@ -250,9 +257,15 @@ class Login extends \CoreLibs\DB\IO
|
||||
$this->loginPasswordForgot();
|
||||
}
|
||||
// if !$euid || permission not okay, print login screan
|
||||
echo $this->loginPrintLogin();
|
||||
$this->login_html = $this->loginPrintLogin();
|
||||
// closing all connections, depending on error status, exit
|
||||
if (!$this->loginCloseClass()) {
|
||||
// if variable AJAX flag is not set, show output, else pass through for ajax work
|
||||
if ($this->login_is_ajax_page !== true) {
|
||||
// the login screen if we hav no login permission & login screen html data
|
||||
if ($this->login_html !== null) {
|
||||
echo $this->login_html;
|
||||
}
|
||||
// do not go anywhere, quit processing here
|
||||
// do something with possible debug data?
|
||||
if (TARGET == 'live' || TARGET == 'remote') {
|
||||
@@ -265,7 +278,20 @@ class Login extends \CoreLibs\DB\IO
|
||||
if ($this->echo_output_all) {
|
||||
echo $status_msg;
|
||||
}
|
||||
// exit so we don't process anything further, at all
|
||||
exit;
|
||||
} else {
|
||||
// if we are on an ajax page reset any POST/GET array data to avoid
|
||||
// any accidentical processing going on
|
||||
$_POST = array();
|
||||
$_GET = array();
|
||||
// set the action to login so we can trigger special login html return
|
||||
$_POST['action'] = 'login';
|
||||
$_POST['login_html'] = $this->login_html;
|
||||
// NOTE: this part needs to be catched by the frontend AJAX
|
||||
// and some function needs to then set something like this
|
||||
// document.getElementsByTagName('html')[0].innerHTML = data.content.login_html;
|
||||
}
|
||||
}
|
||||
// set acls for this user/group and this page
|
||||
$this->loginSetAcl();
|
||||
@@ -737,9 +763,9 @@ class Login extends \CoreLibs\DB\IO
|
||||
}
|
||||
// flag if to show extra edit access drop downs (because user has multiple groups assigned)
|
||||
if (count($_SESSION['UNIT']) > 1) {
|
||||
$this->acl['show_ea_extra'] = 1;
|
||||
$this->acl['show_ea_extra'] = true;
|
||||
} else {
|
||||
$this->acl['show_ea_extra'] = 0;
|
||||
$this->acl['show_ea_extra'] = false;
|
||||
}
|
||||
// set the default edit access
|
||||
$this->acl['default_edit_access'] = $_SESSION['UNIT_DEFAULT'];
|
||||
@@ -902,20 +928,6 @@ class Login extends \CoreLibs\DB\IO
|
||||
{
|
||||
$html_string = null;
|
||||
if (!$this->permission_okay) {
|
||||
// get global AJAX page trigger
|
||||
// if true, return error ajax
|
||||
global $AJAX_PAGE;
|
||||
if ($AJAX_PAGE === true) {
|
||||
$data = array(
|
||||
'status' => 'error',
|
||||
'error_code' => $this->login_error,
|
||||
'msg' => array(
|
||||
'level' => 'error',
|
||||
'str' => $this->l->__('Login necessary')
|
||||
)
|
||||
);
|
||||
$html_string = json_encode($data);
|
||||
} else {
|
||||
// set the templates now
|
||||
$this->loginSetTemplates();
|
||||
// if there is a global logout target ...
|
||||
@@ -972,7 +984,6 @@ class Login extends \CoreLibs\DB\IO
|
||||
foreach ($this->login_template['strings'] as $string => $data) {
|
||||
$html_string = str_replace('{'.$string.'}', $data, $html_string);
|
||||
}
|
||||
}
|
||||
} // if permission is 0 then print out login
|
||||
// return the created HTML here or null for nothing
|
||||
return $html_string;
|
||||
|
||||
@@ -193,7 +193,7 @@ class Backend extends \CoreLibs\DB\IO
|
||||
}
|
||||
|
||||
// get the session pages array
|
||||
$PAGES = $_SESSION['PAGES'];
|
||||
$PAGES = isset($_SESSION['PAGES']) ? $_SESSION['PAGES'] : null;
|
||||
if (!isset($PAGES) || !is_array($PAGES)) {
|
||||
$PAGES = array();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user