Files

223 lines
7.1 KiB
PHP
Raw Permalink Normal View History

2026-02-17 14:56:23 +01:00
<?
// Startsequenz der Oberfläche
error_reporting(E_ERROR | E_WARNING | E_PARSE);
// Verbindung mit Datenbank herstellen
db_connect();
define('COOKIE_DAYS_VALID', 30);
define('CMS_PATH', dirname(__FILE__) . '/../');
define('INTRANET_PATH', dirname(__FILE__) . '/../intranet/');
define('MODULE_PATH', dirname(__FILE__) . '/../../module/');
define('IS_AJAX', isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest');
define('COLLECTION_SITEPART_ID', 99);
try {
//code...
/*function dc_autoloader($class) {
require_once CMS_PATH . sprintf("common/classes/%s.php", $class);
}
spl_autoload_register('dc_autoloader');*/
// Session-ID generieren
ini_set("session.use_cookies", 1);
ini_set("session.use_only_cookies", 1);
ini_set("session.use_trans_sid", 1);
session_name("sidcms");
$visitor_set = 0;
if (!empty($_COOKIE['sidcms'])) {
$cookie_preset = TRUE;
} else {
$cookie_preset = FALSE;
}
if (!(strlen(session_id()) > 0)) {
if (!empty($_GET['sidcms']) && check_sid_for_login($_GET['sidcms'])) {
session_id($_GET['sidcms']);
session_start();
} elseif ($cookie_preset) {
session_id($_COOKIE['sidcms']);
session_start();
} else {
session_start();
}
} else {
session_start();
}
if (!empty($_GET['live_edit']) && $_GET['live_edit'] == 1) {
$GLOBALS["insert_live_edit_js"] = TRUE;
} elseif (!empty($_SESSION['sidcms'])) {
$visitor = get_visitor_small($_SESSION['sidcms'], 1, 0);
$visitor_set = 1;
}
if (!empty($_COOKIE['sidcms'])) {
//cookie login
$cookie_sid = $_COOKIE['sidcms'];
$visitor = get_visitor_small($cookie_sid);
$_SESSION['sidcms'] = $cookie_sid;
$remember_token_orig = trim((string)$visitor['remember_token']);
$cookie_index = 'cms_remember_login';
$remember_token_compare = trim((string)$_COOKIE[$cookie_index]);
if (
($GLOBALS['visitor']['admin_login'] && !(bool)$_SESSION['pass_auth'])
&&
(
(
$GLOBALS['visitor']['cookie_only']
&&
(
empty($remember_token_orig)
||
empty($remember_token_compare)
)
)
||
(
!empty($remember_token_orig)
&&
(
empty($remember_token_compare)
||
!($remember_token_compare == $remember_token_orig)
)
)
)
) {
$visitor['frontend_login'] = 0;
$GLOBALS['visitor']['frontend_login'] = 0;
$query = 'UPDATE main_visitor SET admin_login = 0 WHERE id=' . $GLOBALS['visitor']['id'];
//trigger_eror("LOGOUT! PASS-AUTH: " . $_SESSION['pass_auth'] . " | COOKIE-ONLY: " . $GLOBALS['visitor']['cookie_only'] . " | TOKEN DB: " . $remember_token_orig . " | TOKEN CLIENT: " . $remember_token_compare);
@mysqli_query($GLOBALS['mysql_con'], $query);
//logQuery(date('c'), $query, __FILE__, __LINE__, $GLOBALS['querylog'], FALSE, FALSE, __FUNCTION__, TRUE, TRUE);
}
}
//Get session date
$session_time = strtotime($GLOBALS['visitor']['session_date']);
$time_diff = time() - $session_time;
//90 Minutes
$diff_limit = 90 * 60;
if (
$visitor['admin_login']
&&
(!$_SESSION['pass_auth'])
&&
(!empty($remember_token_compare))
&&
$remember_token_compare == $remember_token_orig
&&
$cookie_preset
&&
($time_diff > $diff_limit)
) {
cookie_login_postprocessing($visitor, $_COOKIE);
}
$_SESSION['pass_auth'] = FALSE;
$GLOBALS['visitor']['pass_auth'] = FALSE;
$GLOBALS['visitor_set'] = 1;
if ($visitor_set !== 1) {
$visitor = get_visitor();
}
// Variablen schützen
// $_GET = secure_array($_GET, TRUE);
// $_POST = secure_array($_POST, FALSE);
check_admin_user_login();
renew_session_dates($visitor);
$GLOBALS["visitor"] = $visitor;
$admin_user = get_admin_user($visitor);
$GLOBALS["admin_user"] = $admin_user;
// load Translation class into registry
$user_language = (isset($GLOBALS["admin_user"]['main_language']) ? $GLOBALS["admin_user"]['main_language'] : 'de');
\DynCom\mysyde\common\classes\Registry::set('translation', new \DynCom\mysyde\common\classes\Translate($user_language));
// Setup, Webseite, Sprache, Layout und aktuelle Menüebene auslesen
$setup = setup_get();
$GLOBALS["setup"] = $setup;
site_change();
$user_site_id = get_user_site_id();
$site = ($_GET["site"] <> '') ? site_getbycode($_GET["site"]) : site_getbyid($user_site_id);
// wenn die website nicht erlaubt ist dann die erste erlaubte website auslesen.
// Passiert nur wenn der User direkt die URL der website weiss
if(!is_site_allowed($site['id'])) {
$setup = setup_get_allowed_site();
$GLOBALS["setup"] = $setup;
$site = site_getbyid($setup['std_main_site_id']);
}
$GLOBALS["site"] = $site;
language_change();
$GLOBALS["language"] = $language;
$language = ($_GET["language"] <> '') ? language_getbycode($_GET["language"], $GLOBALS["site"]["id"]) : language_getbyid($site["std_main_language_id"]);
$admin_navigation = admin_navigation_get();
$GLOBALS["admin_navigation"] = $admin_navigation;
$GLOBALS["layout"] = layout_getbyid($language["main_layout_id"]);
// Startseite setzen
if (!isset($_GET['level_1']) || empty($_GET['level_1'])) {
$_GET['level_1'] = 'dashboard';
}
// pruefen ob das menu oben offen ist um class zu setzen
$adminMenu = \DynCom\mysyde\common\classes\Adminmenu::get();
$linklistmenu = TRUE;
if (isset($_GET["level_1"]) && $_GET["level_1"] != "" && isset($adminMenu[$_GET["level_1"]]['linklistmenu'])) {
$linklistmenu = $adminMenu[$_GET["level_1"]]['linklistmenu'];
}
if (isset($_GET["level_2"]) && $_GET["level_2"] != "" && isset($adminMenu[$_GET["level_1"]]['subsites'][$_GET["level_2"]]['linklistmenu'])) {
$linklistmenu = $adminMenu[$_GET["level_1"]]['subsites'][$_GET["level_2"]]['linklistmenu'];
}
if ($linklistmenu === TRUE) {
$GLOBALS["menu_opened"] = TRUE;
} else {
$GLOBALS["menu_opened"] = FALSE;
}
update_visitor_data(array(
'collection_options' => array(
'collection_edit' => FALSE
)
));
// benoetigt fuer ckfinder
if ($GLOBALS["visitor"]["admin_login"]) {
$_SESSION['IsAuthorized'] = TRUE;
} else {
$_SESSION['IsAuthorized'] = FALSE;
}
before_header();
// check for ajax call
if (IS_AJAX) {
if (!$GLOBALS["visitor"]["admin_login"]) {
header('REQUIRES_AUTH: 1');
exit(); // send redirect header ans exit
}
require_once("content_ajax.inc.php");
require_once("close.inc.php");
exit(); // exit script, no need to load the whole content
}
$GLOBALS['shop_setup']['allowed_false_login_times'] = 3;
$GLOBALS['shop_setup']['false_login_waiting_seconds'] = 60;
} catch (\Throwable $th) {
echo $th;
}
?>