Index: trunk/kernel/frontaction.php =================================================================== diff -u -r408 -r510 --- trunk/kernel/frontaction.php (.../frontaction.php) (revision 408) +++ trunk/kernel/frontaction.php (.../frontaction.php) (revision 510) @@ -34,54 +34,61 @@ { case "m_login": // if($objSession->ValidSession()) $objSession->Logout(); - //echo $objSession->GetSessionKey()."
\n"; + //echo $objSession->GetSessionKey()."
\n"; if ($objConfig->Get("CookieSessions") == 1 && $_COOKIE["CookiesTest"] != "1") { $FormError["login"]["login_user"] = language("lu_cookies_error"); } - else + else + { + $MissingCount = SetMissingDataErrors("login"); + if($MissingCount==2) { - $MissingCount = SetMissingDataErrors("login"); - if($MissingCount==2) - { - $FormError["login"]["login_user"]= language("lu_ferror_loginboth"); - unset($FormError["login"]["login_password"]); - } - - if($MissingCount==0) - { - if($_POST["login_user"]=="root") - { - $FormError["login"]["login_user"]= language("lu_access_denied"); - } - else - { - if ($objSession->Login($_POST["login_user"], md5($_POST["login_password"])) == FALSE) - { - $FormError["login"]["login_password"] = language("lu_incorrect_login"); - } - else - { - if( !headers_sent() && GetVar('usercookie') == 1 ) - { - $c = $_POST["login_user"]."|"; - $pw = $_POST["login_password"]; - if(strlen($pw) < 31) $pw = md5($pw); - $c .= $pw; - - setcookie("login",$c,time()+2592000); - } - - - // set new destination template if passed - $dest = GetVar('dest', true); - if(!$dest) $dest = GetVar('DestTemplate', true); - if($dest) $var_list['t'] = $dest; - //echo "DEST: $dest
"; - } - } - } + $FormError["login"]["login_user"]= language("lu_ferror_loginboth"); + unset($FormError["login"]["login_password"]); } - break; + + if($MissingCount==0) + { + if($_POST["login_user"]=="root") + { + $FormError["login"]["login_user"]= language("lu_access_denied"); + } + else + { + $LoginCheck = $objSession->Login( $_POST["login_user"], md5($_POST["login_password"]) ); + if($LoginCheck === true) + { + if( !headers_sent() && GetVar('usercookie') == 1 ) + { + $c = $_POST["login_user"]."|"; + $pw = $_POST["login_password"]; + if(strlen($pw) < 31) $pw = md5($pw); + $c .= $pw; + setcookie("login",$c,time()+2592000); + } + + // set new destination template if passed + $dest = GetVar('dest', true); + if(!$dest) $dest = GetVar('DestTemplate', true); + if($dest) $var_list['t'] = $dest; + } + else + { + switch($LoginCheck) + { + case -1: // user or/and pass wrong + $FormError["login"]["login_password"] = language("lu_incorrect_login"); + break; + + case -2: // user ok, but has no permission + $FormError["login"]["login_password"] = language("la_text_nopermissions"); + break; + } + } + } + } + } + break; case "m_forgotpw": $MissingCount = SetMissingDataErrors("forgotpw");