Index: trunk/kernel/include/usersession.php
===================================================================
diff -u -r472 -r510
--- trunk/kernel/include/usersession.php (.../usersession.php) (revision 472)
+++ trunk/kernel/include/usersession.php (.../usersession.php) (revision 510)
@@ -371,15 +371,15 @@
$rootpass = $objConfig->Get("RootPass");
if($rootpass!=$userPassword)
{
- return FALSE;
+ return false;
}
else
{
if(!strlen($this->GetSessionKey()))
$this->GetNewSession();
$this->Set("PortalUserId",-1);
$this->Update();
- return TRUE;
+ return true;
}
}
else
@@ -400,8 +400,8 @@
$this->m_Errors->AddError("error.DatabaseError",NULL,$this->adodbConnection->ErrorMsg(),"",get_class($this),"Login");
return false;
}
- if($result->EOF)
- return false;
+
+ if($result->EOF) return -1; // no any user with username & pass specified
}
if(!strlen($this->GetSessionKey()))
{
@@ -460,11 +460,11 @@
if( ! $this->HasSystemPermission('LOGIN') )
{
$this->Logout();
- return false;
+ return -2; // no perm login
}
}
- return true;
+ return true; // login ok
}
function Logout()
Index: trunk/kernel/frontaction.php
===================================================================
diff -u -r408 -r510
--- trunk/kernel/frontaction.php (.../frontaction.php) (revision 408)
+++ trunk/kernel/frontaction.php (.../frontaction.php) (revision 510)
@@ -34,54 +34,61 @@
{
case "m_login":
// if($objSession->ValidSession()) $objSession->Logout();
- //echo $objSession->GetSessionKey()."
\n";
+ //echo $objSession->GetSessionKey()."
\n";
if ($objConfig->Get("CookieSessions") == 1 && $_COOKIE["CookiesTest"] != "1") {
$FormError["login"]["login_user"] = language("lu_cookies_error");
}
- else
+ else
+ {
+ $MissingCount = SetMissingDataErrors("login");
+ if($MissingCount==2)
{
- $MissingCount = SetMissingDataErrors("login");
- if($MissingCount==2)
- {
- $FormError["login"]["login_user"]= language("lu_ferror_loginboth");
- unset($FormError["login"]["login_password"]);
- }
-
- if($MissingCount==0)
- {
- if($_POST["login_user"]=="root")
- {
- $FormError["login"]["login_user"]= language("lu_access_denied");
- }
- else
- {
- if ($objSession->Login($_POST["login_user"], md5($_POST["login_password"])) == FALSE)
- {
- $FormError["login"]["login_password"] = language("lu_incorrect_login");
- }
- else
- {
- if( !headers_sent() && GetVar('usercookie') == 1 )
- {
- $c = $_POST["login_user"]."|";
- $pw = $_POST["login_password"];
- if(strlen($pw) < 31) $pw = md5($pw);
- $c .= $pw;
-
- setcookie("login",$c,time()+2592000);
- }
-
-
- // set new destination template if passed
- $dest = GetVar('dest', true);
- if(!$dest) $dest = GetVar('DestTemplate', true);
- if($dest) $var_list['t'] = $dest;
- //echo "DEST: $dest
";
- }
- }
- }
+ $FormError["login"]["login_user"]= language("lu_ferror_loginboth");
+ unset($FormError["login"]["login_password"]);
}
- break;
+
+ if($MissingCount==0)
+ {
+ if($_POST["login_user"]=="root")
+ {
+ $FormError["login"]["login_user"]= language("lu_access_denied");
+ }
+ else
+ {
+ $LoginCheck = $objSession->Login( $_POST["login_user"], md5($_POST["login_password"]) );
+ if($LoginCheck === true)
+ {
+ if( !headers_sent() && GetVar('usercookie') == 1 )
+ {
+ $c = $_POST["login_user"]."|";
+ $pw = $_POST["login_password"];
+ if(strlen($pw) < 31) $pw = md5($pw);
+ $c .= $pw;
+ setcookie("login",$c,time()+2592000);
+ }
+
+ // set new destination template if passed
+ $dest = GetVar('dest', true);
+ if(!$dest) $dest = GetVar('DestTemplate', true);
+ if($dest) $var_list['t'] = $dest;
+ }
+ else
+ {
+ switch($LoginCheck)
+ {
+ case -1: // user or/and pass wrong
+ $FormError["login"]["login_password"] = language("lu_incorrect_login");
+ break;
+
+ case -2: // user ok, but has no permission
+ $FormError["login"]["login_password"] = language("la_text_nopermissions");
+ break;
+ }
+ }
+ }
+ }
+ }
+ break;
case "m_forgotpw":
$MissingCount = SetMissingDataErrors("forgotpw");