Modul "Login 2.0.3" (Vorschlag für neue Ausgabe) Einstellungen

[merko]

Moin!

Nach meinen neulichen Gehversuchen mit Sefrengo und dem Login-Modul möchte ich eine Anpassung vorschlagen. Das Modul müsste im Bereich der Ausgabe folgenden Code aufnehmen:

CODE

<CMSPHP>
$is_dev = false;

//config
$mod['dateformat'] = "MOD_VALUE[1]";
$mod['timeformat'] = "MOD_VALUE[2]";
$mod['tpl_lastlogin'] = "MOD_VALUE[14]";
$mod['tpl_lastlogin_empty'] = "MOD_VALUE[15]";
$mod['tpl_login'] = "MOD_VALUE[8]";
$mod['tpl_login_error'] = "MOD_VALUE[3]";
$mod['tpl_logout'] = "MOD_VALUE[9]";
$mod['redirect_login'] = (int) trim("MOD_VALUE[12]");
$mod['redirect_logout'] = (int) trim("MOD_VALUE[13]");
$mod['redirect_after_login'] = (int) trim("MOD_VALUE[16]");
$mod['redirect_after_login_within_backend'] = "MOD_VALUE[17]";
$mod['allow_backendlogin'] = "MOD_VALUE[10]";
$mod['attributes_username'] = "MOD_VALUE[6]";
$mod['attributes_password'] = "MOD_VALUE[7]";

$mod['throw_error'] = false;

if ($is_dev) {
include_once "C:/Programme/xampp/htdocs/sefrengo_dev/moddev/login-out.php";
} else {


if ($_REQUEST['action'] == 'login') {

$sf_wr =& $GLOBALS['sf_factory']->getObject('HTTP', 'WebRequest');
$username = $sf_wr->getVal('username');
$password = $sf_wr->getVal('password');
$sf_user =& sf_factoryGetObject('ADMINISTRATION', 'User');
$sf_user->loadByUsernamePassword($username, $password, true);
unset($sf_user);

if ($username != '') {
$auth->auth['uname'] = $username;
} else if ($auth->nobody) {
$uid = $auth->auth['uname'] = $auth->auth['uid'] = 'nobody';
}

// User aus der Datenbank suchen
$username = addslashes($username);
$sql = "SELECT
firm, position, salutation, street, zip, location, phone, fax, comment, A.user_id, password, A.name, surname, email, C.name AS groupname, C.description
FROM ".$cms_db['users']." A
LEFT JOIN ".$cms_db['users_groups']." B USING(user_id)
LEFT JOIN ".$cms_db['groups']." C USING(idgroup)
LEFT JOIN ".$cms_db['perms']." D USING(idgroup)
WHERE A.username='$username'
AND A.password='".md5($password)."'
AND A.is_active='1'
AND C.is_active='1'
AND ((D.type='cms_access' AND D.id='area_backend' AND D.perm>0) OR C.is_sys_admin='1') LIMIT 0, 1";
$db->query($sql);

//login to backend
if ($db->next_record() && $mod['allow_backendlogin'] == 'true') {

// Backenduser Login
$auth->logout();
$sess = new cms_Backend_Session;
$auth = new cms_Backend_Auth;
$HTTP_GET_VARS['cms'] = md5(uniqid($sess->magic));
$sess->start();
$auth->auth['name'] = $db->f('name');
$auth->auth['surname'] = $db->f('surname');
$auth->auth['group_name'] = $db->f('groupname');
$auth->auth['group_desc'] = $db->f('description');
$auth->auth['email'] = $db->f('email');
$auth->auth['firm'] = $db->f('firm');
$auth->auth['position'] = $db->f('position');
$auth->auth['salutation'] = $db->f('salutation');
$auth->auth['street'] = $db->f('street');
$auth->auth['zip'] = $db->f('zip');
$auth->auth['location'] = $db->f('location');
$auth->auth['phone'] = $db->f('phone');
$auth->auth['fax'] = $db->f('fax');
$auth->auth['comment'] = $db->f('comment');
$auth->auth['uid'] = $db->f('user_id');
$auth->auth['uname'] = $username;
$auth->auth['exp'] = time() + (60 * $auth->lifetime);
$auth->auth['refresh'] = time() + (60 * $auth->refresh);
$sess->register('auth');
$sess->register('sid_sniffer');
$sess->freeze();

// redirect
$sf_idcatside_redirect = $mod['redirect_login'];
if ($sf_idcatside_redirect < 1) {
$sf_idcatside_redirect = $idcatside;
}

sf_header_redirect($cfg_client['contentfile']."?lang=$lang&idcatside=$sf_idcatside_redirect&view=preview&".$sess->name.'='.$sess->id);
//login to frontend
} else {
$sql = "SELECT
firm, position, salutation, street, zip, location, phone, fax, comment, A.user_id, password, A.name, surname, email, C.name AS groupname, C.description
FROM ".$cms_db['users']." A
LEFT JOIN ".$cms_db['users_groups']." B USING(user_id)
LEFT JOIN ".$cms_db['groups']." C USING(idgroup)
LEFT JOIN ".$cms_db['perms']." D USING(idgroup)
WHERE A.username='$username'
AND A.password='".md5($password)."'
AND A.is_active='1'
AND C.is_active='1'
AND ((D.type='cms_access' AND D.id='area_frontend' AND D.perm='1') OR C.is_sys_admin='1') LIMIT 0, 1";
$db->query($sql);
if ($db->next_record()) {
// Frontenduser Login
$auth->auth['name'] = $db->f('name');
$auth->auth['surname'] = $db->f('surname');
$auth->auth['group_name'] = $db->f('groupname');
$auth->auth['group_desc'] = $db->f('description');
$auth->auth['email'] = $db->f('email');
$auth->auth['firm'] = $db->f('firm');
$auth->auth['position'] = $db->f('position');
$auth->auth['salutation'] = $db->f('salutation');
$auth->auth['street'] = $db->f('street');
$auth->auth['zip'] = $db->f('zip');
$auth->auth['location'] = $db->f('location');
$auth->auth['phone'] = $db->f('phone');
$auth->auth['fax'] = $db->f('fax');
$auth->auth['comment'] = $db->f('comment');
$auth->auth['uid'] = $db->f('user_id');
$auth->auth['uname'] = $username;
$auth->auth['exp'] = time() + (60 * $auth->lifetime);
$auth->auth['refresh'] = time() + (60 * $auth->refresh);
$sess->register('auth');
$sess->register('sid_sniffer');
$sess->freeze();

// redirect
$sf_idcatside_redirect = $mod['redirect_login'];
if ($sf_idcatside_redirect < 1) {
$sf_idcatside_redirect = $idcatside;
}
sf_header_redirect($cfg_client['contentfile']."?lang=$lang&idcatside=$sf_idcatside_redirect&".$sess->name.'='.$sess->id);
}
}

// Login fails
if ($auth->auth['uid'] == 'nobody') {
$mod['throw_error'] = true;
}
}

if ($action == 'logout') {
$auth->logout();
$sf_idcatside_redirect = $mod['redirect_logout'];
if ($sf_idcatside_redirect > 0) {
sf_header_redirect($cfg_client['contentfile']."?lang=$lang&idcatside=$sf_idcatside_redirect");
} else {
sf_header_redirect($cfg_client['contentfile']."?lang=$lang&idcatside=$idcatside");
}
}

if ($uid != 'nobody') {
$auth->auth['exp'] = time() + (60 * $auth->lifetime);
}

//tpl login
if ($auth->auth['uid'] == 'nobody') {
$mod['tpl_login_error'] = ($mod['throw_error']) ? $mod['tpl_login_error']:'';

$mod['usr_input'] = "<input type=\"text\" name=\"username\" value=\"".htmlspecialchars($username, ENT_COMPAT, 'UTF-8')."\" size=\"10\" maxlength=\"32\" ".$mod['attributes_username']." />";
$mod['pwd_input'] = "<input type=\"password\" name=\"password\" size=\"10\" maxlength=\"32\" ".$mod['attributes_password']." />";
$mod['pwd_input'] .= "<input type=\"hidden\" name=\"action\" value=\"login\" />";

$mod['tpl_form'] = $mod['tpl_login'];
$mod['tpl_form'] = str_replace('{input_name}', $mod['usr_input'], $mod['tpl_form']);
$mod['tpl_form'] = str_replace('{input_password}', $mod['pwd_input'], $mod['tpl_form']);
$mod['tpl_form'] = str_replace('{input_password}', $mod['pwd_input'], $mod['tpl_form']);
$mod['tpl_form'] = str_replace('{errortemplate}', $mod['tpl_login_error'], $mod['tpl_form']);

//tpl logout
} else {

$sf_idcatside_redirect = $mod['redirect_after_login'];
if ($sf_idcatside_redirect > 0) {
if ($mod['redirect_after_login_within_backend'] == 'true' AND $sess->name == 'sefrengo') {
sf_header_redirect($cfg_client['contentfile']."?lang=$lang&idcatside=$sf_idcatside_redirect&view=$view");
} elseif ($sess->name != 'sefrengo') {
sf_header_redirect($cfg_client['contentfile']."?lang=$lang&idcatside=$sf_idcatside_redirect");
}
}

$sf_user =& sf_factoryGetObject('ADMINISTRATION', 'User');
$sf_user->loadByIduser( $auth->auth['uid'] );
$mod['tpl_form'] = $mod['tpl_logout'];
$mod['tpl_form'] = str_replace('{id}', $sf_user->getIduser(), $mod['tpl_form']);
$mod['tpl_form'] = str_replace('{loginname}', $sf_user->getUsername(), $mod['tpl_form']);
$mod['tpl_form'] = str_replace('{name}', $sf_user->getName(), $mod['tpl_form']);
$mod['tpl_form'] = str_replace('{surname}', $sf_user->getSurname(), $mod['tpl_form']);
$mod['tpl_form'] = str_replace('{email}', $sf_user->getEmail(), $mod['tpl_form']);
$mod['tpl_form'] = str_replace('{firm}', $sf_user->getFirm(), $mod['tpl_form']);
$mod['tpl_form'] = str_replace('{position}', $sf_user->getPosition(), $mod['tpl_form']);
$mod['tpl_form'] = str_replace('{salutation}', $sf_user->getSalutation(), $mod['tpl_form']);
$mod['tpl_form'] = str_replace('{street}', $sf_user->getStreet(), $mod['tpl_form']);
$mod['tpl_form'] = str_replace('{zip}', $sf_user->getZip(), $mod['tpl_form']);
$mod['tpl_form'] = str_replace('{location}', $sf_user->getLocation(), $mod['tpl_form']);
$mod['tpl_form'] = str_replace('{phone}', $sf_user->getPhone(), $mod['tpl_form']);
$mod['tpl_form'] = str_replace('{fax}', $sf_user->getFax(), $mod['tpl_form']);
$mod['tpl_form'] = str_replace('{homepage}', $sf_user->getHomepage(), $mod['tpl_form']);
$mod['tpl_form'] = str_replace('{comment}', $sf_user->getComment(), $mod['tpl_form']);

$mod['timestamp_lastlogin'] = (int) $sf_user->getLastLoginTimestamp();
if ($mod['timestamp_lastlogin'] > 0) {
$mod['tpl_lastlogin'] = str_replace('{lastlogin_date}', date($mod['dateformat'], $mod['timestamp_lastlogin']), $mod['tpl_lastlogin']);
$mod['tpl_lastlogin'] = str_replace('{lastlogin_time}', date($mod['timeformat'], $mod['timestamp_lastlogin']), $mod['tpl_lastlogin']);
$mod['tpl_form'] = str_replace('{lastlogin}', $mod['tpl_lastlogin'], $mod['tpl_form']);
} else {
$mod['tpl_form'] = str_replace('{lastlogin}', $mod['tpl_lastlogin_empty'], $mod['tpl_form']);
}

$mod['hidden_input'] = "<input type=\"hidden\" name=\"action\" value=\"logout\" />";
$mod['tpl_form'] = str_replace('{form_hiddenvals}', $mod['hidden_input'], $mod['tpl_form']);

unset($sf_user);
}

$mod['tpl_form'] = str_replace('{form_attributes}', "action=\"".$con_side[$idcatside]['link']."\" method=\"post\" name=\"login\"", $mod['tpl_form']);
echo $mod['tpl_form'];
unset($mod);


}
</CMSPHP>

Changelog:
# DISTINCT in SELECT-Statements entfernt
# Redirects werden nicht mehr mit $cfg_client['htmlpath'].$cfg_client['contentfile']."?lang=... zusammengesetzt, da $cfg_client['htmlpath'] beim Redirect auf den falschen Pfad zeigt

Gerade der letzte Punkt ist für das Erscheinungsbild der Site ausschlaggebenend, da wir ja mehrfach gelernt haben, das Sefrengo hier spezielle Pfadeinstellungen im BE benötigt, wenn mit unterschiedlichen Domains gearbeitet wird. Die Anpassung bewirkt, dass sich der Redirekt immer auf die aktuelle Domain im FE bezieht und nicht auf die im BE eingestellte Domain.

Diese Anpassung ist OHNE MOD_REWRITE getestet worden, sollten sich dadurch Probleme beim aktivierten MOD_REWRITE ergeben, sagt bitte Bescheid.

Seid Ihr der Menung, dass dies eine sinnvolle Korrektur ist und mand as als neue Version einstellen kann? Wer übernimmt die Aktualisierung des Moduls. Mache ich gerne, aber wenn sich jemand verantwortlich fühlt, möchte ich natürlich niemanden zu nahe treten

merko

[bjoern]

Ist OK, kannst gerne ein neues Modul mit diesen Änderungen fertig machen. Ich sehe da kein Problem.