<?php
//#################################################################################################
//	Session Management for backend
//#################################################################################################
//	chillyCMS - Content Management System
//	Copyright (C) 2008
//	Stefanie Wiegand <hide@address.com> & Johannes Cox <hide@address.com>
//	
//	This program is licensed under the GPL 3.0 license. For more information see LICENSE.txt.
//#################################################################################################
defined('DOIT') or die('Restricted access');

require_once("backendpage.class.php");

$page = new Backendpage();
session_start();

//Get user from session
if (isset($_SESSION["user"])) {
	$myuser = $_SESSION["user"];
	$mysession = new Session($myuser->user,false);
	$increment = false;
//Get user from login
} elseif (isset($_POST["name"])) {
	$mysession = new Session($_POST["name"],hash("sha512", $_POST["pw"]));
	verify_session($mysession);
	$increment = true;
} else {
	$mysession=array();
	$increment = false;
	header("Location: ".URL."/admin/login.site.php");
	die();
}

//Check if the user is allowed to enter the backend
if ($mysession->valid) {
	if ($mysession->user->backend==1) {
		//Increment Login counter and set last logintime
		$useruid=intval($mysession->user->uid);
		if ($increment) {
			$page->query("update system_users set lastlogin=now(),logins=logins+1 where uid=$useruid limit 1");
		}
	} else {
		destroy_existing_session();
		header("Location: ".URL."/admin/login.site.php?action=logout&reason=backend&user=".
		$mysession->user->user);
		die();
	}
}

if (!empty($mysession)) {
	//load user language and overwrite system language
	if ($mysession->user->language!="") {
		$sitelanguage=$settings["language"];
		$language=$mysession->user->language;
	}
	require_once(PATH."/languages/$language.php");
	$is_admin=in_array(1,$mysession->user->gids);
	$is_user=in_array(2,$mysession->user->gids);
}

?>