use SL::Layout::Dispatcher;
sub handle {
- %::myconfig = ();
+ my ($self, %params) = @_;
- return if $::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::form->{'{AUTH}admin_password'}) == $::auth->OK());
- return if !$::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::auth->get_session_value('admin_password')) == $::auth->OK());
+ %::myconfig = User->get_default_myconfig;
- $::request->{layout} = SL::Layout::Dispatcher->new(style => 'admin');
+ my $ok = $::auth->is_api_token_cookie_valid;
+ $ok ||= $::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::form->{'{AUTH}admin_password'}) == $::auth->OK());
+ $ok ||= !$::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::auth->get_session_value('admin_password')) == $::auth->OK());
+ $ok ||= $params{action} eq 'login';
- $::auth->punish_wrong_login;
+ $::auth->create_or_refresh_session;
+
+ if ($ok) {
+ $::auth->delete_session_value('FLASH');
+ return 1;
+ }
+
+ $::request->{layout} = SL::Layout::Dispatcher->new(style => 'admin');
$::auth->delete_session_value('admin_password');
+ $::auth->punish_wrong_login;
SL::Dispatcher::show_error('admin/adminlogin', 'password');
+
+ return 0;
}
1;