X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FDispatcher%2FAuthHandler%2FAdmin.pm;h=06fd3cfe3c2991b42f831ddadf2788aef57ec1c6;hb=cff913a1c984f82558a7d59dec0b8b1a06c5530d;hp=5a92015f545129d4c81c14ad6f1984800ea98300;hpb=6afd06adfeb66b481b7240637351a34a41e702d1;p=kivitendo-erp.git

diff --git a/SL/Dispatcher/AuthHandler/Admin.pm b/SL/Dispatcher/AuthHandler/Admin.pm
index 5a92015f5..06fd3cfe3 100644
--- a/SL/Dispatcher/AuthHandler/Admin.pm
+++ b/SL/Dispatcher/AuthHandler/Admin.pm
@@ -1,16 +1,33 @@
 package SL::Dispatcher::AuthHandler::Admin;
 
 use strict;
-
 use parent qw(Rose::Object);
 
+use SL::Layout::Dispatcher;
+
 sub handle {
-  %::myconfig = ();
+  my ($self, %params) = @_;
+
+  %::myconfig = User->get_default_myconfig;
+
+  my $ok =  $::auth->is_api_token_cookie_valid;
+  $ok  ||=  $::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::form->{'{AUTH}admin_password'})            == $::auth->OK());
+  $ok  ||= !$::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::auth->get_session_value('admin_password')) == $::auth->OK());
+  $ok  ||=  $params{action} eq 'login';
+
+  $::auth->create_or_refresh_session;
+
+  if ($ok) {
+    $::auth->delete_session_value('FLASH');
+    return 1;
+  }
 
-  return if $::auth->authenticate_root($::auth->get_session_value('rpw')) == $::auth->OK();
+  $::request->{layout} = SL::Layout::Dispatcher->new(style => 'admin');
+  $::auth->delete_session_value('admin_password');
+  $::auth->punish_wrong_login;
+  SL::Dispatcher::show_error('admin/adminlogin', 'password');
 
-  $::auth->delete_session_value('rpw');
-  SL::Dispatcher::show_error('login/password_error', 'password', is_admin => 1);
+  return 0;
 }
 
 1;