<?
require('includes/global.inc.php');

nav_push("Adminbereich","index.php");

if (isset($_GET["action"])) {

if ($_GET["action"] == "login") {
	if (isset($_POST['forgot'])) {
		if ($list = $db->get_it('SELECT * FROM `'.$db_prefix.'user` where email="'.mysql_real_escape_string(stripslashes($_POST['forgot_mail'])).'" && active = 1')) {
		$newpw = pw_generate();
		send_regmail($list[0]['email'],$list[0]['name'],$newpw );
		$db->query('UPDATE `'.$db_prefix.'user` SET	`password` = "'. md5($newpw ) .'" WHERE `email` = "'. mysql_real_escape_string(stripslashes($_POST['forgot_mail'])) .'" LIMIT 1');	
		array_push($success,"Eine Email mit dem neuen Passwort wurde versandt.");
		}
		else {
				array_push($error,"Email konnte nicht gefunden werden");
		}
		
		
	}
	
	if (isset($_POST['login']))
		if ($list = $db->get_it('SELECT * FROM `'.$db_prefix.'user` where email="'.mysql_real_escape_string(stripslashes($_POST['login_mail'])).'" && active = 1')) 
	
	if (md5($_POST['login_pass']) == $list[0]["password"]) {
					$_SESSION[$db_prefix]['cms_log'] = 1;
					$_SESSION[$db_prefix]['cms_id'] = $list[0]['id'];
					$_SESSION[$db_prefix]['cms_rights'] = $list[0]['rechte'];
					$_SESSION[$db_prefix]['cms_t_id'] = $list[0]['t_id'];
					if ($_SESSION[$db_prefix]['cms_t_id'] != 0) {
						$theme = $db->get_it('SELECT sheet FROM `'.$db_prefix.'themes` where id="'.$_SESSION[$db_prefix]['cms_t_id'].'"');
						$_SESSION[$db_prefix]['cms_sheet'] = $theme[0]['sheet'];
					}
					
					$db->query('UPDATE `'.$db_prefix.'user` SET	`last_login` = "'. mktime() .'" WHERE `ID` = "'. $_SESSION[$db_prefix]['cms_id'] .'" LIMIT 1');	
						
					array_push($success,"Willkommen ".$list[0]["name"].", Sie haben sich erfolgreich angemeldet.");
	}
	else 
		array_push($error,"Nutzer oder Passwort falsch");
	else 
		array_push($error,"Nutzer oder Passwort falsch");

}
elseif ($_GET["action"] == "logout") {
	session_destroy();
	unset($_SESSION[$db_prefix]);
}

elseif ($_GET["action"] == "user") {
		include("cms_user.php");
		}

	elseif ($_GET["action"] == "sites") {
include("cms_sites.php");

}

elseif ($_GET["action"] == "mainmenu") {
	include("cms_mainmenu.php");
		}
elseif ($_GET["action"] == "modules") {
	include("cms_modules.php");
		}
elseif ($_GET["action"] == "profile") {
include("cms_profile.php");
}
elseif ($_GET["action"] == "docu") {
include("cms_docu.php");
}
elseif ($_GET["action"] == "assoc") {
include("cms_assoc.php");
}
elseif ($_GET["action"] == "files") {
include("cms_files.php");
}
elseif ($_GET["action"] == "menues") {
include("cms_submenu.php");
}
elseif ($_GET["action"] == "options") {
include("cms_options.php");
}


}

$tpl->assign('success',$success);
$tpl->assign('error',$error);
if ($inst = $db->get_it('SELECT * FROM `'.$db_prefix.'module_instances`')) {
		$tpl->assign("instances",$inst);
	}
$tpl->assign('nav',$nav);
$tpl->display("cms_index.htm");


?>