inc/auth.inc.php
author rejo
Thu, 27 Mar 2008 17:44:49 +0000
changeset 97 090be08858db
parent 82 c255196bc447
child 119 f74e4f88b680
permissions -rwxr-xr-x
[feladat @ 197] Bugfix for name field validation. Now done right. I hope.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
71
e1b918eaf69a [feladat @ 118]
peter
parents: 65
diff changeset
     1
<?php
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
     2
47
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
     3
/*  PowerAdmin, a friendly web-based admin tool for PowerDNS.
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
     4
 *  See <https://rejo.zenger.nl/poweradmin> for more details.
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
     5
 *
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
     6
 *  Copyright 2007, 2008  Rejo Zenger <rejo@zenger.nl>
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
     7
 *
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
     8
 *  This program is free software: you can redistribute it and/or modify
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
     9
 *  it under the terms of the GNU General Public License as published by
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    10
 *  the Free Software Foundation, either version 3 of the License, or
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    11
 *  (at your option) any later version.
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    12
 *
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    13
 *  This program is distributed in the hope that it will be useful,
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    14
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    15
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    16
 *  GNU General Public License for more details.
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    17
 *
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    18
 *  You should have received a copy of the GNU General Public License
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    19
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    20
 */
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    21
79
0c0aa144356a [feladat @ 156]
peter
parents: 71
diff changeset
    22
//session_start();
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    23
82
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    24
function doAuthenticate() {
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    25
	global $db;
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    26
	global $EXPIRE;
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    27
	if (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] == "logout") {
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    28
		logout();
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    29
	}
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    30
82
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    31
	// If a user had just entered his/her login && password, store them in our session.
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    32
	if(isset($_POST["authenticate"]))
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    33
	{
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    34
			$_SESSION["userpwd"] = $_POST["password"];
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    35
			$_SESSION["userlogin"] = $_POST["username"];
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    36
	}
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    37
82
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    38
	// Check if the session hasnt expired yet.
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    39
	if ((isset($_SESSION["userid"])) && ($_SESSION["lastmod"] != "") && ((time() - $_SESSION["lastmod"]) > $EXPIRE))
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    40
	{
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    41
		logout( _('Session expired, please login again.'),"error");
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    42
	}
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    43
82
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    44
	// If the session hasn't expired yet, give our session a fresh new timestamp.
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    45
	$_SESSION["lastmod"] = time();
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    46
82
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    47
	if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"]))
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    48
	{
82
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    49
		//Username and password are set, lets try to authenticate.
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    50
		$result = $db->query("SELECT id, fullname FROM users WHERE username=". $db->quote($_SESSION["userlogin"])  ." AND password=". $db->quote(md5($_SESSION["userpwd"]))  ." AND active=1");
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    51
		if($result->numRows() == 1)
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    52
		{
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    53
			$rowObj = $result->fetchRow();
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    54
			$_SESSION["userid"] = $rowObj["id"];
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    55
			$_SESSION["name"] = $rowObj["fullname"];
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    56
			if($_POST["authenticate"])
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    57
			{
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    58
				//If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost.
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    59
				session_write_close();
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    60
				clean_page("index.php");
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    61
				exit;
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    62
			}
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    63
		}
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    64
		else
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    65
		{
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    66
			//Authentication failed, retry.
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    67
			auth( _('Authentication failed!'),"error");
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    68
		}
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    69
	}
82
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    70
	else
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    71
	{
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    72
		//No username and password set, show auth form (again).
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    73
		auth();
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    74
	}
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    75
}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    76
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    77
/*
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    78
 * Print the login form.
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    79
 */
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    80
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    81
function auth($msg="",$type="success")
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    82
{
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    83
	include_once('inc/header.inc.php');
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    84
	if ( $msg )
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    85
	{
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    86
		print "<div class=\"$type\">$msg</div>\n";
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    87
	}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    88
	?>
71
e1b918eaf69a [feladat @ 118]
peter
parents: 65
diff changeset
    89
	<h2><?php echo _('Login'); ?></h2>
e1b918eaf69a [feladat @ 118]
peter
parents: 65
diff changeset
    90
	<?php
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    91
	?>
71
e1b918eaf69a [feladat @ 118]
peter
parents: 65
diff changeset
    92
	<form method="post" action="<?php echo $_SERVER["PHP_SELF"] ?>">
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    93
	 <table border="0">
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    94
	  <tr>
71
e1b918eaf69a [feladat @ 118]
peter
parents: 65
diff changeset
    95
	   <td class="n"><?php echo _('Login'); ?>:</td>
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    96
	   <td class="n"><input type="text" class="input" name="username"></td>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    97
	  </tr>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    98
	  <tr>
71
e1b918eaf69a [feladat @ 118]
peter
parents: 65
diff changeset
    99
	   <td class="n"><?php echo _('Password'); ?>:</td>
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   100
	   <td class="n"><input type="password" class="input" name="password"></td>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   101
	  </tr>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   102
	  <tr>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   103
	   <td class="n">&nbsp;</td>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   104
	   <td class="n">
71
e1b918eaf69a [feladat @ 118]
peter
parents: 65
diff changeset
   105
	    <input type="submit" name="authenticate" class="button" value=" <?php echo _('Login'); ?> ">
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   106
	   </td>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   107
	  </tr>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   108
	 </table>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   109
	</form>
82
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
   110
        <script type="text/javascript">
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
   111
         <!--
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
   112
          document.login.username.focus();
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
   113
         //-->
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
   114
        </script>
71
e1b918eaf69a [feladat @ 118]
peter
parents: 65
diff changeset
   115
	<?php
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   116
	include_once('inc/footer.inc.php');
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   117
	exit;
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   118
}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   119
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   120
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   121
/*
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   122
 * Logout the user and kickback to login form.
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   123
 */
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   124
6
9fcac40c1b0e [feladat @ 7]
rejo
parents: 4
diff changeset
   125
function logout($msg="")
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   126
{
79
0c0aa144356a [feladat @ 156]
peter
parents: 71
diff changeset
   127
	$type = '';
6
9fcac40c1b0e [feladat @ 7]
rejo
parents: 4
diff changeset
   128
	if ( $msg == "" ) {
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   129
		$msg = _('You have logged out.');
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   130
		$type = "success";
6
9fcac40c1b0e [feladat @ 7]
rejo
parents: 4
diff changeset
   131
	};
25
576034a80ea8 [feladat @ 72]
rejo
parents: 13
diff changeset
   132
	unset($_SESSION["userid"]);
576034a80ea8 [feladat @ 72]
rejo
parents: 13
diff changeset
   133
	unset($_SESSION["name"]);
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   134
	session_destroy();
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   135
	session_write_close();
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   136
	auth($msg, $type);
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   137
	exit;
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   138
}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   139
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   140
?>