poweradmin: inc/auth.inc.php@55ed92aa7cf5 (annotated)

1 58094faf794d [feladat @ 2] rejo parents: diff changeset	1	<?
58094faf794d [feladat @ 2] rejo parents: diff changeset	2
58094faf794d [feladat @ 2] rejo parents: diff changeset	3	// +--------------------------------------------------------------------+
58094faf794d [feladat @ 2] rejo parents: diff changeset	4	// \| PowerAdmin \|
58094faf794d [feladat @ 2] rejo parents: diff changeset	5	// +--------------------------------------------------------------------+
58094faf794d [feladat @ 2] rejo parents: diff changeset	6	// \| Copyright (c) 1997-2002 The PowerAdmin Team \|
58094faf794d [feladat @ 2] rejo parents: diff changeset	7	// +--------------------------------------------------------------------+
58094faf794d [feladat @ 2] rejo parents: diff changeset	8	// \| This source file is subject to the license carried by the overal \|
58094faf794d [feladat @ 2] rejo parents: diff changeset	9	// \| program PowerAdmin as found on http://poweradmin.sf.net \|
58094faf794d [feladat @ 2] rejo parents: diff changeset	10	// \| The PowerAdmin program falls under the QPL License: \|
58094faf794d [feladat @ 2] rejo parents: diff changeset	11	// \| http://www.trolltech.com/developer/licensing/qpl.html \|
58094faf794d [feladat @ 2] rejo parents: diff changeset	12	// +--------------------------------------------------------------------+
58094faf794d [feladat @ 2] rejo parents: diff changeset	13	// \| Authors: Roeland Nieuwenhuis <trancer <AT> trancer <DOT> nl> \|
58094faf794d [feladat @ 2] rejo parents: diff changeset	14	// \| Sjeemz <sjeemz <AT> sjeemz <DOT> nl> \|
58094faf794d [feladat @ 2] rejo parents: diff changeset	15	// +--------------------------------------------------------------------+
58094faf794d [feladat @ 2] rejo parents: diff changeset	16
58094faf794d [feladat @ 2] rejo parents: diff changeset	17	// Filename: auth.inc.php
58094faf794d [feladat @ 2] rejo parents: diff changeset	18	// Startdate: 26-10-2002
58094faf794d [feladat @ 2] rejo parents: diff changeset	19	// Description: file is supposed to validate users and check whether they are authorized.
58094faf794d [feladat @ 2] rejo parents: diff changeset	20	// If they are authorized this code handles that they can access stuff.
58094faf794d [feladat @ 2] rejo parents: diff changeset	21	//
58094faf794d [feladat @ 2] rejo parents: diff changeset	22	// $Id: auth.inc.php,v 1.6 2003/01/13 22:08:52 azurazu Exp $
58094faf794d [feladat @ 2] rejo parents: diff changeset	23	//
58094faf794d [feladat @ 2] rejo parents: diff changeset	24
58094faf794d [feladat @ 2] rejo parents: diff changeset	25	session_start();
58094faf794d [feladat @ 2] rejo parents: diff changeset	26
58094faf794d [feladat @ 2] rejo parents: diff changeset	27	if (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] == "logout")
58094faf794d [feladat @ 2] rejo parents: diff changeset	28	{
58094faf794d [feladat @ 2] rejo parents: diff changeset	29	logout();
58094faf794d [feladat @ 2] rejo parents: diff changeset	30	}
58094faf794d [feladat @ 2] rejo parents: diff changeset	31
58094faf794d [feladat @ 2] rejo parents: diff changeset	32	// If a user had just entered his/her login && password, store them in our session.
58094faf794d [feladat @ 2] rejo parents: diff changeset	33	if(isset($_POST["authenticate"]))
58094faf794d [feladat @ 2] rejo parents: diff changeset	34	{
58094faf794d [feladat @ 2] rejo parents: diff changeset	35	$_SESSION["userpwd"] = $_POST["password"];
58094faf794d [feladat @ 2] rejo parents: diff changeset	36	$_SESSION["userlogin"] = $_POST["username"];
58094faf794d [feladat @ 2] rejo parents: diff changeset	37	}
58094faf794d [feladat @ 2] rejo parents: diff changeset	38
58094faf794d [feladat @ 2] rejo parents: diff changeset	39	// Check if the session hasnt expired yet.
58094faf794d [feladat @ 2] rejo parents: diff changeset	40	if ((isset($_SESSION["userid"])) && ($_SESSION["lastmod"] != "") && ((time() - $_SESSION["lastmod"]) > $EXPIRE))
58094faf794d [feladat @ 2] rejo parents: diff changeset	41	{
4 55ed92aa7cf5 [feladat @ 5] rejo parents: 1 diff changeset	42	logout( _('Session expired, please login again.') );
1 58094faf794d [feladat @ 2] rejo parents: diff changeset	43	}
58094faf794d [feladat @ 2] rejo parents: diff changeset	44
58094faf794d [feladat @ 2] rejo parents: diff changeset	45	// If the session hasn't expired yet, give our session a fresh new timestamp.
58094faf794d [feladat @ 2] rejo parents: diff changeset	46	$_SESSION["lastmod"] = time();
58094faf794d [feladat @ 2] rejo parents: diff changeset	47
58094faf794d [feladat @ 2] rejo parents: diff changeset	48	if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"]))
58094faf794d [feladat @ 2] rejo parents: diff changeset	49	{
58094faf794d [feladat @ 2] rejo parents: diff changeset	50	//Username and password are set, lets try to authenticate.
58094faf794d [feladat @ 2] rejo parents: diff changeset	51	$result = $db->query("SELECT id, fullname, level FROM users WHERE username='". $_SESSION["userlogin"] ."' AND password='". md5($_SESSION["userpwd"]) ."' AND active=1");
58094faf794d [feladat @ 2] rejo parents: diff changeset	52	if($result->numRows() == 1)
58094faf794d [feladat @ 2] rejo parents: diff changeset	53	{
58094faf794d [feladat @ 2] rejo parents: diff changeset	54	$rowObj = $result->fetchRow();
58094faf794d [feladat @ 2] rejo parents: diff changeset	55	$_SESSION["userid"] = $rowObj["id"];
58094faf794d [feladat @ 2] rejo parents: diff changeset	56	$_SESSION["name"] = $rowObj["fullname"];
58094faf794d [feladat @ 2] rejo parents: diff changeset	57	$_SESSION["level"] = $rowObj["level"];
58094faf794d [feladat @ 2] rejo parents: diff changeset	58	if($_POST["authenticate"])
58094faf794d [feladat @ 2] rejo parents: diff changeset	59	{
58094faf794d [feladat @ 2] rejo parents: diff changeset	60	//If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost.
58094faf794d [feladat @ 2] rejo parents: diff changeset	61	session_write_close();
58094faf794d [feladat @ 2] rejo parents: diff changeset	62	clean_page("index.php");
58094faf794d [feladat @ 2] rejo parents: diff changeset	63	exit;
58094faf794d [feladat @ 2] rejo parents: diff changeset	64	}
58094faf794d [feladat @ 2] rejo parents: diff changeset	65	}
58094faf794d [feladat @ 2] rejo parents: diff changeset	66	else
58094faf794d [feladat @ 2] rejo parents: diff changeset	67	{
58094faf794d [feladat @ 2] rejo parents: diff changeset	68	//Authentication failed, retry.
4 55ed92aa7cf5 [feladat @ 5] rejo parents: 1 diff changeset	69	auth( _('Authentication failed!') );
1 58094faf794d [feladat @ 2] rejo parents: diff changeset	70	}
58094faf794d [feladat @ 2] rejo parents: diff changeset	71	}
58094faf794d [feladat @ 2] rejo parents: diff changeset	72	else
58094faf794d [feladat @ 2] rejo parents: diff changeset	73	{
58094faf794d [feladat @ 2] rejo parents: diff changeset	74	//No username and password set, show auth form (again).
58094faf794d [feladat @ 2] rejo parents: diff changeset	75	auth();
58094faf794d [feladat @ 2] rejo parents: diff changeset	76	}
58094faf794d [feladat @ 2] rejo parents: diff changeset	77
58094faf794d [feladat @ 2] rejo parents: diff changeset	78	/*
58094faf794d [feladat @ 2] rejo parents: diff changeset	79	* Print the login form.
58094faf794d [feladat @ 2] rejo parents: diff changeset	80	*/
58094faf794d [feladat @ 2] rejo parents: diff changeset	81
58094faf794d [feladat @ 2] rejo parents: diff changeset	82	function auth($msg="")
58094faf794d [feladat @ 2] rejo parents: diff changeset	83	{
58094faf794d [feladat @ 2] rejo parents: diff changeset	84	include_once('inc/header.inc.php');
58094faf794d [feladat @ 2] rejo parents: diff changeset	85	?>
4 55ed92aa7cf5 [feladat @ 5] rejo parents: 1 diff changeset	86	<H2><? echo _('PowerAdmin for PowerDNS'); ?></H2><H3><? echo _('Please login'); ?>:</H3>
1 58094faf794d [feladat @ 2] rejo parents: diff changeset	87	<?
58094faf794d [feladat @ 2] rejo parents: diff changeset	88	if($msg)
58094faf794d [feladat @ 2] rejo parents: diff changeset	89	{
58094faf794d [feladat @ 2] rejo parents: diff changeset	90	print "<font class=\"warning\">$msg</font>\n";
58094faf794d [feladat @ 2] rejo parents: diff changeset	91
58094faf794d [feladat @ 2] rejo parents: diff changeset	92	}
58094faf794d [feladat @ 2] rejo parents: diff changeset	93	?>
58094faf794d [feladat @ 2] rejo parents: diff changeset	94	<FORM METHOD="post" ACTION="<?= $_SERVER["PHP_SELF"] ?>">
58094faf794d [feladat @ 2] rejo parents: diff changeset	95	<TABLE BORDER="0">
4 55ed92aa7cf5 [feladat @ 5] rejo parents: 1 diff changeset	96	<TR><TD STYLE="background-color: #FCC229;"><? echo _('Login'); ?>:</TD><TD STYLE="background-color: #FCC229;"><INPUT TYPE="text" CLASS="input" NAME="username"></TD></TR>
55ed92aa7cf5 [feladat @ 5] rejo parents: 1 diff changeset	97	<TR><TD STYLE="background-color: #FCC229;"><? echo _('Password'); ?>:</TD><TD STYLE="background-color: #FCC229;"><INPUT TYPE="password" CLASS="input" NAME="password"></TD></TR>
55ed92aa7cf5 [feladat @ 5] rejo parents: 1 diff changeset	98	<TR><TD STYLE="background-color: #FCC229;"> </TD><TD STYLE="background-color: #FCC229;"><INPUT TYPE="submit" NAME="authenticate" CLASS="button" VALUE=" <? echo _('Login'); ?> "></TD></TR>
1 58094faf794d [feladat @ 2] rejo parents: diff changeset	99	</TABLE>
58094faf794d [feladat @ 2] rejo parents: diff changeset	100	<?
58094faf794d [feladat @ 2] rejo parents: diff changeset	101	include_once('inc/footer.inc.php');
58094faf794d [feladat @ 2] rejo parents: diff changeset	102	exit;
58094faf794d [feladat @ 2] rejo parents: diff changeset	103	}
58094faf794d [feladat @ 2] rejo parents: diff changeset	104
58094faf794d [feladat @ 2] rejo parents: diff changeset	105
58094faf794d [feladat @ 2] rejo parents: diff changeset	106	/*
58094faf794d [feladat @ 2] rejo parents: diff changeset	107	* Logout the user and kickback to login form.
58094faf794d [feladat @ 2] rejo parents: diff changeset	108	*/
58094faf794d [feladat @ 2] rejo parents: diff changeset	109
58094faf794d [feladat @ 2] rejo parents: diff changeset	110	function logout($msg="You have logged out.")
58094faf794d [feladat @ 2] rejo parents: diff changeset	111	{
58094faf794d [feladat @ 2] rejo parents: diff changeset	112	session_destroy();
58094faf794d [feladat @ 2] rejo parents: diff changeset	113	session_write_close();
58094faf794d [feladat @ 2] rejo parents: diff changeset	114	auth($msg);
58094faf794d [feladat @ 2] rejo parents: diff changeset	115	exit;
58094faf794d [feladat @ 2] rejo parents: diff changeset	116	}
58094faf794d [feladat @ 2] rejo parents: diff changeset	117
58094faf794d [feladat @ 2] rejo parents: diff changeset	118	?>

author	rejo
	Tue, 17 Apr 2007 19:43:24 +0000
changeset 4	55ed92aa7cf5
parent 1	58094faf794d
child 6	9fcac40c1b0e
permissions	-rwxr-xr-x