inc/auth.inc.php
author rejo
Tue, 17 Apr 2007 19:43:24 +0000
changeset 4 55ed92aa7cf5
parent 1 58094faf794d
child 6 9fcac40c1b0e
permissions -rwxr-xr-x
[feladat @ 5] - Second half of translation framework. - Several small typo's in code fixed. - Removed comments on a todo in leveldescription(), already done. - Replaced dal.inc.php with DB.php from package DB-1.7.6 from pear.php.net to fix problems using poweradmin 1.2.7-patched with php5/pear. The DB package has already been superseded by MDB2, but that version is incompatible with current code.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
     1
<?
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
     2
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
     3
// +--------------------------------------------------------------------+
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
     4
// | PowerAdmin								|
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
     5
// +--------------------------------------------------------------------+
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
     6
// | Copyright (c) 1997-2002 The PowerAdmin Team			|
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
     7
// +--------------------------------------------------------------------+
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
     8
// | This source file is subject to the license carried by the overal	|
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
     9
// | program PowerAdmin as found on http://poweradmin.sf.net		|
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    10
// | The PowerAdmin program falls under the QPL License:		|
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    11
// | http://www.trolltech.com/developer/licensing/qpl.html		|
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    12
// +--------------------------------------------------------------------+
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    13
// | Authors: Roeland Nieuwenhuis <trancer <AT> trancer <DOT> nl>	|
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    14
// |          Sjeemz <sjeemz <AT> sjeemz <DOT> nl>			|
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    15
// +--------------------------------------------------------------------+
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    16
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    17
// Filename: auth.inc.php
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    18
// Startdate: 26-10-2002
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    19
// Description: file is supposed to validate users and check whether they are authorized.
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    20
// If they are authorized this code handles that they can access stuff.
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    21
//
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    22
// $Id: auth.inc.php,v 1.6 2003/01/13 22:08:52 azurazu Exp $
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    23
//
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    24
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    25
session_start();
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    26
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    27
if (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] == "logout")
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    28
{
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    29
	logout();
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    30
}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    31
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    32
// If a user had just entered his/her login && password, store them in our session.
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    33
if(isset($_POST["authenticate"]))
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    34
{
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    35
    	$_SESSION["userpwd"] = $_POST["password"];
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    36
    	$_SESSION["userlogin"] = $_POST["username"];
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    37
}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    38
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    39
// Check if the session hasnt expired yet.
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    40
if ((isset($_SESSION["userid"])) && ($_SESSION["lastmod"] != "") && ((time() - $_SESSION["lastmod"]) > $EXPIRE))
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    41
{
4
55ed92aa7cf5 [feladat @ 5]
rejo
parents: 1
diff changeset
    42
	logout( _('Session expired, please login again.') );
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    43
}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    44
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    45
// If the session hasn't expired yet, give our session a fresh new timestamp.
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    46
$_SESSION["lastmod"] = time();
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    47
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    48
if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"]))
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    49
{
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    50
    //Username and password are set, lets try to authenticate.
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    51
	$result = $db->query("SELECT id, fullname, level FROM users WHERE username='". $_SESSION["userlogin"]  ."' AND password='". md5($_SESSION["userpwd"])  ."' AND active=1");
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    52
	if($result->numRows() == 1)
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    53
	{
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    54
        	$rowObj = $result->fetchRow();
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    55
		$_SESSION["userid"] = $rowObj["id"];
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    56
		$_SESSION["name"] = $rowObj["fullname"];
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    57
		$_SESSION["level"] = $rowObj["level"];
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    58
        	if($_POST["authenticate"])
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    59
        	{
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    60
            		//If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost.
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    61
            		session_write_close();
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    62
            		clean_page("index.php");
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    63
            		exit;
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    64
        	}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    65
    	}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    66
    	else
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    67
    	{
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    68
        	//Authentication failed, retry.
4
55ed92aa7cf5 [feladat @ 5]
rejo
parents: 1
diff changeset
    69
	        auth( _('Authentication failed!') );
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    70
	}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    71
}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    72
else
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    73
{
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    74
	//No username and password set, show auth form (again).
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    75
	auth();
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    76
}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    77
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    78
/*
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    79
 * Print the login form.
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    80
 */
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    81
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    82
function auth($msg="")
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    83
{
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    84
	include_once('inc/header.inc.php');
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    85
	?>
4
55ed92aa7cf5 [feladat @ 5]
rejo
parents: 1
diff changeset
    86
	<H2><? echo _('PowerAdmin for PowerDNS'); ?></H2><H3><? echo _('Please login'); ?>:</H3>
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    87
	<?
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    88
	if($msg)
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    89
	{
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    90
		print "<font class=\"warning\">$msg</font>\n";
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    91
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    92
	}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    93
	?>
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    94
	<FORM METHOD="post" ACTION="<?= $_SERVER["PHP_SELF"] ?>">
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    95
	<TABLE BORDER="0">
4
55ed92aa7cf5 [feladat @ 5]
rejo
parents: 1
diff changeset
    96
	<TR><TD STYLE="background-color: #FCC229;"><? echo _('Login'); ?>:</TD><TD STYLE="background-color: #FCC229;"><INPUT TYPE="text" CLASS="input" NAME="username"></TD></TR>
55ed92aa7cf5 [feladat @ 5]
rejo
parents: 1
diff changeset
    97
	<TR><TD STYLE="background-color: #FCC229;"><? echo _('Password'); ?>:</TD><TD STYLE="background-color: #FCC229;"><INPUT TYPE="password" CLASS="input" NAME="password"></TD></TR>
55ed92aa7cf5 [feladat @ 5]
rejo
parents: 1
diff changeset
    98
	<TR><TD STYLE="background-color: #FCC229;">&nbsp;</TD><TD STYLE="background-color: #FCC229;"><INPUT TYPE="submit" NAME="authenticate" CLASS="button" VALUE=" <? echo _('Login'); ?> "></TD></TR>
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    99
	</TABLE>
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   100
	<?
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   101
	include_once('inc/footer.inc.php');
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   102
	exit;
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   103
}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   104
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   105
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   106
/*
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   107
 * Logout the user and kickback to login form.
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   108
 */
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   109
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   110
function logout($msg="You have logged out.")
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   111
{
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   112
	session_destroy();
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   113
	session_write_close();
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   114
	auth($msg);
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   115
	exit;
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   116
}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   117
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   118
?>