1
|
1 |
<? |
|
2 |
|
|
3 |
// +--------------------------------------------------------------------+ |
|
4 |
// | PowerAdmin | |
|
5 |
// +--------------------------------------------------------------------+ |
|
6 |
// | Copyright (c) 1997-2002 The PowerAdmin Team | |
|
7 |
// +--------------------------------------------------------------------+ |
|
8 |
// | This source file is subject to the license carried by the overal | |
|
9 |
// | program PowerAdmin as found on http://poweradmin.sf.net | |
|
10 |
// | The PowerAdmin program falls under the QPL License: | |
|
11 |
// | http://www.trolltech.com/developer/licensing/qpl.html | |
|
12 |
// +--------------------------------------------------------------------+ |
|
13 |
// | Authors: Roeland Nieuwenhuis <trancer <AT> trancer <DOT> nl> | |
|
14 |
// | Sjeemz <sjeemz <AT> sjeemz <DOT> nl> | |
|
15 |
// +--------------------------------------------------------------------+ |
|
16 |
|
|
17 |
// Filename: auth.inc.php |
|
18 |
// Startdate: 26-10-2002 |
|
19 |
// Description: file is supposed to validate users and check whether they are authorized. |
|
20 |
// If they are authorized this code handles that they can access stuff. |
|
21 |
// |
|
22 |
// $Id: auth.inc.php,v 1.6 2003/01/13 22:08:52 azurazu Exp $ |
|
23 |
// |
|
24 |
|
|
25 |
session_start(); |
|
26 |
|
|
27 |
if (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] == "logout") |
|
28 |
{ |
|
29 |
logout(); |
|
30 |
} |
|
31 |
|
|
32 |
// If a user had just entered his/her login && password, store them in our session. |
|
33 |
if(isset($_POST["authenticate"])) |
|
34 |
{ |
|
35 |
$_SESSION["userpwd"] = $_POST["password"]; |
|
36 |
$_SESSION["userlogin"] = $_POST["username"]; |
|
37 |
} |
|
38 |
|
|
39 |
// Check if the session hasnt expired yet. |
|
40 |
if ((isset($_SESSION["userid"])) && ($_SESSION["lastmod"] != "") && ((time() - $_SESSION["lastmod"]) > $EXPIRE)) |
|
41 |
{ |
|
42 |
logout("Session expired, please login again."); |
|
43 |
} |
|
44 |
|
|
45 |
// If the session hasn't expired yet, give our session a fresh new timestamp. |
|
46 |
$_SESSION["lastmod"] = time(); |
|
47 |
|
|
48 |
if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"])) |
|
49 |
{ |
|
50 |
//Username and password are set, lets try to authenticate. |
|
51 |
$result = $db->query("SELECT id, fullname, level FROM users WHERE username='". $_SESSION["userlogin"] ."' AND password='". md5($_SESSION["userpwd"]) ."' AND active=1"); |
|
52 |
if($result->numRows() == 1) |
|
53 |
{ |
|
54 |
$rowObj = $result->fetchRow(); |
|
55 |
$_SESSION["userid"] = $rowObj["id"]; |
|
56 |
$_SESSION["name"] = $rowObj["fullname"]; |
|
57 |
$_SESSION["level"] = $rowObj["level"]; |
|
58 |
if($_POST["authenticate"]) |
|
59 |
{ |
|
60 |
//If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost. |
|
61 |
session_write_close(); |
|
62 |
clean_page("index.php"); |
|
63 |
exit; |
|
64 |
} |
|
65 |
} |
|
66 |
else |
|
67 |
{ |
|
68 |
//Authentication failed, retry. |
|
69 |
auth("Authentication failed!"); |
|
70 |
} |
|
71 |
} |
|
72 |
else |
|
73 |
{ |
|
74 |
//No username and password set, show auth form (again). |
|
75 |
auth(); |
|
76 |
} |
|
77 |
|
|
78 |
/* |
|
79 |
* Print the login form. |
|
80 |
*/ |
|
81 |
|
|
82 |
function auth($msg="") |
|
83 |
{ |
|
84 |
include_once('inc/header.inc.php'); |
|
85 |
?> |
|
86 |
<H2>PowerAdmin for PowerDNS</H2><H3>Please login:</H3> |
|
87 |
<? |
|
88 |
if($msg) |
|
89 |
{ |
|
90 |
print "<font class=\"warning\">$msg</font>\n"; |
|
91 |
|
|
92 |
} |
|
93 |
?> |
|
94 |
<FORM METHOD="post" ACTION="<?= $_SERVER["PHP_SELF"] ?>"> |
|
95 |
<TABLE BORDER="0"> |
|
96 |
<TR><TD STYLE="background-color: #FCC229;">Login:</TD><TD STYLE="background-color: #FCC229;"><INPUT TYPE="text" CLASS="input" NAME="username"></TD></TR> |
|
97 |
<TR><TD STYLE="background-color: #FCC229;">Password:</TD><TD STYLE="background-color: #FCC229;"><INPUT TYPE="password" CLASS="input" NAME="password"></TD></TR> |
|
98 |
<TR><TD STYLE="background-color: #FCC229;"> </TD><TD STYLE="background-color: #FCC229;"><INPUT TYPE="submit" NAME="authenticate" CLASS="button" VALUE=" Login "></TD></TR> |
|
99 |
</TABLE> |
|
100 |
<? |
|
101 |
include_once('inc/footer.inc.php'); |
|
102 |
exit; |
|
103 |
} |
|
104 |
|
|
105 |
|
|
106 |
/* |
|
107 |
* Logout the user and kickback to login form. |
|
108 |
*/ |
|
109 |
|
|
110 |
function logout($msg="You have logged out.") |
|
111 |
{ |
|
112 |
session_destroy(); |
|
113 |
session_write_close(); |
|
114 |
auth($msg); |
|
115 |
exit; |
|
116 |
} |
|
117 |
|
|
118 |
?> |