1
+ − 1
<?
+ − 2
+ − 3
// +--------------------------------------------------------------------+
+ − 4
// | PowerAdmin |
+ − 5
// +--------------------------------------------------------------------+
+ − 6
// | Copyright (c) 1997-2002 The PowerAdmin Team |
+ − 7
// +--------------------------------------------------------------------+
+ − 8
// | This source file is subject to the license carried by the overal |
+ − 9
// | program PowerAdmin as found on http://poweradmin.sf.net |
+ − 10
// | The PowerAdmin program falls under the QPL License: |
+ − 11
// | http://www.trolltech.com/developer/licensing/qpl.html |
+ − 12
// +--------------------------------------------------------------------+
+ − 13
// | Authors: Roeland Nieuwenhuis <trancer <AT> trancer <DOT> nl> |
+ − 14
// | Sjeemz <sjeemz <AT> sjeemz <DOT> nl> |
+ − 15
// +--------------------------------------------------------------------+
+ − 16
+ − 17
// Filename: auth.inc.php
+ − 18
// Startdate: 26-10-2002
+ − 19
// Description: file is supposed to validate users and check whether they are authorized.
+ − 20
// If they are authorized this code handles that they can access stuff.
+ − 21
//
+ − 22
// $Id: auth.inc.php,v 1.6 2003/01/13 22:08:52 azurazu Exp $
+ − 23
//
+ − 24
+ − 25
session_start ();
+ − 26
+ − 27
if ( isset ( $_SERVER [ "QUERY_STRING" ]) && $_SERVER [ "QUERY_STRING" ] == "logout" )
+ − 28
{
+ − 29
logout ();
+ − 30
}
+ − 31
+ − 32
// If a user had just entered his/her login && password, store them in our session.
+ − 33
if ( isset ( $_POST [ "authenticate" ]))
+ − 34
{
+ − 35
$_SESSION [ "userpwd" ] = $_POST [ "password" ];
+ − 36
$_SESSION [ "userlogin" ] = $_POST [ "username" ];
+ − 37
}
+ − 38
+ − 39
// Check if the session hasnt expired yet.
+ − 40
if (( isset ( $_SESSION [ "userid" ])) && ( $_SESSION [ "lastmod" ] != "" ) && (( time () - $_SESSION [ "lastmod" ]) > $EXPIRE ))
+ − 41
{
+ − 42
logout ( "Session expired, please login again." );
+ − 43
}
+ − 44
+ − 45
// If the session hasn't expired yet, give our session a fresh new timestamp.
+ − 46
$_SESSION [ "lastmod" ] = time ();
+ − 47
+ − 48
if ( isset ( $_SESSION [ "userlogin" ]) && isset ( $_SESSION [ "userpwd" ]))
+ − 49
{
+ − 50
//Username and password are set, lets try to authenticate.
+ − 51
$result = $db -> query ( "SELECT id, fullname, level FROM users WHERE username='" . $_SESSION [ "userlogin" ] . "' AND password='" . md5 ( $_SESSION [ "userpwd" ]) . "' AND active=1" );
+ − 52
if ( $result -> numRows () == 1 )
+ − 53
{
+ − 54
$rowObj = $result -> fetchRow ();
+ − 55
$_SESSION [ "userid" ] = $rowObj [ "id" ];
+ − 56
$_SESSION [ "name" ] = $rowObj [ "fullname" ];
+ − 57
$_SESSION [ "level" ] = $rowObj [ "level" ];
+ − 58
if ( $_POST [ "authenticate" ])
+ − 59
{
+ − 60
//If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost.
+ − 61
session_write_close ();
+ − 62
clean_page ( "index.php" );
+ − 63
exit ;
+ − 64
}
+ − 65
}
+ − 66
else
+ − 67
{
+ − 68
//Authentication failed, retry.
+ − 69
auth ( "Authentication failed!" );
+ − 70
}
+ − 71
}
+ − 72
else
+ − 73
{
+ − 74
//No username and password set, show auth form (again).
+ − 75
auth ();
+ − 76
}
+ − 77
+ − 78
/*
+ − 79
* Print the login form.
+ − 80
*/
+ − 81
+ − 82
function auth ( $msg = "" )
+ − 83
{
+ − 84
include_once ( 'inc/header.inc.php' );
+ − 85
?>
+ − 86
<H2>PowerAdmin for PowerDNS</H2><H3>Please login:</H3>
+ − 87
<?
+ − 88
if ( $msg )
+ − 89
{
+ − 90
print "<font class= \" warning \" > $msg </font> \n " ;
+ − 91
+ − 92
}
+ − 93
?>
+ − 94
<FORM METHOD="post" ACTION=" <? = $_SERVER [ "PHP_SELF" ] ?> ">
+ − 95
<TABLE BORDER="0">
+ − 96
<TR><TD STYLE="background-color: #FCC229;">Login:</TD><TD STYLE="background-color: #FCC229;"><INPUT TYPE="text" CLASS="input" NAME="username"></TD></TR>
+ − 97
<TR><TD STYLE="background-color: #FCC229;">Password:</TD><TD STYLE="background-color: #FCC229;"><INPUT TYPE="password" CLASS="input" NAME="password"></TD></TR>
+ − 98
<TR><TD STYLE="background-color: #FCC229;"> </TD><TD STYLE="background-color: #FCC229;"><INPUT TYPE="submit" NAME="authenticate" CLASS="button" VALUE=" Login "></TD></TR>
+ − 99
</TABLE>
+ − 100
<?
+ − 101
include_once ( 'inc/footer.inc.php' );
+ − 102
exit ;
+ − 103
}
+ − 104
+ − 105
+ − 106
/*
+ − 107
* Logout the user and kickback to login form.
+ − 108
*/
+ − 109
+ − 110
function logout ( $msg = "You have logged out." )
+ − 111
{
+ − 112
session_destroy ();
+ − 113
session_write_close ();
+ − 114
auth ( $msg );
+ − 115
exit ;
+ − 116
}
+ − 117
+ − 118
?>