71
+ − 1
<?php
1
+ − 2
47
+ − 3
/* PowerAdmin, a friendly web-based admin tool for PowerDNS.
+ − 4
* See <https://rejo.zenger.nl/poweradmin> for more details.
+ − 5
*
+ − 6
* Copyright 2007, 2008 Rejo Zenger <rejo@zenger.nl>
+ − 7
*
+ − 8
* This program is free software: you can redistribute it and/or modify
+ − 9
* it under the terms of the GNU General Public License as published by
+ − 10
* the Free Software Foundation, either version 3 of the License, or
+ − 11
* (at your option) any later version.
+ − 12
*
+ − 13
* This program is distributed in the hope that it will be useful,
+ − 14
* but WITHOUT ANY WARRANTY; without even the implied warranty of
+ − 15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ − 16
* GNU General Public License for more details.
+ − 17
*
+ − 18
* You should have received a copy of the GNU General Public License
+ − 19
* along with this program. If not, see <http://www.gnu.org/licenses/>.
+ − 20
*/
+ − 21
79
+ − 22
//session_start();
1
+ − 23
82
+ − 24
function doAuthenticate () {
+ − 25
global $db ;
+ − 26
global $EXPIRE ;
+ − 27
if ( isset ( $_SERVER [ "QUERY_STRING" ]) && $_SERVER [ "QUERY_STRING" ] == "logout" ) {
+ − 28
logout ();
+ − 29
}
1
+ − 30
82
+ − 31
// If a user had just entered his/her login && password, store them in our session.
+ − 32
if ( isset ( $_POST [ "authenticate" ]))
+ − 33
{
+ − 34
$_SESSION [ "userpwd" ] = $_POST [ "password" ];
+ − 35
$_SESSION [ "userlogin" ] = $_POST [ "username" ];
+ − 36
}
1
+ − 37
82
+ − 38
// Check if the session hasnt expired yet.
+ − 39
if (( isset ( $_SESSION [ "userid" ])) && ( $_SESSION [ "lastmod" ] != "" ) && (( time () - $_SESSION [ "lastmod" ]) > $EXPIRE ))
+ − 40
{
+ − 41
logout ( _ ( 'Session expired, please login again.' ), "error" );
+ − 42
}
1
+ − 43
82
+ − 44
// If the session hasn't expired yet, give our session a fresh new timestamp.
+ − 45
$_SESSION [ "lastmod" ] = time ();
1
+ − 46
82
+ − 47
if ( isset ( $_SESSION [ "userlogin" ]) && isset ( $_SESSION [ "userpwd" ]))
1
+ − 48
{
82
+ − 49
//Username and password are set, lets try to authenticate.
+ − 50
$result = $db -> query ( "SELECT id, fullname FROM users WHERE username=" . $db -> quote ( $_SESSION [ "userlogin" ]) . " AND password=" . $db -> quote ( md5 ( $_SESSION [ "userpwd" ])) . " AND active=1" );
+ − 51
if ( $result -> numRows () == 1 )
+ − 52
{
+ − 53
$rowObj = $result -> fetchRow ();
+ − 54
$_SESSION [ "userid" ] = $rowObj [ "id" ];
+ − 55
$_SESSION [ "name" ] = $rowObj [ "fullname" ];
+ − 56
if ( $_POST [ "authenticate" ])
+ − 57
{
+ − 58
//If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost.
+ − 59
session_write_close ();
+ − 60
clean_page ( "index.php" );
+ − 61
exit ;
+ − 62
}
+ − 63
}
+ − 64
else
+ − 65
{
+ − 66
//Authentication failed, retry.
+ − 67
auth ( _ ( 'Authentication failed!' ), "error" );
+ − 68
}
1
+ − 69
}
82
+ − 70
else
+ − 71
{
+ − 72
//No username and password set, show auth form (again).
+ − 73
auth ();
+ − 74
}
1
+ − 75
}
+ − 76
+ − 77
/*
+ − 78
* Print the login form.
+ − 79
*/
+ − 80
13
+ − 81
function auth ( $msg = "" , $type = "success" )
1
+ − 82
{
+ − 83
include_once ( 'inc/header.inc.php' );
13
+ − 84
if ( $msg )
1
+ − 85
{
13
+ − 86
print "<div class= \" $type \" > $msg </div> \n " ;
1
+ − 87
}
+ − 88
?>
71
+ − 89
<h2> <?php echo _ ( 'Login' ); ?> </h2>
+ − 90
<?php
13
+ − 91
?>
71
+ − 92
<form method="post" action=" <?php echo $_SERVER [ "PHP_SELF" ] ?> ">
13
+ − 93
<table border="0">
+ − 94
<tr>
71
+ − 95
<td class="n"> <?php echo _ ( 'Login' ); ?> :</td>
13
+ − 96
<td class="n"><input type="text" class="input" name="username"></td>
+ − 97
</tr>
+ − 98
<tr>
71
+ − 99
<td class="n"> <?php echo _ ( 'Password' ); ?> :</td>
13
+ − 100
<td class="n"><input type="password" class="input" name="password"></td>
+ − 101
</tr>
+ − 102
<tr>
+ − 103
<td class="n"> </td>
+ − 104
<td class="n">
71
+ − 105
<input type="submit" name="authenticate" class="button" value=" <?php echo _ ( 'Login' ); ?> ">
13
+ − 106
</td>
+ − 107
</tr>
+ − 108
</table>
+ − 109
</form>
82
+ − 110
<script type="text/javascript">
+ − 111
<!--
+ − 112
document.login.username.focus();
+ − 113
//-->
+ − 114
</script>
71
+ − 115
<?php
1
+ − 116
include_once ( 'inc/footer.inc.php' );
+ − 117
exit ;
+ − 118
}
+ − 119
+ − 120
+ − 121
/*
+ − 122
* Logout the user and kickback to login form.
+ − 123
*/
+ − 124
6
+ − 125
function logout ( $msg = "" )
1
+ − 126
{
79
+ − 127
$type = '' ;
6
+ − 128
if ( $msg == "" ) {
13
+ − 129
$msg = _ ( 'You have logged out.' );
+ − 130
$type = "success" ;
6
+ − 131
};
25
+ − 132
unset ( $_SESSION [ "userid" ]);
+ − 133
unset ( $_SESSION [ "name" ]);
1
+ − 134
session_destroy ();
+ − 135
session_write_close ();
13
+ − 136
auth ( $msg , $type );
1
+ − 137
exit ;
+ − 138
}
+ − 139
+ − 140
?>