inc/auth.inc.php
author rejo
Mon, 31 Mar 2008 21:10:19 +0000
changeset 120 982f722376b4
parent 119 f74e4f88b680
child 126 cb06e3e29ed8
permissions -rwxr-xr-x
[feladat @ 223] Bugfix. No domain id was provided when entering 'edit record' page from a search query. Changed code so 'edit record' does not rely on domain id provided by user but determines it from the record id that is about to be changed. This closes ticket:31.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
71
e1b918eaf69a [feladat @ 118]
peter
parents: 65
diff changeset
     1
<?php
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
     2
119
f74e4f88b680 [feladat @ 222]
rejo
parents: 82
diff changeset
     3
/*  Poweradmin, a friendly web-based admin tool for PowerDNS.
47
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
     4
 *  See <https://rejo.zenger.nl/poweradmin> for more details.
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
     5
 *
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
     6
 *  Copyright 2007, 2008  Rejo Zenger <rejo@zenger.nl>
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
     7
 *
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
     8
 *  This program is free software: you can redistribute it and/or modify
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
     9
 *  it under the terms of the GNU General Public License as published by
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    10
 *  the Free Software Foundation, either version 3 of the License, or
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    11
 *  (at your option) any later version.
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    12
 *
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    13
 *  This program is distributed in the hope that it will be useful,
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    14
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    15
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    16
 *  GNU General Public License for more details.
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    17
 *
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    18
 *  You should have received a copy of the GNU General Public License
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    19
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    20
 */
ae140472d97c [feladat @ 94]
rejo
parents: 25
diff changeset
    21
79
0c0aa144356a [feladat @ 156]
peter
parents: 71
diff changeset
    22
//session_start();
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    23
82
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    24
function doAuthenticate() {
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    25
	global $db;
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    26
	global $EXPIRE;
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    27
	if (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] == "logout") {
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    28
		logout();
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    29
	}
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    30
82
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    31
	// If a user had just entered his/her login && password, store them in our session.
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    32
	if(isset($_POST["authenticate"]))
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    33
	{
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    34
			$_SESSION["userpwd"] = $_POST["password"];
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    35
			$_SESSION["userlogin"] = $_POST["username"];
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    36
	}
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    37
82
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    38
	// Check if the session hasnt expired yet.
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    39
	if ((isset($_SESSION["userid"])) && ($_SESSION["lastmod"] != "") && ((time() - $_SESSION["lastmod"]) > $EXPIRE))
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    40
	{
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    41
		logout( _('Session expired, please login again.'),"error");
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    42
	}
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    43
82
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    44
	// If the session hasn't expired yet, give our session a fresh new timestamp.
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    45
	$_SESSION["lastmod"] = time();
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    46
82
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    47
	if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"]))
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    48
	{
82
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    49
		//Username and password are set, lets try to authenticate.
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    50
		$result = $db->query("SELECT id, fullname FROM users WHERE username=". $db->quote($_SESSION["userlogin"])  ." AND password=". $db->quote(md5($_SESSION["userpwd"]))  ." AND active=1");
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    51
		if($result->numRows() == 1)
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    52
		{
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    53
			$rowObj = $result->fetchRow();
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    54
			$_SESSION["userid"] = $rowObj["id"];
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    55
			$_SESSION["name"] = $rowObj["fullname"];
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    56
			if($_POST["authenticate"])
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    57
			{
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    58
				//If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost.
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    59
				session_write_close();
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    60
				clean_page("index.php");
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    61
				exit;
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    62
			}
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    63
		}
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    64
		else
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    65
		{
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    66
			//Authentication failed, retry.
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    67
			auth( _('Authentication failed!'),"error");
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    68
		}
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    69
	}
82
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    70
	else
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    71
	{
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    72
		//No username and password set, show auth form (again).
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    73
		auth();
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
    74
	}
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    75
}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    76
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    77
/*
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    78
 * Print the login form.
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    79
 */
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    80
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    81
function auth($msg="",$type="success")
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    82
{
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    83
	include_once('inc/header.inc.php');
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    84
	if ( $msg )
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    85
	{
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    86
		print "<div class=\"$type\">$msg</div>\n";
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    87
	}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    88
	?>
71
e1b918eaf69a [feladat @ 118]
peter
parents: 65
diff changeset
    89
	<h2><?php echo _('Login'); ?></h2>
e1b918eaf69a [feladat @ 118]
peter
parents: 65
diff changeset
    90
	<?php
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    91
	?>
71
e1b918eaf69a [feladat @ 118]
peter
parents: 65
diff changeset
    92
	<form method="post" action="<?php echo $_SERVER["PHP_SELF"] ?>">
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    93
	 <table border="0">
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    94
	  <tr>
71
e1b918eaf69a [feladat @ 118]
peter
parents: 65
diff changeset
    95
	   <td class="n"><?php echo _('Login'); ?>:</td>
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    96
	   <td class="n"><input type="text" class="input" name="username"></td>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    97
	  </tr>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    98
	  <tr>
71
e1b918eaf69a [feladat @ 118]
peter
parents: 65
diff changeset
    99
	   <td class="n"><?php echo _('Password'); ?>:</td>
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   100
	   <td class="n"><input type="password" class="input" name="password"></td>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   101
	  </tr>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   102
	  <tr>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   103
	   <td class="n">&nbsp;</td>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   104
	   <td class="n">
71
e1b918eaf69a [feladat @ 118]
peter
parents: 65
diff changeset
   105
	    <input type="submit" name="authenticate" class="button" value=" <?php echo _('Login'); ?> ">
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   106
	   </td>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   107
	  </tr>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   108
	 </table>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   109
	</form>
82
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
   110
        <script type="text/javascript">
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
   111
         <!--
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
   112
          document.login.username.focus();
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
   113
         //-->
c255196bc447 [feladat @ 182]
rejo
parents: 79
diff changeset
   114
        </script>
71
e1b918eaf69a [feladat @ 118]
peter
parents: 65
diff changeset
   115
	<?php
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   116
	include_once('inc/footer.inc.php');
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   117
	exit;
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   118
}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   119
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   120
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   121
/*
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   122
 * Logout the user and kickback to login form.
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   123
 */
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   124
6
9fcac40c1b0e [feladat @ 7]
rejo
parents: 4
diff changeset
   125
function logout($msg="")
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   126
{
79
0c0aa144356a [feladat @ 156]
peter
parents: 71
diff changeset
   127
	$type = '';
6
9fcac40c1b0e [feladat @ 7]
rejo
parents: 4
diff changeset
   128
	if ( $msg == "" ) {
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   129
		$msg = _('You have logged out.');
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   130
		$type = "success";
6
9fcac40c1b0e [feladat @ 7]
rejo
parents: 4
diff changeset
   131
	};
25
576034a80ea8 [feladat @ 72]
rejo
parents: 13
diff changeset
   132
	unset($_SESSION["userid"]);
576034a80ea8 [feladat @ 72]
rejo
parents: 13
diff changeset
   133
	unset($_SESSION["name"]);
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   134
	session_destroy();
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   135
	session_write_close();
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   136
	auth($msg, $type);
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   137
	exit;
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   138
}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   139
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   140
?>