|
1
|
1 |
<? |
|
|
2 |
|
|
|
3 |
session_start(); |
|
|
4 |
|
|
|
5 |
if (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] == "logout") |
|
|
6 |
{ |
|
|
7 |
logout(); |
|
|
8 |
} |
|
|
9 |
|
|
|
10 |
// If a user had just entered his/her login && password, store them in our session. |
|
|
11 |
if(isset($_POST["authenticate"])) |
|
|
12 |
{ |
|
|
13 |
$_SESSION["userpwd"] = $_POST["password"]; |
|
|
14 |
$_SESSION["userlogin"] = $_POST["username"]; |
|
|
15 |
} |
|
|
16 |
|
|
|
17 |
// Check if the session hasnt expired yet. |
|
|
18 |
if ((isset($_SESSION["userid"])) && ($_SESSION["lastmod"] != "") && ((time() - $_SESSION["lastmod"]) > $EXPIRE)) |
|
|
19 |
{ |
|
13
|
20 |
logout( _('Session expired, please login again.'),"error"); |
|
1
|
21 |
} |
|
|
22 |
|
|
|
23 |
// If the session hasn't expired yet, give our session a fresh new timestamp. |
|
|
24 |
$_SESSION["lastmod"] = time(); |
|
|
25 |
|
|
|
26 |
if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"])) |
|
|
27 |
{ |
|
|
28 |
//Username and password are set, lets try to authenticate. |
|
|
29 |
$result = $db->query("SELECT id, fullname, level FROM users WHERE username='". $_SESSION["userlogin"] ."' AND password='". md5($_SESSION["userpwd"]) ."' AND active=1"); |
|
|
30 |
if($result->numRows() == 1) |
|
|
31 |
{ |
|
|
32 |
$rowObj = $result->fetchRow(); |
|
|
33 |
$_SESSION["userid"] = $rowObj["id"]; |
|
|
34 |
$_SESSION["name"] = $rowObj["fullname"]; |
|
|
35 |
$_SESSION["level"] = $rowObj["level"]; |
|
|
36 |
if($_POST["authenticate"]) |
|
|
37 |
{ |
|
|
38 |
//If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost. |
|
|
39 |
session_write_close(); |
|
|
40 |
clean_page("index.php"); |
|
|
41 |
exit; |
|
|
42 |
} |
|
|
43 |
} |
|
|
44 |
else |
|
|
45 |
{ |
|
|
46 |
//Authentication failed, retry. |
|
13
|
47 |
auth( _('Authentication failed!'),"error"); |
|
1
|
48 |
} |
|
|
49 |
} |
|
|
50 |
else |
|
|
51 |
{ |
|
|
52 |
//No username and password set, show auth form (again). |
|
|
53 |
auth(); |
|
|
54 |
} |
|
|
55 |
|
|
|
56 |
/* |
|
|
57 |
* Print the login form. |
|
|
58 |
*/ |
|
|
59 |
|
|
13
|
60 |
function auth($msg="",$type="success") |
|
1
|
61 |
{ |
|
|
62 |
include_once('inc/header.inc.php'); |
|
13
|
63 |
if ( $msg ) |
|
1
|
64 |
{ |
|
13
|
65 |
print "<div class=\"$type\">$msg</div>\n"; |
|
1
|
66 |
} |
|
|
67 |
?> |
|
13
|
68 |
<h2><? echo _('Login'); ?></h2> |
|
|
69 |
<? |
|
|
70 |
?> |
|
|
71 |
<form method="post" action="<? echo $_SERVER["PHP_SELF"] ?>"> |
|
|
72 |
<table border="0"> |
|
|
73 |
<tr> |
|
|
74 |
<td class="n"><? echo _('Login'); ?>:</td> |
|
|
75 |
<td class="n"><input type="text" class="input" name="username"></td> |
|
|
76 |
</tr> |
|
|
77 |
<tr> |
|
|
78 |
<td class="n"><? echo _('Password'); ?>:</td> |
|
|
79 |
<td class="n"><input type="password" class="input" name="password"></td> |
|
|
80 |
</tr> |
|
|
81 |
<tr> |
|
|
82 |
<td class="n"> </td> |
|
|
83 |
<td class="n"> |
|
|
84 |
<input type="submit" name="authenticate" class="button" value=" <? echo _('Login'); ?> "> |
|
|
85 |
</td> |
|
|
86 |
</tr> |
|
|
87 |
</table> |
|
|
88 |
</form> |
|
1
|
89 |
<? |
|
|
90 |
include_once('inc/footer.inc.php'); |
|
|
91 |
exit; |
|
|
92 |
} |
|
|
93 |
|
|
|
94 |
|
|
|
95 |
/* |
|
|
96 |
* Logout the user and kickback to login form. |
|
|
97 |
*/ |
|
|
98 |
|
|
6
|
99 |
function logout($msg="") |
|
1
|
100 |
{ |
|
6
|
101 |
if ( $msg == "" ) { |
|
13
|
102 |
$msg = _('You have logged out.'); |
|
|
103 |
$type = "success"; |
|
6
|
104 |
}; |
|
25
|
105 |
unset($_SESSION["userid"]); |
|
|
106 |
unset($_SESSION["name"]); |
|
|
107 |
unset($_SESSION["level"]);; |
|
1
|
108 |
session_destroy(); |
|
|
109 |
session_write_close(); |
|
13
|
110 |
auth($msg, $type); |
|
1
|
111 |
exit; |
|
|
112 |
} |
|
|
113 |
|
|
|
114 |
?> |