poweradmin: inc/auth.inc.php@c255196bc447 (annotated)

71 e1b918eaf69a [feladat @ 118] peter parents: 65 diff changeset	1	<?php
1 58094faf794d [feladat @ 2] rejo parents: diff changeset	2
47 ae140472d97c [feladat @ 94] rejo parents: 25 diff changeset	3	/* PowerAdmin, a friendly web-based admin tool for PowerDNS.
ae140472d97c [feladat @ 94] rejo parents: 25 diff changeset	4	* See <https://rejo.zenger.nl/poweradmin> for more details.
ae140472d97c [feladat @ 94] rejo parents: 25 diff changeset	5	*
ae140472d97c [feladat @ 94] rejo parents: 25 diff changeset	6	* Copyright 2007, 2008 Rejo Zenger <rejo@zenger.nl>
ae140472d97c [feladat @ 94] rejo parents: 25 diff changeset	7	*
ae140472d97c [feladat @ 94] rejo parents: 25 diff changeset	8	* This program is free software: you can redistribute it and/or modify
ae140472d97c [feladat @ 94] rejo parents: 25 diff changeset	9	* it under the terms of the GNU General Public License as published by
ae140472d97c [feladat @ 94] rejo parents: 25 diff changeset	10	* the Free Software Foundation, either version 3 of the License, or
ae140472d97c [feladat @ 94] rejo parents: 25 diff changeset	11	* (at your option) any later version.
ae140472d97c [feladat @ 94] rejo parents: 25 diff changeset	12	*
ae140472d97c [feladat @ 94] rejo parents: 25 diff changeset	13	* This program is distributed in the hope that it will be useful,
ae140472d97c [feladat @ 94] rejo parents: 25 diff changeset	14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
ae140472d97c [feladat @ 94] rejo parents: 25 diff changeset	15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
ae140472d97c [feladat @ 94] rejo parents: 25 diff changeset	16	* GNU General Public License for more details.
ae140472d97c [feladat @ 94] rejo parents: 25 diff changeset	17	*
ae140472d97c [feladat @ 94] rejo parents: 25 diff changeset	18	* You should have received a copy of the GNU General Public License
ae140472d97c [feladat @ 94] rejo parents: 25 diff changeset	19	* along with this program. If not, see <http://www.gnu.org/licenses/>.
ae140472d97c [feladat @ 94] rejo parents: 25 diff changeset	20	*/
ae140472d97c [feladat @ 94] rejo parents: 25 diff changeset	21
79 0c0aa144356a [feladat @ 156] peter parents: 71 diff changeset	22	//session_start();
1 58094faf794d [feladat @ 2] rejo parents: diff changeset	23
82 c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	24	function doAuthenticate() {
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	25	global $db;
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	26	global $EXPIRE;
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	27	if (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] == "logout") {
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	28	logout();
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	29	}
1 58094faf794d [feladat @ 2] rejo parents: diff changeset	30
82 c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	31	// If a user had just entered his/her login && password, store them in our session.
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	32	if(isset($_POST["authenticate"]))
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	33	{
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	34	$_SESSION["userpwd"] = $_POST["password"];
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	35	$_SESSION["userlogin"] = $_POST["username"];
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	36	}
1 58094faf794d [feladat @ 2] rejo parents: diff changeset	37
82 c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	38	// Check if the session hasnt expired yet.
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	39	if ((isset($_SESSION["userid"])) && ($_SESSION["lastmod"] != "") && ((time() - $_SESSION["lastmod"]) > $EXPIRE))
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	40	{
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	41	logout( _('Session expired, please login again.'),"error");
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	42	}
1 58094faf794d [feladat @ 2] rejo parents: diff changeset	43
82 c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	44	// If the session hasn't expired yet, give our session a fresh new timestamp.
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	45	$_SESSION["lastmod"] = time();
1 58094faf794d [feladat @ 2] rejo parents: diff changeset	46
82 c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	47	if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"]))
1 58094faf794d [feladat @ 2] rejo parents: diff changeset	48	{
82 c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	49	//Username and password are set, lets try to authenticate.
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	50	$result = $db->query("SELECT id, fullname FROM users WHERE username=". $db->quote($_SESSION["userlogin"]) ." AND password=". $db->quote(md5($_SESSION["userpwd"])) ." AND active=1");
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	51	if($result->numRows() == 1)
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	52	{
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	53	$rowObj = $result->fetchRow();
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	54	$_SESSION["userid"] = $rowObj["id"];
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	55	$_SESSION["name"] = $rowObj["fullname"];
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	56	if($_POST["authenticate"])
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	57	{
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	58	//If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost.
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	59	session_write_close();
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	60	clean_page("index.php");
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	61	exit;
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	62	}
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	63	}
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	64	else
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	65	{
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	66	//Authentication failed, retry.
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	67	auth( _('Authentication failed!'),"error");
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	68	}
1 58094faf794d [feladat @ 2] rejo parents: diff changeset	69	}
82 c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	70	else
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	71	{
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	72	//No username and password set, show auth form (again).
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	73	auth();
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	74	}
1 58094faf794d [feladat @ 2] rejo parents: diff changeset	75	}
58094faf794d [feladat @ 2] rejo parents: diff changeset	76
58094faf794d [feladat @ 2] rejo parents: diff changeset	77	/*
58094faf794d [feladat @ 2] rejo parents: diff changeset	78	* Print the login form.
58094faf794d [feladat @ 2] rejo parents: diff changeset	79	*/
58094faf794d [feladat @ 2] rejo parents: diff changeset	80
13 2ff220cfde13 [feladat @ 60] rejo parents: 6 diff changeset	81	function auth($msg="",$type="success")
1 58094faf794d [feladat @ 2] rejo parents: diff changeset	82	{
58094faf794d [feladat @ 2] rejo parents: diff changeset	83	include_once('inc/header.inc.php');
13 2ff220cfde13 [feladat @ 60] rejo parents: 6 diff changeset	84	if ( $msg )
1 58094faf794d [feladat @ 2] rejo parents: diff changeset	85	{
13 2ff220cfde13 [feladat @ 60] rejo parents: 6 diff changeset	86	print "<div class=\"$type\">$msg</div>\n";
1 58094faf794d [feladat @ 2] rejo parents: diff changeset	87	}
58094faf794d [feladat @ 2] rejo parents: diff changeset	88	?>
71 e1b918eaf69a [feladat @ 118] peter parents: 65 diff changeset	89	<h2><?php echo _('Login'); ?></h2>
e1b918eaf69a [feladat @ 118] peter parents: 65 diff changeset	90	<?php
13 2ff220cfde13 [feladat @ 60] rejo parents: 6 diff changeset	91	?>
71 e1b918eaf69a [feladat @ 118] peter parents: 65 diff changeset	92	<form method="post" action="<?php echo $_SERVER["PHP_SELF"] ?>">
13 2ff220cfde13 [feladat @ 60] rejo parents: 6 diff changeset	93	<table border="0">
2ff220cfde13 [feladat @ 60] rejo parents: 6 diff changeset	94	<tr>
71 e1b918eaf69a [feladat @ 118] peter parents: 65 diff changeset	95	<td class="n"><?php echo _('Login'); ?>:</td>
13 2ff220cfde13 [feladat @ 60] rejo parents: 6 diff changeset	96	<td class="n"><input type="text" class="input" name="username"></td>
2ff220cfde13 [feladat @ 60] rejo parents: 6 diff changeset	97	</tr>
2ff220cfde13 [feladat @ 60] rejo parents: 6 diff changeset	98	<tr>
71 e1b918eaf69a [feladat @ 118] peter parents: 65 diff changeset	99	<td class="n"><?php echo _('Password'); ?>:</td>
13 2ff220cfde13 [feladat @ 60] rejo parents: 6 diff changeset	100	<td class="n"><input type="password" class="input" name="password"></td>
2ff220cfde13 [feladat @ 60] rejo parents: 6 diff changeset	101	</tr>
2ff220cfde13 [feladat @ 60] rejo parents: 6 diff changeset	102	<tr>
2ff220cfde13 [feladat @ 60] rejo parents: 6 diff changeset	103	<td class="n"> </td>
2ff220cfde13 [feladat @ 60] rejo parents: 6 diff changeset	104	<td class="n">
71 e1b918eaf69a [feladat @ 118] peter parents: 65 diff changeset	105	<input type="submit" name="authenticate" class="button" value=" <?php echo _('Login'); ?> ">
13 2ff220cfde13 [feladat @ 60] rejo parents: 6 diff changeset	106	</td>
2ff220cfde13 [feladat @ 60] rejo parents: 6 diff changeset	107	</tr>
2ff220cfde13 [feladat @ 60] rejo parents: 6 diff changeset	108	</table>
2ff220cfde13 [feladat @ 60] rejo parents: 6 diff changeset	109	</form>
82 c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	110	<script type="text/javascript">
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	111	<!--
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	112	document.login.username.focus();
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	113	//-->
c255196bc447 [feladat @ 182] rejo parents: 79 diff changeset	114	</script>
71 e1b918eaf69a [feladat @ 118] peter parents: 65 diff changeset	115	<?php
1 58094faf794d [feladat @ 2] rejo parents: diff changeset	116	include_once('inc/footer.inc.php');
58094faf794d [feladat @ 2] rejo parents: diff changeset	117	exit;
58094faf794d [feladat @ 2] rejo parents: diff changeset	118	}
58094faf794d [feladat @ 2] rejo parents: diff changeset	119
58094faf794d [feladat @ 2] rejo parents: diff changeset	120
58094faf794d [feladat @ 2] rejo parents: diff changeset	121	/*
58094faf794d [feladat @ 2] rejo parents: diff changeset	122	* Logout the user and kickback to login form.
58094faf794d [feladat @ 2] rejo parents: diff changeset	123	*/
58094faf794d [feladat @ 2] rejo parents: diff changeset	124
6 9fcac40c1b0e [feladat @ 7] rejo parents: 4 diff changeset	125	function logout($msg="")
1 58094faf794d [feladat @ 2] rejo parents: diff changeset	126	{
79 0c0aa144356a [feladat @ 156] peter parents: 71 diff changeset	127	$type = '';
6 9fcac40c1b0e [feladat @ 7] rejo parents: 4 diff changeset	128	if ( $msg == "" ) {
13 2ff220cfde13 [feladat @ 60] rejo parents: 6 diff changeset	129	$msg = _('You have logged out.');
2ff220cfde13 [feladat @ 60] rejo parents: 6 diff changeset	130	$type = "success";
6 9fcac40c1b0e [feladat @ 7] rejo parents: 4 diff changeset	131	};
25 576034a80ea8 [feladat @ 72] rejo parents: 13 diff changeset	132	unset($_SESSION["userid"]);
576034a80ea8 [feladat @ 72] rejo parents: 13 diff changeset	133	unset($_SESSION["name"]);
1 58094faf794d [feladat @ 2] rejo parents: diff changeset	134	session_destroy();
58094faf794d [feladat @ 2] rejo parents: diff changeset	135	session_write_close();
13 2ff220cfde13 [feladat @ 60] rejo parents: 6 diff changeset	136	auth($msg, $type);
1 58094faf794d [feladat @ 2] rejo parents: diff changeset	137	exit;
58094faf794d [feladat @ 2] rejo parents: diff changeset	138	}
58094faf794d [feladat @ 2] rejo parents: diff changeset	139
58094faf794d [feladat @ 2] rejo parents: diff changeset	140	?>

author	rejo
	Tue, 25 Mar 2008 22:45:31 +0000
changeset 82	c255196bc447
parent 79	0c0aa144356a
child 119	f74e4f88b680
permissions	-rwxr-xr-x