inc/auth.inc.php
author rejo
Mon, 23 Jul 2007 22:05:19 +0000
changeset 38 cf767482333a
parent 25 576034a80ea8
child 47 ae140472d97c
permissions -rwxr-xr-x
[feladat @ 85] The type of zone wasn't show to users with access level 1. If a user with access level 1 did have access to a slave zone the user did not see the IP of the master nameserver of that zone. Now the user will the IP address (readonly and only if one is set). Bugfix. If no master IP for a slave zone is given, a warning is shown regardless of the userlevel. Bugfix. Both the "add record" and "edit record" buttons in the "edit zone" screen is no longer available for users with level 1 for domains of type "slave". Bug report by Antonio Prado. Some PHP and HTML cleanup (removing of empty tags and unnecessary repeatings of calls to a single function).
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
     1
<?
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
     2
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
     3
session_start();
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
     4
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
     5
if (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] == "logout")
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
     6
{
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
     7
	logout();
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
     8
}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
     9
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    10
// If a user had just entered his/her login && password, store them in our session.
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    11
if(isset($_POST["authenticate"]))
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    12
{
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    13
    	$_SESSION["userpwd"] = $_POST["password"];
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    14
    	$_SESSION["userlogin"] = $_POST["username"];
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    15
}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    16
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    17
// Check if the session hasnt expired yet.
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    18
if ((isset($_SESSION["userid"])) && ($_SESSION["lastmod"] != "") && ((time() - $_SESSION["lastmod"]) > $EXPIRE))
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    19
{
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    20
	logout( _('Session expired, please login again.'),"error");
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    21
}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    22
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    23
// If the session hasn't expired yet, give our session a fresh new timestamp.
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    24
$_SESSION["lastmod"] = time();
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    25
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    26
if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"]))
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    27
{
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    28
    //Username and password are set, lets try to authenticate.
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    29
	$result = $db->query("SELECT id, fullname, level FROM users WHERE username='". $_SESSION["userlogin"]  ."' AND password='". md5($_SESSION["userpwd"])  ."' AND active=1");
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    30
	if($result->numRows() == 1)
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    31
	{
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    32
        	$rowObj = $result->fetchRow();
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    33
		$_SESSION["userid"] = $rowObj["id"];
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    34
		$_SESSION["name"] = $rowObj["fullname"];
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    35
		$_SESSION["level"] = $rowObj["level"];
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    36
        	if($_POST["authenticate"])
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    37
        	{
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    38
            		//If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost.
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    39
            		session_write_close();
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    40
            		clean_page("index.php");
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    41
            		exit;
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    42
        	}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    43
    	}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    44
    	else
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    45
    	{
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    46
        	//Authentication failed, retry.
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    47
	        auth( _('Authentication failed!'),"error");
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    48
	}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    49
}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    50
else
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    51
{
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    52
	//No username and password set, show auth form (again).
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    53
	auth();
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    54
}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    55
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    56
/*
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    57
 * Print the login form.
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    58
 */
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    59
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    60
function auth($msg="",$type="success")
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    61
{
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    62
	include_once('inc/header.inc.php');
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    63
	if ( $msg )
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    64
	{
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    65
		print "<div class=\"$type\">$msg</div>\n";
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    66
	}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    67
	?>
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    68
	<h2><? echo _('Login'); ?></h2>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    69
	<?
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    70
	?>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    71
	<form method="post" action="<? echo $_SERVER["PHP_SELF"] ?>">
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    72
	 <table border="0">
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    73
	  <tr>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    74
	   <td class="n"><? echo _('Login'); ?>:</td>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    75
	   <td class="n"><input type="text" class="input" name="username"></td>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    76
	  </tr>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    77
	  <tr>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    78
	   <td class="n"><? echo _('Password'); ?>:</td>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    79
	   <td class="n"><input type="password" class="input" name="password"></td>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    80
	  </tr>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    81
	  <tr>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    82
	   <td class="n">&nbsp;</td>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    83
	   <td class="n">
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    84
	    <input type="submit" name="authenticate" class="button" value=" <? echo _('Login'); ?> ">
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    85
	   </td>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    86
	  </tr>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    87
	 </table>
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
    88
	</form>
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    89
	<?
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    90
	include_once('inc/footer.inc.php');
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    91
	exit;
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    92
}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    93
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    94
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    95
/*
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    96
 * Logout the user and kickback to login form.
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    97
 */
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
    98
6
9fcac40c1b0e [feladat @ 7]
rejo
parents: 4
diff changeset
    99
function logout($msg="")
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   100
{
6
9fcac40c1b0e [feladat @ 7]
rejo
parents: 4
diff changeset
   101
	if ( $msg == "" ) {
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   102
		$msg = _('You have logged out.');
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   103
		$type = "success";
6
9fcac40c1b0e [feladat @ 7]
rejo
parents: 4
diff changeset
   104
	};
25
576034a80ea8 [feladat @ 72]
rejo
parents: 13
diff changeset
   105
	unset($_SESSION["userid"]);
576034a80ea8 [feladat @ 72]
rejo
parents: 13
diff changeset
   106
	unset($_SESSION["name"]);
576034a80ea8 [feladat @ 72]
rejo
parents: 13
diff changeset
   107
	unset($_SESSION["level"]);;
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   108
	session_destroy();
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   109
	session_write_close();
13
2ff220cfde13 [feladat @ 60]
rejo
parents: 6
diff changeset
   110
	auth($msg, $type);
1
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   111
	exit;
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   112
}
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   113
58094faf794d [feladat @ 2]
rejo
parents:
diff changeset
   114
?>