71
+ − 1
<?php
1
+ − 2
47
+ − 3
/* PowerAdmin, a friendly web-based admin tool for PowerDNS.
+ − 4
* See <https://rejo.zenger.nl/poweradmin> for more details.
+ − 5
*
+ − 6
* Copyright 2007, 2008 Rejo Zenger <rejo@zenger.nl>
+ − 7
*
+ − 8
* This program is free software: you can redistribute it and/or modify
+ − 9
* it under the terms of the GNU General Public License as published by
+ − 10
* the Free Software Foundation, either version 3 of the License, or
+ − 11
* (at your option) any later version.
+ − 12
*
+ − 13
* This program is distributed in the hope that it will be useful,
+ − 14
* but WITHOUT ANY WARRANTY; without even the implied warranty of
+ − 15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ − 16
* GNU General Public License for more details.
+ − 17
*
+ − 18
* You should have received a copy of the GNU General Public License
+ − 19
* along with this program. If not, see <http://www.gnu.org/licenses/>.
+ − 20
*/
+ − 21
1
+ − 22
session_start ();
+ − 23
+ − 24
if ( isset ( $_SERVER [ "QUERY_STRING" ]) && $_SERVER [ "QUERY_STRING" ] == "logout" )
+ − 25
{
+ − 26
logout ();
+ − 27
}
+ − 28
+ − 29
// If a user had just entered his/her login && password, store them in our session.
+ − 30
if ( isset ( $_POST [ "authenticate" ]))
+ − 31
{
+ − 32
$_SESSION [ "userpwd" ] = $_POST [ "password" ];
+ − 33
$_SESSION [ "userlogin" ] = $_POST [ "username" ];
+ − 34
}
+ − 35
+ − 36
// Check if the session hasnt expired yet.
+ − 37
if (( isset ( $_SESSION [ "userid" ])) && ( $_SESSION [ "lastmod" ] != "" ) && (( time () - $_SESSION [ "lastmod" ]) > $EXPIRE ))
+ − 38
{
13
+ − 39
logout ( _ ( 'Session expired, please login again.' ), "error" );
1
+ − 40
}
+ − 41
+ − 42
// If the session hasn't expired yet, give our session a fresh new timestamp.
+ − 43
$_SESSION [ "lastmod" ] = time ();
+ − 44
+ − 45
if ( isset ( $_SESSION [ "userlogin" ]) && isset ( $_SESSION [ "userpwd" ]))
+ − 46
{
+ − 47
//Username and password are set, lets try to authenticate.
65
+ − 48
$result = $db -> query ( "SELECT id, fullname, level FROM users WHERE username=" . $db -> quote ( $_SESSION [ "userlogin" ]) . " AND password=" . $db -> quote ( md5 ( $_SESSION [ "userpwd" ])) . " AND active=1" );
1
+ − 49
if ( $result -> numRows () == 1 )
+ − 50
{
+ − 51
$rowObj = $result -> fetchRow ();
+ − 52
$_SESSION [ "userid" ] = $rowObj [ "id" ];
+ − 53
$_SESSION [ "name" ] = $rowObj [ "fullname" ];
+ − 54
$_SESSION [ "level" ] = $rowObj [ "level" ];
+ − 55
if ( $_POST [ "authenticate" ])
+ − 56
{
+ − 57
//If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost.
+ − 58
session_write_close ();
+ − 59
clean_page ( "index.php" );
+ − 60
exit ;
+ − 61
}
+ − 62
}
+ − 63
else
+ − 64
{
+ − 65
//Authentication failed, retry.
13
+ − 66
auth ( _ ( 'Authentication failed!' ), "error" );
1
+ − 67
}
+ − 68
}
+ − 69
else
+ − 70
{
+ − 71
//No username and password set, show auth form (again).
+ − 72
auth ();
+ − 73
}
+ − 74
+ − 75
/*
+ − 76
* Print the login form.
+ − 77
*/
+ − 78
13
+ − 79
function auth ( $msg = "" , $type = "success" )
1
+ − 80
{
+ − 81
include_once ( 'inc/header.inc.php' );
13
+ − 82
if ( $msg )
1
+ − 83
{
13
+ − 84
print "<div class= \" $type \" > $msg </div> \n " ;
1
+ − 85
}
+ − 86
?>
71
+ − 87
<h2> <?php echo _ ( 'Login' ); ?> </h2>
+ − 88
<?php
13
+ − 89
?>
71
+ − 90
<form method="post" action=" <?php echo $_SERVER [ "PHP_SELF" ] ?> ">
13
+ − 91
<table border="0">
+ − 92
<tr>
71
+ − 93
<td class="n"> <?php echo _ ( 'Login' ); ?> :</td>
13
+ − 94
<td class="n"><input type="text" class="input" name="username"></td>
+ − 95
</tr>
+ − 96
<tr>
71
+ − 97
<td class="n"> <?php echo _ ( 'Password' ); ?> :</td>
13
+ − 98
<td class="n"><input type="password" class="input" name="password"></td>
+ − 99
</tr>
+ − 100
<tr>
+ − 101
<td class="n"> </td>
+ − 102
<td class="n">
71
+ − 103
<input type="submit" name="authenticate" class="button" value=" <?php echo _ ( 'Login' ); ?> ">
13
+ − 104
</td>
+ − 105
</tr>
+ − 106
</table>
+ − 107
</form>
71
+ − 108
<?php
1
+ − 109
include_once ( 'inc/footer.inc.php' );
+ − 110
exit ;
+ − 111
}
+ − 112
+ − 113
+ − 114
/*
+ − 115
* Logout the user and kickback to login form.
+ − 116
*/
+ − 117
6
+ − 118
function logout ( $msg = "" )
1
+ − 119
{
6
+ − 120
if ( $msg == "" ) {
13
+ − 121
$msg = _ ( 'You have logged out.' );
+ − 122
$type = "success" ;
6
+ − 123
};
25
+ − 124
unset ( $_SESSION [ "userid" ]);
+ − 125
unset ( $_SESSION [ "name" ]);
+ − 126
unset ( $_SESSION [ "level" ]);;
1
+ − 127
session_destroy ();
+ − 128
session_write_close ();
13
+ − 129
auth ( $msg , $type );
1
+ − 130
exit ;
+ − 131
}
+ − 132
+ − 133
?>