71
|
1 |
<?php |
1
|
2 |
|
119
|
3 |
/* Poweradmin, a friendly web-based admin tool for PowerDNS. |
47
|
4 |
* See <https://rejo.zenger.nl/poweradmin> for more details. |
|
5 |
* |
|
6 |
* Copyright 2007, 2008 Rejo Zenger <rejo@zenger.nl> |
|
7 |
* |
|
8 |
* This program is free software: you can redistribute it and/or modify |
|
9 |
* it under the terms of the GNU General Public License as published by |
|
10 |
* the Free Software Foundation, either version 3 of the License, or |
|
11 |
* (at your option) any later version. |
|
12 |
* |
|
13 |
* This program is distributed in the hope that it will be useful, |
|
14 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
15 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
16 |
* GNU General Public License for more details. |
|
17 |
* |
|
18 |
* You should have received a copy of the GNU General Public License |
|
19 |
* along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
20 |
*/ |
|
21 |
|
79
|
22 |
//session_start(); |
1
|
23 |
|
82
|
24 |
function doAuthenticate() { |
|
25 |
global $db; |
|
26 |
global $EXPIRE; |
|
27 |
if (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] == "logout") { |
|
28 |
logout(); |
|
29 |
} |
1
|
30 |
|
82
|
31 |
// If a user had just entered his/her login && password, store them in our session. |
|
32 |
if(isset($_POST["authenticate"])) |
|
33 |
{ |
|
34 |
$_SESSION["userpwd"] = $_POST["password"]; |
|
35 |
$_SESSION["userlogin"] = $_POST["username"]; |
|
36 |
} |
1
|
37 |
|
82
|
38 |
// Check if the session hasnt expired yet. |
|
39 |
if ((isset($_SESSION["userid"])) && ($_SESSION["lastmod"] != "") && ((time() - $_SESSION["lastmod"]) > $EXPIRE)) |
|
40 |
{ |
|
41 |
logout( _('Session expired, please login again.'),"error"); |
|
42 |
} |
1
|
43 |
|
82
|
44 |
// If the session hasn't expired yet, give our session a fresh new timestamp. |
|
45 |
$_SESSION["lastmod"] = time(); |
1
|
46 |
|
82
|
47 |
if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"])) |
1
|
48 |
{ |
82
|
49 |
//Username and password are set, lets try to authenticate. |
|
50 |
$result = $db->query("SELECT id, fullname FROM users WHERE username=". $db->quote($_SESSION["userlogin"]) ." AND password=". $db->quote(md5($_SESSION["userpwd"])) ." AND active=1"); |
|
51 |
if($result->numRows() == 1) |
|
52 |
{ |
|
53 |
$rowObj = $result->fetchRow(); |
|
54 |
$_SESSION["userid"] = $rowObj["id"]; |
|
55 |
$_SESSION["name"] = $rowObj["fullname"]; |
|
56 |
if($_POST["authenticate"]) |
|
57 |
{ |
|
58 |
//If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost. |
|
59 |
session_write_close(); |
|
60 |
clean_page("index.php"); |
|
61 |
exit; |
|
62 |
} |
|
63 |
} |
|
64 |
else |
|
65 |
{ |
|
66 |
//Authentication failed, retry. |
|
67 |
auth( _('Authentication failed!'),"error"); |
|
68 |
} |
1
|
69 |
} |
82
|
70 |
else |
|
71 |
{ |
|
72 |
//No username and password set, show auth form (again). |
|
73 |
auth(); |
|
74 |
} |
1
|
75 |
} |
|
76 |
|
|
77 |
/* |
|
78 |
* Print the login form. |
|
79 |
*/ |
|
80 |
|
13
|
81 |
function auth($msg="",$type="success") |
1
|
82 |
{ |
|
83 |
include_once('inc/header.inc.php'); |
13
|
84 |
if ( $msg ) |
1
|
85 |
{ |
13
|
86 |
print "<div class=\"$type\">$msg</div>\n"; |
1
|
87 |
} |
|
88 |
?> |
71
|
89 |
<h2><?php echo _('Login'); ?></h2> |
|
90 |
<?php |
13
|
91 |
?> |
71
|
92 |
<form method="post" action="<?php echo $_SERVER["PHP_SELF"] ?>"> |
13
|
93 |
<table border="0"> |
|
94 |
<tr> |
71
|
95 |
<td class="n"><?php echo _('Login'); ?>:</td> |
13
|
96 |
<td class="n"><input type="text" class="input" name="username"></td> |
|
97 |
</tr> |
|
98 |
<tr> |
71
|
99 |
<td class="n"><?php echo _('Password'); ?>:</td> |
13
|
100 |
<td class="n"><input type="password" class="input" name="password"></td> |
|
101 |
</tr> |
|
102 |
<tr> |
|
103 |
<td class="n"> </td> |
|
104 |
<td class="n"> |
71
|
105 |
<input type="submit" name="authenticate" class="button" value=" <?php echo _('Login'); ?> "> |
13
|
106 |
</td> |
|
107 |
</tr> |
|
108 |
</table> |
|
109 |
</form> |
82
|
110 |
<script type="text/javascript"> |
|
111 |
<!-- |
|
112 |
document.login.username.focus(); |
|
113 |
//--> |
|
114 |
</script> |
71
|
115 |
<?php |
1
|
116 |
include_once('inc/footer.inc.php'); |
|
117 |
exit; |
|
118 |
} |
|
119 |
|
|
120 |
|
|
121 |
/* |
|
122 |
* Logout the user and kickback to login form. |
|
123 |
*/ |
|
124 |
|
6
|
125 |
function logout($msg="") |
1
|
126 |
{ |
79
|
127 |
$type = ''; |
6
|
128 |
if ( $msg == "" ) { |
13
|
129 |
$msg = _('You have logged out.'); |
|
130 |
$type = "success"; |
6
|
131 |
}; |
25
|
132 |
unset($_SESSION["userid"]); |
|
133 |
unset($_SESSION["name"]); |
1
|
134 |
session_destroy(); |
|
135 |
session_write_close(); |
13
|
136 |
auth($msg, $type); |
1
|
137 |
exit; |
|
138 |
} |
|
139 |
|
|
140 |
?> |