inc/auth.inc.php
changeset 1 58094faf794d
child 4 55ed92aa7cf5
equal deleted inserted replaced
0:2cd8c1649ba9 1:58094faf794d
       
     1 <?
       
     2 
       
     3 // +--------------------------------------------------------------------+
       
     4 // | PowerAdmin								|
       
     5 // +--------------------------------------------------------------------+
       
     6 // | Copyright (c) 1997-2002 The PowerAdmin Team			|
       
     7 // +--------------------------------------------------------------------+
       
     8 // | This source file is subject to the license carried by the overal	|
       
     9 // | program PowerAdmin as found on http://poweradmin.sf.net		|
       
    10 // | The PowerAdmin program falls under the QPL License:		|
       
    11 // | http://www.trolltech.com/developer/licensing/qpl.html		|
       
    12 // +--------------------------------------------------------------------+
       
    13 // | Authors: Roeland Nieuwenhuis <trancer <AT> trancer <DOT> nl>	|
       
    14 // |          Sjeemz <sjeemz <AT> sjeemz <DOT> nl>			|
       
    15 // +--------------------------------------------------------------------+
       
    16 
       
    17 // Filename: auth.inc.php
       
    18 // Startdate: 26-10-2002
       
    19 // Description: file is supposed to validate users and check whether they are authorized.
       
    20 // If they are authorized this code handles that they can access stuff.
       
    21 //
       
    22 // $Id: auth.inc.php,v 1.6 2003/01/13 22:08:52 azurazu Exp $
       
    23 //
       
    24 
       
    25 session_start();
       
    26 
       
    27 if (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] == "logout")
       
    28 {
       
    29 	logout();
       
    30 }
       
    31 
       
    32 // If a user had just entered his/her login && password, store them in our session.
       
    33 if(isset($_POST["authenticate"]))
       
    34 {
       
    35     	$_SESSION["userpwd"] = $_POST["password"];
       
    36     	$_SESSION["userlogin"] = $_POST["username"];
       
    37 }
       
    38 
       
    39 // Check if the session hasnt expired yet.
       
    40 if ((isset($_SESSION["userid"])) && ($_SESSION["lastmod"] != "") && ((time() - $_SESSION["lastmod"]) > $EXPIRE))
       
    41 {
       
    42 	logout("Session expired, please login again.");
       
    43 }
       
    44 
       
    45 // If the session hasn't expired yet, give our session a fresh new timestamp.
       
    46 $_SESSION["lastmod"] = time();
       
    47 
       
    48 if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"]))
       
    49 {
       
    50     //Username and password are set, lets try to authenticate.
       
    51 	$result = $db->query("SELECT id, fullname, level FROM users WHERE username='". $_SESSION["userlogin"]  ."' AND password='". md5($_SESSION["userpwd"])  ."' AND active=1");
       
    52 	if($result->numRows() == 1)
       
    53 	{
       
    54         	$rowObj = $result->fetchRow();
       
    55 		$_SESSION["userid"] = $rowObj["id"];
       
    56 		$_SESSION["name"] = $rowObj["fullname"];
       
    57 		$_SESSION["level"] = $rowObj["level"];
       
    58         	if($_POST["authenticate"])
       
    59         	{
       
    60             		//If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost.
       
    61             		session_write_close();
       
    62             		clean_page("index.php");
       
    63             		exit;
       
    64         	}
       
    65     	}
       
    66     	else
       
    67     	{
       
    68         	//Authentication failed, retry.
       
    69 	        auth("Authentication failed!");
       
    70 	}
       
    71 }
       
    72 else
       
    73 {
       
    74 	//No username and password set, show auth form (again).
       
    75 	auth();
       
    76 }
       
    77 
       
    78 /*
       
    79  * Print the login form.
       
    80  */
       
    81 
       
    82 function auth($msg="")
       
    83 {
       
    84 	include_once('inc/header.inc.php');
       
    85 	?>
       
    86 	<H2>PowerAdmin for PowerDNS</H2><H3>Please login:</H3>
       
    87 	<?
       
    88 	if($msg)
       
    89 	{
       
    90 		print "<font class=\"warning\">$msg</font>\n";
       
    91 
       
    92 	}
       
    93 	?>
       
    94 	<FORM METHOD="post" ACTION="<?= $_SERVER["PHP_SELF"] ?>">
       
    95 	<TABLE BORDER="0">
       
    96 	<TR><TD STYLE="background-color: #FCC229;">Login:</TD><TD STYLE="background-color: #FCC229;"><INPUT TYPE="text" CLASS="input" NAME="username"></TD></TR>
       
    97 	<TR><TD STYLE="background-color: #FCC229;">Password:</TD><TD STYLE="background-color: #FCC229;"><INPUT TYPE="password" CLASS="input" NAME="password"></TD></TR>
       
    98 	<TR><TD STYLE="background-color: #FCC229;">&nbsp;</TD><TD STYLE="background-color: #FCC229;"><INPUT TYPE="submit" NAME="authenticate" CLASS="button" VALUE=" Login "></TD></TR>
       
    99 	</TABLE>
       
   100 	<?
       
   101 	include_once('inc/footer.inc.php');
       
   102 	exit;
       
   103 }
       
   104 
       
   105 
       
   106 /*
       
   107  * Logout the user and kickback to login form.
       
   108  */
       
   109 
       
   110 function logout($msg="You have logged out.")
       
   111 {
       
   112 	session_destroy();
       
   113 	session_write_close();
       
   114 	auth($msg);
       
   115 	exit;
       
   116 }
       
   117 
       
   118 ?>