inc/auth.inc.php
author rejo
Wed, 18 Apr 2007 21:08:07 +0000
changeset 6 9fcac40c1b0e
parent 4 55ed92aa7cf5
child 13 2ff220cfde13
permissions -rwxr-xr-x
[feladat @ 7] - Fixed last major part of translation.

<?

// +--------------------------------------------------------------------+
// | PowerAdmin								|
// +--------------------------------------------------------------------+
// | Copyright (c) 1997-2002 The PowerAdmin Team			|
// +--------------------------------------------------------------------+
// | This source file is subject to the license carried by the overal	|
// | program PowerAdmin as found on http://poweradmin.sf.net		|
// | The PowerAdmin program falls under the QPL License:		|
// | http://www.trolltech.com/developer/licensing/qpl.html		|
// +--------------------------------------------------------------------+
// | Authors: Roeland Nieuwenhuis <trancer <AT> trancer <DOT> nl>	|
// |          Sjeemz <sjeemz <AT> sjeemz <DOT> nl>			|
// +--------------------------------------------------------------------+

// Filename: auth.inc.php
// Startdate: 26-10-2002
// Description: file is supposed to validate users and check whether they are authorized.
// If they are authorized this code handles that they can access stuff.
//
// $Id: auth.inc.php,v 1.6 2003/01/13 22:08:52 azurazu Exp $
//

session_start();

if (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] == "logout")
{
	logout();
}

// If a user had just entered his/her login && password, store them in our session.
if(isset($_POST["authenticate"]))
{
    	$_SESSION["userpwd"] = $_POST["password"];
    	$_SESSION["userlogin"] = $_POST["username"];
}

// Check if the session hasnt expired yet.
if ((isset($_SESSION["userid"])) && ($_SESSION["lastmod"] != "") && ((time() - $_SESSION["lastmod"]) > $EXPIRE))
{
	logout( _('Session expired, please login again.') );
}

// If the session hasn't expired yet, give our session a fresh new timestamp.
$_SESSION["lastmod"] = time();

if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"]))
{
    //Username and password are set, lets try to authenticate.
	$result = $db->query("SELECT id, fullname, level FROM users WHERE username='". $_SESSION["userlogin"]  ."' AND password='". md5($_SESSION["userpwd"])  ."' AND active=1");
	if($result->numRows() == 1)
	{
        	$rowObj = $result->fetchRow();
		$_SESSION["userid"] = $rowObj["id"];
		$_SESSION["name"] = $rowObj["fullname"];
		$_SESSION["level"] = $rowObj["level"];
        	if($_POST["authenticate"])
        	{
            		//If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost.
            		session_write_close();
            		clean_page("index.php");
            		exit;
        	}
    	}
    	else
    	{
        	//Authentication failed, retry.
	        auth( _('Authentication failed!') );
	}
}
else
{
	//No username and password set, show auth form (again).
	auth();
}

/*
 * Print the login form.
 */

function auth($msg="")
{
	include_once('inc/header.inc.php');
	?>
	<H2><? echo _('PowerAdmin for PowerDNS'); ?></H2><H3><? echo _('Please login'); ?>:</H3>
	<?
	if($msg)
	{
		print "<font class=\"warning\">$msg</font>\n";

	}
	?>
	<FORM METHOD="post" ACTION="<?= $_SERVER["PHP_SELF"] ?>">
	<TABLE BORDER="0">
	<TR><TD STYLE="background-color: #FCC229;"><? echo _('Login'); ?>:</TD><TD STYLE="background-color: #FCC229;"><INPUT TYPE="text" CLASS="input" NAME="username"></TD></TR>
	<TR><TD STYLE="background-color: #FCC229;"><? echo _('Password'); ?>:</TD><TD STYLE="background-color: #FCC229;"><INPUT TYPE="password" CLASS="input" NAME="password"></TD></TR>
	<TR><TD STYLE="background-color: #FCC229;">&nbsp;</TD><TD STYLE="background-color: #FCC229;"><INPUT TYPE="submit" NAME="authenticate" CLASS="button" VALUE=" <? echo _('Login'); ?> "></TD></TR>
	</TABLE>
	<?
	include_once('inc/footer.inc.php');
	exit;
}


/*
 * Logout the user and kickback to login form.
 */

function logout($msg="")
{
	if ( $msg == "" ) {
		$msg=_('You have logged out.');
	};
	session_destroy();
	session_write_close();
	auth($msg);
	exit;
}

?>