diff -r 2cd8c1649ba9 -r 58094faf794d inc/auth.inc.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/inc/auth.inc.php Tue Apr 10 22:40:43 2007 +0000 @@ -0,0 +1,118 @@ + trancer nl> | +// | Sjeemz sjeemz nl> | +// +--------------------------------------------------------------------+ + +// Filename: auth.inc.php +// Startdate: 26-10-2002 +// Description: file is supposed to validate users and check whether they are authorized. +// If they are authorized this code handles that they can access stuff. +// +// $Id: auth.inc.php,v 1.6 2003/01/13 22:08:52 azurazu Exp $ +// + +session_start(); + +if (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] == "logout") +{ + logout(); +} + +// If a user had just entered his/her login && password, store them in our session. +if(isset($_POST["authenticate"])) +{ + $_SESSION["userpwd"] = $_POST["password"]; + $_SESSION["userlogin"] = $_POST["username"]; +} + +// Check if the session hasnt expired yet. +if ((isset($_SESSION["userid"])) && ($_SESSION["lastmod"] != "") && ((time() - $_SESSION["lastmod"]) > $EXPIRE)) +{ + logout("Session expired, please login again."); +} + +// If the session hasn't expired yet, give our session a fresh new timestamp. +$_SESSION["lastmod"] = time(); + +if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"])) +{ + //Username and password are set, lets try to authenticate. + $result = $db->query("SELECT id, fullname, level FROM users WHERE username='". $_SESSION["userlogin"] ."' AND password='". md5($_SESSION["userpwd"]) ."' AND active=1"); + if($result->numRows() == 1) + { + $rowObj = $result->fetchRow(); + $_SESSION["userid"] = $rowObj["id"]; + $_SESSION["name"] = $rowObj["fullname"]; + $_SESSION["level"] = $rowObj["level"]; + if($_POST["authenticate"]) + { + //If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost. + session_write_close(); + clean_page("index.php"); + exit; + } + } + else + { + //Authentication failed, retry. + auth("Authentication failed!"); + } +} +else +{ + //No username and password set, show auth form (again). + auth(); +} + +/* + * Print the login form. + */ + +function auth($msg="") +{ + include_once('inc/header.inc.php'); + ?> +

PowerAdmin for PowerDNS

Please login:

+ $msg\n"; + + } + ?> +
"> + + + + +
Login:
Password:
 
+