librenms-librenms/html/includes/authentication/http-auth.inc.php

<?php

if (!isset($_SESSION['username'])) {
    $_SESSION['username'] = '';
}


function authenticate($username, $password)
{
    global $config;

    if (isset($_SERVER['REMOTE_USER'])) {
        $_SESSION['username'] = mres($_SERVER['REMOTE_USER']);

        $row = @dbFetchRow('SELECT username FROM `users` WHERE `username`=?', array($_SESSION['username']));
        if (isset($row['username']) && $row['username'] == $_SESSION['username']) {
            return 1;
        } else {
            $_SESSION['username'] = $config['http_auth_guest'];
            return 1;
        }
    }
    return 0;
}


function reauthenticate($sess_id = '', $token = '')
{
    return 0;
}


function passwordscanchange($username = '')
{
    return 0;
}


function changepassword($username, $newpassword)
{
    // Not supported
}


function auth_usermanagement()
{
    return 1;
}


function adduser($username, $password, $level, $email = '', $realname = '', $can_modify_passwd = 1, $description = '', $twofactor = 0)
{
    if (!user_exists($username)) {
        $hasher    = new PasswordHash(8, false);
        $encrypted = $hasher->HashPassword($password);
        $userid    = dbInsert(array('username' => $username, 'password' => $encrypted, 'level' => $level, 'email' => $email, 'realname' => $realname, 'can_modify_passwd' => $can_modify_passwd, 'descr' => $description, 'twofactor' => $twofactor), 'users');
        if ($userid == false) {
            return false;
        } else {
            foreach (dbFetchRows('select notifications.* from notifications where not exists( select 1 from notifications_attribs where notifications.notifications_id = notifications_attribs.notifications_id and notifications_attribs.user_id = ?) order by notifications.notifications_id desc', array($userid)) as $notif) {
                dbInsert(array('notifications_id'=>$notif['notifications_id'],'user_id'=>$userid,'key'=>'read','value'=>1), 'notifications_attribs');
            }
        }
        return $userid;
    } else {
        return false;
    }
}


function user_exists($username)
{
    // FIXME this doesn't seem right? (adama)
    return dbFetchCell('SELECT * FROM `users` WHERE `username` = ?', array($username));
}


function get_userlevel($username)
{
    return dbFetchCell('SELECT `level` FROM `users` WHERE `username`= ?', array($username));
}


function get_userid($username)
{
    return dbFetchCell('SELECT `user_id` FROM `users` WHERE `username`= ?', array($username));
}


function deluser($username)
{
    // Not supported
    return 0;
}


function get_userlist()
{
    return dbFetchRows('SELECT * FROM `users`');
}


function can_update_users()
{
    // supported so return 1
    return 1;
}


function get_user($user_id)
{
    return dbFetchRow('SELECT * FROM `users` WHERE `user_id` = ?', array($user_id));
}


function update_user($user_id, $realname, $level, $can_modify_passwd, $email)
{
    dbUpdate(array('realname' => $realname, 'level' => $level, 'can_modify_passwd' => $can_modify_passwd, 'email' => $email), 'users', '`user_id` = ?', array($user_id));
}
auth modules! please test http-auth again, i haven't, but i think i got it right... git-svn-id: http://www.observium.org/svn/observer/trunk@973 61d68cd4-352d-0410-923a-c4978735b2b8 2010-02-28 13:04:07 +00:00			`<?php`

Fix coding style part 2 2015-07-13 20:10:26 +02:00			`if (!isset($_SESSION['username'])) {`
			`$_SESSION['username'] = '';`
more auth fixes from lenwe. git-svn-id: http://www.observium.org/svn/observer/trunk@2222 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-03 14:10:21 +00:00			`}`

auth modules! please test http-auth again, i haven't, but i think i got it right... git-svn-id: http://www.observium.org/svn/observer/trunk@973 61d68cd4-352d-0410-923a-c4978735b2b8 2010-02-28 13:04:07 +00:00
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`function authenticate($username, $password)`
			`{`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`global $config;`
remove dead map.php code, rename some .inc to .inc.php files, general trailing space cleanup part 1, some reindent. No expected functionality change whatsoever ;) git-svn-id: http://www.observium.org/svn/observer/trunk@1824 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-12 08:50:47 +00:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`if (isset($_SERVER['REMOTE_USER'])) {`
			`$_SESSION['username'] = mres($_SERVER['REMOTE_USER']);`

			$row = @dbFetchRow('SELECT username FROM `users` WHERE `username`=?', array($_SESSION['username']));
			`if (isset($row['username']) && $row['username'] == $_SESSION['username']) {`
			`return 1;`
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`} else {`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`$_SESSION['username'] = $config['http_auth_guest'];`
			`return 1;`
			`}`
auth modules! please test http-auth again, i haven't, but i think i got it right... git-svn-id: http://www.observium.org/svn/observer/trunk@973 61d68cd4-352d-0410-923a-c4978735b2b8 2010-02-28 13:04:07 +00:00			`}`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`return 0;`
auth modules! please test http-auth again, i haven't, but i think i got it right... git-svn-id: http://www.observium.org/svn/observer/trunk@973 61d68cd4-352d-0410-923a-c4978735b2b8 2010-02-28 13:04:07 +00:00			`}`

Revert "Updated to remove passwords from sessions" (#4422) 2016-09-13 15:10:42 +01:00
			`function reauthenticate($sess_id = '', $token = '')`
			`{`
			`return 0;`
			`}`


PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`function passwordscanchange($username = '')`
			`{`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`return 0;`
change password option in the auth modules, not used in the webinterface yet git-svn-id: http://www.observium.org/svn/observer/trunk@990 61d68cd4-352d-0410-923a-c4978735b2b8 2010-03-06 00:00:05 +00:00			`}`

Fix coding style part 2 2015-07-13 20:10:26 +02:00
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`function changepassword($username, $newpassword)`
			`{`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`// Not supported`
change password option in the auth modules, not used in the webinterface yet git-svn-id: http://www.observium.org/svn/observer/trunk@990 61d68cd4-352d-0410-923a-c4978735b2b8 2010-03-06 00:00:05 +00:00			`}`
remove dead map.php code, rename some .inc to .inc.php files, general trailing space cleanup part 1, some reindent. No expected functionality change whatsoever ;) git-svn-id: http://www.observium.org/svn/observer/trunk@1824 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-12 08:50:47 +00:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`function auth_usermanagement()`
			`{`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`return 1;`
MOAR AUTHMODULE, with some parts left to do... git-svn-id: http://www.observium.org/svn/observer/trunk@991 61d68cd4-352d-0410-923a-c4978735b2b8 2010-03-06 01:10:05 +00:00			`}`
remove dead map.php code, rename some .inc to .inc.php files, general trailing space cleanup part 1, some reindent. No expected functionality change whatsoever ;) git-svn-id: http://www.observium.org/svn/observer/trunk@1824 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-12 08:50:47 +00:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`function adduser($username, $password, $level, $email = '', $realname = '', $can_modify_passwd = 1, $description = '', $twofactor = 0)`
			`{`
Updated adduser to check for existing user and use password hashing 2014-10-06 18:39:48 +01:00			`if (!user_exists($username)) {`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`$hasher = new PasswordHash(8, false);`
Updated adduser to check for existing user and use password hashing 2014-10-06 18:39:48 +01:00			`$encrypted = $hasher->HashPassword($password);`
fix rest of the authmodules 2015-11-21 12:25:34 +00:00			`$userid = dbInsert(array('username' => $username, 'password' => $encrypted, 'level' => $level, 'email' => $email, 'realname' => $realname, 'can_modify_passwd' => $can_modify_passwd, 'descr' => $description, 'twofactor' => $twofactor), 'users');`
			`if ($userid == false) {`
			`return false;`
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`} else {`
			`foreach (dbFetchRows('select notifications.* from notifications where not exists( select 1 from notifications_attribs where notifications.notifications_id = notifications_attribs.notifications_id and notifications_attribs.user_id = ?) order by notifications.notifications_id desc', array($userid)) as $notif) {`
			`dbInsert(array('notifications_id'=>$notif['notifications_id'],'user_id'=>$userid,'key'=>'read','value'=>1), 'notifications_attribs');`
fix rest of the authmodules 2015-11-21 12:25:34 +00:00			`}`
			`}`
			`return $userid;`
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`} else {`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`return false;`
Updated adduser to check for existing user and use password hashing 2014-10-06 18:39:48 +01:00			`}`
MOAR AUTHMODULE, with some parts left to do... git-svn-id: http://www.observium.org/svn/observer/trunk@991 61d68cd4-352d-0410-923a-c4978735b2b8 2010-03-06 01:10:05 +00:00			`}`
remove dead map.php code, rename some .inc to .inc.php files, general trailing space cleanup part 1, some reindent. No expected functionality change whatsoever ;) git-svn-id: http://www.observium.org/svn/observer/trunk@1824 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-12 08:50:47 +00:00
MOAR AUTHMODULE, with some parts left to do... git-svn-id: http://www.observium.org/svn/observer/trunk@991 61d68cd4-352d-0410-923a-c4978735b2b8 2010-03-06 01:10:05 +00:00
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`function user_exists($username)`
			`{`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`// FIXME this doesn't seem right? (adama)`
			return dbFetchCell('SELECT * FROM `users` WHERE `username` = ?', array($username));
userlevel via authmodule git-svn-id: http://www.observium.org/svn/observer/trunk@992 61d68cd4-352d-0410-923a-c4978735b2b8 2010-03-06 01:15:52 +00:00			`}`

Fix coding style part 2 2015-07-13 20:10:26 +02:00
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`function get_userlevel($username)`
			`{`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			return dbFetchCell('SELECT `level` FROM `users` WHERE `username`= ?', array($username));
more working less sucking git-svn-id: http://www.observium.org/svn/observer/trunk@994 61d68cd4-352d-0410-923a-c4978735b2b8 2010-03-06 01:22:09 +00:00			`}`

Fix coding style part 2 2015-07-13 20:10:26 +02:00
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`function get_userid($username)`
			`{`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			return dbFetchCell('SELECT `user_id` FROM `users` WHERE `username`= ?', array($username));
r1984: BIG BROTHER RELEASE // Move user deletion code into authentication module git-svn-id: http://www.observium.org/svn/observer/trunk@1984 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-28 10:48:43 +00:00			`}`

Fix coding style part 2 2015-07-13 20:10:26 +02:00
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`function deluser($username)`
			`{`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`// Not supported`
			`return 0;`
add get_userlist function, pull from LDAP in case of LDAP backend -- now awaiting fix of edituser page git-svn-id: http://www.observium.org/svn/observer/trunk@2545 61d68cd4-352d-0410-923a-c4978735b2b8 2011-09-22 16:46:30 +00:00			`}`

Fix coding style part 2 2015-07-13 20:10:26 +02:00
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`function get_userlist()`
			`{`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			return dbFetchRows('SELECT * FROM `users`');
Updated edit user screen so you can now update details 2014-03-10 23:50:16 +00:00			`}`

Fix coding style part 2 2015-07-13 20:10:26 +02:00
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`function can_update_users()`
			`{`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`// supported so return 1`
			`return 1;`
Updated edit user screen so you can now update details 2014-03-10 23:50:16 +00:00			`}`

Fix coding style part 2 2015-07-13 20:10:26 +02:00
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`function get_user($user_id)`
			`{`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			return dbFetchRow('SELECT * FROM `users` WHERE `user_id` = ?', array($user_id));
Updated edit user screen so you can now update details 2014-03-10 23:50:16 +00:00			`}`

Fix coding style part 2 2015-07-13 20:10:26 +02:00
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`function update_user($user_id, $realname, $level, $can_modify_passwd, $email)`
			`{`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			dbUpdate(array('realname' => $realname, 'level' => $level, 'can_modify_passwd' => $can_modify_passwd, 'email' => $email), 'users', '`user_id` = ?', array($user_id));
			`}`