librenms-librenms/html/includes/authenticate.inc

<?php 

@ini_set("session.gc_maxlifetime","0"); 

session_start();

if($_GET['logout']) {
  unset($_SESSION);
  session_destroy();
  header('Location: /');
  setcookie ("username", "", time() - 60*60*24*100, "/");
  setcookie ("password", "", time() - 60*60*24*100, "/");
  mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('$olduser', '".$_SERVER["REMOTE_ADDR"]."', 'logged out')");
  $auth_message = "Logged Out";
  unset ($_SESSION['authenticated']);

}

if($_POST['username'] && $_POST['password']){
  $_SESSION['username'] = mres($_POST['username']);
  $_SESSION['password'] = mres($_POST['password']);
}

if($_COOKIE['username'] && $_COOKIE['password']){
  $_SESSION['username'] = mres($_COOKIE['username']);
  $_SESSION['password'] = mres($_COOKIE['password']);
}


$encrypted = md5($_SESSION['password']);
$sql = "SELECT * FROM `users` WHERE `username`='".$_SESSION['username']."' AND `password`='".$encrypted."'";
$query = mysql_query($sql);
$row = @mysql_fetch_array($query);
if($row['username'] && $row['username'] == $_SESSION['username']) {
  $_SESSION['userlevel'] = $row['level'];
  $_SESSION['user_id'] = $row['user_id'];
  if(!$_SESSION['authenticated']) {
    $_SESSION['authenticated'] = true;
    mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('".$_SESSION['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'logged in')");
    header("Location: ".$_SERVER['REQUEST_URI']);
  }
  if(isset($_POST['remember'])){
    setcookie("username", $_SESSION['username'], time()+60*60*24*100, "/");
    setcookie("password", $_SESSION['password'], time()+60*60*24*100, "/");
  }
} elseif ($_SESSION['username']) { 
  $auth_message = "Authentication Failed"; 
  unset ($_SESSION['authenticated']);
  mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('".$_SESSION['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'authentication failure')");
} 

?>
Initial Import git-svn-id: http://www.observium.org/svn/observer/trunk@2 61d68cd4-352d-0410-923a-c4978735b2b8 2007-04-03 14:10:23 +00:00			`<?php`

updates git-svn-id: http://www.observium.org/svn/observer/trunk@432 61d68cd4-352d-0410-923a-c4978735b2b8 2009-05-11 14:59:40 +00:00			`@ini_set("session.gc_maxlifetime","0");`

fix login and some other things git-svn-id: http://www.observium.org/svn/observer/trunk@356 61d68cd4-352d-0410-923a-c4978735b2b8 2009-03-17 20:26:29 +00:00			`session_start();`
fixing authentication git-svn-id: http://www.observium.org/svn/observer/trunk@317 61d68cd4-352d-0410-923a-c4978735b2b8 2008-11-26 12:55:55 +00:00
Initial Import git-svn-id: http://www.observium.org/svn/observer/trunk@2 61d68cd4-352d-0410-923a-c4978735b2b8 2007-04-03 14:10:23 +00:00			`if($_GET['logout']) {`
updates and fixes git-svn-id: http://www.observium.org/svn/observer/trunk@439 61d68cd4-352d-0410-923a-c4978735b2b8 2009-06-19 10:43:02 +00:00			`unset($_SESSION);`
Initial Import git-svn-id: http://www.observium.org/svn/observer/trunk@2 61d68cd4-352d-0410-923a-c4978735b2b8 2007-04-03 14:10:23 +00:00			`session_destroy();`
			`header('Location: /');`
updates and fixes git-svn-id: http://www.observium.org/svn/observer/trunk@439 61d68cd4-352d-0410-923a-c4978735b2b8 2009-06-19 10:43:02 +00:00			`setcookie ("username", "", time() - 606024*100, "/");`
			`setcookie ("password", "", time() - 606024*100, "/");`
fixing authentication git-svn-id: http://www.observium.org/svn/observer/trunk@317 61d68cd4-352d-0410-923a-c4978735b2b8 2008-11-26 12:55:55 +00:00			mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('$olduser', '".$_SERVER["REMOTE_ADDR"]."', 'logged out')");
			`$auth_message = "Logged Out";`
updates and fixes git-svn-id: http://www.observium.org/svn/observer/trunk@439 61d68cd4-352d-0410-923a-c4978735b2b8 2009-06-19 10:43:02 +00:00			`unset ($_SESSION['authenticated']);`

Initial Import git-svn-id: http://www.observium.org/svn/observer/trunk@2 61d68cd4-352d-0410-923a-c4978735b2b8 2007-04-03 14:10:23 +00:00			`}`

updates and fixes git-svn-id: http://www.observium.org/svn/observer/trunk@439 61d68cd4-352d-0410-923a-c4978735b2b8 2009-06-19 10:43:02 +00:00			`if($_POST['username'] && $_POST['password']){`
			`$_SESSION['username'] = mres($_POST['username']);`
			`$_SESSION['password'] = mres($_POST['password']);`
			`}`

			`if($_COOKIE['username'] && $_COOKIE['password']){`
			`$_SESSION['username'] = mres($_COOKIE['username']);`
			`$_SESSION['password'] = mres($_COOKIE['password']);`
			`}`


			`$encrypted = md5($_SESSION['password']);`
			$sql = "SELECT * FROM `users` WHERE `username`='".$_SESSION['username']."' AND `password`='".$encrypted."'";
			`$query = mysql_query($sql);`
			`$row = @mysql_fetch_array($query);`
			`if($row['username'] && $row['username'] == $_SESSION['username']) {`
			`$_SESSION['userlevel'] = $row['level'];`
			`$_SESSION['user_id'] = $row['user_id'];`
			`if(!$_SESSION['authenticated']) {`
			`$_SESSION['authenticated'] = true;`
			mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('".$_SESSION['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'logged in')");
			`header("Location: ".$_SERVER['REQUEST_URI']);`
			`}`
			`if(isset($_POST['remember'])){`
			`setcookie("username", $_SESSION['username'], time()+606024*100, "/");`
			`setcookie("password", $_SESSION['password'], time()+606024*100, "/");`
			`}`
updates additions git-svn-id: http://www.observium.org/svn/observer/trunk@505 61d68cd4-352d-0410-923a-c4978735b2b8 2009-11-09 15:52:04 +00:00			`} elseif ($_SESSION['username']) {`
updates and fixes git-svn-id: http://www.observium.org/svn/observer/trunk@439 61d68cd4-352d-0410-923a-c4978735b2b8 2009-06-19 10:43:02 +00:00			`$auth_message = "Authentication Failed";`
			`unset ($_SESSION['authenticated']);`
			mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('".$_SESSION['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'authentication failure')");
			`}`

Initial Import git-svn-id: http://www.observium.org/svn/observer/trunk@2 61d68cd4-352d-0410-923a-c4978735b2b8 2007-04-03 14:10:23 +00:00			`?>`