2007-04-03 14:10:23 +00:00
|
|
|
<?php
|
|
|
|
|
|
2009-05-11 14:59:40 +00:00
|
|
|
@ini_set("session.gc_maxlifetime","0");
|
|
|
|
|
|
2009-03-17 20:26:29 +00:00
|
|
|
session_start();
|
2008-11-26 12:55:55 +00:00
|
|
|
|
2010-01-16 22:57:10 +00:00
|
|
|
if(isset($_GET['logout']) && $_SESSION['authenticated']) {
|
2010-01-02 17:47:06 +00:00
|
|
|
mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('" . $_SESSION['username'] . "', '".$_SERVER["REMOTE_ADDR"]."', 'logged out')");
|
2009-06-19 10:43:02 +00:00
|
|
|
unset($_SESSION);
|
2007-04-03 14:10:23 +00:00
|
|
|
session_destroy();
|
|
|
|
|
header('Location: /');
|
2009-06-19 10:43:02 +00:00
|
|
|
setcookie ("username", "", time() - 60*60*24*100, "/");
|
|
|
|
|
setcookie ("password", "", time() - 60*60*24*100, "/");
|
2008-11-26 12:55:55 +00:00
|
|
|
$auth_message = "Logged Out";
|
2007-04-03 14:10:23 +00:00
|
|
|
}
|
|
|
|
|
|
2010-01-16 22:57:10 +00:00
|
|
|
if(isset($_POST['username']) && isset($_POST['password'])){
|
2009-06-19 10:43:02 +00:00
|
|
|
$_SESSION['username'] = mres($_POST['username']);
|
|
|
|
|
$_SESSION['password'] = mres($_POST['password']);
|
|
|
|
|
}
|
|
|
|
|
|
2010-01-16 22:57:10 +00:00
|
|
|
if(isset($_COOKIE['username']) && isset($_COOKIE['password'])){
|
2009-06-19 10:43:02 +00:00
|
|
|
$_SESSION['username'] = mres($_COOKIE['username']);
|
|
|
|
|
$_SESSION['password'] = mres($_COOKIE['password']);
|
|
|
|
|
}
|
|
|
|
|
|
2009-12-31 19:06:05 +00:00
|
|
|
$auth_success = 0;
|
2009-06-19 10:43:02 +00:00
|
|
|
|
2010-01-05 20:06:24 +00:00
|
|
|
if ($_SESSION['username'])
|
2009-12-31 19:06:05 +00:00
|
|
|
{
|
2010-01-05 20:06:24 +00:00
|
|
|
if ($config['auth_mechanism'] == "mysql" || !$config['auth_mechanism'])
|
|
|
|
|
{
|
|
|
|
|
$encrypted = md5($_SESSION['password']);
|
|
|
|
|
$sql = "SELECT username FROM `users` WHERE `username`='".$_SESSION['username']."' AND `password`='".$encrypted."'";
|
|
|
|
|
$query = mysql_query($sql);
|
|
|
|
|
$row = @mysql_fetch_array($query);
|
|
|
|
|
if($row['username'] && $row['username'] == $_SESSION['username']) {
|
|
|
|
|
$auth_success = 1;
|
|
|
|
|
}
|
2009-12-31 19:06:05 +00:00
|
|
|
}
|
2010-01-05 20:06:24 +00:00
|
|
|
else if ($config['auth_mechanism'] == "ldap")
|
2009-12-31 19:06:05 +00:00
|
|
|
{
|
2010-01-05 20:06:24 +00:00
|
|
|
$ds=@ldap_connect($config['auth_ldap_server'],$config['auth_ldap_port']);
|
|
|
|
|
if ($ds)
|
2009-12-31 19:06:05 +00:00
|
|
|
{
|
2010-01-05 20:06:24 +00:00
|
|
|
if (ldap_bind($ds, $config['auth_ldap_prefix'] . $_SESSION['username'] . $config['auth_ldap_suffix'], $_SESSION['password']))
|
|
|
|
|
{
|
2010-01-16 22:57:10 +00:00
|
|
|
if (!$config['auth_ldap_group'])
|
|
|
|
|
{
|
|
|
|
|
$auth_success = 1;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (ldap_compare($ds,$config['auth_ldap_group'],'memberUid',$_SESSION['username']))
|
|
|
|
|
{
|
|
|
|
|
$auth_success = 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
2010-01-05 20:06:24 +00:00
|
|
|
}
|
2009-12-31 19:06:05 +00:00
|
|
|
}
|
|
|
|
|
}
|
2010-01-05 20:06:24 +00:00
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
echo "ERROR: no valid auth_mechanism defined.";
|
|
|
|
|
exit();
|
|
|
|
|
}
|
2009-12-31 19:06:05 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($auth_success) {
|
|
|
|
|
$sql = "SELECT * FROM `users` WHERE `username`='".$_SESSION['username']."'";
|
|
|
|
|
$query = mysql_query($sql);
|
|
|
|
|
$row = @mysql_fetch_array($query);
|
2009-06-19 10:43:02 +00:00
|
|
|
$_SESSION['userlevel'] = $row['level'];
|
|
|
|
|
$_SESSION['user_id'] = $row['user_id'];
|
|
|
|
|
if(!$_SESSION['authenticated']) {
|
|
|
|
|
$_SESSION['authenticated'] = true;
|
|
|
|
|
mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('".$_SESSION['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'logged in')");
|
|
|
|
|
header("Location: ".$_SERVER['REQUEST_URI']);
|
|
|
|
|
}
|
2009-12-31 19:06:05 +00:00
|
|
|
if(isset($_POST['remember'])) {
|
2009-06-19 10:43:02 +00:00
|
|
|
setcookie("username", $_SESSION['username'], time()+60*60*24*100, "/");
|
|
|
|
|
setcookie("password", $_SESSION['password'], time()+60*60*24*100, "/");
|
|
|
|
|
}
|
2009-12-31 19:06:05 +00:00
|
|
|
}
|
|
|
|
|
elseif ($_SESSION['username']) {
|
2009-06-19 10:43:02 +00:00
|
|
|
$auth_message = "Authentication Failed";
|
|
|
|
|
unset ($_SESSION['authenticated']);
|
|
|
|
|
mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('".$_SESSION['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'authentication failure')");
|
|
|
|
|
}
|
|
|
|
|
|
2007-04-03 14:10:23 +00:00
|
|
|
?>
|
