html/includes/authenticate.inc.php

<?php

@ini_set("session.gc_maxlifetime","0");

session_start();

// Preflight checks
if (!is_dir($config['rrd_dir']))
{
  echo("<div class='errorbox'>RRD Log Directory is missing ({$config['rrd_dir']}).  Graphing may fail.</div>");
}

if (!is_dir($config['temp_dir']))
{
  echo("<div class='errorbox'>Temp Directory is missing ({$config['tmp_dir']}).  Graphing may fail.</div>");
}

if (!is_writable($config['temp_dir']))
{
  echo("<div class='errorbox'>Temp Directory is not writable ({$config['tmp_dir']}).  Graphing may fail.</div>");
}

if (isset($_GET['logout']) && $_SESSION['authenticated'])
{
  dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Logged Out'), 'authlog');
  unset($_SESSION);
  session_destroy();
  header('Location: /');
  setcookie ("username", "", time() - 60*60*24*100, "/");
  setcookie ("password", "", time() - 60*60*24*100, "/");
  $auth_message = "Logged Out";
}

if (isset($_GET['username']) && isset($_GET['password']))
{
  $_SESSION['username'] = mres($_GET['username']);
  $_SESSION['password'] = $_GET['password'];
} elseif (isset($_POST['username']) && isset($_POST['password'])) {
  $_SESSION['username'] = mres($_POST['username']);
  $_SESSION['password'] = $_POST['password'];
} elseif (isset($_COOKIE['username']) && isset($_COOKIE['password'])) {
  $_SESSION['username'] = mres($_COOKIE['username']);
  $_SESSION['password'] = $_COOKIE['password'];
}

if (!isset($config['auth_mechanism']))
{
  $config['auth_mechanism'] = "mysql";
}

if (file_exists('includes/authentication/' . $config['auth_mechanism'] . '.inc.php'))
{
  include('includes/authentication/' . $config['auth_mechanism'] . '.inc.php');
}
else
{
  print_error('ERROR: no valid auth_mechanism defined!');
  exit();
}

$auth_success = 0;

if (isset($_SESSION['username']))
{
  if (authenticate($_SESSION['username'],$_SESSION['password']))
  {
    $_SESSION['userlevel'] = get_userlevel($_SESSION['username']);
    $_SESSION['user_id'] = get_userid($_SESSION['username']);
    if (!$_SESSION['authenticated'])
    {
      $_SESSION['authenticated'] = true;
      dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Logged In'), 'authlog');
      header("Location: ".$_SERVER['REQUEST_URI']);
    }
    if (isset($_POST['remember']))
    {
      setcookie("username", $_SESSION['username'], time()+60*60*24*100, "/");
      setcookie("password", $_SESSION['password'], time()+60*60*24*100, "/");
    }
    $permissions = permissions_cache($_SESSION['user_id']);

  }
  elseif (isset($_SESSION['username']))
  {
    $auth_message = "Authentication Failed";
    unset ($_SESSION['authenticated']);
    dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Authentication Failure'), 'authlog');
  }
}
?>
just another cleanup commit, don't mind me... 2011-03-16 18:28:52 +00:00			`<?php`
Initial Import 2007-04-03 14:10:23 +00:00
just another cleanup commit, don't mind me... 2011-03-16 18:28:52 +00:00			`@ini_set("session.gc_maxlifetime","0");`
updates 2009-05-11 14:59:40 +00:00
fix login and some other things 2009-03-17 20:26:29 +00:00			`session_start();`
improved authentication checks (not sure this file is the right place, but meh) from sovern (also some fixes for diskio_ops) 2010-07-05 19:19:19 +00:00
			`// Preflight checks`
just another cleanup commit, don't mind me... 2011-03-16 18:28:52 +00:00			`if (!is_dir($config['rrd_dir']))`
move authenticate to a little later, update CHANGELOG for VMware support, minor cleanups, prettify message- and errorboxes 2011-03-26 19:28:39 +00:00			`{`
Minor fixes, some cleanups, and standardising on echo("x") instead of echo "x" 2010-11-20 14:04:07 +00:00			`echo("<div class='errorbox'>RRD Log Directory is missing ({$config['rrd_dir']}). Graphing may fail.</div>");`
move authenticate to a little later, update CHANGELOG for VMware support, minor cleanups, prettify message- and errorboxes 2011-03-26 19:28:39 +00:00			`}`
improved authentication checks (not sure this file is the right place, but meh) from sovern (also some fixes for diskio_ops) 2010-07-05 19:19:19 +00:00
just another cleanup commit, don't mind me... 2011-03-16 18:28:52 +00:00			`if (!is_dir($config['temp_dir']))`
move authenticate to a little later, update CHANGELOG for VMware support, minor cleanups, prettify message- and errorboxes 2011-03-26 19:28:39 +00:00			`{`
Minor fixes, some cleanups, and standardising on echo("x") instead of echo "x" 2010-11-20 14:04:07 +00:00			`echo("<div class='errorbox'>Temp Directory is missing ({$config['tmp_dir']}). Graphing may fail.</div>");`
move authenticate to a little later, update CHANGELOG for VMware support, minor cleanups, prettify message- and errorboxes 2011-03-26 19:28:39 +00:00			`}`
improved authentication checks (not sure this file is the right place, but meh) from sovern (also some fixes for diskio_ops) 2010-07-05 19:19:19 +00:00
just another cleanup commit, don't mind me... 2011-03-16 18:28:52 +00:00			`if (!is_writable($config['temp_dir']))`
move authenticate to a little later, update CHANGELOG for VMware support, minor cleanups, prettify message- and errorboxes 2011-03-26 19:28:39 +00:00			`{`
Minor fixes, some cleanups, and standardising on echo("x") instead of echo "x" 2010-11-20 14:04:07 +00:00			`echo("<div class='errorbox'>Temp Directory is not writable ({$config['tmp_dir']}). Graphing may fail.</div>");`
move authenticate to a little later, update CHANGELOG for VMware support, minor cleanups, prettify message- and errorboxes 2011-03-26 19:28:39 +00:00			`}`
improved authentication checks (not sure this file is the right place, but meh) from sovern (also some fixes for diskio_ops) 2010-07-05 19:19:19 +00:00
move authenticate to a little later, update CHANGELOG for VMware support, minor cleanups, prettify message- and errorboxes 2011-03-26 19:28:39 +00:00			`if (isset($_GET['logout']) && $_SESSION['authenticated'])`
			`{`
fix topnav and authenticate 2011-05-12 20:01:24 +00:00			`dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Logged Out'), 'authlog');`
updates and fixes 2009-06-19 10:43:02 +00:00			`unset($_SESSION);`
Initial Import 2007-04-03 14:10:23 +00:00			`session_destroy();`
			`header('Location: /');`
updates and fixes 2009-06-19 10:43:02 +00:00			`setcookie ("username", "", time() - 606024*100, "/");`
			`setcookie ("password", "", time() - 606024*100, "/");`
fixing authentication 2008-11-26 12:55:55 +00:00			`$auth_message = "Logged Out";`
Initial Import 2007-04-03 14:10:23 +00:00			`}`

move authenticate to a little later, update CHANGELOG for VMware support, minor cleanups, prettify message- and errorboxes 2011-03-26 19:28:39 +00:00			`if (isset($_GET['username']) && isset($_GET['password']))`
			`{`
can auth via _GET 2010-08-03 12:09:38 +00:00			`$_SESSION['username'] = mres($_GET['username']);`
fix password 2011-05-26 21:50:27 +00:00			`$_SESSION['password'] = $_GET['password'];`
move authenticate to a little later, update CHANGELOG for VMware support, minor cleanups, prettify message- and errorboxes 2011-03-26 19:28:39 +00:00			`} elseif (isset($_POST['username']) && isset($_POST['password'])) {`
updates and fixes 2009-06-19 10:43:02 +00:00			`$_SESSION['username'] = mres($_POST['username']);`
fix password 2011-05-26 21:50:27 +00:00			`$_SESSION['password'] = $_POST['password'];`
move authenticate to a little later, update CHANGELOG for VMware support, minor cleanups, prettify message- and errorboxes 2011-03-26 19:28:39 +00:00			`} elseif (isset($_COOKIE['username']) && isset($_COOKIE['password'])) {`
updates and fixes 2009-06-19 10:43:02 +00:00			`$_SESSION['username'] = mres($_COOKIE['username']);`
fix password 2011-05-26 21:50:27 +00:00			`$_SESSION['password'] = $_COOKIE['password'];`
updates and fixes 2009-06-19 10:43:02 +00:00			`}`

auth modules! please test http-auth again, i haven't, but i think i got it right... 2010-02-28 13:04:07 +00:00			`if (!isset($config['auth_mechanism']))`
			`{`
			`$config['auth_mechanism'] = "mysql";`
			`}`

			`if (file_exists('includes/authentication/' . $config['auth_mechanism'] . '.inc.php'))`
			`{`
			`include('includes/authentication/' . $config['auth_mechanism'] . '.inc.php');`
			`}`
			`else`
			`{`
move authenticate to a little later, update CHANGELOG for VMware support, minor cleanups, prettify message- and errorboxes 2011-03-26 19:28:39 +00:00			`print_error('ERROR: no valid auth_mechanism defined!');`
auth modules! please test http-auth again, i haven't, but i think i got it right... 2010-02-28 13:04:07 +00:00			`exit();`
Add HTTP-Auth (thanks Allen Parker <parker a isohunt o com>) 2010-02-28 02:20:05 +00:00			`}`

more fixes and updates from sid3windr 2009-12-31 19:06:05 +00:00			`$auth_success = 0;`
updates and fixes 2009-06-19 10:43:02 +00:00
more auth fixes from lenwe. 2011-05-03 14:10:21 +00:00			`if (isset($_SESSION['username']))`
more fixes and updates from sid3windr 2009-12-31 19:06:05 +00:00			`{`
more auth fixes from lenwe. 2011-05-03 14:10:21 +00:00			`if (authenticate($_SESSION['username'],$_SESSION['password']))`
avoid error on ldap bind when session has expired 2010-01-05 20:06:24 +00:00			`{`
can has working pages? NO CAN HAS :( 2010-03-06 01:19:06 +00:00			`$_SESSION['userlevel'] = get_userlevel($_SESSION['username']);`
cleanups code, YAY COMMIT 1000 2010-03-07 22:22:29 +00:00			`$_SESSION['user_id'] = get_userid($_SESSION['username']);`
just another cleanup commit, don't mind me... 2011-03-16 18:28:52 +00:00			`if (!$_SESSION['authenticated'])`
more fixes and updates from sid3windr 2009-12-31 19:06:05 +00:00			`{`
auth modules! please test http-auth again, i haven't, but i think i got it right... 2010-02-28 13:04:07 +00:00			`$_SESSION['authenticated'] = true;`
fix topnav and authenticate 2011-05-12 20:01:24 +00:00			`dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Logged In'), 'authlog');`
auth modules! please test http-auth again, i haven't, but i think i got it right... 2010-02-28 13:04:07 +00:00			`header("Location: ".$_SERVER['REQUEST_URI']);`
more fixes and updates from sid3windr 2009-12-31 19:06:05 +00:00			`}`
just another cleanup commit, don't mind me... 2011-03-16 18:28:52 +00:00			`if (isset($_POST['remember']))`
auth modules! please test http-auth again, i haven't, but i think i got it right... 2010-02-28 13:04:07 +00:00			`{`
			`setcookie("username", $_SESSION['username'], time()+606024*100, "/");`
			`setcookie("password", $_SESSION['password'], time()+606024*100, "/");`
			`}`
billing system fixes (make moar sexypants) 2010-07-31 21:08:35 +00:00			`$permissions = permissions_cache($_SESSION['user_id']);`

just another cleanup commit, don't mind me... 2011-03-16 18:28:52 +00:00			`}`
			`elseif (isset($_SESSION['username']))`
			`{`
			`$auth_message = "Authentication Failed";`
auth modules! please test http-auth again, i haven't, but i think i got it right... 2010-02-28 13:04:07 +00:00			`unset ($_SESSION['authenticated']);`
fix topnav and authenticate 2011-05-12 20:01:24 +00:00			`dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Authentication Failure'), 'authlog');`
more fixes and updates from sid3windr 2009-12-31 19:06:05 +00:00			`}`
just another cleanup commit, don't mind me... 2011-03-16 18:28:52 +00:00			`}`
Initial Import 2007-04-03 14:10:23 +00:00			`?>`