2011-03-16 18:28:52 +00:00
|
|
|
<?php
|
2007-04-03 14:10:23 +00:00
|
|
|
|
2011-03-16 18:28:52 +00:00
|
|
|
@ini_set("session.gc_maxlifetime","0");
|
2014-02-03 22:32:45 +00:00
|
|
|
@ini_set('session.use_only_cookies', 1);
|
|
|
|
|
@ini_set('session.cookie_httponly', 1);
|
2014-02-03 10:45:34 +00:00
|
|
|
require('includes/PasswordHash.php');
|
2009-05-11 14:59:40 +00:00
|
|
|
|
2009-03-17 20:26:29 +00:00
|
|
|
session_start();
|
2010-07-05 19:19:19 +00:00
|
|
|
|
|
|
|
|
// Preflight checks
|
2011-03-16 18:28:52 +00:00
|
|
|
if (!is_dir($config['rrd_dir']))
|
2011-03-26 19:28:39 +00:00
|
|
|
{
|
2010-11-20 14:04:07 +00:00
|
|
|
echo("<div class='errorbox'>RRD Log Directory is missing ({$config['rrd_dir']}). Graphing may fail.</div>");
|
2011-03-26 19:28:39 +00:00
|
|
|
}
|
2010-07-05 19:19:19 +00:00
|
|
|
|
2011-03-16 18:28:52 +00:00
|
|
|
if (!is_dir($config['temp_dir']))
|
2011-03-26 19:28:39 +00:00
|
|
|
{
|
2012-01-25 05:51:12 +00:00
|
|
|
echo("<div class='errorbox'>Temp Directory is missing ({$config['temp_dir']}). Graphing may fail.</div>");
|
2011-03-26 19:28:39 +00:00
|
|
|
}
|
2010-07-05 19:19:19 +00:00
|
|
|
|
2011-03-16 18:28:52 +00:00
|
|
|
if (!is_writable($config['temp_dir']))
|
2011-03-26 19:28:39 +00:00
|
|
|
{
|
2010-11-20 14:04:07 +00:00
|
|
|
echo("<div class='errorbox'>Temp Directory is not writable ({$config['tmp_dir']}). Graphing may fail.</div>");
|
2011-03-26 19:28:39 +00:00
|
|
|
}
|
2010-07-05 19:19:19 +00:00
|
|
|
|
2014-02-03 22:32:45 +00:00
|
|
|
// Clear up any old sessions
|
|
|
|
|
dbDelete('session', "`session_expiry` < ?", array(time()));
|
|
|
|
|
|
2012-04-27 17:18:26 +00:00
|
|
|
if ($vars['page'] == "logout" && $_SESSION['authenticated'])
|
2011-03-26 19:28:39 +00:00
|
|
|
{
|
2011-05-12 20:01:24 +00:00
|
|
|
dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Logged Out'), 'authlog');
|
2014-02-03 22:32:45 +00:00
|
|
|
dbDelete('session', "`session_username` = ? AND session_value = ?", array($_SESSION['username'],$_COOKIE['sess_id']));
|
2009-06-19 10:43:02 +00:00
|
|
|
unset($_SESSION);
|
2014-02-03 22:32:45 +00:00
|
|
|
unset($_COOKIE);
|
|
|
|
|
setcookie ("sess_id", "", time() - 60*60*24*$config['auth_remember'], "/");
|
|
|
|
|
setcookie ("token", "", time() - 60*60*24*$config['auth_remember'], "/");
|
|
|
|
|
setcookie ("auth", "", time() - 60*60*24*$config['auth_remember'], "/");
|
2007-04-03 14:10:23 +00:00
|
|
|
session_destroy();
|
2008-11-26 12:55:55 +00:00
|
|
|
$auth_message = "Logged Out";
|
2014-01-09 10:41:40 +00:00
|
|
|
header('Location: /');
|
|
|
|
|
exit;
|
2007-04-03 14:10:23 +00:00
|
|
|
}
|
|
|
|
|
|
2014-02-03 22:32:45 +00:00
|
|
|
// We are only interested in login details passed via POST.
|
|
|
|
|
if (isset($_POST['username']) && isset($_POST['password'])) {
|
2009-06-19 10:43:02 +00:00
|
|
|
$_SESSION['username'] = mres($_POST['username']);
|
2011-05-26 21:50:27 +00:00
|
|
|
$_SESSION['password'] = $_POST['password'];
|
2009-06-19 10:43:02 +00:00
|
|
|
}
|
|
|
|
|
|
2010-02-28 13:04:07 +00:00
|
|
|
if (!isset($config['auth_mechanism']))
|
|
|
|
|
{
|
|
|
|
|
$config['auth_mechanism'] = "mysql";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (file_exists('includes/authentication/' . $config['auth_mechanism'] . '.inc.php'))
|
|
|
|
|
{
|
|
|
|
|
include('includes/authentication/' . $config['auth_mechanism'] . '.inc.php');
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2011-03-26 19:28:39 +00:00
|
|
|
print_error('ERROR: no valid auth_mechanism defined!');
|
2010-02-28 13:04:07 +00:00
|
|
|
exit();
|
2010-02-28 02:20:05 +00:00
|
|
|
}
|
|
|
|
|
|
2009-12-31 19:06:05 +00:00
|
|
|
$auth_success = 0;
|
2009-06-19 10:43:02 +00:00
|
|
|
|
2014-02-03 22:32:45 +00:00
|
|
|
if ((isset($_SESSION['username'])) || (isset($_COOKIE['sess_id'],$_COOKIE['token'])))
|
2009-12-31 19:06:05 +00:00
|
|
|
{
|
2014-02-03 22:32:45 +00:00
|
|
|
if ((authenticate($_SESSION['username'],$_SESSION['password'])) || (reauthenticate($_COOKIE['sess_id'],$_COOKIE['token'])))
|
2010-01-05 20:06:24 +00:00
|
|
|
{
|
2014-02-03 22:32:45 +00:00
|
|
|
// Regenerate session id for additional security.
|
|
|
|
|
session_regenerate_id();
|
2010-03-06 01:19:06 +00:00
|
|
|
$_SESSION['userlevel'] = get_userlevel($_SESSION['username']);
|
2010-03-07 22:22:29 +00:00
|
|
|
$_SESSION['user_id'] = get_userid($_SESSION['username']);
|
2011-03-16 18:28:52 +00:00
|
|
|
if (!$_SESSION['authenticated'])
|
2009-12-31 19:06:05 +00:00
|
|
|
{
|
2010-02-28 13:04:07 +00:00
|
|
|
$_SESSION['authenticated'] = true;
|
2011-05-12 20:01:24 +00:00
|
|
|
dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Logged In'), 'authlog');
|
2010-02-28 13:04:07 +00:00
|
|
|
header("Location: ".$_SERVER['REQUEST_URI']);
|
2009-12-31 19:06:05 +00:00
|
|
|
}
|
2011-03-16 18:28:52 +00:00
|
|
|
if (isset($_POST['remember']))
|
2010-02-28 13:04:07 +00:00
|
|
|
{
|
2014-02-03 22:32:45 +00:00
|
|
|
$sess_id = session_id();
|
|
|
|
|
$hasher = new PasswordHash(8, FALSE);
|
|
|
|
|
$token = strgen();
|
|
|
|
|
$auth = strgen();
|
|
|
|
|
$hasher = new PasswordHash(8, FALSE);
|
|
|
|
|
$token_id = $_SESSION['username'].'|'.$hasher->HashPassword($_SESSION['username'].$token);
|
|
|
|
|
// If we have been asked to remember the user then set the relevant cookies and create a session in the DB.
|
|
|
|
|
setcookie("sess_id", $sess_id, time()+60*60*24*$config['auth_remember'], "/", null, null, true);
|
|
|
|
|
setcookie("token", $token_id, time()+60*60*24*$config['auth_remember'], "/", null, null, true);
|
|
|
|
|
setcookie("auth", $auth, time()+60*60*24*$config['auth_remember'], "/", null, null, true);
|
|
|
|
|
dbInsert(array('session_username' => $_SESSION['username'], 'session_value' => $sess_id, 'session_token' => $token, 'session_auth' => $auth, 'session_expiry' => time()+60*60*24*$config['auth_remember']), 'session');
|
|
|
|
|
}
|
|
|
|
|
if (isset($_COOKIE['sess_id'],$_COOKIE['token'],$_COOKIE['auth']))
|
|
|
|
|
{
|
|
|
|
|
// If we have the remember me cookies set then update session expiry times to keep us logged in.
|
|
|
|
|
$sess_id = session_id();
|
|
|
|
|
dbUpdate(array('session_value' => $sess_id, 'session_expiry' => time()+60*60*24*$config['auth_remember']), 'session', 'session_auth=?', array($_COOKIE['auth']));
|
|
|
|
|
setcookie("sess_id", $sess_id, time()+60*60*24*$config['auth_remember'], "/", null, null, true);
|
|
|
|
|
setcookie("token", $_COOKIE['token'], time()+60*60*24*$config['auth_remember'], "/", null, null, true);
|
|
|
|
|
setcookie("auth", $_COOKIE['auth'], time()+60*60*24*$config['auth_remember'], "/", null, null, true);
|
2010-02-28 13:04:07 +00:00
|
|
|
}
|
2010-07-31 21:08:35 +00:00
|
|
|
$permissions = permissions_cache($_SESSION['user_id']);
|
2011-03-16 18:28:52 +00:00
|
|
|
}
|
|
|
|
|
elseif (isset($_SESSION['username']))
|
|
|
|
|
{
|
|
|
|
|
$auth_message = "Authentication Failed";
|
2010-02-28 13:04:07 +00:00
|
|
|
unset ($_SESSION['authenticated']);
|
2011-05-12 20:01:24 +00:00
|
|
|
dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Authentication Failure'), 'authlog');
|
2009-12-31 19:06:05 +00:00
|
|
|
}
|
2011-03-16 18:28:52 +00:00
|
|
|
}
|
2007-04-03 14:10:23 +00:00
|
|
|
?>
|
