mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

updates and fixes

Browse Source 
git-svn-id: http://www.observium.org/svn/observer/trunk@439 61d68cd4-352d-0410-923a-c4978735b2b8
This commit is contained in:
Adam Amstrong
2009-06-19 10:43:02 +00:00
parent 663a2e7729
commit 6c56299161
8 changed files with 57 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
html/includes/authenticate.inc
View File

@@ -1,40 +1,52 @@
<?php
@ini_set("session.gc_maxlifetime","0");
session_start();
if($_GET['logout']) {
$olduser = $_SESSION['username'];
unset($_SESSION);
session_destroy();
header('Location: /');
setcookie ("username", "", time() - 3600);
setcookie ("encrypted", "", time() - 3600);
setcookie ("username", "", time() - 60*60*24*100, "/");
setcookie ("password", "", time() - 60*60*24*100, "/");
mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('$olduser', '".$_SERVER["REMOTE_ADDR"]."', 'logged out')");
$auth_message = "Logged Out";
} else {
unset ($_SESSION['authenticated']);
if($_POST['username'] && $_POST['password']){
$username = mres($_POST['username']);
$password = mres($_POST['password']);
$encrypted = md5($password);
$sql = "SELECT * FROM `users` WHERE `username`='$username' AND `password`='$encrypted'";
$query = mysql_query($sql);
$row = @mysql_fetch_array($query);
if($row['level']) {
$_SESSION['userlevel'] = $row['level'];
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['authenticated'] = true;
$_SESSION['username'] = $username;
mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('$username', '".$_SERVER["REMOTE_ADDR"]."', 'logged in')");
header("Location: ".$_SERVER['REQUEST_URI']);
} else {
$auth_message = "Authentication Failed";
mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('$username', '".$_SERVER["REMOTE_ADDR"]."', 'authentication failure')");
}
}
}
if($_POST['username'] && $_POST['password']){
$_SESSION['username'] = mres($_POST['username']);
$_SESSION['password'] = mres($_POST['password']);
}
if($_COOKIE['username'] && $_COOKIE['password']){
$_SESSION['username'] = mres($_COOKIE['username']);
$_SESSION['password'] = mres($_COOKIE['password']);
}
$encrypted = md5($_SESSION['password']);
$sql = "SELECT * FROM `users` WHERE `username`='".$_SESSION['username']."' AND `password`='".$encrypted."'";
$query = mysql_query($sql);
$row = @mysql_fetch_array($query);
if($row['username'] && $row['username'] == $_SESSION['username']) {
$_SESSION['userlevel'] = $row['level'];
$_SESSION['user_id'] = $row['user_id'];
if(!$_SESSION['authenticated']) {
$_SESSION['authenticated'] = true;
mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('".$_SESSION['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'logged in')");
header("Location: ".$_SERVER['REQUEST_URI']);
}
if(isset($_POST['remember'])){
setcookie("username", $_SESSION['username'], time()+60*60*24*100, "/");
setcookie("password", $_SESSION['password'], time()+60*60*24*100, "/");
}
} else {
$auth_message = "Authentication Failed";
unset ($_SESSION['authenticated']);
mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('".$_SESSION['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'authentication failure')");
}
?>