mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add HTTP-Auth (thanks Allen Parker <parker a isohunt o com>)

Browse Source 
git-svn-id: http://www.observium.org/svn/observer/trunk@972 61d68cd4-352d-0410-923a-c4978735b2b8
This commit is contained in:
Adam Amstrong
2010-02-28 02:20:05 +00:00
parent af4e0bc2ff
commit a8be5a36f8
6 changed files with 42 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
html/includes/authenticate.inc.php
View File

@ -3,7 +3,6 @@
@ini_set("session.gc_maxlifetime","0");
session_start();
if(isset($_GET['logout']) && $_SESSION['authenticated']) {
mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('" . $_SESSION['username'] . "', '".$_SERVER["REMOTE_ADDR"]."', 'logged out')");
unset($_SESSION);
@ -24,21 +23,35 @@ if(isset($_COOKIE['username']) && isset($_COOKIE['password'])){
$_SESSION['password'] = mres($_COOKIE['password']);
}
if(isset($_SERVER['REMOTE_USER'])) {
$_SESSION['username'] = mres($_SERVER['REMOTE_USER']);
// we don't set a password here because we're using HTTP AUTH
}
$auth_success = 0;
if ($_SESSION['username'])
if (isset($_SESSION['username']))
{
if ($config['auth_mechanism'] == "mysql" || !$config['auth_mechanism'])
if ($config['auth_mechanism'] == "mysql" || $config['auth_mechanism'] == "http-auth" || !$config['auth_mechanism'])
{
$encrypted = md5($_SESSION['password']);
$sql = "SELECT username FROM `users` WHERE `username`='".$_SESSION['username']."' AND `password`='".$encrypted."'";
$query = mysql_query($sql);
$sql = "SELECT username FROM `users` WHERE `username`='".$_SESSION['username'];
if ($config['auth_mechanism'] != "http-auth")
{
$encrypted = md5($_SESSION['password']);
$sql .= "' AND `password`='".$encrypted."';";
} else {
$sql .= "';";
}
$query = mysql_query($sql);
$row = @mysql_fetch_array($query);
if($row['username'] && $row['username'] == $_SESSION['username']) {
$auth_success = 1;
}
} else {
$_SESSION['username'] = $config['http_auth_guest'];
$auth_success = 1;
}
}
else if ($config['auth_mechanism'] == "ldap")
else if ($config['auth_mechanism'] == "ldap")
{
$ds=@ldap_connect($config['auth_ldap_server'],$config['auth_ldap_port']);
if ($ds)
@ -82,10 +95,9 @@ if ($auth_success) {
setcookie("password", $_SESSION['password'], time()+60*60*24*100, "/");
}
}
elseif ($_SESSION['username']) {
elseif (isset($_SESSION['username'])) {
$auth_message = "Authentication Failed";
unset ($_SESSION['authenticated']);
mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('".$_SESSION['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'authentication failure')");
}
?>