auth modules! please test http-auth again, i haven't, but i think i got it right...

git-svn-id: http://www.observium.org/svn/observer/trunk@973 61d68cd4-352d-0410-923a-c4978735b2b8
2024-10-07 16:52:45 +00:00 · 2010-02-28 13:04:07 +00:00
parent a8be5a36f8
commit b719e22e8e
6 changed files with 114 additions and 68 deletions
--- a/html/includes/authenticate.inc.php
+++ b/html/includes/authenticate.inc.php
@@ -23,81 +23,51 @@ if(isset($_COOKIE['username']) && isset($_COOKIE['password'])){
  $_SESSION['password'] = mres($_COOKIE['password']);
 }

-if(isset($_SERVER['REMOTE_USER'])) {
-  $_SESSION['username'] = mres($_SERVER['REMOTE_USER']);
-  // we don't set a password here because we're using HTTP AUTH
+if (!isset($config['auth_mechanism']))
+{
+  $config['auth_mechanism'] = "mysql";
+}
+
+if (file_exists('includes/authentication/' . $config['auth_mechanism'] . '.inc.php'))
+{
+  include('includes/authentication/' . $config['auth_mechanism'] . '.inc.php');
+}
+else
+{
+  # FIXME use standard error message box?
+  echo "ERROR: no valid auth_mechanism defined.";
+  exit();
 }

 $auth_success = 0;

 if (isset($_SESSION['username']))
 {
-  if ($config['auth_mechanism'] == "mysql" || $config['auth_mechanism'] == "http-auth" || !$config['auth_mechanism'])
+  if (authenticate($_SESSION['username'],$_SESSION['password']))
  {
-       $sql = "SELECT username FROM `users` WHERE `username`='".$_SESSION['username'];
-       if ($config['auth_mechanism'] != "http-auth") 
-       {
-           $encrypted = md5($_SESSION['password']);
-           $sql .=       "' AND `password`='".$encrypted."';";
-       } else { 
-           $sql .= "';"; 
-       }
-       $query = mysql_query($sql);
+    #FIXME below should also come from auth module, get_userlevel, etc
+    $sql = "SELECT * FROM `users` WHERE `username`='".$_SESSION['username']."'";
+    $query = mysql_query($sql);
    $row = @mysql_fetch_array($query);
-    if($row['username'] && $row['username'] == $_SESSION['username']) {
-      $auth_success = 1;
-       } else {
-         $_SESSION['username'] = $config['http_auth_guest'];
-         $auth_success = 1;
-       }
-  }
-  else if ($config['auth_mechanism'] == "ldap")
-  {
-    $ds=@ldap_connect($config['auth_ldap_server'],$config['auth_ldap_port']);
-    if ($ds)
+    $_SESSION['userlevel'] = $row['level'];
+    $_SESSION['user_id'] = $row['user_id'];
+    if(!$_SESSION['authenticated']) 
    {
-      if (ldap_bind($ds, $config['auth_ldap_prefix'] . $_SESSION['username'] . $config['auth_ldap_suffix'], $_SESSION['password']))
-      {
-        if (!$config['auth_ldap_group'])
-        {
-          $auth_success = 1;
-        }
-        else
-        { 
-          if (ldap_compare($ds,$config['auth_ldap_group'],'memberUid',$_SESSION['username']))
-          {
-            $auth_success = 1;
-          }
-        }
-      }
+      $_SESSION['authenticated'] = true;
+      mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('".$_SESSION['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'logged in')");
+      header("Location: ".$_SERVER['REQUEST_URI']);
    }
+    if(isset($_POST['remember'])) 
+    {
+      setcookie("username", $_SESSION['username'], time()+60*60*24*100, "/");
+      setcookie("password", $_SESSION['password'], time()+60*60*24*100, "/");
+    }
+  } 
+  elseif (isset($_SESSION['username'])) 
+  { 
+    $auth_message = "Authentication Failed"; 
+    unset ($_SESSION['authenticated']);
+    mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('".$_SESSION['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'authentication failure')");
  }
-  else
-  {
-    echo "ERROR: no valid auth_mechanism defined.";
-    exit();
-  }
-}
-
-if ($auth_success) {
-  $sql = "SELECT * FROM `users` WHERE `username`='".$_SESSION['username']."'";
-  $query = mysql_query($sql);
-  $row = @mysql_fetch_array($query);
-  $_SESSION['userlevel'] = $row['level'];
-  $_SESSION['user_id'] = $row['user_id'];
-  if(!$_SESSION['authenticated']) {
-    $_SESSION['authenticated'] = true;
-    mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('".$_SESSION['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'logged in')");
-    header("Location: ".$_SERVER['REQUEST_URI']);
-  }
-  if(isset($_POST['remember'])) {
-    setcookie("username", $_SESSION['username'], time()+60*60*24*100, "/");
-    setcookie("password", $_SESSION['password'], time()+60*60*24*100, "/");
-  }
-} 
-elseif (isset($_SESSION['username'])) { 
-  $auth_message = "Authentication Failed"; 
-  unset ($_SESSION['authenticated']);
-  mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('".$_SESSION['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'authentication failure')");
 } 
 ?>