auth modules! please test http-auth again, i haven't, but i think i got it right...

git-svn-id: http://www.observium.org/svn/observer/trunk@973 61d68cd4-352d-0410-923a-c4978735b2b8
2024-10-07 16:52:45 +00:00 · 2010-02-28 13:04:07 +00:00
parent a8be5a36f8
commit b719e22e8e
6 changed files with 114 additions and 68 deletions
--- a/html/includes/authenticate.inc.php
+++ b/html/includes/authenticate.inc.php
@@ -23,81 +23,51 @@ if(isset($_COOKIE['username']) && isset($_COOKIE['password'])){
  $_SESSION['password'] = mres($_COOKIE['password']);
 }

-if(isset($_SERVER['REMOTE_USER'])) {
-  $_SESSION['username'] = mres($_SERVER['REMOTE_USER']);
-  // we don't set a password here because we're using HTTP AUTH
+if (!isset($config['auth_mechanism']))
+{
+  $config['auth_mechanism'] = "mysql";
+}
+
+if (file_exists('includes/authentication/' . $config['auth_mechanism'] . '.inc.php'))
+{
+  include('includes/authentication/' . $config['auth_mechanism'] . '.inc.php');
+}
+else
+{
+  # FIXME use standard error message box?
+  echo "ERROR: no valid auth_mechanism defined.";
+  exit();
 }

 $auth_success = 0;

 if (isset($_SESSION['username']))
 {
-  if ($config['auth_mechanism'] == "mysql" || $config['auth_mechanism'] == "http-auth" || !$config['auth_mechanism'])
+  if (authenticate($_SESSION['username'],$_SESSION['password']))
  {
-       $sql = "SELECT username FROM `users` WHERE `username`='".$_SESSION['username'];
-       if ($config['auth_mechanism'] != "http-auth") 
-       {
-           $encrypted = md5($_SESSION['password']);
-           $sql .=       "' AND `password`='".$encrypted."';";
-       } else { 
-           $sql .= "';"; 
-       }
-       $query = mysql_query($sql);
-    $row = @mysql_fetch_array($query);
-    if($row['username'] && $row['username'] == $_SESSION['username']) {
-      $auth_success = 1;
-       } else {
-         $_SESSION['username'] = $config['http_auth_guest'];
-         $auth_success = 1;
-       }
-  }
-  else if ($config['auth_mechanism'] == "ldap")
-  {
-    $ds=@ldap_connect($config['auth_ldap_server'],$config['auth_ldap_port']);
-    if ($ds)
-    {
-      if (ldap_bind($ds, $config['auth_ldap_prefix'] . $_SESSION['username'] . $config['auth_ldap_suffix'], $_SESSION['password']))
-      {
-        if (!$config['auth_ldap_group'])
-        {
-          $auth_success = 1;
-        }
-        else
-        { 
-          if (ldap_compare($ds,$config['auth_ldap_group'],'memberUid',$_SESSION['username']))
-          {
-            $auth_success = 1;
-          }
-        }
-      }
-    }
-  }
-  else
-  {
-    echo "ERROR: no valid auth_mechanism defined.";
-    exit();
-  }
-}
-
-if ($auth_success) {
+    #FIXME below should also come from auth module, get_userlevel, etc
    $sql = "SELECT * FROM `users` WHERE `username`='".$_SESSION['username']."'";
    $query = mysql_query($sql);
    $row = @mysql_fetch_array($query);
    $_SESSION['userlevel'] = $row['level'];
    $_SESSION['user_id'] = $row['user_id'];
-  if(!$_SESSION['authenticated']) {
+    if(!$_SESSION['authenticated']) 
+    {
      $_SESSION['authenticated'] = true;
      mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('".$_SESSION['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'logged in')");
      header("Location: ".$_SERVER['REQUEST_URI']);
    }
-  if(isset($_POST['remember'])) {
+    if(isset($_POST['remember'])) 
+    {
      setcookie("username", $_SESSION['username'], time()+60*60*24*100, "/");
      setcookie("password", $_SESSION['password'], time()+60*60*24*100, "/");
    }
  } 
-elseif (isset($_SESSION['username'])) { 
+  elseif (isset($_SESSION['username'])) 
+  { 
    $auth_message = "Authentication Failed"; 
    unset ($_SESSION['authenticated']);
    mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('".$_SESSION['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'authentication failure')");
  }
+} 
 ?>
--- a/html/includes/authentication/http-auth.inc.php
+++ b/html/includes/authentication/http-auth.inc.php
@@ -0,0 +1,27 @@
+<?php
+
+function authenticate($username,$password)
+{
+  global $config;
+
+  if(isset($_SERVER['REMOTE_USER'])) 
+  {
+    $_SESSION['username'] = mres($_SERVER['REMOTE_USER']);
+    
+    $sql = "SELECT username FROM `users` WHERE `username`='".$_SESSION['username'] . "'";;
+    $query = mysql_query($sql);
+    $row = @mysql_fetch_array($query);
+    if($row['username'] && $row['username'] == $_SESSION['username']) 
+    {
+      return 1;
+    } 
+    else 
+    {
+      $_SESSION['username'] = $config['http_auth_guest'];
+      return 1;
+    }
+  }
+  return 0;
+}
+
+?>
--- a/html/includes/authentication/ldap.inc.php
+++ b/html/includes/authentication/ldap.inc.php
@@ -0,0 +1,33 @@
+<?php
+
+function authenticate($username,$password)
+{
+  global $config;
+
+  $ds=@ldap_connect($config['auth_ldap_server'],$config['auth_ldap_port']);
+  if ($ds)
+  {
+    if (ldap_bind($ds, $config['auth_ldap_prefix'] . $username . $config['auth_ldap_suffix'], $password))
+    {
+      if (!$config['auth_ldap_group'])
+      {
+        return 1;
+      }
+      else
+      {
+        if (ldap_compare($ds,$config['auth_ldap_group'],'memberUid',$username))
+        {
+          return 1;
+        }
+      }
+    }
+  }
+  else
+  {
+    # FIXME return a warning that LDAP couldn't connect?
+  }
+
+  return 0;
+}
+
+?>
--- a/html/includes/authentication/mysql.inc.php
+++ b/html/includes/authentication/mysql.inc.php
@@ -0,0 +1,16 @@
+<?php
+
+function authenticate($username,$password)
+{
+  $encrypted = md5($password);
+  $sql = "SELECT username FROM `users` WHERE `username`='".$_SESSION['username']."' AND `password`='".$encrypted."'";
+  $query = mysql_query($sql);
+  $row = @mysql_fetch_array($query);
+  if($row['username'] && $row['username'] == $username) 
+  {
+    return 1;
+  }
+  return 0;
+}
+
+?>
--- a/html/index.php
+++ b/html/index.php
@@ -98,7 +98,7 @@ function popUp(URL) {
          </td>
          <td align="right" style="margin-right: 10px;">
            <div id="topnav" style="float: right;">
- 	  <?php if($_SESSION['authenticated']) {
+ 	  <?php if(isset($_SESSION['authenticated']) && $_SESSION['authenticated']) {
 	    include("includes/topnav.inc");		
 	  } ?>
            </div>
--- a/html/pages/logon.inc
+++ b/html/pages/logon.inc
@@ -24,7 +24,7 @@
                  <td colspan="2" align="right"><input class="submit" name="submit" type="submit" value="Login" /></td>
                </tr>
 <?php
-if($auth_message) {
+if(isset($auth_message)) {
  echo('<tr><td colspan="2" style="font-weight: bold; color: #cc0000;">' . $auth_message . '</td></tr>');
 }
 ?>
@@ -38,7 +38,7 @@ if($auth_message) {

 print_optionbar_end();

-if($config['login_message']) {
+if(isset($config['login_message'])) {
  echo('<div style="margin: auto; margin-top: 10px;text-align: center; font-weight: bold; color: #cc0000; width: 470px;">'.$config['login_message'].'</div>');
 }
 ?>