mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix coding style part 2

Browse Source
This commit is contained in:
Job Snijders
2015-07-13 20:10:26 +02:00
parent ad9590df9b
commit d8693f05ae
733 changed files with 37359 additions and 33947 deletions
Download Patch File Download Diff File Expand all files Collapse all files

173
html/includes/authenticate.inc.php
View File

@@ -1,123 +1,114 @@
<?php
@ini_set("session.gc_maxlifetime","0");
@ini_set('session.gc_maxlifetime', '0');
@ini_set('session.use_only_cookies', 1);
@ini_set('session.cookie_httponly', 1);
require('includes/PasswordHash.php');
require 'includes/PasswordHash.php';
session_start();
// Preflight checks
if (!is_dir($config['rrd_dir']))
{
echo("<div class='errorbox'>RRD Log Directory is missing ({$config['rrd_dir']}). Graphing may fail.</div>");
if (!is_dir($config['rrd_dir'])) {
echo "<div class='errorbox'>RRD Log Directory is missing ({$config['rrd_dir']}). Graphing may fail.</div>";
}
if (!is_dir($config['temp_dir']))
{
echo("<div class='errorbox'>Temp Directory is missing ({$config['temp_dir']}). Graphing may fail.</div>");
if (!is_dir($config['temp_dir'])) {
echo "<div class='errorbox'>Temp Directory is missing ({$config['temp_dir']}). Graphing may fail.</div>";
}
if (!is_writable($config['temp_dir']))
{
echo("<div class='errorbox'>Temp Directory is not writable ({$config['tmp_dir']}). Graphing may fail.</div>");
if (!is_writable($config['temp_dir'])) {
echo "<div class='errorbox'>Temp Directory is not writable ({$config['tmp_dir']}). Graphing may fail.</div>";
}
// Clear up any old sessions
dbDelete('session', "`session_expiry` < ?", array(time()));
dbDelete('session', '`session_expiry` < ?', array(time()));
if ($vars['page'] == "logout" && $_SESSION['authenticated'])
{
dbInsert(array('user' => $_SESSION['username'], 'address' => get_client_ip(), 'result' => 'Logged Out'), 'authlog');
dbDelete('session', "`session_username` = ? AND session_value = ?", array($_SESSION['username'],$_COOKIE['sess_id']));
unset($_SESSION);
unset($_COOKIE);
setcookie ("sess_id", "", time() - 60*60*24*$config['auth_remember'], "/");
setcookie ("token", "", time() - 60*60*24*$config['auth_remember'], "/");
setcookie ("auth", "", time() - 60*60*24*$config['auth_remember'], "/");
session_destroy();
$auth_message = "Logged Out";
header('Location: /');
exit;
if ($vars['page'] == 'logout' && $_SESSION['authenticated']) {
dbInsert(array('user' => $_SESSION['username'], 'address' => get_client_ip(), 'result' => 'Logged Out'), 'authlog');
dbDelete('session', '`session_username` = ? AND session_value = ?', array($_SESSION['username'], $_COOKIE['sess_id']));
unset($_SESSION);
unset($_COOKIE);
setcookie('sess_id', '', (time() - 60 * 60 * 24 * $config['auth_remember']), '/');
setcookie('token', '', (time() - 60 * 60 * 24 * $config['auth_remember']), '/');
setcookie('auth', '', (time() - 60 * 60 * 24 * $config['auth_remember']), '/');
session_destroy();
$auth_message = 'Logged Out';
header('Location: /');
exit;
}
// We are only interested in login details passed via POST.
if (isset($_POST['username']) && isset($_POST['password'])) {
$_SESSION['username'] = mres($_POST['username']);
$_SESSION['password'] = $_POST['password'];
} elseif(isset($_GET['username']) && isset($_GET['password'])) {
$_SESSION['username'] = mres($_GET['username']);
$_SESSION['password'] = $_GET['password'];
$_SESSION['username'] = mres($_POST['username']);
$_SESSION['password'] = $_POST['password'];
}
else if (isset($_GET['username']) && isset($_GET['password'])) {
$_SESSION['username'] = mres($_GET['username']);
$_SESSION['password'] = $_GET['password'];
}
if (!isset($config['auth_mechanism']))
{
$config['auth_mechanism'] = "mysql";
if (!isset($config['auth_mechanism'])) {
$config['auth_mechanism'] = 'mysql';
}
if (file_exists('includes/authentication/' . $config['auth_mechanism'] . '.inc.php'))
{
include_once('includes/authentication/' . $config['auth_mechanism'] . '.inc.php');
if (file_exists('includes/authentication/'.$config['auth_mechanism'].'.inc.php')) {
include_once 'includes/authentication/'.$config['auth_mechanism'].'.inc.php';
}
else
{
print_error('ERROR: no valid auth_mechanism defined!');
exit();
else {
print_error('ERROR: no valid auth_mechanism defined!');
exit();
}
$auth_success = 0;
if ((isset($_SESSION['username'])) || (isset($_COOKIE['sess_id'],$_COOKIE['token'])))
{
if ((authenticate($_SESSION['username'],$_SESSION['password'])) || (reauthenticate($_COOKIE['sess_id'],$_COOKIE['token'])))
{
$_SESSION['userlevel'] = get_userlevel($_SESSION['username']);
$_SESSION['user_id'] = get_userid($_SESSION['username']);
if (!$_SESSION['authenticated'])
{
if( $config['twofactor'] === true && !isset($_SESSION['twofactor']) ) {
require_once($config['install_dir'].'/html/includes/authentication/twofactor.lib.php');
twofactor_auth();
}
if( !$config['twofactor'] || $_SESSION['twofactor'] ) {
$_SESSION['authenticated'] = true;
dbInsert(array('user' => $_SESSION['username'], 'address' => get_client_ip(), 'result' => 'Logged In'), 'authlog');
}
if ((isset($_SESSION['username'])) || (isset($_COOKIE['sess_id'],$_COOKIE['token']))) {
if ((authenticate($_SESSION['username'], $_SESSION['password'])) || (reauthenticate($_COOKIE['sess_id'], $_COOKIE['token']))) {
$_SESSION['userlevel'] = get_userlevel($_SESSION['username']);
$_SESSION['user_id'] = get_userid($_SESSION['username']);
if (!$_SESSION['authenticated']) {
if ($config['twofactor'] === true && !isset($_SESSION['twofactor'])) {
include_once $config['install_dir'].'/html/includes/authentication/twofactor.lib.php';
twofactor_auth();
}
if (!$config['twofactor'] || $_SESSION['twofactor']) {
$_SESSION['authenticated'] = true;
dbInsert(array('user' => $_SESSION['username'], 'address' => get_client_ip(), 'result' => 'Logged In'), 'authlog');
}
}
if (isset($_POST['remember'])) {
$sess_id = session_id();
$hasher = new PasswordHash(8, false);
$token = strgen();
$auth = strgen();
$hasher = new PasswordHash(8, false);
$token_id = $_SESSION['username'].'|'.$hasher->HashPassword($_SESSION['username'].$token);
// If we have been asked to remember the user then set the relevant cookies and create a session in the DB.
setcookie('sess_id', $sess_id, (time() + 60 * 60 * 24 * $config['auth_remember']), '/', null, false, true);
setcookie('token', $token_id, (time() + 60 * 60 * 24 * $config['auth_remember']), '/', null, false, true);
setcookie('auth', $auth, (time() + 60 * 60 * 24 * $config['auth_remember']), '/', null, false, true);
dbInsert(array('session_username' => $_SESSION['username'], 'session_value' => $sess_id, 'session_token' => $token, 'session_auth' => $auth, 'session_expiry' => time() + 60 * 60 * 24 * $config['auth_remember']), 'session');
}
if (isset($_COOKIE['sess_id'],$_COOKIE['token'],$_COOKIE['auth'])) {
// If we have the remember me cookies set then update session expiry times to keep us logged in.
$sess_id = session_id();
dbUpdate(array('session_value' => $sess_id, 'session_expiry' => time() + 60 * 60 * 24 * $config['auth_remember']), 'session', 'session_auth=?', array($_COOKIE['auth']));
setcookie('sess_id', $sess_id, (time() + 60 * 60 * 24 * $config['auth_remember']), '/', null, false, true);
setcookie('token', $_COOKIE['token'], (time() + 60 * 60 * 24 * $config['auth_remember']), '/', null, false, true);
setcookie('auth', $_COOKIE['auth'], (time() + 60 * 60 * 24 * $config['auth_remember']), '/', null, false, true);
}
$permissions = permissions_cache($_SESSION['user_id']);
if (isset($_POST['username'])) {
header('Location: '.$_SERVER['REQUEST_URI'], true, 303);
exit;
}
}
if (isset($_POST['remember']))
{
$sess_id = session_id();
$hasher = new PasswordHash(8, FALSE);
$token = strgen();
$auth = strgen();
$hasher = new PasswordHash(8, FALSE);
$token_id = $_SESSION['username'].'|'.$hasher->HashPassword($_SESSION['username'].$token);
// If we have been asked to remember the user then set the relevant cookies and create a session in the DB.
setcookie("sess_id", $sess_id, time()+60*60*24*$config['auth_remember'], "/", null, false, true);
setcookie("token", $token_id, time()+60*60*24*$config['auth_remember'], "/", null, false, true);
setcookie("auth", $auth, time()+60*60*24*$config['auth_remember'], "/", null, false, true);
dbInsert(array('session_username' => $_SESSION['username'], 'session_value' => $sess_id, 'session_token' => $token, 'session_auth' => $auth, 'session_expiry' => time()+60*60*24*$config['auth_remember']), 'session');
else if (isset($_SESSION['username'])) {
$auth_message = 'Authentication Failed';
unset($_SESSION['authenticated']);
dbInsert(array('user' => $_SESSION['username'], 'address' => get_client_ip(), 'result' => 'Authentication Failure'), 'authlog');
}
if (isset($_COOKIE['sess_id'],$_COOKIE['token'],$_COOKIE['auth']))
{
// If we have the remember me cookies set then update session expiry times to keep us logged in.
$sess_id = session_id();
dbUpdate(array('session_value' => $sess_id, 'session_expiry' => time()+60*60*24*$config['auth_remember']), 'session', 'session_auth=?', array($_COOKIE['auth']));
setcookie("sess_id", $sess_id, time()+60*60*24*$config['auth_remember'], "/", null, false, true);
setcookie("token", $_COOKIE['token'], time()+60*60*24*$config['auth_remember'], "/", null, false, true);
setcookie("auth", $_COOKIE['auth'], time()+60*60*24*$config['auth_remember'], "/", null, false, true);
}
$permissions = permissions_cache($_SESSION['user_id']);
if (isset($_POST['username'])) {
header('Location: '.$_SERVER['REQUEST_URI'],TRUE,303);
exit;
}
}
elseif (isset($_SESSION['username']))
{
$auth_message = "Authentication Failed";
unset ($_SESSION['authenticated']);
dbInsert(array('user' => $_SESSION['username'], 'address' => get_client_ip(), 'result' => 'Authentication Failure'), 'authlog');
}
}
?>