mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixing authentication

Browse Source 
git-svn-id: http://www.observium.org/svn/observer/trunk@317 61d68cd4-352d-0410-923a-c4978735b2b8
This commit is contained in:
Adam Amstrong
2008-11-26 12:55:55 +00:00
parent 6a96f5170c
commit e97df43c41
3 changed files with 72 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
html/includes/authenticate.inc
View File

@@ -1,37 +1,42 @@
<?php
function check_auth($username, $password) {
$encrypted = md5($password);
$sql = "select username, level, user_id from users where username='$username' and password='$encrypted'";
$query = mysql_query($sql);
$row = mysql_fetch_row($query);
if ($row[0] == $username) { return $row[1]; } else { return FALSE; }
}
if($_GET['logout']) {
session_start();
$olduser = $_SESSION['username'];
session_destroy();
header('Location: /');
setcookie ("username", "", time() - 3600);
setcookie ("encrypted", "", time() - 3600);
echo("$_COOKIE[username]");
mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('$olduser', '".$_SERVER["REMOTE_ADDR"]."', 'logged out')");
$auth_message = "Logged Out";
} else {
session_start();
if($_POST['username'] && $_POST['password']){
$_SESSION['username']=$_POST['username'];
$_SESSION['password']=$_POST['password'];
$_SESSION['encrypted'] = md5($_SESSION['password']);
} elseif($_COOKIE['username'] && $_COOKIE['encrypted'] && !$_SESSION['authenticated']) {
$_SESSION['username']=$_COOKIE['username'];
$_SESSION['encrypted']=$_COOKIE['encrypted'];
}
if($_POST['username'] && $_POST['password']){
$username = mres($_POST['username']);
$password = mres($_POST['password']);
$userlevel = check_auth($username,$password);
if($userlevel) {
$_SESSION['userlevel'] = $userlevel;
$_SESSION['authenticated'] = true;
$_SESSION['username'] = $_POST['username'];
mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('$username', '".$_SERVER["REMOTE_ADDR"]."', 'logged in')");
} else {
$auth_message = "Authentication Failed";
mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('$username', '".$_SERVER["REMOTE_ADDR"]."', 'authentication failure')");
}
$sql = "select username, level, user_id from users where username='" . mres($_SESSION['username']) . "' and password='" . mres($_SESSION['encrypted']) . "'";
$query = mysql_query($sql);
$row = mysql_fetch_row($query);
if ( $_SESSION['username'] != "" && $row[0] == $_SESSION['username'] ) {
$_SESSION['userlevel'] = $row[1];
$_SESSION['authenticated'] = true;
$_SESSION['user_id'] = $row[2];
setcookie("username", $username);
setcookie("encrypted", $encrypted);
}
}