2000-05-10 22:38:21 +00:00
|
|
|
<?
|
|
|
|
|
/*
|
|
|
|
|
auth.php
|
|
|
|
|
|
|
|
|
|
Authentication/Authorization function library
|
|
|
|
|
|
|
|
|
|
Copyright (C) 2000 Contributors of the QuakeForge Project
|
|
|
|
|
Please see the file "AUTHORS" for a list of contributors
|
|
|
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or
|
|
|
|
|
modify it under the terms of the GNU General Public License
|
|
|
|
|
as published by the Free Software Foundation; either version 2
|
|
|
|
|
of the License, or (at your option) any later version.
|
|
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
|
|
|
|
|
|
|
|
See the GNU General Public License for more details.
|
|
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
|
along with this program; if not, write to:
|
|
|
|
|
|
|
|
|
|
Free Software Foundation, Inc.
|
|
|
|
|
59 Temple Place - Suite 330
|
|
|
|
|
Boston, MA 02111-1307, USA.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
have ('auth');
|
|
|
|
|
need ('sql table');
|
|
|
|
|
|
|
|
|
|
/* SQL definition for member list table
|
|
|
|
|
CREATE TABLE members (
|
|
|
|
|
u_key int DEFAULT '0' NOT NULL auto_increment PRIMARY KEY,
|
|
|
|
|
u_admin char DEFAULT 'N' NOT NULL,
|
|
|
|
|
u_username tinytext DEFAULT '' NOT NULL,
|
|
|
|
|
u_password tinytext DEFAULT '' NOT NULL,
|
|
|
|
|
u_fullname tinytext DEFAULT '' NOT NULL,
|
|
|
|
|
u_email tinytext DEFAULT '' NOT NULL,
|
|
|
|
|
u_phone tinytext DEFAULT '',
|
|
|
|
|
u_addr1 tinytext DEFAULT '',
|
|
|
|
|
u_addr2 tinytext DEFAULT '',
|
|
|
|
|
u_country tinytext DEFAULT '',
|
|
|
|
|
u_secret tinytext,
|
|
|
|
|
u_plan text DEFAULT ''
|
|
|
|
|
);
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
define ('EXPIRY', 86400); // Seconds until cookie expires
|
|
|
|
|
|
|
|
|
|
define ('thisUrl', ereg_replace ('index.php', '', getenv ('SCRIPT_NAME')));
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
authLoginForm
|
|
|
|
|
|
|
|
|
|
Display a login form.
|
|
|
|
|
*/
|
|
|
|
|
function authLoginForm( $title )
|
|
|
|
|
{
|
|
|
|
|
global $siteName, $pageName, $focused;
|
|
|
|
|
|
|
|
|
|
require(siteHome ."/parts/head.php"); // Load the HEAD and open BODY
|
|
|
|
|
require(siteHome ."/parts/topstrip.php"); // Display top strip
|
|
|
|
|
require(siteHome ."/parts/titletable.php"); // Display main title w/ logos
|
|
|
|
|
?>
|
|
|
|
|
<TABLE width="100%" cellSpacing="0" cellPadding="0" border="0">
|
|
|
|
|
<TR vAlign="top">
|
|
|
|
|
<TD bgColor="<? echo menuBgColor; ?>">
|
|
|
|
|
<? include(siteHome ."/parts/menu.php"); /* menus */ ?>
|
|
|
|
|
</TD>
|
|
|
|
|
<TD width="100%">
|
|
|
|
|
<? tableHeader("100%", "black"); ?>
|
|
|
|
|
<TR>
|
|
|
|
|
<? tableSpacer( 9, 9, 3, "black"); ?>
|
|
|
|
|
</TR>
|
|
|
|
|
<TR>
|
|
|
|
|
<? tableSpacer( 9, 9, 1, "black"); ?>
|
|
|
|
|
<TD>
|
|
|
|
|
<? require(siteHome ."/parts/topmain.php"); ?>
|
|
|
|
|
</TD>
|
|
|
|
|
<? tableSpacer( 9, 9, 1, "black"); ?>
|
|
|
|
|
</TR>
|
|
|
|
|
<TR>
|
|
|
|
|
<? tableSpacer( 18, 9, 3, "black"); ?>
|
|
|
|
|
</TR>
|
|
|
|
|
<TR>
|
|
|
|
|
<? tableSpacer( 9, 9, 1, "black"); ?>
|
|
|
|
|
<TD>
|
|
|
|
|
<!-- Content Start -->
|
|
|
|
|
|
|
|
|
|
<FORM name="login" method="post" action="<? echo thisUrl; ?>">
|
|
|
|
|
<?
|
|
|
|
|
tableBoxHeader(featureBgColor, tableHeadColor);
|
|
|
|
|
tableTitle($title, 1, tableHeadColor);
|
|
|
|
|
?><TD align="center"><?
|
|
|
|
|
tableHeader("100%", featureBgColor);
|
|
|
|
|
?>
|
|
|
|
|
<TR vAlign="center">
|
|
|
|
|
<TD align="center">
|
|
|
|
|
<STRONG>User Name:</STRONG>
|
|
|
|
|
</TD>
|
|
|
|
|
<TD align="center">
|
|
|
|
|
<INPUT name="userName" type="text" size="10">
|
|
|
|
|
</TD>
|
|
|
|
|
</TR>
|
|
|
|
|
<TR vAlign="center">
|
|
|
|
|
<TD align="center">
|
|
|
|
|
<STRONG>Password:</STRONG>
|
|
|
|
|
</TD>
|
|
|
|
|
<TD align="center">
|
|
|
|
|
<INPUT name="password" type="password" size="10">
|
|
|
|
|
</TD>
|
|
|
|
|
</TR>
|
|
|
|
|
<TR vAlign="center">
|
|
|
|
|
<TD align="center" colSpan="2">
|
|
|
|
|
<INPUT TYPE="submit" VALUE="Log in">
|
|
|
|
|
</TD>
|
|
|
|
|
</TR>
|
|
|
|
|
<?
|
|
|
|
|
tableFooter();
|
|
|
|
|
tableBoxFooter();
|
2000-05-13 22:08:03 +00:00
|
|
|
require (siteHome ."/parts/postamble.php");
|
2000-05-10 22:38:21 +00:00
|
|
|
die();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
authCreateSecret
|
|
|
|
|
|
|
|
|
|
Generate a secret key for user's session
|
|
|
|
|
*/
|
|
|
|
|
function authCreateSecret( $userName, $encryptedPassWord )
|
|
|
|
|
{
|
|
|
|
|
$digest = md5( time() );
|
|
|
|
|
$cookie = "$userName-$encryptedPassWord-$digest";
|
|
|
|
|
SetCookie( "loginInfo", $cookie, ( time() + EXPIRY ));
|
|
|
|
|
$query = "UPDATE members SET u_secret='$digest'" .
|
|
|
|
|
" WHERE u_username='$userName'";
|
|
|
|
|
|
|
|
|
|
$row = @mysql_db_query (sqlDB, $query);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
authProcess
|
|
|
|
|
|
|
|
|
|
Authenticate user against SQL database
|
|
|
|
|
*/
|
|
|
|
|
function authProcess ($userName, $password)
|
|
|
|
|
{
|
|
|
|
|
$query = "SELECT u_password, 1 AS auth FROM members" .
|
|
|
|
|
" WHERE u_username='$userName'" .
|
|
|
|
|
" AND u_password=ENCRYPT('$password','$userName')";
|
|
|
|
|
$result = @mysql_fetch_array (@mysql_db_query (sqlDB, $query));
|
|
|
|
|
|
|
|
|
|
if ( $result[auth] ) {
|
|
|
|
|
authCreateSecret( $userName, $result[u_password] );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
authCookie
|
|
|
|
|
|
|
|
|
|
Authenticate user against SQL database using a cookie
|
|
|
|
|
*/
|
|
|
|
|
function authCookie( $cookie, $userName, $password )
|
|
|
|
|
{
|
|
|
|
|
$cookie_var = split("-", $cookie);
|
|
|
|
|
$cUserName = $cookie_var[0];
|
|
|
|
|
$cPassword = $cookie_var[1];
|
|
|
|
|
$secret = $cookie_var[2];
|
|
|
|
|
|
|
|
|
|
$query = "SELECT 1 AS auth FROM members" .
|
|
|
|
|
" WHERE u_username='$cUserName'" .
|
|
|
|
|
" AND u_password='$cPassword'" .
|
|
|
|
|
" AND u_secret='$secret'";
|
2000-05-13 22:08:03 +00:00
|
|
|
$result = @mysql_fetch_array (@mysql_db_query (sqlDB, $query));
|
2000-05-10 22:38:21 +00:00
|
|
|
|
|
|
|
|
if ( !($result[auth]) ) {
|
2000-05-14 04:07:49 +00:00
|
|
|
authProcess ($username, $password);
|
2000-05-10 22:38:21 +00:00
|
|
|
} else {
|
|
|
|
|
return $cUserName;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Initialization
|
|
|
|
|
$db = @mysql_connect (sqlHost, sqlUser, sqlPass);
|
|
|
|
|
|
2000-05-13 22:08:03 +00:00
|
|
|
global $userName, $password, $loginInfo, $userInfo;
|
2000-05-10 22:38:21 +00:00
|
|
|
|
|
|
|
|
if ($loginInfo) {
|
|
|
|
|
$userName = authCookie ($loginInfo, $userName, $password);
|
|
|
|
|
} else {
|
|
|
|
|
if ($userName) {
|
|
|
|
|
authProcess ($userName, $password);
|
|
|
|
|
} else {
|
|
|
|
|
authLoginForm ('Login required');
|
|
|
|
|
}
|
|
|
|
|
}
|
2000-05-13 22:08:03 +00:00
|
|
|
$query = "SELECT * FROM members" .
|
|
|
|
|
" WHERE u_username='$userName'";
|
|
|
|
|
$userInfo = @mysql_fetch_array (@mysql_db_query (sqlDB, $query));
|
2000-05-10 22:38:21 +00:00
|
|
|
@mysql_close ($db);
|
2000-05-13 22:08:03 +00:00
|
|
|
|
2000-05-10 22:38:21 +00:00
|
|
|
?>
|
