2000-05-10 22:38:21 +00:00
|
|
|
<?
|
|
|
|
/*
|
|
|
|
auth.php
|
|
|
|
|
|
|
|
Authentication/Authorization function library
|
|
|
|
|
2001-07-19 11:52:47 +00:00
|
|
|
Copyright (C) 2000, 2001 Jeff Teunissen <deek@quakeforge.net>
|
2000-05-10 22:38:21 +00:00
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or
|
|
|
|
modify it under the terms of the GNU General Public License
|
|
|
|
as published by the Free Software Foundation; either version 2
|
|
|
|
of the License, or (at your option) any later version.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
|
|
|
|
|
|
See the GNU General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program; if not, write to:
|
|
|
|
|
|
|
|
Free Software Foundation, Inc.
|
|
|
|
59 Temple Place - Suite 330
|
|
|
|
Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
2002-02-22 07:22:34 +00:00
|
|
|
|
2007-03-16 00:49:05 +00:00
|
|
|
/* // SQL definition for member list table
|
2000-05-10 22:38:21 +00:00
|
|
|
CREATE TABLE members (
|
2007-03-09 17:16:17 +00:00
|
|
|
u_key INT NOT NULL auto_increment PRIMARY KEY,
|
|
|
|
u_admin CHAR DEFAULT 'N' NOT NULL,
|
|
|
|
u_username TINYTEXT DEFAULT '' NOT NULL,
|
|
|
|
u_password TINYTEXT DEFAULT '' NOT NULL,
|
|
|
|
u_fullname TINYTEXT DEFAULT '' NOT NULL,
|
|
|
|
u_email TINYTEXT DEFAULT '' NOT NULL,
|
|
|
|
u_phone TINYTEXT DEFAULT '',
|
|
|
|
u_addr1 TINYTEXT DEFAULT '',
|
|
|
|
u_addr2 TINYTEXT DEFAULT '',
|
|
|
|
u_country TINYTEXT DEFAULT '',
|
|
|
|
u_secret TINYTEXT,
|
|
|
|
u_plan TEXT DEFAULT ''
|
2000-05-10 22:38:21 +00:00
|
|
|
);
|
|
|
|
*/
|
|
|
|
|
2007-03-16 00:49:05 +00:00
|
|
|
have ('auth');
|
|
|
|
need ('table');
|
|
|
|
|
|
|
|
if (!defined ('_SQLCONSTS_')) {
|
|
|
|
define ('_SQLCONSTS_', 1);
|
|
|
|
require siteHome . '/../etc/sql.conf';
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!defined ('authSplitChar')) {
|
|
|
|
define ('authSplitChar', '%');
|
|
|
|
}
|
|
|
|
|
|
|
|
global $userInfo;
|
|
|
|
global $authRealm;
|
|
|
|
global $REMOTE_USER;
|
|
|
|
|
|
|
|
if (!$authRealm) {
|
|
|
|
$authRealm = "Member Access";
|
|
|
|
}
|
|
|
|
|
2000-05-10 22:38:21 +00:00
|
|
|
/*
|
|
|
|
authProcess
|
2007-03-09 17:16:17 +00:00
|
|
|
|
2007-03-16 00:49:05 +00:00
|
|
|
Authenticate user against SQL database.
|
|
|
|
|
|
|
|
If $split is nonzero, the provided password string is
|
|
|
|
split using the value of the authSplitChar definition
|
|
|
|
and the process will fail if no right-hand side
|
|
|
|
component is present. If there IS a right-hand side
|
|
|
|
component, sqlRWPass is defined.
|
2000-05-10 22:38:21 +00:00
|
|
|
*/
|
2007-03-16 00:49:05 +00:00
|
|
|
function authProcess ($user, $password, $split)
|
2000-05-10 22:38:21 +00:00
|
|
|
{
|
2007-03-16 00:49:05 +00:00
|
|
|
if ($split) {
|
|
|
|
$pos = strrpos ($password, authSplitChar);
|
|
|
|
if ($pos !== FALSE) { // user gave an SQL read-write pass
|
|
|
|
$sqlRWPass = substr ($password, $pos + 1);
|
|
|
|
$password = substr ($password, 0, $pos);
|
|
|
|
|
|
|
|
/* We now have a read-write password, so set sqlRWPass */
|
|
|
|
define ('sqlRWPass', $sqlRWPass);
|
|
|
|
} else {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
}
|
2007-03-16 17:18:16 +00:00
|
|
|
|
|
|
|
$ret = FALSE;
|
|
|
|
|
|
|
|
$db = @mysql_pconnect (sqlHost, sqlRWUser, sqlRWPass);
|
2000-05-10 22:38:21 +00:00
|
|
|
$query = "SELECT u_password, 1 AS auth FROM members" .
|
2007-03-16 00:49:05 +00:00
|
|
|
" WHERE u_username='$user'" .
|
|
|
|
" AND u_password=ENCRYPT('$password','$user')";
|
2000-05-10 22:38:21 +00:00
|
|
|
$result = @mysql_fetch_array (@mysql_db_query (sqlDB, $query));
|
2002-02-22 05:29:05 +00:00
|
|
|
|
2007-03-16 17:18:16 +00:00
|
|
|
if ($result[auth])
|
|
|
|
$ret = TRUE;
|
|
|
|
|
|
|
|
@mysql_close ($db);
|
|
|
|
return $ret;
|
2000-05-10 22:38:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2007-03-09 17:16:17 +00:00
|
|
|
authBasicChallenge
|
|
|
|
|
|
|
|
Use HTTP Basic authentication to ask the user for their UN/PW
|
2000-05-10 22:38:21 +00:00
|
|
|
*/
|
2007-03-09 17:16:17 +00:00
|
|
|
function authBasicChallenge ($realm, $msg)
|
2000-05-10 22:38:21 +00:00
|
|
|
{
|
2007-03-09 17:16:17 +00:00
|
|
|
header ('WWW-Authenticate: Basic realm="' . $realm . '"');
|
|
|
|
header ('HTTP/1.0 401 Unauthorized');
|
|
|
|
die ($msg);
|
2000-05-10 22:38:21 +00:00
|
|
|
}
|
2007-03-09 17:16:17 +00:00
|
|
|
|
2000-05-10 22:38:21 +00:00
|
|
|
// Initialization
|
2007-03-09 17:16:17 +00:00
|
|
|
if (!isset ($_SERVER['PHP_AUTH_USER'])) {
|
|
|
|
authBasicChallenge ($authRealm, "Login required.");
|
2000-05-10 22:38:21 +00:00
|
|
|
} else {
|
2007-03-09 17:16:17 +00:00
|
|
|
$userName = $_SERVER['PHP_AUTH_USER'];
|
|
|
|
$password = $_SERVER['PHP_AUTH_PW'];
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($userName && $password) {
|
2007-03-16 00:49:05 +00:00
|
|
|
if (!authProcess ($userName, $password, TRUE)) {
|
2007-03-09 17:16:17 +00:00
|
|
|
authBasicChallenge ($authRealm, "Login incorrect.");
|
2000-05-10 22:38:21 +00:00
|
|
|
}
|
2007-03-09 17:16:17 +00:00
|
|
|
} else {
|
|
|
|
authBasicChallenge ($authRealm, "Login incorrect.");
|
2000-05-10 22:38:21 +00:00
|
|
|
}
|
2007-03-09 17:16:17 +00:00
|
|
|
$_SERVER['REMOTE_USER'] = $REMOTE_USER = $userName;
|
|
|
|
|
2007-03-16 17:18:16 +00:00
|
|
|
$db = @mysql_pconnect (sqlHost, sqlRWUser, sqlRWPass);
|
2000-05-13 22:08:03 +00:00
|
|
|
$query = "SELECT * FROM members" .
|
|
|
|
" WHERE u_username='$userName'";
|
2007-03-09 17:16:17 +00:00
|
|
|
$userInfo = @mysql_fetch_assoc (@mysql_db_query (sqlDB, $query));
|
2000-05-10 22:38:21 +00:00
|
|
|
@mysql_close ($db);
|
|
|
|
?>
|