This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to: Free Software Foundation, Inc. 59 Temple Place - Suite 330 Boston, MA 02111-1307, USA. */ have ('auth'); need ('table'); if (!defined ('_SQLCONSTS_')) { define ('_SQLCONSTS_', 1); require siteHome . '/../etc/sql.conf'; } /* SQL definition for member list table CREATE TABLE members ( u_key int DEFAULT '0' NOT NULL auto_increment PRIMARY KEY, u_admin char DEFAULT 'N' NOT NULL, u_username tinytext DEFAULT '' NOT NULL, u_password tinytext DEFAULT '' NOT NULL, u_fullname tinytext DEFAULT '' NOT NULL, u_email tinytext DEFAULT '' NOT NULL, u_phone tinytext DEFAULT '', u_addr1 tinytext DEFAULT '', u_addr2 tinytext DEFAULT '', u_country tinytext DEFAULT '', u_secret tinytext, u_plan text DEFAULT '' ); */ define ('EXPIRY', 86400); // Seconds until cookie expires define ('thisUrl', ereg_replace ('index.php', '', getenv ('SCRIPT_NAME'))); /* authCreateSecret Generate a secret key for user's session */ function authCreateSecret ($userName, $encryptedPassWord) { $digest = md5 (time ()); $cookie = "$userName-$encryptedPassWord-$digest"; SetCookie ("loginInfo", $cookie, (time () + EXPIRY)); $query = "UPDATE members SET u_secret='$digest'" . " WHERE u_username='$userName'"; $row = @mysql_db_query (sqlDB, $query); } /* authProcess Authenticate user against SQL database */ function authProcess ($userName, $password) { $query = "SELECT u_password, 1 AS auth FROM members" . " WHERE u_username='$userName'" . " AND u_password=ENCRYPT('$password','$userName')"; $result = @mysql_fetch_array (@mysql_db_query (sqlDB, $query)); if ($result[auth]) { authCreateSecret ($userName, $result[u_password]); return 1; } else { return 0; } } /* authCookie Authenticate user against SQL database using a cookie */ function authCookie ($cookie, $userName, $password) { $cookie_var = split ("-", $cookie); $cUserName = $cookie_var[0]; $cPassword = $cookie_var[1]; $secret = $cookie_var[2]; $query = "SELECT 1 AS auth FROM members" . " WHERE u_username='$cUserName'" . " AND u_password='$cPassword'" . " AND u_secret='$secret'"; $result = @mysql_fetch_array (@mysql_db_query (sqlDB, $query)); if ($result[auth]) { return $cUserName; } else { authProcess ($userName, $password); } } // Initialization $db = @mysql_connect (sqlHost, sqlUser, sqlPass); if ($loginInfo) { $userName = authCookie ($loginInfo, $userName, $password); } else { if ($userName) { if (authProcess ($userName, $password) == 0) { $title = "Login incorrect."; include siteHome . "/parts/authform.php"; } } else { $title = "Login required."; include siteHome . "/parts/authform.php"; } } $query = "SELECT * FROM members" . " WHERE u_username='$userName'"; $userInfo = @mysql_fetch_array (@mysql_db_query (sqlDB, $query)); @mysql_close ($db); ?>