qf/website
0
0
Fork 0
mirror of https://git.code.sf.net/p/quake/website synced 2024-11-10 07:11:43 +00:00
Code Issues Projects Releases Packages Wiki Activity
website/lib/auth.inc
Jeff Teunissen 9e6f75ccbd Update for PHP 7.x 
PHP 7 doesn't like the old short tags we were using (it's possible to re-enable
them, but won't be for version 8, so we might as well switch now), and the old
MySQL APIs are now gone entirely, replaced with something different.

This should make everything work at least as well as it used to.

Also, one file used to be checked in with CRLF line endings. ??
2022-04-27 13:14:47 -04:00

146 lines
4 KiB
PHP
Raw Permalink Blame History

<?php
/*
auth.php
Authentication/Authorization function library
Copyright (C) 2000, 2001 Jeff Teunissen <deek@quakeforge.net>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to:
Free Software Foundation, Inc.
59 Temple Place - Suite 330
Boston, MA 02111-1307, USA.
*/
/* // SQL definition for member list table
CREATE TABLE members (
u_key INT NOT NULL auto_increment PRIMARY KEY,
u_admin CHAR DEFAULT 'N' NOT NULL,
u_username TINYTEXT DEFAULT '' NOT NULL,
u_password TINYTEXT DEFAULT '' NOT NULL,
u_fullname TINYTEXT DEFAULT '' NOT NULL,
u_email TINYTEXT DEFAULT '' NOT NULL,
u_phone TINYTEXT DEFAULT '',
u_addr1 TINYTEXT DEFAULT '',
u_addr2 TINYTEXT DEFAULT '',
u_country TINYTEXT DEFAULT '',
u_secret TINYTEXT,
u_plan TEXT DEFAULT ''
);
*/
have ('auth');
need ('table');
if (!defined ('_SQLCONSTS_')) {
define ('_SQLCONSTS_', 1);
require siteHome . '/../etc/sql.conf';
}
if (!defined ('authSplitChar')) {
define ('authSplitChar', '%');
}
global $userInfo;
global $authRealm;
global $REMOTE_USER;
if (!isset($authRealm)) {
$authRealm = "Member Access";
}
/*
authProcess
Authenticate user against SQL database.
If $split is nonzero, the provided password string is
split using the value of the authSplitChar definition
and the process will fail if no right-hand side
component is present. If there IS a right-hand side
component, sqlRWPass is defined.
*/
function authProcess ($user, $pw, $split)
{
global $password;
if (isset ($split) && $split) {
if ($pos = strrpos ($pw, authSplitChar)) {
// user gave an SQL read-write pass
define ('sqlRWPass', substr ($pw, $pos + 1));
$password = substr ($pw, 0, $pos);
} else {
return FALSE;
}
}
$ret = FALSE;
$db = @mysqli_connect (sqlHost, sqlRWUser, sqlRWPass, sqlDB);
$query = 'SELECT 1 AS auth FROM members' .
" WHERE u_username='$user'" .
" AND u_password=ENCRYPT('$password','$user');";
$result = mysqli_fetch_assoc (mysqli_query ($db, $query));
if (isset($result) && $result['auth']) {
$ret = TRUE;
}
mysqli_close ($db);
return $ret;
}
/*
authBasicChallenge
Use HTTP Basic authentication to ask the user for their UN/PW
*/
function authBasicChallenge ($realm, $msg)
{
header ('WWW-Authenticate: Basic realm="' . $realm . '"');
header ('HTTP/1.0 401 Unauthorized');
die ($msg);
}
// Initialization
if (!key_exists ('PHP_AUTH_USER', $_SERVER)) {
if (key_exists ('HTTP_AUTHORIZATION', $_SERVER)) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
} else if (key_exists ('REDIRECT_HTTP_AUTHORIZATION', $_SERVER)) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));
} else {
authBasicChallenge ($authRealm, "Login required.");
}
}
if (key_exists ('PHP_AUTH_USER', $_SERVER)) {
$userName = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
$_SERVER['AUTH_TYPE'] = 'Basic';
}
if (!isset($userName) || !isset($password)
|| !authProcess ($userName, $password, TRUE)) {
authBasicChallenge ("$authRealm", "Login incorrect.");
}
$_SERVER['REMOTE_USER'] = $REMOTE_USER = $userName;
$db = @mysqli_connect (sqlHost, sqlRWUser, sqlRWPass, sqlDB);
$query = "SELECT * FROM members" .
" WHERE u_username='$REMOTE_USER'";
$userInfo = @mysqli_fetch_assoc (@mysqli_query ($db, $query));
@mysqli_close ($db);
?>
Reference in a new issue View git blame Copy permalink