website/lib/auth.php

<?
	/*
		auth.php
		
		Authentication/Authorization function library

		Copyright (C) 2000, 2001 Jeff Teunissen <deek@quakeforge.net>

		This program is free software; you can redistribute it and/or
		modify it under the terms of the GNU General Public License
		as published by the Free Software Foundation; either version 2
		of the License, or (at your option) any later version.

		This program is distributed in the hope that it will be useful,
		but WITHOUT ANY WARRANTY; without even the implied warranty of
		MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  

		See the GNU General Public License for more details.

		You should have received a copy of the GNU General Public License
		along with this program; if not, write to:

		Free Software Foundation, Inc.
		59 Temple Place - Suite 330
		Boston, MA  02111-1307, USA.
	*/
	have ('auth');
	need ('table');

	if (!defined ('_SQLCONSTS_')) {
		define ('_SQLCONSTS_', 1);
		require siteHome . '/../etc/sql.conf';
	}

/*									SQL definition for member list table
CREATE TABLE members (
   u_key       int DEFAULT '0' NOT NULL auto_increment PRIMARY KEY,
   u_admin     char DEFAULT 'N' NOT NULL,
   u_username  tinytext DEFAULT '' NOT NULL,
   u_password  tinytext DEFAULT '' NOT NULL,
   u_fullname  tinytext DEFAULT '' NOT NULL,
   u_email     tinytext DEFAULT '' NOT NULL,
   u_phone     tinytext DEFAULT '',
   u_addr1     tinytext DEFAULT '',
   u_addr2     tinytext DEFAULT '',
   u_country   tinytext DEFAULT '',
   u_secret    tinytext,
   u_plan      text DEFAULT ''
);
*/

	define ('EXPIRY', 86400);			// Seconds until cookie expires
	
	define ('thisUrl', ereg_replace ('index.php', '', getenv ('SCRIPT_NAME')));

	/*
		authCreateSecret

		Generate a secret key for user's session
	*/
	function authCreateSecret ($userName, $encryptedPassWord)
	{
		$digest = md5 (time ());
		$cookie = "$userName-$encryptedPassWord-$digest";
		SetCookie ("loginInfo", $cookie, (time () + EXPIRY));
		$query = "UPDATE members SET u_secret='$digest'" . 
				" WHERE u_username='$userName'";
					
		$row = @mysql_db_query (sqlDB, $query);
	}
	
	/*
		authProcess
		
		Authenticate user against SQL database
	*/
	function authProcess ($userName, $password)
	{
		$query = "SELECT u_password, 1 AS auth FROM members" .
				" WHERE u_username='$userName'" .
				" AND u_password=ENCRYPT('$password','$userName')";
		$result = @mysql_fetch_array (@mysql_db_query (sqlDB, $query));

		if ($result[auth]) {
			authCreateSecret ($userName, $result[u_password]);
			return 1;
		} else {
			return 0;
		}
	}

	/*
		authCookie
		
		Authenticate user against SQL database using a cookie
	*/
	function authCookie ($cookie, $userName, $password)
	{
		$cookie_var = split ("-", $cookie);
		$cUserName = $cookie_var[0];
		$cPassword = $cookie_var[1];
		$secret = $cookie_var[2];
	
		$query = "SELECT 1 AS auth FROM members" .
				" WHERE u_username='$cUserName'" .
				" AND u_password='$cPassword'" .
				" AND u_secret='$secret'";
		$result = @mysql_fetch_array (@mysql_db_query (sqlDB, $query));

		if ($result[auth]) {
			return $cUserName;
		} else {
			authProcess ($userName, $password);
		}
	}
	
	// Initialization
	$db = @mysql_connect (sqlHost, sqlUser, sqlPass);

	if ($loginInfo) {
		$userName = authCookie ($loginInfo, $userName, $password);
	} else {
		if ($userName) {
			if (authProcess ($userName, $password) == 0) {
				$title = "Login incorrect.";
				include siteHome . "/parts/authform.php";
			}
		} else {
			$title = "Login required.";
			include siteHome . "/parts/authform.php";
		}
	}
	$query = "SELECT * FROM members" .
			" WHERE u_username='$userName'";
	$userInfo = @mysql_fetch_array (@mysql_db_query (sqlDB, $query));
	@mysql_close ($db);
?>