website/lib/auth.php

<?
	/*
		auth.php
		
		Authentication/Authorization function library

		Copyright (C) 2000 Contributors of the QuakeForge Project
		Please see the file "AUTHORS" for a list of contributors

		This program is free software; you can redistribute it and/or
		modify it under the terms of the GNU General Public License
		as published by the Free Software Foundation; either version 2
		of the License, or (at your option) any later version.

		This program is distributed in the hope that it will be useful,
		but WITHOUT ANY WARRANTY; without even the implied warranty of
		MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  

		See the GNU General Public License for more details.

		You should have received a copy of the GNU General Public License
		along with this program; if not, write to:

		Free Software Foundation, Inc.
		59 Temple Place - Suite 330
		Boston, MA  02111-1307, USA.
	*/

	have ('auth');
	need ('sql table');
	
/*									SQL definition for member list table
CREATE TABLE members (
   u_key       int DEFAULT '0' NOT NULL auto_increment PRIMARY KEY,
   u_admin     char DEFAULT 'N' NOT NULL,
   u_username  tinytext DEFAULT '' NOT NULL,
   u_password  tinytext DEFAULT '' NOT NULL,
   u_fullname  tinytext DEFAULT '' NOT NULL,
   u_email     tinytext DEFAULT '' NOT NULL,
   u_phone     tinytext DEFAULT '',
   u_addr1     tinytext DEFAULT '',
   u_addr2     tinytext DEFAULT '',
   u_country   tinytext DEFAULT '',
   u_secret    tinytext,
   u_plan      text DEFAULT ''
);
*/

	define ('EXPIRY', 86400);			// Seconds until cookie expires
	
	define ('thisUrl', ereg_replace ('index.php', '', getenv ('SCRIPT_NAME')));

	/*
		authLoginForm

		Display a login form.
	*/
	function authLoginForm( $title )
	{
		global $siteName, $pageName, $focused;
		
		require(siteHome ."/parts/head.php"); 		// Load the HEAD and open BODY
		require(siteHome ."/parts/topstrip.php");	// Display top strip
		require(siteHome ."/parts/titletable.php"); // Display main title w/ logos
		?>
<TABLE width="100%" cellSpacing="0" cellPadding="0" border="0">
	<TR vAlign="top">
		<TD bgColor="<? echo menuBgColor; ?>">
			<? include(siteHome ."/parts/menu.php"); /* menus */ ?>
		</TD>
		<TD width="100%">
			<? tableHeader("100%", "black"); ?>
				<TR>
					<? tableSpacer( 9, 9, 3, "black"); ?>
				</TR>
				<TR>
					<? tableSpacer( 9, 9, 1, "black"); ?>
					<TD>
						<? require(siteHome ."/parts/topmain.php"); ?>
					</TD>
					<? tableSpacer( 9, 9, 1, "black"); ?>
				</TR>
				<TR>
					<? tableSpacer( 18, 9, 3, "black"); ?>
				</TR>
				<TR>
					<? tableSpacer( 9, 9, 1, "black"); ?>
					<TD>
<!-- Content Start -->

		<FORM name="login" method="post" action="<? echo thisUrl; ?>">
		<?
		tableBoxHeader(featureBgColor, tableHeadColor);
		tableTitle($title, 1, tableHeadColor);
		?><TD align="center"><?		
		tableHeader("100%", featureBgColor);
		?>
		<TR vAlign="center">
			<TD align="center">
				<STRONG>User Name:</STRONG>
			</TD>
			<TD align="center">
				<INPUT name="userName" type="text" size="10">
			</TD>
		</TR>
		<TR vAlign="center">
			<TD align="center">
				<STRONG>Password:</STRONG>
			</TD>
			<TD align="center">
				<INPUT name="password" type="password" size="10">
			</TD>
		</TR>
		<TR vAlign="center">
			<TD align="center" colSpan="2">
				<INPUT TYPE="submit" VALUE="Log in">
			</TD>
		</TR>
		<?
		tableFooter();
		tableBoxFooter();
		require (siteHome ."/parts/postamble.php");
		die();
	}

	/*
		authCreateSecret

		Generate a secret key for user's session
	*/
	function authCreateSecret( $userName, $encryptedPassWord )
	{
		$digest = md5( time() );
		$cookie = "$userName-$encryptedPassWord-$digest";
		SetCookie( "loginInfo", $cookie, ( time() + EXPIRY ));
		$query = "UPDATE members SET u_secret='$digest'" . 
				" WHERE u_username='$userName'";
					
		$row = @mysql_db_query (sqlDB, $query);
	}
	
	/*
		authProcess
		
		Authenticate user against SQL database
	*/
	function authProcess ($userName, $password)
	{
		$query = "SELECT u_password, 1 AS auth FROM members" .
				" WHERE u_username='$userName'" .
				" AND u_password=ENCRYPT('$password','$userName')";
		$result = @mysql_fetch_array (@mysql_db_query (sqlDB, $query));
		
		if ( $result[auth] ) {
			authCreateSecret( $userName, $result[u_password] );
		}
	}

	/*
		authCookie
		
		Authenticate user against SQL database using a cookie
	*/
	function authCookie( $cookie, $userName, $password )
	{
		$cookie_var = split("-", $cookie);
		$cUserName = $cookie_var[0];
		$cPassword = $cookie_var[1];
		$secret = $cookie_var[2];
	
		$query = "SELECT 1 AS auth FROM members" .
				" WHERE u_username='$cUserName'" .
				" AND u_password='$cPassword'" .
				" AND u_secret='$secret'";
		$result = @mysql_fetch_array (@mysql_db_query (sqlDB, $query));

		if ( !($result[auth]) ) {
			authProcess ($username, $password);
		} else {
			return $cUserName;
		}
	}
	
	// Initialization
	$db = @mysql_connect (sqlHost, sqlUser, sqlPass);

	global $userName, $password, $loginInfo, $userInfo;
	
	if ($loginInfo) {
		$userName = authCookie ($loginInfo, $userName, $password);
	} else {
		if ($userName) {
			authProcess ($userName, $password);
		} else {
			authLoginForm ('Login required');
		}
	}
	$query = "SELECT * FROM members" .
			" WHERE u_username='$userName'";
	$userInfo = @mysql_fetch_array (@mysql_db_query (sqlDB, $query));
	@mysql_close ($db);
	
?>