website/lib/auth.php

203 lines
5.2 KiB
PHP

<?
/*
auth.php
Authentication/Authorization function library
Copyright (C) 2000, 2001 Jeff Teunissen <deek@quakeforge.net>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to:
Free Software Foundation, Inc.
59 Temple Place - Suite 330
Boston, MA 02111-1307, USA.
*/
have ('auth');
need ('table');
/* SQL definition for member list table
CREATE TABLE members (
u_key int DEFAULT '0' NOT NULL auto_increment PRIMARY KEY,
u_admin char DEFAULT 'N' NOT NULL,
u_username tinytext DEFAULT '' NOT NULL,
u_password tinytext DEFAULT '' NOT NULL,
u_fullname tinytext DEFAULT '' NOT NULL,
u_email tinytext DEFAULT '' NOT NULL,
u_phone tinytext DEFAULT '',
u_addr1 tinytext DEFAULT '',
u_addr2 tinytext DEFAULT '',
u_country tinytext DEFAULT '',
u_secret tinytext,
u_plan text DEFAULT ''
);
*/
define ('EXPIRY', 86400); // Seconds until cookie expires
define ('thisUrl', ereg_replace ('index.php', '', getenv ('SCRIPT_NAME')));
/*
authLoginForm
Display a login form.
*/
function authLoginForm ($title)
{
global $siteName, $pageName, $focused, $theme;
require siteHome ."/parts/head.php"; // Load the HEAD and open BODY
require siteHome ."/parts/topstrip.php"; // Display top strip
require siteHome ."/parts/titletable.php"; // Display main title w/ logos
?>
<TABLE width="100%" cellSpacing="0" cellPadding="0" border="0">
<TR vAlign="top">
<TD bgColor="<? echo menuBgColor; ?>">
<? include siteHome . "/parts/menu.php"; ?>
</TD>
<TD width="100%">
<? tableHeader ("100%", black); ?>
<TR>
<? tableSpacer (1, 9, 3, black); ?>
</TR>
<TR>
<? tableSpacer (9, 1, 1, black); ?>
<TD>
<? require siteHome . "/parts/topmain.php"; ?>
</TD>
<? tableSpacer (9, 1, 1, black); ?>
</TR>
<TR>
<? tableSpacer (1, 18, 3, black); ?>
</TR>
<TR>
<? tableSpacer (9, 1, 1, black); ?>
<TD>
<!-- Content Start -->
<FORM name="login" method="post" action="<? echo thisUrl; ?>">
<?
tableBoxHeader (featureBgColor, tableHeadColor);
tableTitle ($title, 1, tableHeadColor);
?><TD align="center"><?
tableHeader ("100%", featureBgColor);
?>
<TR vAlign="center">
<TD align="center">
<STRONG>User Name:</STRONG>
</TD>
<TD align="center">
<INPUT name="userName" type="text" size="10">
</TD>
</TR>
<TR vAlign="center">
<TD align="center">
<STRONG>Password:</STRONG>
</TD>
<TD align="center">
<INPUT name="password" type="password" size="10">
</TD>
</TR>
<TR vAlign="center">
<TD align="center" colSpan="2">
<INPUT TYPE="submit" VALUE="Log in">
</TD>
</TR>
<?
tableFooter ();
tableBoxFooter ();
require siteHome ."/parts/postamble.php";
die ();
}
/*
authCreateSecret
Generate a secret key for user's session
*/
function authCreateSecret ($userName, $encryptedPassWord)
{
$digest = md5 (time ());
$cookie = "$userName-$encryptedPassWord-$digest";
SetCookie ("loginInfo", $cookie, (time () + EXPIRY));
$query = "UPDATE members SET u_secret='$digest'" .
" WHERE u_username='$userName'";
$row = @mysql_db_query (sqlDB, $query);
}
/*
authProcess
Authenticate user against SQL database
*/
function authProcess ($userName, $password)
{
$query = "SELECT u_password, 1 AS auth FROM members" .
" WHERE u_username='$userName'" .
" AND u_password=ENCRYPT('$password','$userName')";
$result = @mysql_fetch_array (@mysql_db_query (sqlDB, $query));
if ($result[auth]) {
authCreateSecret ($userName, $result[u_password]);
} else {
authLoginForm ('Login incorrect.');
}
}
/*
authCookie
Authenticate user against SQL database using a cookie
*/
function authCookie ($cookie, $userName, $password)
{
$cookie_var = split ("-", $cookie);
$cUserName = $cookie_var[0];
$cPassword = $cookie_var[1];
$secret = $cookie_var[2];
$query = "SELECT 1 AS auth FROM members" .
" WHERE u_username='$cUserName'" .
" AND u_password='$cPassword'" .
" AND u_secret='$secret'";
$result = @mysql_fetch_array (@mysql_db_query (sqlDB, $query));
if ($result[auth]) {
return $cUserName;
} else {
authProcess ($userName, $password);
}
}
// Initialization
$db = @mysql_connect (sqlHost, sqlUser, sqlPass);
global $userName, $password, $loginInfo, $userInfo;
if ($loginInfo) {
$userName = authCookie ($loginInfo, $userName, $password);
} else {
if ($userName) {
authProcess ($userName, $password);
} else {
authLoginForm ('Login required');
}
}
$query = "SELECT * FROM members" .
" WHERE u_username='$userName'";
$userInfo = @mysql_fetch_array (@mysql_db_query (sqlDB, $query));
@mysql_close ($db);
?>