Location: PHPKode > projects > ARBS > arbs-1.5.1.78/auth_web.inc.php
<?php

/*
 * ARBS - Advanced Resource Booking System
 * Copyright (C) 2005-2007 ITMC der TU Dortmund
 * Based on MRBS by Daniel Gardner <http://mrbs.sourceforge.net/>
 * 
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor,
 * Boston, MA 02110-1301, USA.
 */


/* getAuth($realm)
 * 
 * Request that the username/password be given for the specified realm
 * 
 * $realm - Which username/password do we want.
 * 
 * Nothing
 */
function authGet($realm){
    if(strpos($_SERVER['PHP_SELF'],"view_entry")>0)
        return;
?>
    <HTML>
    <HEAD>
    <TITLE><?php echo(_("Reserving devices ONLINE")); ?> - <?php echo(_("Log in")); ?></TITLE>
<LINK REL="stylesheet" href="raum/mrbs.css" type="text/css">
<META HTTP-EQUIV="Content-Type" content="text/html; charset=iso-8859-1">

    </HEAD>
<?php
    echo "<br><br><br><br><br><br><br><br><br><br><br><br>";
    echo "<div style=\"border:1px solid #0000ff;\">";
    echo "<form method=POST acttion=\"".$_SERVER['PHP_SELF']."?".$_SERVER['QUERY_STRING']."\">";
    echo "<table width=300 border=0 align=center cellspacing=0 cellpadding=1>";
    echo "<tr><td colspan=2 align=center><b>", _("Please log in"), "</b></td></tr>";
    if(isset($_POST['WEBAUTH_USER'])){
        echo "<tr><td colspan=2 align=center bgcolor=#ff0000><font color=#ffffff>", _("Username / Password wrong"), "</font></td></tr>";
    }
    echo "<tr><td>", _("Username"), "</td>";
    echo "<td><input id=\"dofocus\" type=\"text\" value=\"".$_POST['WEBAUTH_USER']."\" name=\"WEBAUTH_USER\"></td></tr>";
    
    echo "<tr><td>", _("Password"), "</td>";
    echo "<td><input type=\"password\" name=\"WEBAUTH_PW\"></td></tr>";
    
    echo "<tr><td><input type=\"submit\" value=\"", _("Continue"), "\"></td>";
    echo "<td><a href=\"javascript:history.back()\">", _("Back"), "</a></td></tr></table>";
    echo "</form></div>";
    if(isset($_POST['WEBAUTH_USER']))
        echo "<script language=JavaScript>document.getElementById('dofocus').select();</script>";
    else
       echo "<script language=JavaScript>document.getElementById('dofocus').focus();</script>";

    echo "</body></html>";
    exit;
}

/* authValidateUser($user, $pass)
 * 
 * Checks if the specified username/password pair are valid
 * 
 * $user  - The user name
 * $pass  - The password
 * 
 * Returns:
 *   0        - The pair are invalid or do not exist
 *   non-zero - The pair are valid
 */
function authValidateUser($user, $pass){
	global $auth,$users;
	// Check if we do not have a username/password
	if(!isset($user) || !isset($pass)){
		authGet($auth["realm"]);
		return 0;
	}
	
	
/*	$cmd = $auth["prog"] . ' ' . $auth["params"];
	$cmd = preg_replace('/#USERNAME#/',escapeshellcmd($user),$cmd);
	$cmd = preg_replace('/#PASSWORD#/',escapeshellcmd($pass),$cmd);
	
	exec($cmd, $output, $ret);*/
	
	if(isset($users[$user])) {
		if($users[$user]==$pass)
		{$ret = 0;}else{$ret=1;}
	}
	else{
		$ret = 1;
	}
	
	// If it succeeded, return success
	if($ret == 0){
        session_register('WEBAUTH_VALID');
        session_register('WEBAUTH_USER');
        session_register('WEBAUTH_PW');
        $_SESSION['WEBAUTH_VALID']=true;
        $_SESSION['WEBAUTH_USER']=$user;
        $_SESSION['WEBAUTH_PW']=$pass;

		return 1;
	}
	// If we failed prompt for username/password
	if($user || $pass)
		authGet($auth["realm"]);
	
	// return failure
	return 0;
}

/* authGetUserLevel($user)
 * 
 * Determines the users access level
 * 
 * $user - The user name
 *
 * Returns:
 *   The users access level
 */
function authGetUserLevel($user, $lev1_admin){
	// User not logged in, user level '0'
	if(!isset($user))
		return 0;
	
	// Check if the user is can modify
	for($i = 0; $lev1_admin[$i]; $i++){
		if(strcasecmp($user, $lev1_admin[$i]) == 0)
			return 2;
	}
	
	// Everybody else is access level '1'
	return 1;
}

function getUserName(){
    if(isset($_SESSION['WEBAUTH_VALID'])){
        return $_SESSION['WEBAUTH_USER'];
    }
	return $_POST['WEBAUTH_USER'];
}

function getUserPassword(){
    if(isset($_SESSION['WEBAUTH_VALID'])){
        return $_SESSION['WEBAUTH_PW'];
    }
	return $_POST['WEBAUTH_PW'];
}
?>
Return current item: ARBS