Location: PHPKode > projects > Cynus > cynus/login_func.php
<?php
/**
 * @file login_func.php -- Provides functions to log users in
 * @Id $Id: login_func.php,v 1.17 2004/07/29 19:18:32 brett Exp $
 *
 * Cynus - a web-based content manager
 * Copyright (C) 2003 Brett and Jason Profitt
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or (at
 * your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 *
 */
 
/******************************
Check Login: bool check_login(int $require_login);
Check Login does two things. First, it checks the user's
cookie to verify the login If they get logged in, $user_config is set
and check_login returns TRUE. Second, if $require_login is set to 1, 
the user will be required to have a valid login cookie/password
to access the section. If he/she does not, cynus will force the user
to login before accessing the section. If $require_login is set to 0,
this will merely check if the user is logged in and return the
user information if they are.
******************************/

function check_login() {
	global $config;
	$prefix_username=$config['sql_prefix'] . 'username';
	$prefix_password=$config['sql_prefix'] . 'password';
	$query="SELECT * from `$config[sql_prefix]users` WHERE `username`='$_COOKIE[$prefix_username]' AND `password`='$_COOKIE[$prefix_password]'";
	$user_row=mysql_request($query);
	#ok, now if we get a user ID, then we've obviously selected a good row
	#in that case, the user is logged in
	if($user_row['id'] != "" && ($_COOKIE["$prefix_username"] != "" && $_COOKIE["$prefix_password"] != "")) {
		$query="UPDATE `$config[sql_prefix]users` SET `last_click`='" . time() . "' WHERE `id`='$user_row[id]'";
		#for good measure, let's make an array out of the permissions
		if($user_row['permissions'] != '') {$user_row['permissions_array']=split(":", $user_row['permissions']);}
		else{$user_row['permissions_array']=array();}
		mysql_query($query);
		define(LOGGED_IN, 1);
		return  $user_row;
	}
	else{
		#let's go ahead and ensure that they have no cookie stuff
		setcookie($prefix . 'username', '', time(), '/');
		setcookie($prefix . 'password', '', time(), '/');
		#and just to make sure they are identified as not logged in
		define(LOGGED_IN, 0);
		$user_row['level']=0;
		return $user_row;
	}
}

/*******************************
Login Prompt: string login_prompt(string $page)
Returns a standard login prompt that sends the user to
index.php after logging in. Returns the form with $page
as "Logging into $page"
*******************************/
function login_prompt($page) {
	global $config;
	return <<<___eofh
You must login before accessing the $page.<br>
<form method="POST" action="$config[url_base_dir]/index.php?action=login">
Username: <input type="text" name="username" value="$_POST[username]" class="login_username" /><br />
Password: <input type="password" name="password" value="" class="login_password" /><br />
<input type="submit" value="Login" class="button" />
</form>
___eofh;
}


/********************************
Login User: int login_user()
Login User reads from the $_POST array to get 
$_POST[username] and $_POST[password].
It them checks that information against the 
users table.  If everything checks out, it sets a cookie.
Here are the error codes it can return
0 -> No error
1 -> Username and Password not sent
2 -> Bad Username, user does not exist.
3 -> Bad Password, supplied password does not match actual password
********************************/
function login_user() {
	global $config;
	if($_POST['username'] && $_POST['password']) {
		$query="SELECT * from `$config[sql_prefix]users` WHERE STRCMP(`username`, '$_POST[username]') = 0";
		$user_row=mysql_request($query);
		#If an ID exists, we have a valid user
		if($user_row['id'] != "") {
			#now let's compare the passwords
			$enc_pass = crypt($_POST['password'], $user_row['password']);
			if($enc_pass == $user_row['password']) {
				setcookie($config['sql_prefix'] . 'username', $user_row['username'], (time() + 604800), '/');
				setcookie($config['sql_prefix'] . 'password', $user_row['password'], (time() + 604800), '/');
				define(LOGGED_IN, 1);
				return 0;
			}
			#bad password
			else {
				define(LOGGED_IN, 0);
				return 3;
			}
		}
		#bad username
		else{
			define(LOGGED_IN, 0);
			return 2;
		}
	}
	#username and password not sent
	else{
		define(LOGGED_IN, 0);
		return 1;
	}
}


/********************************
Get Login Error: string get_login_error(int $error_number)
This converts a login error number to a string
0 -> No error
1 -> Username and Password not sent
2 -> Bad Username, user does not exist.
3 -> Bad Password, supplied password does not match actual password
********************************/
function get_login_error($error_number) {
	$login_errors = array(
		0 => "No Error",
		1 => "Username and Password both not sent.",
		2 => "Bad Username, user does not exist.",
		3 => "Bad Password, supplied password does not match actual password"
	);
	#return $login_errors[$error_number];
	cynus_debug('Error logging in: ' . $login_errors[$error_number], 2);
	return 'Username or password invalid.';
}

?>
Return current item: Cynus