<?php
// ----------------------------------------------------------------------
// GeBlog - Weblogging system
// Copyright (C) 2003 by the GeBlog Development Team.
// https://sourceforge.net/projects/geblog/
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
// Original Author of file: Jay Talbot
// Purpose of file: To house the functions for the User Authentication System.
// ----------------------------------------------------------------------
if (eregi("auth.php", $_SERVER['PHP_SELF']))
{
die ("You can't access this file directly...");
}
extract($GLOBALS);
global $info,$sess;
if (eregi("auth.php", $_SERVER[PHP_SELF])) {
die ("You don\'t have access to this file.");
}
$ADODB_SESSION_DRIVER=$dbtype;
$ADODB_SESSION_CONNECT=$dbhost;
$ADODB_SESSION_USER =$dbuser;
$ADODB_SESSION_PWD =$dbpass;
$ADODB_SESSION_DB =$dbname;
$ADODB_SESSION_TBL = 'sessions';
echo "<pre>\n";
session_start();
echo "</pre>\n";
function UserAuthForm()
{
echo "<HTML>"
."<HEAD>"
."</HEAD>"
."<BODY>"
."<form method=\"post\" action=\"".$_SERVER['REQUEST_URI']."\">\n"
."User Name: <input type=\"text\" name=\"uname\" value=\"".$_SESSION[username]."\" size=\"10\"><BR>\n"
."Password: <input type=\"password\" name=\"upass\" size=\"10\"><BR>\n"
."<input type=\"submit\" value=\"Submit\">\n"
."</form>\n"
."</BODY>\n"
."</HTML>\n";
}
function DoUserAuth()
{
extract($GLOBALS);
extract($_POST);
$c->Connect($dbhost,$dbuser,$dbpass,$dbname);
$sql = "SELECT * FROM users WHERE uname = '$uname'";
$rs = $c->Execute($sql);
if($rs === false) die("Connection to Database Failed!");
if($rs->fields[1] != $uname)
{
$GLOBAL[loggedin] = 0;
echo("<center><font color=\"red\"><b>Bad user name!</b></font></center>");
}
elseif($rs->fields[2] != md5($upass))
{
$$GLOBAL[loggedin] = 0;
echo("You have entered a bad Password!");
}
elseif(($rs->fields[1] == $uname) && ($rs->fields[2] == md5($upass)))
{
list($uid,$username,$userpass,$grp) = $rs->fields;
session_register('username','password','grp');
$sessionid=session_id();
setcookie("sess",$sessionid,time()+604800);
$GLOBAL[loggedin] = 1;
echo "<pre><META http-equiv=\"refresh\" content=\"2; url=index.php\"></pre>";
echo "<center><b>You are now logged in!<b><br>";
echo "If you are not redirected in 2 seconds then ";
echo "click <i><a href=\"index.php\">here</a></i> to proceed.</center>";
}
}
function auth($gp)
{
global $sess;
extract($GLOBALS);
extract($_SESSION);
$c->Connect($dbhost,$dbuser,$dbpass,$dbname);
$sql = "SELECT * FROM users WHERE uname = ".$username." AND password = ".$password;
$rs = $c->Execute($sql);
if($gp)
{
list($uid,$uname,$upass,$ugrp) = $rs->fields;
if($gp === 'All' ^ !$gp)
{
}
elseif(eregi($ugrp,$gp) && ($ugrp === $grp))
{
}
else
{
die("You cannot access this page!");
}
}
}
function logout()
{
global $sess;
extract($GLOBALS);
if(!empty($loggedin))
{
$loggedin = 0;
session_destroy();
setcookie("sess","",time()-604800);
echo "You are now logged out!";
}
else
{
die("You were't logged in!");
}
}
?>