Location: PHPKode > projects > GeBlog > v.1/tools/auth/auth.php
<?php
// ----------------------------------------------------------------------
// GeBlog - Weblogging system
// Copyright (C) 2003 by the GeBlog Development Team.
// https://sourceforge.net/projects/geblog/
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
// Original Author of file: Jay Talbot
// Purpose of file: To house the functions for the User Authentication System.
// ----------------------------------------------------------------------

if (eregi("auth.php", $_SERVER['PHP_SELF']))
{
    die ("You can't access this file directly...");
}

extract($GLOBALS);
global $info,$sess;

if (eregi("auth.php", $_SERVER[PHP_SELF])) {
    die ("You don\'t have access to this file.");
}

$ADODB_SESSION_DRIVER=$dbtype;
$ADODB_SESSION_CONNECT=$dbhost;
$ADODB_SESSION_USER =$dbuser;
$ADODB_SESSION_PWD =$dbpass;
$ADODB_SESSION_DB =$dbname;
$ADODB_SESSION_TBL = 'sessions';

echo "<pre>\n";
session_start();
echo "</pre>\n";

function UserAuthForm()
{
    echo "<HTML>"
        ."<HEAD>"
        ."</HEAD>"
        ."<BODY>"
        ."<form method=\"post\" action=\"".$_SERVER['REQUEST_URI']."\">\n"
        ."User Name: <input type=\"text\" name=\"uname\" value=\"".$_SESSION[username]."\" size=\"10\"><BR>\n"
        ."Password:  <input type=\"password\" name=\"upass\" size=\"10\"><BR>\n"
        ."<input type=\"submit\" value=\"Submit\">\n"
        ."</form>\n"
        ."</BODY>\n"
        ."</HTML>\n";
}

function DoUserAuth()
{
    extract($GLOBALS);
    extract($_POST);
    $c->Connect($dbhost,$dbuser,$dbpass,$dbname);
    $sql = "SELECT * FROM users WHERE uname = '$uname'";
    $rs = $c->Execute($sql);
    if($rs === false) die("Connection to Database Failed!");
    if($rs->fields[1] != $uname)
    {
        $GLOBAL[loggedin] = 0;
        echo("<center><font color=\"red\"><b>Bad user name!</b></font></center>");
    }
    elseif($rs->fields[2] != md5($upass))
    {
        $$GLOBAL[loggedin] = 0;
        echo("You have entered a bad Password!");
    }
    elseif(($rs->fields[1] == $uname) && ($rs->fields[2] == md5($upass)))
    {
        list($uid,$username,$userpass,$grp) = $rs->fields;
        session_register('username','password','grp');
        $sessionid=session_id();
        setcookie("sess",$sessionid,time()+604800);
        $GLOBAL[loggedin] = 1;
        echo "<pre><META http-equiv=\"refresh\" content=\"2; url=index.php\"></pre>";
        echo "<center><b>You are now logged in!<b><br>";
        echo "If you are not redirected in 2 seconds then ";
        echo "click <i><a href=\"index.php\">here</a></i> to proceed.</center>";
    }
}

function auth($gp)
{
    global $sess;
    extract($GLOBALS);
    extract($_SESSION);
    $c->Connect($dbhost,$dbuser,$dbpass,$dbname);
    $sql = "SELECT * FROM users WHERE uname = ".$username." AND password = ".$password;
    $rs = $c->Execute($sql);
    if($gp)
    {
        list($uid,$uname,$upass,$ugrp) = $rs->fields;
        if($gp === 'All' ^ !$gp)
        {
        }
        elseif(eregi($ugrp,$gp) && ($ugrp === $grp))
        {
        }
        else
        {
            die("You cannot access this page!");
        }
    }
}

function logout()
{
    global $sess;
    extract($GLOBALS);
    if(!empty($loggedin))
    {
        $loggedin = 0;
        session_destroy();
        setcookie("sess","",time()-604800);
        echo "You are now logged out!";
    }
    else
    {
        die("You were't logged in!");
    }
}

?>

Return current item: GeBlog