Location: PHPKode > projects > Homeless Mangement Information System > hmis/include/authenticate_public.inc
<?php
//*Client Data System, Copyright (C) 2000, 2001, 2002 Tedd Kelleher.  This is free software, subject to the 
//*GNU GENERAL PUBLIC LICENSE, Version 2, June 1991 (in file named gpl.txt), which should accompany 
//*any distribution of this file.  Tedd Kelleher can be contacted at hide@address.com

include($include_root.'initialize.inc');
include($include_root.'db_connection.inc');
include_once($include_root.'utility.inc');
$db_link = db_generic_connect ();

$client_ip = addslashes(getenv('REMOTE_ADDR'));
$date_stamp = safe_date('YmdHi');
$unix_date = time();

ban_check();

//If they try to crack the system by submitting their own $logged-in variable, ban them
if($HTTP_COOKIE_VARS["logged_in"] || $HTTP_POST_VARS["logged_in"] || $HTTP_GET_VARS["logged_in"])	{
	ban ($client_ip, $user_id, $this_page, "", "",
     "Attempt to illegally submit the \$logged_in variable via a cookie, post, or get", $date_stamp);
     $_SESSION['logged_inB'] = "fishswamp";
     exit;
}

$user_id = 99999;
$org_id = 99999;
$group_id = 99999;

////Beginging Authentication of Functions *********************************
///////////////////////////////////////////////////////////////////////////
function ban ($bad_login, $ban_message, $ban_type)	{
	GLOBAL $client_ip, $user_id, $this_page, $date_stamp, $unix_date; 
	
	echo "<html><body>You are Banned</body></html>";
	$client_ip = addslashes ($client_ip);
    $user_id = addslashes ($user_id);
    $this_page = addslashes ($this_page);
    $login = addslashes ($bad_login);
    $ban_message = addslashes ($ban_message);
    $ban_type = addslashes ($ban_type);
    $date_stamp = addslashes ($date_stamp);
    $unix_date = addslashes ($unix_date);
    
    if(strlen ($bad_login) > 25){$login="TOO LONG";}
	$sql = "INSERT INTO ban (ban_ip, ban_user_id, ban_this_page, ban_bad_login, ban_message, ban_type, ban_date_stamp, ban_unix_date)
     VALUES ('".$client_ip."', '".$user_id."', '".$this_page."', '".$login."', '".$ban_message."', '".$ban_type."', '".$date_stamp."',
      '".$unix_date."')";
	run_query ($sql, "ban");
	exit;
}



function time_add ($interval, $number, $date)	{

	$date_time_array  = safe_getdate($date);
		
	$hours =  $date_time_array["hours"];
	$minutes =  $date_time_array["minutes"];
	$seconds =  $date_time_array["seconds"];
	$month =  $date_time_array["mon"];
	$day =  $date_time_array["mday"];
	$year =  $date_time_array["year"];


    switch ($interval)	{
    
        case "Y":
            $add = $number * 31536000;
            break;        
        case "quarter":
            $add = $number * 7776000;
            break;        
        case "m":
            $add = $number * 2592000;
            break;        
        case "d":
            $add = $number * 86400;
            break;        
        case "week":
             $add = $number * 604800;
            break;        
        case "H":
             $add = $number * 3600;
            break;        
        case "i":
             $add = $number * 60;
            break;        
        case "s":
             $add = $number;
            break;        
	}  
    
   $result_time = $add + $date;
    
    return $result_time;

}



function ban_check ()	{

	GLOBAL $unix_date;
	GLOBAL $client_ip;
	
    $client_ip = addslashes ($client_ip);	
	//Check to see if they are banned
	$one_hour_ago = time_add ("H", -1, $unix_date);
	$sql = "SELECT * FROM ban WHERE ban_ip LIKE '".$client_ip."' AND ((ban_unix_date > '".$one_hour_ago."') OR (ban_type LIKE
     'forever'))";
    $query_result = run_query ($sql, "Check on bans");
	$result_rows = num_rows ($query_result);
	if($result_rows > 0){echo "You are banned"; exit;}

	//Check to see if there are too many failed logins overall. If so, "TURTLE."
	$sql = "SELECT * FROM failed_logins WHERE failed_unix_date > '".$one_hour_ago."'";
	$query_result = run_query ($sql, "Check on TURTLE");
	$result_rows = num_rows ($query_result);
	if($result_rows > 9){echo "TURTLE"; exit;}

	//Check to see if the user has failed to login too many times. If yes, ban them
	$sql = "SELECT * FROM failed_logins WHERE failed_ip LIKE '".$client_ip."' AND failed_unix_date > '".$one_hour_ago."'";
	$query_result = run_query ($sql, "Check on bans");
	$result_rows = num_rows ($query_result);
	if($result_rows > 3){ban ($HTTP_POST_VARS["form_login"], "Too Many Failed Logins", "1"); exit;}

}



function page_access_level_check ($page_access_levels, $user_access_level)	{
	GLOBAL $this_page;
	GLOBAL $page_id;
	GLOBAL $user_id;
	
	if(!strstr ($page_access_levels, ":".$user_access_level.":") && $page_access_levels != "all")	{
		echo "User Does Not Have Permission to Access This Page. ";
		failed_login ("User: ".$user_id, "Bad Access: ".$page_id);
		exit;
	}
}



//Converts variables received by either post or get into normal variables
function convert_post_and_get_variable ($variable_name) {
    //In case the "register_globals" variable in "php.ini" is accidentially left "On", unset the variable
    unset($$variable_name);
    
    GLOBAL $$variable_name, $HTTP_GET_VARS, $HTTP_POST_VARS;
    
    if(isset ($HTTP_GET_VARS[$variable_name]))  {
    
        $$variable_name = $HTTP_GET_VARS[$variable_name];
    
    }
    
    if(isset ($HTTP_POST_VARS[$variable_name]))  {
    
        $$variable_name = $HTTP_POST_VARS[$variable_name];
    
    }
   
}

function destroy_session () {
    GLOBAL  $logged_in;
    session_destroy();
	session_unset('logged_in'); 
	$logged_in = "fishswamp";
    $_SESSION['logged_inB'] = "fishswamp";
}

//Function used to debug variables
function display_value ($variable, $variable_name="")  {

    if($variable_name)  {echo "Variable: ".$variable_name."<br/>";}
    if ( is_array ($variable) )    {
        foreach ($variable AS $key => $value)	{
    	    echo "Key0: ".$key." Value0: ".$value."<br/>";

            if (is_array ($value) ) {
                foreach ($value AS $key2 => $value2)	{
	    	        echo "&nbsp;&nbsp;Key1: ".$key2."; Value1: ".$value2."<br/>";
                    
                    if (is_array ($value2) ) {
                        foreach ($value2 AS $key3 => $value3)	{
	    	                echo "&nbsp;&nbsp;&nbsp;&nbsp;Key2: ".$key3."; Value2: ".$value3."<br/>";
							
							if (is_array ($value3) ) {
                        		foreach ($value3 AS $key4 => $value4)	{
	    	                		echo "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Key3: ".$key4."; Value3: ".$value4."<br/>";
								}
							}
                        }
                    }
		        }
            }
        }
    }                                    
}


?>
Return current item: Homeless Mangement Information System