<?
//
// Copyright (c) 2002, Cameron McKay
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions
// are met:
// * Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
// * Redistributions in binary form must reproduce the above copyright
// notice, this list of conditions and the following disclaimer in the
// documentation and/or other materials provided with the distribution.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
// TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
// OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
// OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
//
// Informium -- Advanced News Script
//
// Login Script (login.php)
//
// Author: Cameron McKay
// Note: Authenticates the user.
//
// Import CONF.
require_once('conf/inf-conf.php');
// Title.
$title = 'Authentication';
// Import the COOKIE, MYSQL, and XHTML classes.
require_once("$CONF[local_path]/class/cookie-class.php");
require_once("$CONF[local_path]/class/mysql-class.php");
require_once("$CONF[local_path]/class/user-class.php");
require_once("$CONF[local_path]/class/xhtml-class.php");
// Create new COOKIE and XHTML objects.
$cookie = new cookie();
$user = new user();
$xhtml = new xhtml();
// Check if we're already authenicated.
// If we are, then forward us to the admin section.
if ($cookie->status($COOKIE_LOGIN))
header("Location: index.php");
// Check if 'username' and 'password' have been passed.
if (isset($username) && isset($password)) {
// Check to see if they're the 'anonymous' user.
if (!strcasecmp($username, 'anonymous')) {
// They're not allowed in.
$result = 0;
// Otherwise, check if the user exists.
} else {
// Check if user exists.
$result = $user->check($username);
}
// If it does, then authenticated.
if ($result == 1) {
// Check if they're authorized.
if ($user->authenticate($username, $password)) {
// Set the cookie.
$cookie->encode('COOKIE_LOGIN', $username, $password);
// Send the user to the administration section.
header("Location: index.php");
// Otherwise leave an error message.
} else {
// Set the error message.
$message = "Incorrect password or username does not exist.<br />\n";
}
// If it doesn't then refuse authorization.
} else if ($result == 0) {
// Set the error message.
$message = "Username does not exist.<br />\n";
// If there are illegal characters then inform the user.
} else if ($result == -1) {
// Set the error message.
$message = "Username contains illegal characters.<br />\n";
// Otherwise something went screwy.
} else {
// Set the error message.
$message = "Something went horribly, horribly wrong. (Error Code: $result)<br />\n";
}
}
// Start the page XHTML.
$xhtml->header($title);
// Start Body.
?>
<br /><br /><br />
<br /><br /><br />
<br />
<? $xhtml->table_start('header', 300); ?>
<? echo $CONF[www_title]; ?> Login
<? $xhtml->table_end(); ?>
<br />
<? $xhtml->table_start('normal', 300); ?>
<form action='<? echo $PHP_SELF; ?>' method='post'>
<input type='hidden' name='redirect' value='<? echo $redirect; ?>' />
<table class='normal'>
<tr> <td> Username:</td> <td><input type='text' name='username' /></td> </tr>
<tr> <td> Password:</td> <td><input type='password' name='password' /></td> </tr>
<tr> <td> </td> <td><input type='submit' value='Submit' /></td> </tr>
</table>
<? $xhtml->table_end(); ?>
<br />
<?
// Print the error message.
if (isset($message)) {
$xhtml->table_start('normal', 300);
echo " " . $message;
$xhtml->table_end();
}
// End Body.
// End the page XHTML.
$xhtml->footer();
?>