<?php
extract($_POST);
mysql_connect("$DBhost:$DBport",$DBuser,$DBpass) or die("Unable to connect to database");
@mysql_select_db("$DBName") or die("Unable to select database $DBName");
if (empty($auth_action)) {
if (empty($_COOKIE['clearsite']['user_ID'])){
$auth_content = "
<form action=\"$ClearsiteBaseURL/index.php\" method=\"post\">
<fieldset>
<legend></legend>
<input type=\"hidden\" name=\"auth_action\" value=\"logon\" />
Domain\Username: <input type=\"text\" name=\"username\" size=\"10\" />
Password: <input type=\"password\" name=\"password\" size=\"10\" />
<input type=\"image\" class=\"login\" src=\"$ClearsiteBaseURL/images/submit.png\" />
</fieldset>
</form>
";
} else {
$user_ID = $_COOKIE['clearsite']['user_ID'];
$user_query = "SELECT username FROM user_data WHERE user_ID=\"$user_ID\"";
$user_result = mysql_query($user_query);
$user_row = mysql_fetch_assoc($user_result);
$auth_content = "
<form action=\"$ClearsiteBaseURL/index.php\" method=\"post\">
<fieldset>
<legend></legend>
Logged in as $user_row[username]
<input type=\"image\" class=\"login\" src=\"$ClearsiteBaseURL/images/logoff.png\" />
<input type=\"hidden\" name=\"auth_action\" value=\"logoff\" />
</fieldset>
</form>
";
};
} else if ($auth_action == "logon") {
if (!empty($username)) {
$username = strtolower($username);
if ($use_ldap == "yes" and $username != "csadmin") {
$ds=ldap_connect("$ldap_server") or die("Couldn't Connect");
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
error_reporting(0);
if ($r=ldap_bind($ds,$username,$password)) {
if (strpos($username, "\\") != false) {
$domain = substr($username, 0, strpos($username, "\\"));
$username = substr($username, strpos($username, "\\") + 1);
} else {
$domain = "Unknown";
};
ldap_unbind($ds);
$user_exists_query = "SELECT user_ID, username FROM user_data WHERE username=\"$username\"";
$user_exists_result = mysql_query($user_exists_query) or die('Query failed: ' . mysql_error());
$user_exists_row = mysql_fetch_assoc($user_exists_result);
if (empty($user_exists_row)) {
$user_add_query = "INSERT INTO user_data SET username=\"$username\", domain=\"$domain\"";
$user_add_result = mysql_query($user_add_query) or die('Query failed: ' . mysql_error());
$user_exists_query = "SELECT user_ID, username FROM user_data WHERE username=\"$username\"";
$user_exists_result = mysql_query($user_exists_query) or die('Query failed: ' . mysql_error());
$user_exists_row = mysql_fetch_assoc($user_exists_result);
$new_user = "Yes";
};
setcookie("clearsite[user_ID]", "$user_exists_row[user_ID]", time()+604800, "/", $DomainCookie);
$refresh_index = "Y";
$auth_content = "
<form action=\"$ClearsiteBaseURL/index.php\" method=\"post\">
<fieldset>
<legend></legend>
Logged in as $user_exists_row[username]
<input type=\"hidden\" name=\"auth_action\" value=\"logoff\" />
<input type=\"image\" class=\"login\" src=\"$ClearsiteBaseURL/images/submit.png\" />
</fieldset>
</form>
";
} else {
$auth_content = "
<form action=\"$ClearsiteBaseURL/index.php\" method=\"post\">
<fieldset>
<legend></legend>
<font color=\"#FF0000\">Login Failed</font>
<input type=\"hidden\" name=\"auth_action\" value=\"logon\" />
Domain\Username: <input type=\"text\" name=\"username\" size=\"10\" />
Password: <input type=\"password\" name=\"password\" size=\"10\" />
<input type=\"image\" class=\"login\" src=\"$ClearsiteBaseURL/images/submit.png\" />
</fieldset>
</form>
";
};
error_reporting(E_ALL);
} else {
$hash_query = "SELECT user_ID, passwd, username FROM user_data WHERE username = \"$username\"";
$hash_results = mysql_query($hash_query);
$hash_row = mysql_fetch_assoc($hash_results);
if (empty($hash_row)) {
$passwd_crypt = crypt($password, '$1$clearsite');
$user_add_query = "INSERT INTO user_data SET username=\"$username\", passwd=\"$passwd_crypt\"";
$user_add_result = mysql_query($user_add_query) or die('Query failed: ' . mysql_error());
$hash_query = "SELECT user_ID, passwd, username FROM user_data WHERE username=\"$username\"";
$hash_result = mysql_query($hash_query) or die('Query failed: ' . mysql_error());
$hash_row = mysql_fetch_assoc($hash_result);
$new_user = "Yes";
};
if ($hash_row['passwd'] == crypt($password, '$1$clearsite')) {
if ($_SERVER['HTTP_HOST'] != 'localhost') {
$domain = $DomainCookie;
} else {
$domain = false;
};
setcookie("clearsite[user_ID]", "$hash_row[user_ID]", time()+604800, "/", $domain);
$refresh_index = "Y";
$auth_content = "
<form action=\"$ClearsiteBaseURL/index.php\" method=\"post\">
<fieldset>
<legend></legend>
Logged in as $hash_row[username]
<input type=\"hidden\" name=\"auth_action\" value=\"logoff\" />
<input type=\"image\" class=\"login\" src=\"$ClearsiteBaseURL/images/submit.png\" />
</fieldset>
</form>
";
} else {
$auth_content = "
<form action=\"$ClearsiteBaseURL/index.php\" method=\"post\">
<fieldset>
<legend></legend>
<font color=\"#FF0000\">Login Failed</font>
<input type=\"hidden\" name=\"auth_action\" value=\"logon\" />
Domain\Username: <input type=\"text\" name=\"username\" size=\"10\" />
Password: <input type=\"password\" name=\"password\" size=\"10\" />
<input type=\"image\" class=\"login\" src=\"$ClearsiteBaseURL/images/submit.png\" />
</fieldset>
</form>
";
};
};
} else {
$auth_content = "
<form action=\"$ClearsiteBaseURL/index.php\" method=\"post\">
<fieldset>
<legend></legend>
<font color=\"#FF0000\">Login Failed</font>
<input type=\"hidden\" name=\"auth_action\" value=\"logon\" />
Domain\Username: <input type=\"text\" name=\"username\" size=\"10\" />
Password: <input type=\"password\" name=\"password\" size=\"10\" />
<input type=\"image\" class=\"login\" src=\"$ClearsiteBaseURL/images/submit.png\" />
</fieldset>
</form>
";
};
} else if ($auth_action == "logoff") {
setcookie("clearsite[user_ID]", "", time()-3600, "/", $DomainCookie);
$refresh_index = "Y";
$auth_content = "
<form action=\"$ClearsiteBaseURL/index.php\" method=\"post\">
<fieldset>
<legend></legend>
<input type=\"hidden\" name=\"auth_action\" value=\"logon\" />
Domain\Username: <input type=\"text\" name=\"username\" size=\"10\" />
Password: <input type=\"password\" name=\"password\" size=\"10\" />
<input type=\"image\" class=\"login\" src=\"$ClearsiteBaseURL/images/submit.png\" />
<fieldset>
</form>
";
} else {
$user_ID = $_COOKIE['clearsite']['user_ID'];
$user_query = "SELECT username FROM user_data WHERE user_ID=\"$user_ID\"";
$user_result = mysql_query($user_query);
$user_row = mysql_fetch_assoc($user_result);
$auth_content = "
<form action=\"$ClearsiteBaseURL/index.php\" method=\"post\">
<fieldset>
<legend></legend>
Logged in as $user_row[username]
<input type=\"hidden\" name=\"auth_action\" value=\"logoff\" />
<input type=\"image\" class=\"login\" src=\"$ClearsiteBaseURL/images/logoff.png\" />
</fieldset>
</form>
";
};
mysql_close();
?>