Location: PHPKode > projects > Network Managment / Inventory System > clearsite/include/user/auth.php
<?php

extract($_POST);

mysql_connect("$DBhost:$DBport",$DBuser,$DBpass) or die("Unable to connect to database");
@mysql_select_db("$DBName") or die("Unable to select database $DBName");

if (empty($auth_action)) {
	if (empty($_COOKIE['clearsite']['user_ID'])){
		$auth_content = "
										 <form action=\"$ClearsiteBaseURL/index.php\" method=\"post\">
										 	<fieldset>
										 		<legend></legend>
										 		<input type=\"hidden\" name=\"auth_action\" value=\"logon\" />
										 		Domain\Username: <input type=\"text\" name=\"username\" size=\"10\" />
										 		&nbsp;Password: <input type=\"password\" name=\"password\" size=\"10\" />
										 		<input type=\"image\" class=\"login\" src=\"$ClearsiteBaseURL/images/submit.png\"  />
										 	</fieldset>
										 </form>
		";
	} else {
		$user_ID = $_COOKIE['clearsite']['user_ID'];
		$user_query = "SELECT username FROM user_data WHERE user_ID=\"$user_ID\"";
		$user_result = mysql_query($user_query);
		$user_row = mysql_fetch_assoc($user_result);
		$auth_content = "
				  	         <form action=\"$ClearsiteBaseURL/index.php\" method=\"post\">
				  	         	<fieldset>
										 		<legend></legend>
				  	  					Logged in as $user_row[username] &nbsp;&nbsp;
				  	  					<input type=\"image\" class=\"login\" src=\"$ClearsiteBaseURL/images/logoff.png\" />
				  	  			  	<input type=\"hidden\" name=\"auth_action\" value=\"logoff\" />
				  	  			  </fieldset>
				  	  			 </form>
	  ";
	};
} else if ($auth_action == "logon") {
	if (!empty($username)) {
		$username = strtolower($username);
		
		if ($use_ldap == "yes" and $username != "csadmin") {
		  $ds=ldap_connect("$ldap_server") or die("Couldn't Connect");
		  ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
	    ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
		  error_reporting(0);
		  if ($r=ldap_bind($ds,$username,$password)) {
	    	if (strpos($username, "\\") != false) {
	    		$domain   = substr($username, 0, strpos($username, "\\"));
	    		$username = substr($username, strpos($username, "\\") + 1);
	    	} else {
	    		$domain = "Unknown";
	    	};
	      ldap_unbind($ds);
	      $user_exists_query = "SELECT user_ID, username FROM user_data WHERE username=\"$username\"";
		  	$user_exists_result = mysql_query($user_exists_query) or die('Query failed: ' . mysql_error());
		  	$user_exists_row = mysql_fetch_assoc($user_exists_result);
		  	if (empty($user_exists_row)) {
		  		$user_add_query = "INSERT INTO user_data SET username=\"$username\", domain=\"$domain\"";
		  		$user_add_result = mysql_query($user_add_query) or die('Query failed: ' . mysql_error());
		  		$user_exists_query = "SELECT user_ID, username FROM user_data WHERE username=\"$username\"";
		  		$user_exists_result = mysql_query($user_exists_query) or die('Query failed: ' . mysql_error());
		  		$user_exists_row = mysql_fetch_assoc($user_exists_result);
		  		$new_user = "Yes";
		  	};
		  	setcookie("clearsite[user_ID]", "$user_exists_row[user_ID]", time()+604800, "/", $DomainCookie);
		  	$refresh_index = "Y";
		  	$auth_content =  "
		  			  	        <form action=\"$ClearsiteBaseURL/index.php\" method=\"post\">
		  			  	         <fieldset>
		  								 		<legend></legend>
		  			  	  				Logged in as $user_exists_row[username] &nbsp;&nbsp;
		  			  	  			  <input type=\"hidden\" name=\"auth_action\" value=\"logoff\" />
		  			  	  			  <input type=\"image\" class=\"login\" src=\"$ClearsiteBaseURL/images/submit.png\"  />
		  			  	  			 </fieldset>
		  			  	  			</form>
	    	";
	    } else {
	    	$auth_content =  "
		  									<form action=\"$ClearsiteBaseURL/index.php\" method=\"post\">
		  									 <fieldset>
		  								 		<legend></legend>
		  									  <font color=\"#FF0000\">Login Failed</font>
		  									  <input type=\"hidden\" name=\"auth_action\" value=\"logon\" />
		  									  Domain\Username: <input type=\"text\" name=\"username\" size=\"10\" />
		  									  &nbsp;Password: <input type=\"password\" name=\"password\" size=\"10\" />&nbsp;&nbsp;
		  									  <input type=\"image\" class=\"login\" src=\"$ClearsiteBaseURL/images/submit.png\"  />
		  									 </fieldset>
		  									</form>
		  	";
	    };
		  error_reporting(E_ALL); 
		} else {
		  $hash_query = "SELECT user_ID, passwd, username FROM user_data WHERE username = \"$username\"";
		  $hash_results = mysql_query($hash_query);
		  $hash_row = mysql_fetch_assoc($hash_results);
		  if (empty($hash_row)) {
		    $passwd_crypt = crypt($password, '$1$clearsite');
		    $user_add_query = "INSERT INTO user_data SET username=\"$username\", passwd=\"$passwd_crypt\"";
		  	$user_add_result = mysql_query($user_add_query) or die('Query failed: ' . mysql_error());
		  	$hash_query = "SELECT user_ID, passwd, username FROM user_data WHERE username=\"$username\"";
		  	$hash_result = mysql_query($hash_query) or die('Query failed: ' . mysql_error());
		  	$hash_row = mysql_fetch_assoc($hash_result);
		  	$new_user = "Yes";
		  };
		  if ($hash_row['passwd'] == crypt($password, '$1$clearsite')) {
		    if ($_SERVER['HTTP_HOST'] != 'localhost') {
		      $domain = $DomainCookie;
		    } else {
		      $domain = false;
		    };
		    setcookie("clearsite[user_ID]", "$hash_row[user_ID]", time()+604800, "/", $domain);
		    $refresh_index = "Y";
		  	$auth_content =  "
		  			  	        <form action=\"$ClearsiteBaseURL/index.php\" method=\"post\">
		  			  	         <fieldset>
		  								 		<legend></legend>
		  			  	  				Logged in as $hash_row[username] &nbsp;&nbsp;
		  			  	  			  <input type=\"hidden\" name=\"auth_action\" value=\"logoff\" />
		  			  	  			  <input type=\"image\" class=\"login\" src=\"$ClearsiteBaseURL/images/submit.png\"  />
		  			  	  			 </fieldset>
		  			  	  			</form>
	    	";
		  } else {
	    	$auth_content =  "
		  									<form action=\"$ClearsiteBaseURL/index.php\" method=\"post\">
		  									 <fieldset>
		  								 		<legend></legend>
		  									  <font color=\"#FF0000\">Login Failed</font>
		  									  <input type=\"hidden\" name=\"auth_action\" value=\"logon\" />
		  									  Domain\Username: <input type=\"text\" name=\"username\" size=\"10\" />
		  									  &nbsp;Password: <input type=\"password\" name=\"password\" size=\"10\" />&nbsp;&nbsp;
		  									  <input type=\"image\" class=\"login\" src=\"$ClearsiteBaseURL/images/submit.png\"  />
		  									 </fieldset>
		  									</form>
		  	";
	    };
	  };
	} else {
		$auth_content =  "
										<form action=\"$ClearsiteBaseURL/index.php\" method=\"post\">
										 <fieldset>
										 		<legend></legend>
										  <font color=\"#FF0000\">Login Failed</font>
										  <input type=\"hidden\" name=\"auth_action\" value=\"logon\" />
										  Domain\Username: <input type=\"text\" name=\"username\" size=\"10\" />
										  &nbsp;Password: <input type=\"password\" name=\"password\" size=\"10\" />&nbsp;&nbsp;
										  <input type=\"image\" class=\"login\" src=\"$ClearsiteBaseURL/images/submit.png\"  />
										 </fieldset>
										</form>
		";
	};
} else if ($auth_action == "logoff") {
		setcookie("clearsite[user_ID]", "", time()-3600, "/", $DomainCookie);
		$refresh_index = "Y";
		$auth_content =  "
										<form action=\"$ClearsiteBaseURL/index.php\" method=\"post\">
										 <fieldset>
										 	<legend></legend>
										  <input type=\"hidden\" name=\"auth_action\" value=\"logon\" />
										  Domain\Username: <input type=\"text\" name=\"username\" size=\"10\" />
										  &nbsp;Password: <input type=\"password\" name=\"password\" size=\"10\" />&nbsp;&nbsp;
										  <input type=\"image\" class=\"login\" src=\"$ClearsiteBaseURL/images/submit.png\"  />
										 <fieldset>
										</form>
		";
} else {
	$user_ID = $_COOKIE['clearsite']['user_ID'];
	$user_query = "SELECT username FROM user_data WHERE user_ID=\"$user_ID\"";
	$user_result = mysql_query($user_query);
	$user_row = mysql_fetch_assoc($user_result);
	$auth_content = "
			  	        <form action=\"$ClearsiteBaseURL/index.php\" method=\"post\">
			  	         <fieldset>
									 	<legend></legend>
			  	  				Logged in as $user_row[username] &nbsp;&nbsp;
			  	  			  <input type=\"hidden\" name=\"auth_action\" value=\"logoff\" />
										<input type=\"image\" class=\"login\" src=\"$ClearsiteBaseURL/images/logoff.png\" />
			  	  			 </fieldset>
			  	  			</form>
  ";
};
mysql_close();
?>
Return current item: Network Managment / Inventory System