Location: PHPKode > projects > SnortCenter 2.x > snortcenter-release/login.php
<?php
/*
** SnortCenter Copyright (C) 2001,2002,2003 Stefan Dens
**
** Author: Stefan Dens <hide@address.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
?>
<?php
include("config.php");
function phpUserLogin_form($phpUserLogin_txt = FALSE, $phpUserLogin_mode = FALSE) {

global $phpUserLogin_lost_func,$snortcenter_ver,$lang;

?>
<HTML>
<head>
<title><?php echo "$snortcenter_ver $lang[175]";?></title>
</head>
<body bgcolor="#3b577a" vlink="#000000" link="#000000"
onload="document.forms[0].phpUserLogin_user_name.focus();"> 
<center>
<BR>
<table border="1" cellspacing="0" cellpadding="0" bordercolor="#000000">
<tr> 
<td> 
<table border="0" cellspacing="0" cellpadding="0">
<tr bgcolor="#006699"> 
<td  colspan="3" height="24" style="background :url(./images/topbar_back.png);">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td height="24" style="background :url(./images/topbar_left.png) no-repeat;">&nbsp;<font color="#FFFFFF" face="Verdana, Arial, Helvetica, sans-serif" size="1"><b><font face="Trebuchet MS" size="2">&nbsp;<!-- #BeginEditable "Title%20Bar" --><font color="#FFFFFF" face="Verdana, Arial, Helvetica, sans-serif" size="1"><b><font face="Trebuchet MS" size="2">
<?php echo "$snortcenter_ver"?>
</font></b></font></font></b></font> 
</td><td>&nbsp;</td><td height="24" style="background :url(./images/topbar_right.png) no-repeat right;">
</td></tr></table></td></tr>
<tr><td width="1" bgcolor="#006699" background="./images/leftside.gif">&nbsp;</td><td width="100%">
<table width="100%" border="1" cellspacing="0" cellpadding="0" bordercolor="#000000" align="center"><tr>
<td bgcolor="#000000" valign="top"><BR>

    <style>
    TD {
    	FONT-FAMILY: Verdana,Helvetica; FONT-SIZE: 10px; color:#FFFFFF
    }
    </style>
    <table align="center" border="0" cellspacing="0" cellpadding="0"><tr>
    <td width="12" height="12"><img src="./images/form/up-left.gif" alt="" border="0"></td>
    <td background="./images/form/up.gif" align="center"  height="12">&nbsp;</td>
    <td><img src="./images/form/up-right.gif" width="12" height="12" alt="" border="0"></td></tr>
    <tr>
    <td background="./images/form/left.gif" width="12">&nbsp;</td>
    <td bgcolor="#3b577a">
    <center>
    <table align=center border=0 cellpadding=0 cellspacing=0 width=100%>
<BR>
<center>
<form action="<?php echo $phpself; ?>" method="POST">

 <tr>
  <td align="center"><NOBR id="TITLE"><B>SnortCenter <?php echo $lang[176]; ?></b></NOBR>
  <hr width="90%" noshade size="1" color="#000000"><?php

 if ($phpUserLogin_txt) { //geeft uitleg bij fout pasw, login naam

?><p>
<font size="2"><?php echo $phpUserLogin_txt;?></font><?php

 }

?></td>
 </tr>
 <tr>
  <td align="center">

<table cellspacing="4">
<?php

 if ($phpUserLogin_mode == "lost" && $phpUserLogin_lost_func) {

?> <tr>
  <td align="center"><font size="2"><?php echo $lang[177]; ?>:</font></td>
 </tr>
 <tr>
  <td align="center"><input type="Text" name="phpUserLogin_lost_username" size="14" MaxLength="20"></td>
 </tr>
 <tr>
  <td align="center"><center><input type="Submit" name="phpUserLogin_lostpass" value="Request new Password"></center></td>
 </tr>
<?php

} else {

?> <tr>
  <td align="right"><font size="2"><?php echo $lang[171]; ?>:</font></td>
  <td><input type="Text" name="phpUserLogin_user_name" size="14" MaxLength="20"></td>
 </tr>
 <tr>
  <td align="right"><font size="2"><?php echo $lang[178]; ?>:</font></td>
  <td><input type="Password" name="phpUserLogin_pw" size="14" MaxLength="20"></td>
 </tr>
 <tr>
  <td colspan="2"><center><input type="Submit" name="phpUserLogin_login" value="Login"></center></td>
 </tr>
<?php

 }

?></table>

  </td>
 </tr>
 <tr>
  <td align="center"><NOBR><font size="2"><b><?php

 if ($phpUserLogin_mode == "lost" & $phpUserLogin_lost_func) {

?><a style="color:#FFFFFF" href="login.php">Back</a><?php

 } else {

 if ($phpUserLogin_lost_func) {

?><a style="color:#FFFFFF" href="<?php echo $phpself; ?>?phpUserLogin_lostpass=TRUE"><?php echo $lang[170]; ?></a><?php

 } }

?></b></font></NOBR></td></TR><TR><TD>&nbsp;</TD>
 </tr>
</table>
</form>
</center>

</td>
<td background="./images/form/right.gif">&nbsp;</td></tr><tr>
<td width="12" height="12"><img src="./images/form/down-left.gif" alt="" border="0"></td>
<td background="./images/form/down.gif" align="center" height="12">&nbsp;</td>
<td><img src="./images/form/down-right.gif" width="12" height="12" alt="" border="0"></td></tr>
</td></tr></table><BR>

</TD></tr></table></td>
<td width="1" bgcolor="#CCCCCC" background="./images/rightside.gif">&nbsp;</td>
</tr><tr> 
<td width="1" bgcolor="#006699" background="./images/leftside.gif">&nbsp;</td>
<td><table width="100%" border="1" cellspacing="0" cellpadding="0" bordercolor="#000000">
<tr bordercolor="#000000"> 
<td bgcolor="#CCCCCC" height="17" background="./images/copybar.gif">
<div align="right"><font color="#FFFFFF"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#000000">
<?php echo "<a href='http://users.pandora.be/larc'>$snortcenter_ver</a>"; ?> Copyright &copy; 2001-2003 <?php echo "<a href='mailto:hide@address.com'>Stefan Dens</a>"; ?>&nbsp;</font></b></font></div>
</td></tr></table>
</td><td width="1" bgcolor="#CCCCCC" background="./images/rightside.gif">&nbsp;</td>
</tr>
<tr bgcolor="#006699" valign="middle" align="right"> 
<td width="100%" colspan="3" height=4 border=0><img src="./images/bottom_small.png" height="4"></td>
</tr></table></td></tr></table>
</div>
</BODY>
</HTML>
<?php
}

if ($phpUserLogin_cookie["error"]) { // Logouts users if unexpected error eccurs in one of the protected pages.
setcookie("phpUserLogin_cookie[user_name]");
setcookie("phpUserLogin_cookie[id_hash]");
setcookie("phpUserLogin_cookie[error]");
phpUserLogin_form("$lang[180].");
exit;
} elseif (isset($phpUserLogin_logout) && $phpUserLogin_cookie["user_name"] && $phpUserLogin_cookie["id_hash"]) { // If users wants to logout.
setcookie("phpUserLogin_cookie[user_name]");
setcookie("phpUserLogin_cookie[id_hash]");
phpUserLogin_form();
exit;
} elseif (isset($phpUserLogin_login) or $phpUserLogin_cookie["user_name"] & $phpUserLogin_cookie["id_hash"]) { // If user logins in or is logged in.
	if (isset($phpUserLogin_login) && !$phpUserLogin_cookie["user_name"] & !$phpUserLogin_cookie["id_hash"]) { // If the users logins and is not already logged in.
		if (get_magic_quotes_gpc() == 0) { // If addslashes is not done by default, script will add them, this is to prevet users from trying to hack the script.
		$phpUserLogin_user_name = addslashes($phpUserLogin_user_name);
		$phpUserLogin_pw = addslashes($phpUserLogin_pw);
		}
		if (empty($phpUserLogin_user_name) and empty($phpUserLogin_pw)) { // If the users press login without entering a username and password
		phpUserLogin_form("$lang[191].");
		exit;
		} elseif (empty($phpUserLogin_user_name) and !empty($phpUserLogin_pw)) { // If the users dont enter a password
		phpUserLogin_form("$lang[192].");
		exit;
		} elseif (!empty($phpUserLogin_user_name) and empty($phpUserLogin_pw)) { // If the users dont enter a username
		phpUserLogin_form("$lang[193].");
		exit;
		} else { // If username and password is there.
			$phpUserLogin_leader_email = $webmaster_email;
			$phpUserLogin_hidden_key_num = $hidden_key_num;
			$phpUserLogin_hidden_key = $REMOTE_ADDR.$phpUserLogin_hidden_key_num; // Adding users IP to hidden key.
			$phpUserLogin_lost_func      = "0"; // Do you want to use the lost password function, 1 for yes, 0 for no. It would be a good idea to turn it off if it does not work (eg, your server wont send mails).
			include("config.php");
			$db1 = NewACIDDBConnection($DBlib_path, $DBtype);
			$db1->acidConnect($DB_dbname, $DB_host, $DB_port, $DB_user, $DB_password);
			$phpUserLogin_mysql_result = $db1->acidExecute("SELECT * FROM users WHERE username = '$phpUserLogin_user_name' and password = '".md5($phpUserLogin_pw)."'");  // Runs a query on the database
			if (!$phpUserLogin_mysql_result) {
			phpUserLogin_form("$lang[181].<br>
			$lang[182].<br>
			$lang[183]: <a href=\"mailto:".$phpUserLogin_leader_email."\">".$phpUserLogin_leader_email."</a>.");
			exit;
			}
			if ($phpUserLogin_mysql_result->acidRecordCount() != 1) { // Check to see if the user excist and if the password is right.
			phpUserLogin_form("$lang[184].");
			exit;
			}
		$phpUserLogin_userinfo = $phpUserLogin_mysql_result->acidFetchRow(); // If the user does exist get info about him/her.
		setcookie("phpUserLogin_cookie[user_name]", $phpUserLogin_userinfo["username"]);
		setcookie ("phpUserLogin_cookie[id_hash]", md5($phpUserLogin_userinfo["username"].$phpUserLogin_hidden_key));
		header("Refresh: 0; url=".$startpage);
		echo "Loading Page...<p><font size=\"1\">Or click <a href=\"".$startpage."\">here</a> if page does not change.</font>";
		exit;
		}
	} else { // If the users is already logged in.
	$phpUserLogin_user_name_hash = md5($phpUserLogin_cookie["user_name"].$phpUserLogin_hidden_key);
		if  ($phpUserLogin_cookie["id_hash"] == $phpUserLogin_user_name_hash) { // Checks to see if the cookies are right.
			if ($phpUserLogin_mysql_result = $db1->acidExecute("SELECT * FROM users WHERE username = '$phpUserLogin_cookie[user_name]'")) { // If the cookies are right, check if user exist
			$phpUserLogin_userinfo = $phpUserLogin_mysql_result->acidFetchRow();
			}
			if (empty($phpUserLogin_userinfo)) { // If user does not exist, script will log him/her out
			setcookie("phpUserLogin_cookie[user_name]");
			setcookie("phpUserLogin_cookie[id_hash]");
			phpUserLogin_form("$lang[180].");
			exit;
			} else { // If user does exist.
			header("Refresh: 0; url=".$startpage);
			echo "Loading Page...<p><font size=\"1\">Or click <a href=\"".$startpage."\">here</a> if page does not change.</font>";
			exit;
			}
		} else { // If cookies where wrong.
		setcookie("phpUserLogin_cookie[user_name]");
		setcookie("phpUserLogin_cookie[id_hash]");
		phpUserLogin_form("$lang[180].");
		exit;
		}
	}
} elseif (isset($phpUserLogin_lostpass) && $phpUserLogin_lost_func) { // If the user lost his/her password and presses lost password.
srand(microtime()*100000000);
$phpUserLogin_mail_headers = "MIME-Version: 1.0\n"; 
$phpUserLogin_mail_headers .= "Content-type: text/plain; charset=iso-8859-1\n\n"; 
	if (isset($phpUserLogin_lost_username) && empty($phpUserLogin_lost_username)) { // If the users does not enter a username.
	phpUserLogin_form("$lang[185].","lost");
	exit;
	} elseif ($phpUserLogin_lost_username && !$phpUserLogin_lost_val) { // If user enters username.
		$phpUserLogin_mysql_result = $db1->acidExecute("SELECT * FROM users WHERE username = '$phpUserLogin_lost_username'");
		if (!$phpUserLogin_mysql_result) { // Run query on database.
			phpUserLogin_form("$lang[181].<br>
			$lang[182].<br>
			$lang[183]: <a href=\"mailto:".$phpUserLogin_leader_email."\">".$phpUserLogin_leader_email."</a>.");
		exit;
		}
		if ($phpUserLogin_mysql_result->acidRecordCount() != 1) { // If the user does not exist.
		phpUserLogin_form("$lang[186].","lost");
		exit;
		}
	$phpUserLogin_lost_val = md5(rand(1000, 9999).$REMOTE_ADDR.rand(1000, 9999));
	$phpUserLogin_userinfo = $phpUserLogin_mysql_result->acidFetchRow();
		if (!$db1->acidExecute("UPDATE users SET lost='$phpUserLogin_lost_val' WHERE id=$phpUserLogin_userinfo[id]")) { // If user does exits, update the lost field in database, with random made var.
			phpUserLogin_form("$lang[181].<br>
			$lang[182].<br>
			$lang[183]: <a href=\"mailto:".$phpUserLogin_leader_email."\">".$phpUserLogin_leader_email."</a>.");
		exit;
		}
		if (@mail($phpUserLogin_userinfo[email], $phpUserLogin_userinfo[username].": Lost your password for $phpUserLogin_path?", "If you lost your password for $phpUserLogin_path, then click on this link to make a new random password that you can login with.\n\n$phpUserLogin_mainloginpage?phpUserLogin_lostpass=TRUE&phpUserLogin_lost_username=$phpUserLogin_userinfo[username]&phpUserLogin_lost_val=$phpUserLogin_lost_val\n\nIf you did not request this mail, dont click on the link, you will still be able to login with your old password.<p>If you want to contact the webmaster of the page, then use this email: $phpUserLogin_leader_email\n\nThank you for your time!\n\nDont reply to this mail. It is generated by a script.", $phpUserLogin_mail_headers)) { // Sends mail to users with a link, that contains the random var.
		phpUserLogin_form("$lang[187].");
		exit;
		} else { // If sending mail fails.
			if (!$db1->acidExecute("UPDATE users SET lost='0' WHERE id=$phpUserLogin_userinfo[id]")) { // If mail failed, reset the lost field in database.
			phpUserLogin_form("$lang[181].<br>
			$lang[182].<br>
			$lang[183]: <a href=\"mailto:".$phpUserLogin_leader_email."\">".$phpUserLogin_leader_email."</a>.");
			exit;
			}
		phpUserLogin_form("$lang[188].");
		exit;
		}
	} elseif ($phpUserLogin_lost_val) { // When the users clicks on link in first mail.
		if (!$phpUserLogin_mysql_result = $db1->acidExecute("SELECT * FROM users WHERE username = '$phpUserLogin_lost_username'")) { // Runs query on database
			phpUserLogin_form("$lang[181].<br>
			$lang[182].<br>
			$lang[183]: <a href=\"mailto:".$phpUserLogin_leader_email."\">".$phpUserLogin_leader_email."</a>.");
		exit;
		}
		if ($phpUserLogin_mysql_result->acidRecordCount() != 1) { // If the users does not excist.
		phpUserLogin_form("$lang[186].","lost");
		exit;
		}
	$phpUserLogin_userinfo = $phpUserLogin_mysql_result->acidFetchRow();
		if ($phpUserLogin_lost_val == $phpUserLogin_userinfo[lost]) { // If the var. in the mail is the same as the one in the database.
		$phpUserLogin_lost_newpass = rand(10, 99)."a".rand(1, 99)*rand(1, 99)."b".rand(10, 99); // Makes new random password.
			if (!$db1->acidExecute("UPDATE users SET lost='0', password='".md5($phpUserLogin_lost_newpass)."' WHERE id=$phpUserLogin_userinfo[id]")) { // Store new password in database.
			phpUserLogin_form("$lang[181].<br>
			$lang[182].<br>
			$lang[183]: <a href=\"mailto:".$phpUserLogin_leader_email."\">".$phpUserLogin_leader_email."</a>.");
			exit;
			}
			if (@mail($phpUserLogin_userinfo[email], $phpUserLogin_userinfo[username].": New password for $phpUserLogin_path", "Here is your new password for the login form at $phpUserLogin_path, you should change this password.\n\nNew Password: $phpUserLogin_lost_newpass\n\nDont reply to this mail. It is generated by a script.", $phpUserLogin_mail_headers)) { // If password is mailed.
			phpUserLogin_form("$lang[189].");
			exit;
			} else { // Sending mail fails.
				if (!$db1->acidExecute("UPDATE users SET lost='0', password='$phpUserLogin_userinfo[password]' WHERE id=$phpUserLogin_userinfo[id]")) { // Store old password in database.
			phpUserLogin_form("$lang[181].<br>
			$lang[182].<br>
			$lang[183]: <a href=\"mailto:".$phpUserLogin_leader_email."\">".$phpUserLogin_leader_email."</a>.");
				exit;
				}
			phpUserLogin_form("$lang[188].");
			exit;
			}
		} else { // If the var. in the mail was not the same as the one in the database.
		phpUserLogin_form("$lang[190].");
		exit;
		}
	} else { // If the user clicks on the lost password link.
	phpUserLogin_form("","lost");
	exit;
	}
$result1->acidFreeRows();
$db1->acidClose();
} elseif ($phpUserLogin_scriptinfo) {
phpUserLogin_form("","info");
} else { // If user is not logged in.
phpUserLogin_form();
exit;
$result1->acidFreeRows();
$db1->acidClose();
}
?>
Return current item: SnortCenter 2.x