Location: PHPKode > projects > Standardized Test Practice Engine > stpe/admin/login.inc.php
<?php
/*
Copyright 2004 by Jonathan Bell and Daniel Perelman
This file is part of STPE - the Standardized Test Practice Engine.

    STPE is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    STPE is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with Foobar; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*/
include_once("../globals.inc.php");
?>
<?PHP
$secret="hide@address.com#L$JODFJLKSDFM><CMC*#KLSJDFKLZ";
$x=0;
include("../dbinit.inc.php");
global $PHP_AUTH_USER, $PHP_AUTH_PW;
    global $REMOTE_USER, $AUTH_USER, $REMOTE_PASSWORD, $AUTH_PASSWORD;
    global $HTTP_AUTHORIZATION;
    global $old_usr;
        if (!empty($_SERVER) && isset($_SERVER['PHP_AUTH_USER'])) {
            $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER'];
        }
        else if (isset($REMOTE_USER)) {
            $PHP_AUTH_USER = $REMOTE_USER;
        }
        else if (!empty($_ENV) && isset($_ENV['REMOTE_USER'])) {
            $PHP_AUTH_USER = $_ENV['REMOTE_USER'];
        }
        else if (@getenv('REMOTE_USER')) {
            $PHP_AUTH_USER = getenv('REMOTE_USER');
        }
        else if (isset($AUTH_USER)) {
            $PHP_AUTH_USER = $AUTH_USER;
        }
        else if (!empty($_ENV) && isset($_ENV['AUTH_USER'])) {
            $PHP_AUTH_USER = $_ENV['AUTH_USER'];
        }
        else if (@getenv('AUTH_USER')) {
            $PHP_AUTH_USER = getenv('AUTH_USER');
        }
    if (empty($PHP_AUTH_PW)) {
        if (!empty($_SERVER) && isset($_SERVER['PHP_AUTH_PW'])) {
            $PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW'];
        }
        else if (isset($REMOTE_PASSWORD)) {
            $PHP_AUTH_PW = $REMOTE_PASSWORD;
        }
        else if (!empty($_ENV) && isset($_ENV['REMOTE_PASSWORD'])) {
            $PHP_AUTH_PW = $_ENV['REMOTE_PASSWORD'];
        }
        else if (@getenv('REMOTE_PASSWORD')) {
            $PHP_AUTH_PW = getenv('REMOTE_PASSWORD');
        }
        else if (isset($AUTH_PASSWORD)) {
            $PHP_AUTH_PW = $AUTH_PASSWORD;
        }
        else if (!empty($_ENV) && isset($_ENV['AUTH_PASSWORD'])) {
            $PHP_AUTH_PW = $_ENV['AUTH_PASSWORD'];
        }
        else if (@getenv('AUTH_PASSWORD')) {
            $PHP_AUTH_PW = getenv('AUTH_PASSWORD');
        }
    }
    // Gets authenticated user settings with IIS
    if (empty($PHP_AUTH_USER) && empty($PHP_AUTH_PW)
        && function_exists('base64_decode')) {
        if (!empty($HTTP_AUTHORIZATION)
            && substr($HTTP_AUTHORIZATION, 0, 6) == 'Basic ') {
            list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', base64_decode(substr($HTTP_AUTHORIZATION, 6)));
        }
        else if (!empty($_ENV)
             && isset($_ENV['HTTP_AUTHORIZATION'])
             && substr($_ENV['HTTP_AUTHORIZATION'], 0, 6) == 'Basic ') {
            list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', base64_decode(substr($_ENV['HTTP_AUTHORIZATION'], 6)));
        }
        else if (@getenv('HTTP_AUTHORIZATION')
                 && substr(getenv('HTTP_AUTHORIZATION'), 0, 6) == 'Basic ') {
            list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', base64_decode(substr(getenv('HTTP_AUTHORIZATION'), 6)));
        }
    } // end IIS
function displayLogin() {
header("WWW-Authenticate: Basic realm=\"Chemistry Administration\"");
header("HTTP/1.0 401 Unauthorized");
//header("Location: http://amityregion5.org:2003/chemistry/401.php");
exit;
}

if (!isset($PHP_AUTH_USER) || !isset($PHP_AUTH_PW)) {
	// If username or password hasn't been set, display the login request.
	$x++;
	if($x > 3)
	header("Location: http://www.amityregion5.org:2003/chemistry/401.php");
	displayLogin();
}
else {

	$sql = "SELECT `password` FROM `passwords` where `name` = '$PHP_AUTH_USER'";
	$total_result = @mysql_query($sql, $connection) or die("Error #". mysql_errno() . ": " . mysql_error());
	while ($row = mysql_fetch_array($total_result)) {
	    $pass=$row['password'];
	    $name=$row['name'];
	}

	// Escape both the password and username string to prevent users from inserting bogus data.
	//$pswd = crypt_md5($PHP_AUTH_PW);

	// Check username and password agains the database...

	if (md5($PHP_AUTH_PW."hide@address.com#L$JODFJLKSDFM><CMC*#KLSJDFKLZ")
	   != $pass){
	// If there were no matching users, show the login
	$x++;
	if($x > 3)
	header("Location: http://www.amityregion5.org:2003/chemistry/401.php");
	displayLogin();
	//echo $pass."<br />".$PHP_AUTH_PW."<br />".md5($PHP_AUTH_PW."hide@address.com#L$JODFJLKSDFM><CMC*#KLSJDFKLZ")."<br /".$sql;
	exit;
	}
}

// All code/html below will only be displayed to authenticated users.

?>
Return current item: Standardized Test Practice Engine