Location: PHPKode > projects > Svn-access-manager > svn_access_manager/login.php
<?php

/*
    SVN Access Manager - a subversion access rights management tool
    Copyright (C) 2008 Thomas Krieger <hide@address.com>

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*/


if ( file_exists ( realpath ( "./config/config.inc.php" ) ) ) {
	require( "./config/config.inc.php" );
} elseif( file_exists ( realpath ( "../config/config.inc.php" ) ) ) {
	require( "../config/config.inc.php" );
} elseif( file_exists( "/etc/svn-access-manager/config.inc.php" ) ) {
	require( "/etc/svn-access-manager/config.inc.php" );
} else {
	die( "can't load config.inc.php. Check your installation!\n'" );
}

$installBase					= isset( $CONF['install_base'] ) ? $CONF['install_base'] : "";

#error_log( "install_base is: $installBase" );

require ("$installBase/include/variables.inc.php");
#require ("./config/config.inc.php");
require ("$installBase/include/db-functions-adodb.inc.php");
require ("$installBase/include/functions.inc.php");

initialize_i18n();

$dbh 									= db_connect ();
$_SESSION['svn_sessid']['helptopic']	= "login";
$schema									= db_determine_schema();
 
if ($_SERVER['REQUEST_METHOD'] == "GET") {
   
   include ("$installBase/templates/login.tpl");
   
}

if ($_SERVER['REQUEST_METHOD'] == "POST") {

	$error							= 0;
   	$fUsername 						= db_escape_string ($_POST['fUsername']);
   	$fPassword 						= db_escape_string ($_POST['fPassword']);
   	$tPasswordExpired				= 0;
   	$result 						= db_query( "SELECT password " .
   												"  FROM ".$schema."svnusers " .
   												" WHERE userid = '$fUsername'", $dbh );
   
   	if ($result['rows'] == 1) {

      $row 							= db_assoc ($result['result']);
      $password 					= addslashes( pacrypt ($fPassword, $row['password']) );
      $result 						= db_query( "SELECT * " .
      											"  FROM ".$schema."svnusers " .
      											" WHERE userid = '$fUsername' " .
      											"   AND password = '$password'", $dbh );
      
      if ($result['rows'] != 1) {
         
         $error 					= 1;
         $tMessage 					= _('Username and/or password wrong');
         $tUsername 				= $fUsername;
      
      } else {
      
      	$row 						= db_assoc ($result['result']);
      	$id							= $row['id'];
      	$tName						= $row['name'];
      	$tGivenname					= $row['givenname'];
      	$tAdmin						= $row['admin'];
      	$tPwModified				= mkUnixTimestampFromDateTime( $row['password_modified'] );
      	$today						= time();
      	$maxDiff					= $CONF['password_expires'] * 86400;
      	if( ($today - $tPwModified ) > $maxDiff ) {
      		
      		$tPasswordExpired		= 1;
      		
       	} else {
       		
       		$tPasswordExpired		= 0;
       		
       	}
      		
  		$query						= "SELECT * " .
  					      			  "  FROM ".$schema."svn_projects_responsible " .
  					      			  " WHERE (user_id = $id) " .
  					      			  "   AND (deleted = '00000000000000')";
  		$result						= db_query( $query, $dbh );
  		
  		if( ($result['rows'] > 0) and ($tAdmin == "n") ) {
  			
  			$tAdmin					= 'p';
  		}

      }
      
   	} else {
      
      $error 						= 1;
      $tMessage 					= _('Username and/or password wrong');
      
   	}

   	if ( $error != 1 ) {

	  $s 											= new Session;
      session_start();
      session_register("svn_sessid");
	  #error_log( "session started" );
      $_SESSION['svn_sessid']['username'] 			= $fUsername;
      $_SESSION['svn_sessid']['name']				= $tName;
      $_SESSION['svn_sessid']['givenname']			= $tGivenname;
      $_SESSION['svn_sessid']['admin']				= $tAdmin;
      $_SESSION['svn_sessid']['password_expired']	= $tPasswordExpired;
      #error_log( "session data written" );
      db_log( $_SESSION['svn_sessid']['username'], "user $tUsername logged in", $dbh );
	  #error_log( "log data written" );
	  if( $tPasswordExpired == 1 ) {
	  	
	  		db_log( $_SESSION['svn_sessid']['username'], "password of user $tUsername expired, force password change", $dbh );
	  		db_disconnect ($dbh);
	  		header("Location: password.php");
	  		exit;
	  }
	  #error_log( "main");
	  db_disconnect ($dbh);
      header("Location: main.php");
      exit;
      
   	}
   
   	include ("$installBase/templates/login.tpl");
   
} 

db_disconnect ($dbh);
?>
Return current item: Svn-access-manager