login.inc.php at AskPeople-Free PHP survey application

<?php

// Portcullis 1.4.1 : standlone flexible authentication module 

$users = loadUsers("users.inc.php");

$cookiename = "askpeople_portcullis"; // name of the cookie set when logged in
$cookieduration = "session"; // days; use "session" for a session-only cookie

$logoutURL = "http://www.askpeople.co.uk/"; // when logging out, URL to redirect to (unless overridden by a $_GET['referer'] variable)

$ipbypass = FALSE; // whether to trust some IPs to bypass authentication
$ipbypassarray = array("UNSPECIFIED"); // array of IPs
$defaultusername = ""; // for example, set to 'guest'
$defaultpassword = ""; // for example, set to 'guest'

$loggingtofile = TRUE; // whether to keep a text file log of logins
$logfilelocation = "logfile.txt";

$integratedmode = FALSE; // whether the login box loads within another page, or whether it should prevent the rest of the page from loading.

$version = "1.4.1";

// END OF CONFIG VARS

// User and Logging functions

function loadUsers($src) {
	
	$open = fopen($src,"r");
	if ($open) {
		// load file into a raw array
		$rawdata = file($src);

		fclose ($open);		
		$fields = explode("\t",$rawdata[1]); // line 1 is php opener line 2 is fieldnames
		
		for ($n=2;$n<count($rawdata)-1;$n++) { // last line is php closer
			// load each line of raw data into a var
			$newdata = ($rawdata[$n]);
			// clean up the line of data
			$newdata = stripslashes($newdata);
			// break line into field array
			$tempdata = explode ("\t",$newdata);
			
			foreach((array)$fields as $k => $f) {
				$thisrow[$f] = $tempdata[$k];
			}
			// add field array to article array
			$usersarray[$thisrow['user']] = $thisrow;
		}
		return ($usersarray);		
	} else {
		die("<h1>Error</h1><p>Unable to load users file.</p>");
	}
}

function logToFile($username,$file) {
	$output = $username . "\t" . date("Y-m-d H:i:s") . "\t" . $_SERVER['REMOTE_ADDR'] . "\n";
	$open = fopen($file, "a+");
	if ($open) {
		fwrite($open, $output);
		fclose($open);		
	}
	return ($open);
}

if ($_SERVER['HTTPS'] == "on") { // secure server
	$protocol = "https://";
} else {
	$protocol = "http://";
}

// condition checks EITHER for:
// 1. a valid cookie for this site (someone already logged in)
// 2. a user IP in a specified range (someone from a trusted IP range, e.g. an office)

$location = ($_POST['location']) ? $_POST['location'] : $_SERVER['REQUEST_URI']; // where the script should go on successful login (this will be the script that called this library, which will check for the cookie and proceed if OK

$loginform = "
	<div id=\"loginform\" style='font-family: Verdana, Arial, Helvetica;text-align:center;width:100%;' >
	<form action=\"login.inc.php\" method=\"post\" style='text-align:left;width:50%;margin:100px auto;padding: 20px;background:#eef;border:1px solid #aaa;'>
	<h1 style='font-family: Georgia, Palatino;font-weight:lighter;'>Login</h1>
	<p style='color:red;'><!-- [ERRORMSG] --></p>
	<div style=\"width:18%;text-align: right;padding: 0 5px 5px 5px; margin:0;float:left;clear: both;\">
		<p style='font-size:smaller;margin-top:3px;'><label for=\"login_user\">Username:</label>
	</div>
	<div style=\"margin: 0 0 0 20%;padding: 0 5px 5px 5px;text-align: left;\">
		<input type=\"text\" id=\"login_user\" name=\"login_user\" value=\"{$defaultusername}\" /></p>
	</div>
	<div style=\"width:18%;text-align: right;padding: 0 5px 5px 5px; margin:0;float:left;clear: both;\">
		<p style='font-size:smaller;margin-top:3px;'><label for=\"login_pass\">Password:</label>
	</div>
	<div style=\"margin: 0 0 0 20%;padding: 0 5px 5px 5px;text-align: left;\">	
		<input type=\"password\" id=\"login_pass\" name=\"login_pass\" value=\"{$defaultpassword}\"  /></p>
	</div>
	<div style=\"width:18%;text-align: right;padding: 0 5px 5px 5px; margin:0;float:left;clear: both;\">
		<input type=\"hidden\" name=\"location\" value=\"{$location}\" />
	</div>
	<div style=\"margin: 0 0 0 20%;padding: 0 5px 5px 5px;text-align: left;\">	
		<input type=\"submit\" name=\"loginsubmit\" value=\"Login\" />
	</div>

	<p style='text-align:center; font-size: xx-small; color: gray;'>Powered by Portcullis {$version} from <a href=\"http://www.pentri.com\">Pentri.com</a></p>
	</form>
	</div>
	";

if (eregi("login.inc.php",$PHP_SELF)) { // not included within another file, so include HTML headers
	$loginform = "
	<html>
	<body>
	{$loginform}
	</body>
	</html>	";
}

if ($_COOKIE[$cookiename]) {
	$cookieinfo = unserialize(stripslashes($_COOKIE[$cookiename]));
	//print_r($cookieinfo);
}

if ($_REQUEST['logout'] == "true") {
	setcookie($cookiename,"",time()-60); // clear cookie
	$locURL = ($_REQUEST['referer']) ? $_REQUEST['referer'] : $logoutURL; // if $referer is specified, go there. Otherwise, go to logoutURL
	header("Location: " . $locURL);
} elseif ($ipbypass == "TRUE" || @in_array($_SERVER['REMOTE_ADDR'],$ipbypassarray)) {
	// user is from a trusted machine; do nothing
} elseif (@is_array($users[$cookieinfo[username]]) && ($cookieinfo[password] == md5($users[$cookieinfo[username]][password])) ) {
	// user info validated; do nothing
} elseif ($_POST['loginsubmit']) {
	if ($users[$_POST['login_user']][password] == $_POST['login_pass'] && strlen($_POST['login_user'])>0 && strlen($_POST['login_pass'])>0) {
		$cookiedetails = array("ID" => $users[$_POST['login_user']][ID], "username" => $_POST['login_user'], "password" => md5($_POST['login_pass']), "email" => $users[$_POST['login_user']][email], "name" => $users[$_POST['login_user']][name], "level" => $users[$_POST['login_user']][level]);
		
		if ($users[$_POST['login_user']][level]>0) {		
			if ($cookieduration == "session") {
				setcookie($cookiename,serialize($cookiedetails)); // session cookie		
			} else {
				setcookie($cookiename,serialize($cookiedetails),time()+$cookieduration*60*60*24); // cookie	set for $cookieduration days
			}
			
			if ($loggingtofile == "TRUE") {
				$logged = logToFile($_POST['login_user'],$logfilelocation);
			}
		} else {
			die ("Sorry, your login has been suspended. Please contact your administrator.");
		}
		
		$locURL = $protocol . $_SERVER['HTTP_HOST'] . $_POST['location'];
		header("Location: " . $locURL);
	} else {
		$errormsg = ("Sorry, those login details do not match - please try again");
		$loginform = str_replace("<!-- [ERRORMSG] -->",$errormsg,$loginform);
		echo ($loginform);
		if ($integratedmode != "TRUE") {
			exit;
		}
	}
} else { // show loginform
	echo ($loginform);
	if ($integratedmode != "TRUE") {
		exit;
	}
}

?>