<?
/*
File: burnauth.php
Belongs to Script Name: Burning Auth V 1.0
Author: Luca Vignaroli
Email: hide@address.com
Description:
Burning Auth is a script to handle user authenticated access to php scripts.
The goal is quite simple: protect from unauthorized access those pages who
need to be kept under admin control, such as data/content administration and/or
members only areas on a website.
Security is achieved through a database authentication and mantained with a
Session variable set to the authenticated user's name. Every page can be protected
including the file 'shield.php'; at the beginning of it.
Check out the file README for installation instructions. This script is freeware.
*/
class burnauth{
//!!CHANGE THESE VALUES TO REFLECT YOUR SERVER'S SETTINGS!!
var $HOST;
var $DBUSERNAME;
var $DBPASSWORD;
var $DBNAME;
var $loginpage;
//Constants Init (PHP4)
function burnauth() {
$this->HOST = "localhost"; // DB HOST
$this->DBUSERNAME = "root"; // USERNAME
$this->DBPASSWORD = ""; // USER PASSWORD
$this->DBNAME = "dbname"; // DB NAME
$this->loginpage = "login.php"; //Login Form Page (include the file's path here if needed)
}//END: Function Variables INIT
//Draw Form Function, just to provide lazy asses something to avoid designing some html by themselves
function drawloginform($errormsg) {
echo "<center><form method=post action='$this->loginpage?mode=submit'>";
echo "<table border=0 cellpadding=0 cellspacing=0 width=200>";
echo "<tr><td align=right>Username:</td><td align=left><input type=text name='user' style='width : 100px;'></td></tr>";
echo "<tr><td align=right>Password:</td><td align=left><input type=password name='pass' style='width : 100px;'></td></tr>";
echo "<tr><td align=right>$errormsg</td><td align=left><input type=submit name='Login' value='Login'></td></tr>";
echo "</table></form></center>";
} // END: Draw Login Form
/*SHIELD FUNCTION - checks for username and password's presence in the users database and
grants access to the following script, otherwise it redirects to a "Access Denied" page */
function shield($username, $password) {
//SQL query to fetch the user's row from the database
$sql = "SELECT * FROM USERS WHERE USERNAME='$username' AND PASSWORD='$password'";
//SQL query to prepare an eventual update of the LASTTIMEHERE field
$updatelt = "UPDATE USERS SET LASTTIMEHERE = NOW() WHERE USERNAME='$username'";
//DB connection
$conn = mysql_connect($this->HOST, $this->DBUSERNAME, $this->DBPASSWORD);
$dbsel = mysql_select_db($this->DBNAME);
$rs = mysql_query($sql);
//Fetching the array and counting the rows returned
$numrows = mysql_num_rows($rs);
$row = mysql_fetch_array($rs);
// No Martini? NO PARTY!!
if ($numrows == 0) {
return false;
}
elseif (($row[USERNAME] != $username) || ($row[PASSWORD] != $password)) {
//Wrong username or Password
return false;
}
else {
/*The user is OK, let's let him in! .. not before updating his last login date.
and the session name to his username but only if he's not logged already*/
if ((!isset($_SESSION['user'])) || ($_SESSION['user']!= $username)) {
$_SESSION['user'] = $username;
$update = mysql_query($updatelt);
}
return true;
}
mysql_free_result($result);
mysql_close($this->DBNAME);
} // End: shield function
// List Users Function
function listusers() {
$sql = "SELECT * FROM USERS ORDER BY ID DESC";
$conn = mysql_connect($this->HOST, $this->DBUSERNAME, $this->DBPASSWORD);
$dbsel = mysql_selectdb($this->DBNAME);
$rs = mysql_query($sql);
echo "<hr>";
echo "<b>USERS LIST:</b><br><hr>";
echo "<p>";
while ($row = mysql_fetch_array($rs)) {
echo "<a href='admin.php?mode=edit&uid=$row[ID]'>|-Change----| </a><b>". strtoupper($row[USERNAME]) . "</b><a href='admin.php?mode=del&uid=$row[ID]'> |----Delete-|</a><br>";
}
echo "</p>";
echo "<hr>";
echo "|<a href='admin.php?mode=new'>Insert New</a>|";
echo "<hr>";
} //END: FUNCTION LISTUSERS
} //End: Burnauth Class
?>