Blame Scripts/CentOS-Web/admin/includes/functions/auth.php

1f953a
1f953a
/**
1f953a
 * Authentication and authorization
1f953a
 *
1f953a
 * @category   Logic
1f953a
 * @package    CentOS-News
1f953a
 * @author     Alain Reguera Delgado <alain.reguera@gmail.com>
1f953a
 * @copyright  2009 - CentOS Artwork SIG.
1f953a
 * @license    GPL
1f953a
 */
1f953a
1f953a
//--------------Authentication stuff--------------
1f953a
1f953a
    session_start();
1f953a
1f953a
//--------------/* Verify Admin access rights  */
1f953a
1f953a
    function check_adminaccess()
1f953a
    {
1f953a
        /* Verify session */
1f953a
        if (!isset($_SESSION['employeetype']))
1f953a
        {
1f953a
            header('Location: '. BASEURL .'admin/login.php');
1f953a
        }
1f953a
    }
1f953a
1f953a
    /* Check User Access */
1f953a
    function check_useraccess()
1f953a
    {
1f953a
        $timeout = 60 * 30; // In seconds, i.e. 30 minutes.
1f953a
        $fingerprint = md5($_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']);
1f953a
        $redirect_to = BASEURL . 'admin/login.php?loggedout=true';
1f953a
1f953a
        /* Destroy session if ... */
1f953a
        if (isset($_SESSION['last_active']) && $_SESSION['last_active'] < (time()-$timeout)
1f953a
           || (isset($_SESSION['fingerprint']) && $_SESSION['fingerprint']!=$fingerprint)
1f953a
           || isset($_GET['action']) && $_GET['action'] == 'logout') 
1f953a
        {
1f953a
1f953a
            setcookie(session_name(), '', time()-3600, '/');
1f953a
            session_destroy();
1f953a
            header("Location: $redirect_to");
1f953a
        }
1f953a
1f953a
        /* Regenerate session */
1f953a
        session_regenerate_id(); 
1f953a
1f953a
        /* Increase session lifetime */
1f953a
        $_SESSION['last_active'] = time();
1f953a
1f953a
        /* Rebuild session fingerprint */
1f953a
        $_SESSION['fingerprint'] = $fingerprint;
1f953a
1f953a
    }
1f953a
1f953a
    /* Verify username and password */
1f953a
    function login()
1f953a
    {
1f953a
        require_once(ABSPATH . 'admin/includes/classes/ldap.php');
1f953a
        $ldap = new LDAP;
1f953a
1f953a
        /* Inicialize variables */
1f953a
        $login = array();
1f953a
        $login['username'] = '';
1f953a
        $login['password'] = '';
1f953a
1f953a
        /* Validate username input */ 
1f953a
        if (isset($_POST['username']))
1f953a
        {
1f953a
            $mail_pattern = '/^([a-z0-9+_]|\-|\.)+@(([a-z0-9_]|\-)+\.)+[a-z]{2,6}$/';
1f953a
            if (preg_match( $mail_pattern,$_POST['username']))
1f953a
            {
1f953a
                $login['username'] = $_POST['username'];
1f953a
            }
1f953a
        }
1f953a
1f953a
        /* Validate password input */
1f953a
        if (isset($_POST['password']))
1f953a
        {
1f953a
            $login['password'] = $ldap->prepare_userpassword($_POST['password']);
1f953a
        }
1f953a
 
1f953a
        /* Query LDAP directory looking for username AND password */
1f953a
        $search = $ldap->get_entries('(&(uid=' . $login['username']  . ')(&(userpassword=' . $login['password'] . ')))');
1f953a
1f953a
        /* Build user's session if match */
1f953a
        if ($search['count'] == 1)
1f953a
        {
1f953a
            /* Set session information */
1f953a
            $_SESSION['uid']            = $search[0]['uid'][0];
1f953a
            $_SESSION['cn']             = $search[0]['cn'][0];
1f953a
            $_SESSION['employeetype']   = $search[0]['employeetype'][0];
1f953a
1f953a
            /* Set session lasttime access */
1f953a
            $_SESSION['last_active'] = time();
1f953a
1f953a
            /* Set session fingerprint */
1f953a
            $fingerprint = md5($_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']);
1f953a
            $_SESSION['fingerprint'] = $fingerprint;
1f953a
1f953a
            /* Redirect to frontpage */
1f953a
            header("Location: " . BASEURL);
1f953a
1f953a
            return 0;
1f953a
        }
1f953a
        else if ($search['count'] > 1)
1f953a
        {
1f953a
            // Login Failed: There are duplicates in the ldap directory database
1f953a
            return 002;
1f953a
        }
1f953a
        else
1f953a
        {
1f953a
            // Login Failed: There is no coincidece in the search
1f953a
            return '001';
1f953a
        }
1f953a
    }
1f953a
1f953a
    // User links
1f953a
    function get_auth_userlinks()
1f953a
    {
1f953a
1f953a
        $html = '
    ' . "\n";
1f953a
1f953a
        if (isset($_SESSION['cn'])) 
1f953a
        {
1f953a
            $html .= '
  • ' . $_SESSION['cn'] . ' (' . ucfirst(translate("logout")) . ')
  • ' . "\n";
    1f953a
                $html .= '
  • ' . ucfirst(translate("admin")) . '
  • ' . "\n";
    1f953a
            }
    1f953a
            else
    1f953a
            {
    1f953a
                $html .= '
  • ' . ucfirst(translate("login")) . '
  • ' . "\n";
    1f953a
            }
    1f953a
    1f953a
            $html .= '' . "\n";
    1f953a
    1f953a
            return $html;
    1f953a
    1f953a
        }
    1f953a
    1f953a
    ?>