Blame Scripts/Php/Webenv/admin/includes/functions/auth.php

878a2b
878a2b
/**
878a2b
 * Authentication and authorization
878a2b
 *
878a2b
 * @category   Logic
878a2b
 * @package    CentOS-News
878a2b
 * @author     Alain Reguera Delgado <alain.reguera@gmail.com>
878a2b
 * @copyright  2009 - CentOS Artwork SIG.
878a2b
 * @license    GPL
878a2b
 */
878a2b
878a2b
//--------------Authentication stuff--------------
878a2b
878a2b
    session_start();
878a2b
878a2b
//--------------/* Verify Admin access rights  */
878a2b
878a2b
    function check_adminaccess()
878a2b
    {
878a2b
        /* Verify session */
878a2b
        if (!isset($_SESSION['employeetype']))
878a2b
        {
878a2b
            header('Location: '. BASEURL .'admin/login.php');
878a2b
        }
878a2b
    }
878a2b
878a2b
    /* Check User Access */
878a2b
    function check_useraccess()
878a2b
    {
878a2b
        $timeout = 60 * 30; // In seconds, i.e. 30 minutes.
878a2b
        $fingerprint = md5($_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']);
878a2b
        $redirect_to = BASEURL . 'admin/login.php?loggedout=true';
878a2b
878a2b
        /* Destroy session if ... */
878a2b
        if (isset($_SESSION['last_active']) && $_SESSION['last_active'] < (time()-$timeout)
878a2b
           || (isset($_SESSION['fingerprint']) && $_SESSION['fingerprint']!=$fingerprint)
878a2b
           || isset($_GET['action']) && $_GET['action'] == 'logout') 
878a2b
        {
878a2b
878a2b
            setcookie(session_name(), '', time()-3600, '/');
878a2b
            session_destroy();
878a2b
            header("Location: $redirect_to");
878a2b
        }
878a2b
878a2b
        /* Regenerate session */
878a2b
        session_regenerate_id(); 
878a2b
878a2b
        /* Increase session lifetime */
878a2b
        $_SESSION['last_active'] = time();
878a2b
878a2b
        /* Rebuild session fingerprint */
878a2b
        $_SESSION['fingerprint'] = $fingerprint;
878a2b
878a2b
    }
878a2b
878a2b
    /* Verify username and password */
878a2b
    function login()
878a2b
    {
878a2b
        require_once(ABSPATH . 'admin/includes/classes/ldap.php');
878a2b
        $ldap = new LDAP;
878a2b
878a2b
        /* Inicialize variables */
878a2b
        $login = array();
878a2b
        $login['username'] = '';
878a2b
        $login['password'] = '';
878a2b
878a2b
        /* Validate username input */ 
878a2b
        if (isset($_POST['username']))
878a2b
        {
878a2b
            $mail_pattern = '/^([a-z0-9+_]|\-|\.)+@(([a-z0-9_]|\-)+\.)+[a-z]{2,6}$/';
878a2b
            if (preg_match( $mail_pattern,$_POST['username']))
878a2b
            {
878a2b
                $login['username'] = $_POST['username'];
878a2b
            }
878a2b
        }
878a2b
878a2b
        /* Validate password input */
878a2b
        if (isset($_POST['password']))
878a2b
        {
878a2b
            $login['password'] = $ldap->prepare_userpassword($_POST['password']);
878a2b
        }
878a2b
 
878a2b
        /* Query LDAP directory looking for username AND password */
878a2b
        $search = $ldap->get_entries('(&(uid=' . $login['username']  . ')(&(userpassword=' . $login['password'] . ')))');
878a2b
878a2b
        /* Build user's session if match */
878a2b
        if ($search['count'] == 1)
878a2b
        {
878a2b
            /* Set session information */
878a2b
            $_SESSION['uid']            = $search[0]['uid'][0];
878a2b
            $_SESSION['cn']             = $search[0]['cn'][0];
878a2b
            $_SESSION['employeetype']   = $search[0]['employeetype'][0];
878a2b
878a2b
            /* Set session lasttime access */
878a2b
            $_SESSION['last_active'] = time();
878a2b
878a2b
            /* Set session fingerprint */
878a2b
            $fingerprint = md5($_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']);
878a2b
            $_SESSION['fingerprint'] = $fingerprint;
878a2b
878a2b
            /* Redirect to frontpage */
878a2b
            header("Location: " . BASEURL);
878a2b
878a2b
            return 0;
878a2b
        }
878a2b
        else if ($search['count'] > 1)
878a2b
        {
878a2b
            // Login Failed: There are duplicates in the ldap directory database
878a2b
            return 002;
878a2b
        }
878a2b
        else
878a2b
        {
878a2b
            // Login Failed: There is no coincidece in the search
878a2b
            return '001';
878a2b
        }
878a2b
    }
878a2b
878a2b
    // User links
878a2b
    function get_auth_userlinks()
878a2b
    {
878a2b
878a2b
        $html = '
    ' . "\n";
878a2b
878a2b
        if (isset($_SESSION['cn'])) 
878a2b
        {
878a2b
            $html .= '
  • ' . $_SESSION['cn'] . ' (' . ucfirst(translate("logout")) . ')
  • ' . "\n";
    878a2b
                $html .= '
  • ' . ucfirst(translate("admin")) . '
  • ' . "\n";
    878a2b
            }
    878a2b
            else
    878a2b
            {
    878a2b
                $html .= '
  • ' . ucfirst(translate("login")) . '
  • ' . "\n";
    878a2b
            }
    878a2b
    878a2b
            $html .= '' . "\n";
    878a2b
    878a2b
            return $html;
    878a2b
    878a2b
        }
    878a2b
    878a2b
    ?>