<?php
/**
* Authentication and authorization
*
* @category Logic
* @package CentOS-News
* @author Alain Reguera Delgado <alain.reguera@gmail.com>
* @copyright 2009 - CentOS Artwork SIG.
* @license GPL
*/
//--------------Authentication stuff--------------
session_start();
//--------------/* Verify Admin access rights */
function check_adminaccess()
{
/* Verify session */
if (!isset($_SESSION['employeetype']))
{
header('Location: '. BASEURL .'admin/login.php');
}
}
/* Check User Access */
function check_useraccess()
{
$timeout = 60 * 30; // In seconds, i.e. 30 minutes.
$fingerprint = md5($_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']);
$redirect_to = BASEURL . 'admin/login.php?loggedout=true';
/* Destroy session if ... */
if (isset($_SESSION['last_active']) && $_SESSION['last_active'] < (time()-$timeout)
|| (isset($_SESSION['fingerprint']) && $_SESSION['fingerprint']!=$fingerprint)
|| isset($_GET['action']) && $_GET['action'] == 'logout')
{
setcookie(session_name(), '', time()-3600, '/');
session_destroy();
header("Location: $redirect_to");
}
/* Regenerate session */
session_regenerate_id();
/* Increase session lifetime */
$_SESSION['last_active'] = time();
/* Rebuild session fingerprint */
$_SESSION['fingerprint'] = $fingerprint;
}
/* Verify username and password */
function login()
{
require_once(ABSPATH . 'admin/includes/classes/ldap.php');
$ldap = new LDAP;
/* Inicialize variables */
$login = array();
$login['username'] = '';
$login['password'] = '';
/* Validate username input */
if (isset($_POST['username']))
{
$mail_pattern = '/^([a-z0-9+_]|\-|\.)+@(([a-z0-9_]|\-)+\.)+[a-z]{2,6}$/';
if (preg_match( $mail_pattern,$_POST['username']))
{
$login['username'] = $_POST['username'];
}
}
/* Validate password input */
if (isset($_POST['password']))
{
$login['password'] = $ldap->prepare_userpassword($_POST['password']);
}
/* Query LDAP directory looking for username AND password */
$search = $ldap->get_entries('(&(uid=' . $login['username'] . ')(&(userpassword=' . $login['password'] . ')))');
/* Build user's session if match */
if ($search['count'] == 1)
{
/* Set session information */
$_SESSION['uid'] = $search[0]['uid'][0];
$_SESSION['cn'] = $search[0]['cn'][0];
$_SESSION['employeetype'] = $search[0]['employeetype'][0];
/* Set session lasttime access */
$_SESSION['last_active'] = time();
/* Set session fingerprint */
$fingerprint = md5($_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']);
$_SESSION['fingerprint'] = $fingerprint;
/* Redirect to frontpage */
header("Location: " . BASEURL);
return 0;
}
else if ($search['count'] > 1)
{
// Login Failed: There are duplicates in the ldap directory database
return 002;
}
else
{
// Login Failed: There is no coincidece in the search
return '001';
}
}
// User links
function get_auth_userlinks()
{
$html = '<ul>' . "\n";
if (isset($_SESSION['cn']))
{
$html .= '<li><strong>' . $_SESSION['cn'] . '</strong> (<a href="?action=logout">' . ucfirst(translate("logout")) . '</a>)</li>' . "\n";
$html .= '<li><a href="admin/index.php">' . ucfirst(translate("admin")) . '</a></li>' . "\n";
}
else
{
$html .= '<li><a href="admin/login.php">' . ucfirst(translate("login")) . '</a></li>' . "\n";
}
$html .= '</ul>' . "\n";
return $html;
}
?>