Blob Blame History Raw
<?php
/**
 * Authentication and authorization
 *
 * @category   Logic
 * @package    CentOS-News
 * @author     Alain Reguera Delgado <alain.reguera@gmail.com>
 * @copyright  2009 - CentOS Artwork SIG.
 * @license    GPL
 */

//--------------Authentication stuff--------------

    session_start();

//--------------/* Verify Admin access rights  */

    function check_adminaccess()
    {
        /* Verify session */
        if (!isset($_SESSION['employeetype']))
        {
            header('Location: '. BASEURL .'admin/login.php');
        }
    }

    /* Check User Access */
    function check_useraccess()
    {
        $timeout = 60 * 30; // In seconds, i.e. 30 minutes.
        $fingerprint = md5($_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']);
        $redirect_to = BASEURL . 'admin/login.php?loggedout=true';

        /* Destroy session if ... */
        if (isset($_SESSION['last_active']) && $_SESSION['last_active'] < (time()-$timeout)
           || (isset($_SESSION['fingerprint']) && $_SESSION['fingerprint']!=$fingerprint)
           || isset($_GET['action']) && $_GET['action'] == 'logout') 
        {

            setcookie(session_name(), '', time()-3600, '/');
            session_destroy();
            header("Location: $redirect_to");
        }

        /* Regenerate session */
        session_regenerate_id(); 

        /* Increase session lifetime */
        $_SESSION['last_active'] = time();

        /* Rebuild session fingerprint */
        $_SESSION['fingerprint'] = $fingerprint;

    }

    /* Verify username and password */
    function login()
    {
        require_once(ABSPATH . 'admin/includes/classes/ldap.php');
        $ldap = new LDAP;

        /* Inicialize variables */
        $login = array();
        $login['username'] = '';
        $login['password'] = '';

        /* Validate username input */ 
        if (isset($_POST['username']))
        {
            $mail_pattern = '/^([a-z0-9+_]|\-|\.)+@(([a-z0-9_]|\-)+\.)+[a-z]{2,6}$/';
            if (preg_match( $mail_pattern,$_POST['username']))
            {
                $login['username'] = $_POST['username'];
            }
        }

        /* Validate password input */
        if (isset($_POST['password']))
        {
            $login['password'] = $ldap->prepare_userpassword($_POST['password']);
        }
 
        /* Query LDAP directory looking for username AND password */
        $search = $ldap->get_entries('(&(uid=' . $login['username']  . ')(&(userpassword=' . $login['password'] . ')))');

        /* Build user's session if match */
        if ($search['count'] == 1)
        {
            /* Set session information */
            $_SESSION['uid']            = $search[0]['uid'][0];
            $_SESSION['cn']             = $search[0]['cn'][0];
            $_SESSION['employeetype']   = $search[0]['employeetype'][0];

            /* Set session lasttime access */
            $_SESSION['last_active'] = time();

            /* Set session fingerprint */
            $fingerprint = md5($_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']);
            $_SESSION['fingerprint'] = $fingerprint;

            /* Redirect to frontpage */
            header("Location: " . BASEURL);

            return 0;
        }
        else if ($search['count'] > 1)
        {
            // Login Failed: There are duplicates in the ldap directory database
            return 002;
        }
        else
        {
            // Login Failed: There is no coincidece in the search
            return '001';
        }
    }

    // User links
    function get_auth_userlinks()
    {

        $html = '<ul>' . "\n";

        if (isset($_SESSION['cn'])) 
        {
            $html .= '<li><strong>' . $_SESSION['cn'] . '</strong> (<a href="?action=logout">' . ucfirst(translate("logout")) . '</a>)</li>' . "\n";
            $html .= '<li><a href="admin/index.php">' .  ucfirst(translate("admin")) . '</a></li>' . "\n";
        }
        else
        {
            $html .= '<li><a href="admin/login.php">' . ucfirst(translate("login")) . '</a></li>' . "\n";
        }

        $html .= '</ul>' . "\n";

        return $html;

    }

?>