diff options
author | Wesley Miaw <josuah@users.sourceforge.net> | 2004-05-14 21:09:16 +0000 |
---|---|---|
committer | Wesley Miaw <josuah@users.sourceforge.net> | 2004-05-14 21:09:16 +0000 |
commit | 911d0baa7862a6e1e0c9129ab4177ff9712a319c (patch) | |
tree | 4748165c6c77d70701406e28a30d4482f8cfcb30 /functions/userauth_functions.php | |
parent | 7abcabed195eafe55c9973644cffc72c38b74c9c (diff) | |
download | phpicalendar-911d0baa7862a6e1e0c9129ab4177ff9712a319c.tar.gz phpicalendar-911d0baa7862a6e1e0c9129ab4177ff9712a319c.tar.bz2 phpicalendar-911d0baa7862a6e1e0c9129ab4177ff9712a319c.zip |
Implemented user login via cookies and/or sessions with templates.
Diffstat (limited to 'functions/userauth_functions.php')
-rw-r--r-- | functions/userauth_functions.php | 143 |
1 files changed, 143 insertions, 0 deletions
diff --git a/functions/userauth_functions.php b/functions/userauth_functions.php new file mode 100644 index 0000000..403076d --- /dev/null +++ b/functions/userauth_functions.php @@ -0,0 +1,143 @@ +<?php +// Generate the login query string. +// +// Returns the login query string. +function login_querys() { + global $QUERY_STRING; + + // Remove the username, password, and action values. + $querys = preg_replace('/(username|password|action)=[^&]+/', '', $QUERY_STRING); + + // Return the login query string. + $querys = preg_replace('/&&/', '', $querys); + return $querys; +} + +// Generate the logout query string. +// +// Returns the logout query string. +function logout_querys() { + global $QUERY_STRING; + + // Make sure the action is logout. + $querys = preg_replace('/action=[^&]+/', 'action=logout', $QUERY_STRING); + if ($querys == $QUERY_STRING) $querys .= '&action=logout'; + + // Remove references to the username or password. + $querys = preg_replace('/(username|password)=[^&]+/', '', $querys); + + // Return the logout query string. + $querys = preg_replace('/&&/', '', $querys); + return $querys; +} + +// Authenticate the user. The submitted login data is checked for +// validity against the locked map. The login data will be saved in +// cookies or the session depending on the configuration. The variable +// $invalid_login will be set true or false depending on whether or not +// a valid login was found. +// +// This authentication method only applies to non-HTTP authentication. +// +// Returns the username and password found, which will be empty strings +// if no valid login is found. Returns a boolean invalid_login to +// indicate that the login is invalid. +function user_login() { + global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS, $_SERVER; + global $login_cookies, $cookie_uri, $locked_map; + + // Initialize return values. + $invalid_login = false; + $username = ''; $password = ''; + + // If not HTTP authenticated, try login via cookies or the web page. + if (isset($_SERVER['PHP_AUTH_USER'])) { + return array($username, $password, $invalid_login); + } + + // Look for a login cookie. + if ($login_cookies == 'yes' && + isset($HTTP_COOKIE_VARS['phpicalendar_login'])) + { + $login_cookie = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar_login'])); + if (isset($login_cookie['username']) && + isset($login_cookie['password'])) + { + $username = $login_cookie['username']; + $password = $login_cookie['password']; + } + } + + // Look for session authentication. + if ($login_cookies != 'yes') { + if (!session_id()) { + session_start(); + setcookie(session_name(), session_id(), time()+(60*60*24*7*12*10), '/', $cookie_uri, 0); + } + if (isset($_SESSION['username']) && + isset($_SESSION['password'])) + { + $username = $_SESSION['username']; + $password = $_SESSION['password']; + } + } + + // Look for a new username and password. + if (isset($HTTP_GET_VARS['username']) && + isset($HTTP_GET_VARS['password'])) + { + $username = $HTTP_GET_VARS['username']; + $password = $HTTP_GET_VARS['password']; + } else if (isset($HTTP_POST_VARS['username']) && + isset($HTTP_POST_VARS['password'])) + { + $username = $HTTP_POST_VARS['username']; + $password = $HTTP_POST_VARS['password']; + } + + // Check to make sure the username and password is valid. + if (!key_exists("$username:$password", $locked_map)) { + // Remember the invalid login, because we may want to display + // a message elsewhere or check validity. + return array($username, $password, true); + } + + // Set the login cookie or session authentication values. + if ($login_cookies == 'yes') { + $the_cookie = serialize(array('username' => $username, 'password' => $password)); + setcookie('phpicalendar_login', $the_cookie, time()+(60*60*24*7*12*10), '/', $cookie_uri, 0); + } else { + $_SESSION['username'] = $username; + $_SESSION['password'] = $password; + } + + // Return the username and password. + return array($username, $password, $invalid_login); +} + +// Logout the user. The username and password stored in cookies or the +// session will be deleted. +// +// Returns an empty username and password. +function user_logout() { + global $login_cookies, $cookie_uri; + + // Clear the login cookie or session authentication values. + if ($login_cookies == 'yes') { + setcookie('phpicalendar_login', '', time()-(60*60*24*7), '/', $cookie_uri, 0); + } else { + // Check if the session has already been started. + if (!session_id()) { + session_start(); + setcookie(session_name(), session_id(), time()+(60*60*24*7*12*10), '/', $cookie_uri, 0); + } + + // Clear the session authentication values. + unset($_SESSION['username']); + unset($_SESSION['password']); + } + + // Return empty username and password. + return array('', ''); +} +?> |