Implemented user login via cookies and/or sessions with templates.

3 files changed, 155 insertions, 42 deletions

diff --git a/functions/init.inc.php b/functions/init.inc.php
index 5be4847..68ef2b7 100644
--- a/functions/init.inc.php
+++ b/functions/init.inc.php
@@ -21,6 +21,7 @@ if (!defined('BASE')) define('BASE', './');
 include_once(BASE.'config.inc.php');
 include_once(BASE.'functions/error.php');
 include_once(BASE.'functions/calendar_functions.php');
+include_once(BASE.'functions/userauth_functions.php');
 if (isset($HTTP_COOKIE_VARS['phpicalendar'])) {
 	$phpicalendar = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar']));
 	if (isset($phpicalendar['cookie_language'])) 	$language 			= $phpicalendar['cookie_language'];
@@ -38,47 +39,16 @@ if ($cookie_uri == '') {
 
 if ($bleed_time == '') $bleed_time = $day_start;
 
-// If not HTTP authenticated, try login via cookies or the web page.
-$username = ''; $password = '';
-if (!isset($_SERVER['PHP_AUTH_USER'])) {
-	// Look for a login cookie.
-	if (isset($HTTP_COOKIE_VARS['phpicalendar_login'])) {
-		$login_cookie = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar_login']));
-		if (isset($login_cookie['username']))	$username = $login_cookie['username'];
-		if (isset($login_cookie['password']))	$password = $login_cookie['password'];
-	}
-
-	// Look for a new username and password.
-	if (isset($HTTP_GET_VARS['username']))			$username = $HTTP_GET_VARS['username'];
-	else if (isset($HTTP_POST_VARS['username']))	$username = $HTTP_POST_VARS['username'];
-	if (isset($HTTP_GET_VARS['password']))			$password = $HTTP_GET_VARS['password'];
-	else if (isset($HTTP_POST_VARS['password']))	$password = $HTTP_POST_VARS['password'];
-
-	// Grab the action (login or logout).
-	if (isset($HTTP_GET_VARS['action']))			$action = $HTTP_GET_VARS['action'];
-	else if (isset($HTTP_POST_VARS['action']))		$action = $HTTP_POST_VARS['action'];
-	else											$action = '';
-
-	// Check to make sure the username and password is valid.
-	if ($action == 'login' && !key_exists("$username:$password", $locked_map)) {
-		// Don't login, instead logout.
-		$action = 'logout';
-
-		// Remember the invalid login, because we may want to
-		// display a message elsewhere.
-		$invalid_login = true;
-	} else {
-		$invalid_login = false;
-	}
-
-	// Set the login cookie if logging in. Clear it if logging out.
-	if ($action == 'login') {
-		$the_cookie = serialize(array('username' => $username, 'password' => $password));
-		setcookie('phpicalendar_login', $the_cookie, time()+(60*60*24*7*12*10), '/', $cookie_uri, 0);
-	} else if ($action == 'logout') {
-		setcookie('phpicalendar_login', '', time()-(60*60*24*7), '/', $cookie_uri, 0);
-		$username = ''; $password = '';
-	}
+// Grab the action (login or logout).
+if (isset($HTTP_GET_VARS['action']))			$action = $HTTP_GET_VARS['action'];
+else if (isset($HTTP_POST_VARS['action']))		$action = $HTTP_POST_VARS['action'];
+else											$action = '';
+	
+// Login and/or logout.
+list($username, $password, $invalid_login) = user_login();
+if ($action != 'login') $invalid_login = false;
+if ($action == 'logout' || $invalid_login) {
+	list($username, $password) = user_logout();
 }
 
 // language support
diff --git a/functions/template.php b/functions/template.php
index 4c2ebb5..481069d 100644
--- a/functions/template.php
+++ b/functions/template.php
@@ -869,4 +869,4 @@ class Page {
 		print($this->page);
 	}
 }
-?> 
+?>
\ No newline at end of file
diff --git a/functions/userauth_functions.php b/functions/userauth_functions.php
new file mode 100644
index 0000000..403076d
--- /dev/null
+++ b/functions/userauth_functions.php
@@ -0,0 +1,143 @@
+<?php
+// Generate the login query string.
+//
+// Returns the login query string.
+function login_querys() {
+	global $QUERY_STRING;
+	
+	// Remove the username, password, and action values.
+	$querys = preg_replace('/(username|password|action)=[^&]+/', '', $QUERY_STRING);
+
+	// Return the login query string.
+	$querys = preg_replace('/&&/', '', $querys);
+	return $querys;
+}
+
+// Generate the logout query string.
+//
+// Returns the logout query string.
+function logout_querys() {
+	global $QUERY_STRING;
+	
+	// Make sure the action is logout.
+	$querys = preg_replace('/action=[^&]+/', 'action=logout', $QUERY_STRING);
+	if ($querys == $QUERY_STRING) $querys .= '&action=logout';
+	
+	// Remove references to the username or password.
+	$querys = preg_replace('/(username|password)=[^&]+/', '', $querys);
+	
+	// Return the logout query string.
+	$querys = preg_replace('/&&/', '', $querys);
+	return $querys;
+}
+
+// Authenticate the user. The submitted login data is checked for
+// validity against the locked map. The login data will be saved in
+// cookies or the session depending on the configuration. The variable
+// $invalid_login will be set true or false depending on whether or not
+// a valid login was found.
+//
+// This authentication method only applies to non-HTTP authentication.
+//
+// Returns the username and password found, which will be empty strings
+// if no valid login is found. Returns a boolean invalid_login to
+// indicate that the login is invalid.
+function user_login() {
+	global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS, $_SERVER;
+	global $login_cookies, $cookie_uri, $locked_map;
+	
+	// Initialize return values.
+	$invalid_login = false;
+	$username = ''; $password = '';
+	
+	// If not HTTP authenticated, try login via cookies or the web page.
+	if (isset($_SERVER['PHP_AUTH_USER'])) {
+		return array($username, $password, $invalid_login);
+	}
+
+	// Look for a login cookie.
+	if ($login_cookies == 'yes' &&
+		isset($HTTP_COOKIE_VARS['phpicalendar_login']))
+	{
+		$login_cookie = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar_login']));
+		if (isset($login_cookie['username']) &&
+			isset($login_cookie['password']))
+		{
+			$username = $login_cookie['username'];
+			$password = $login_cookie['password'];
+		}
+	}
+	
+	// Look for session authentication.
+	if ($login_cookies != 'yes') {
+		if (!session_id()) {
+			session_start();
+			setcookie(session_name(), session_id(), time()+(60*60*24*7*12*10), '/', $cookie_uri, 0);
+		}
+		if (isset($_SESSION['username']) &&
+			isset($_SESSION['password']))
+		{
+			$username = $_SESSION['username'];
+			$password = $_SESSION['password'];
+		}
+	}
+	
+	// Look for a new username and password.
+	if (isset($HTTP_GET_VARS['username']) &&
+		isset($HTTP_GET_VARS['password']))
+	{
+		$username = $HTTP_GET_VARS['username'];
+		$password = $HTTP_GET_VARS['password'];
+	} else if (isset($HTTP_POST_VARS['username']) &&
+			   isset($HTTP_POST_VARS['password']))
+	{
+		$username = $HTTP_POST_VARS['username'];
+		$password = $HTTP_POST_VARS['password'];
+	}
+	
+	// Check to make sure the username and password is valid.
+	if (!key_exists("$username:$password", $locked_map)) {
+		// Remember the invalid login, because we may want to display
+		// a message elsewhere or check validity.
+		return array($username, $password, true);
+	}
+	
+	// Set the login cookie or session authentication values.
+	if ($login_cookies == 'yes') {
+		$the_cookie = serialize(array('username' => $username, 'password' => $password));
+		setcookie('phpicalendar_login', $the_cookie, time()+(60*60*24*7*12*10), '/', $cookie_uri, 0);
+	} else {
+		$_SESSION['username'] = $username;
+		$_SESSION['password'] = $password;
+	}
+	
+	// Return the username and password.
+	return array($username, $password, $invalid_login);
+}
+
+// Logout the user. The username and password stored in cookies or the
+// session will be deleted.
+//
+// Returns an empty username and password.
+function user_logout() {
+	global $login_cookies, $cookie_uri;
+	
+	// Clear the login cookie or session authentication values.
+	if ($login_cookies == 'yes') {
+		setcookie('phpicalendar_login', '', time()-(60*60*24*7), '/', $cookie_uri, 0);
+	} else {
+		// Check if the session has already been started.
+		if (!session_id()) {
+			session_start();
+			setcookie(session_name(), session_id(), time()+(60*60*24*7*12*10), '/', $cookie_uri, 0);
+		}
+	
+		// Clear the session authentication values.
+		unset($_SESSION['username']);
+		unset($_SESSION['password']);
+	}
+	
+	// Return empty username and password.
+	return array('', '');
+}
+?>