diff options
author | Wesley Miaw <josuah@users.sourceforge.net> | 2004-05-14 21:09:16 +0000 |
---|---|---|
committer | Wesley Miaw <josuah@users.sourceforge.net> | 2004-05-14 21:09:16 +0000 |
commit | 911d0baa7862a6e1e0c9129ab4177ff9712a319c (patch) | |
tree | 4748165c6c77d70701406e28a30d4482f8cfcb30 /functions | |
parent | 7abcabed195eafe55c9973644cffc72c38b74c9c (diff) | |
download | phpicalendar-911d0baa7862a6e1e0c9129ab4177ff9712a319c.tar.gz phpicalendar-911d0baa7862a6e1e0c9129ab4177ff9712a319c.tar.bz2 phpicalendar-911d0baa7862a6e1e0c9129ab4177ff9712a319c.zip |
Implemented user login via cookies and/or sessions with templates.
Diffstat (limited to 'functions')
-rw-r--r-- | functions/init.inc.php | 52 | ||||
-rw-r--r-- | functions/template.php | 2 | ||||
-rw-r--r-- | functions/userauth_functions.php | 143 |
3 files changed, 155 insertions, 42 deletions
diff --git a/functions/init.inc.php b/functions/init.inc.php index 5be4847..68ef2b7 100644 --- a/functions/init.inc.php +++ b/functions/init.inc.php @@ -21,6 +21,7 @@ if (!defined('BASE')) define('BASE', './'); include_once(BASE.'config.inc.php'); include_once(BASE.'functions/error.php'); include_once(BASE.'functions/calendar_functions.php'); +include_once(BASE.'functions/userauth_functions.php'); if (isset($HTTP_COOKIE_VARS['phpicalendar'])) { $phpicalendar = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar'])); if (isset($phpicalendar['cookie_language'])) $language = $phpicalendar['cookie_language']; @@ -38,47 +39,16 @@ if ($cookie_uri == '') { if ($bleed_time == '') $bleed_time = $day_start; -// If not HTTP authenticated, try login via cookies or the web page. -$username = ''; $password = ''; -if (!isset($_SERVER['PHP_AUTH_USER'])) { - // Look for a login cookie. - if (isset($HTTP_COOKIE_VARS['phpicalendar_login'])) { - $login_cookie = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar_login'])); - if (isset($login_cookie['username'])) $username = $login_cookie['username']; - if (isset($login_cookie['password'])) $password = $login_cookie['password']; - } - - // Look for a new username and password. - if (isset($HTTP_GET_VARS['username'])) $username = $HTTP_GET_VARS['username']; - else if (isset($HTTP_POST_VARS['username'])) $username = $HTTP_POST_VARS['username']; - if (isset($HTTP_GET_VARS['password'])) $password = $HTTP_GET_VARS['password']; - else if (isset($HTTP_POST_VARS['password'])) $password = $HTTP_POST_VARS['password']; - - // Grab the action (login or logout). - if (isset($HTTP_GET_VARS['action'])) $action = $HTTP_GET_VARS['action']; - else if (isset($HTTP_POST_VARS['action'])) $action = $HTTP_POST_VARS['action']; - else $action = ''; - - // Check to make sure the username and password is valid. - if ($action == 'login' && !key_exists("$username:$password", $locked_map)) { - // Don't login, instead logout. - $action = 'logout'; - - // Remember the invalid login, because we may want to - // display a message elsewhere. - $invalid_login = true; - } else { - $invalid_login = false; - } - - // Set the login cookie if logging in. Clear it if logging out. - if ($action == 'login') { - $the_cookie = serialize(array('username' => $username, 'password' => $password)); - setcookie('phpicalendar_login', $the_cookie, time()+(60*60*24*7*12*10), '/', $cookie_uri, 0); - } else if ($action == 'logout') { - setcookie('phpicalendar_login', '', time()-(60*60*24*7), '/', $cookie_uri, 0); - $username = ''; $password = ''; - } +// Grab the action (login or logout). +if (isset($HTTP_GET_VARS['action'])) $action = $HTTP_GET_VARS['action']; +else if (isset($HTTP_POST_VARS['action'])) $action = $HTTP_POST_VARS['action']; +else $action = ''; + +// Login and/or logout. +list($username, $password, $invalid_login) = user_login(); +if ($action != 'login') $invalid_login = false; +if ($action == 'logout' || $invalid_login) { + list($username, $password) = user_logout(); } // language support diff --git a/functions/template.php b/functions/template.php index 4c2ebb5..481069d 100644 --- a/functions/template.php +++ b/functions/template.php @@ -869,4 +869,4 @@ class Page { print($this->page); } } -?> +?>
\ No newline at end of file diff --git a/functions/userauth_functions.php b/functions/userauth_functions.php new file mode 100644 index 0000000..403076d --- /dev/null +++ b/functions/userauth_functions.php @@ -0,0 +1,143 @@ +<?php +// Generate the login query string. +// +// Returns the login query string. +function login_querys() { + global $QUERY_STRING; + + // Remove the username, password, and action values. + $querys = preg_replace('/(username|password|action)=[^&]+/', '', $QUERY_STRING); + + // Return the login query string. + $querys = preg_replace('/&&/', '', $querys); + return $querys; +} + +// Generate the logout query string. +// +// Returns the logout query string. +function logout_querys() { + global $QUERY_STRING; + + // Make sure the action is logout. + $querys = preg_replace('/action=[^&]+/', 'action=logout', $QUERY_STRING); + if ($querys == $QUERY_STRING) $querys .= '&action=logout'; + + // Remove references to the username or password. + $querys = preg_replace('/(username|password)=[^&]+/', '', $querys); + + // Return the logout query string. + $querys = preg_replace('/&&/', '', $querys); + return $querys; +} + +// Authenticate the user. The submitted login data is checked for +// validity against the locked map. The login data will be saved in +// cookies or the session depending on the configuration. The variable +// $invalid_login will be set true or false depending on whether or not +// a valid login was found. +// +// This authentication method only applies to non-HTTP authentication. +// +// Returns the username and password found, which will be empty strings +// if no valid login is found. Returns a boolean invalid_login to +// indicate that the login is invalid. +function user_login() { + global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS, $_SERVER; + global $login_cookies, $cookie_uri, $locked_map; + + // Initialize return values. + $invalid_login = false; + $username = ''; $password = ''; + + // If not HTTP authenticated, try login via cookies or the web page. + if (isset($_SERVER['PHP_AUTH_USER'])) { + return array($username, $password, $invalid_login); + } + + // Look for a login cookie. + if ($login_cookies == 'yes' && + isset($HTTP_COOKIE_VARS['phpicalendar_login'])) + { + $login_cookie = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar_login'])); + if (isset($login_cookie['username']) && + isset($login_cookie['password'])) + { + $username = $login_cookie['username']; + $password = $login_cookie['password']; + } + } + + // Look for session authentication. + if ($login_cookies != 'yes') { + if (!session_id()) { + session_start(); + setcookie(session_name(), session_id(), time()+(60*60*24*7*12*10), '/', $cookie_uri, 0); + } + if (isset($_SESSION['username']) && + isset($_SESSION['password'])) + { + $username = $_SESSION['username']; + $password = $_SESSION['password']; + } + } + + // Look for a new username and password. + if (isset($HTTP_GET_VARS['username']) && + isset($HTTP_GET_VARS['password'])) + { + $username = $HTTP_GET_VARS['username']; + $password = $HTTP_GET_VARS['password']; + } else if (isset($HTTP_POST_VARS['username']) && + isset($HTTP_POST_VARS['password'])) + { + $username = $HTTP_POST_VARS['username']; + $password = $HTTP_POST_VARS['password']; + } + + // Check to make sure the username and password is valid. + if (!key_exists("$username:$password", $locked_map)) { + // Remember the invalid login, because we may want to display + // a message elsewhere or check validity. + return array($username, $password, true); + } + + // Set the login cookie or session authentication values. + if ($login_cookies == 'yes') { + $the_cookie = serialize(array('username' => $username, 'password' => $password)); + setcookie('phpicalendar_login', $the_cookie, time()+(60*60*24*7*12*10), '/', $cookie_uri, 0); + } else { + $_SESSION['username'] = $username; + $_SESSION['password'] = $password; + } + + // Return the username and password. + return array($username, $password, $invalid_login); +} + +// Logout the user. The username and password stored in cookies or the +// session will be deleted. +// +// Returns an empty username and password. +function user_logout() { + global $login_cookies, $cookie_uri; + + // Clear the login cookie or session authentication values. + if ($login_cookies == 'yes') { + setcookie('phpicalendar_login', '', time()-(60*60*24*7), '/', $cookie_uri, 0); + } else { + // Check if the session has already been started. + if (!session_id()) { + session_start(); + setcookie(session_name(), session_id(), time()+(60*60*24*7*12*10), '/', $cookie_uri, 0); + } + + // Clear the session authentication values. + unset($_SESSION['username']); + unset($_SESSION['password']); + } + + // Return empty username and password. + return array('', ''); +} +?> |