aboutsummaryrefslogtreecommitdiffstats
path: root/functions/userauth_functions.php
blob: 98a702066a0e9e199725873ee59027fc934f0366 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
<?php
// Generate the login query string.
//
// Returns the login query string.
function login_querys() {
	// Remove the username, password, and action values.
	$querys = preg_replace('/(username|password|action)=[^&]+/', '', $_SERVER['QUERY_STRING']);

	// Return the login query string.
	$querys = preg_replace('/&&|&$/', '', $querys);
	return $querys;
}

// Generate the logout query string.
//
// Returns the logout query string.
function logout_querys() {
	// Make sure the action is logout.
	$querys = preg_replace('/action=[^&]+/', 'action=logout', $_SERVER['QUERY_STRING']);
	if ($querys == $_SERVER['QUERY_STRING']) $querys .= '&action=logout';

	// Remove references to the username or password.
	$querys = preg_replace('/(username|password)=[^&]+/', '', $querys);

	// Return the logout query string.
	$querys = preg_replace('/&&|&$/', '', $querys);
	return $querys;
}

// Authenticate the user. The submitted login data is checked for
// validity against the locked map. The login data will be saved in
// cookies or the session depending on the configuration. The variable
// $invalid_login will be set true or false depending on whether or not
// a valid login was found.
//
// This authentication method only applies to non-HTTP authentication.
//
// Returns the username and password found, which will be empty strings
// if no valid login is found. Returns a boolean invalid_login to
// indicate that the login is invalid.
function user_login() {
	global $phpiCal_config, $locked_map;

	// Initialize return values.
	$invalid_login = false;
	$username = ''; $password = '';

	// If not HTTP authenticated, try login via cookies or the web page.
	if (isset($_SERVER['PHP_AUTH_USER'])) {
		$username = $_SERVER['PHP_AUTH_USER'];
		if (isset($_SERVER['PHP_AUTH_PW'])) $password = $_SERVER['PHP_AUTH_PW'];

		return array($username, $password, $invalid_login);
	}

	// Look for a login cookie.
	if ($phpiCal_config->login_cookies == 'yes' && isset($_COOKIE['phpicalendar_login'])){
		$login_cookie = unserialize(stripslashes($_COOKIE['phpicalendar_login']));
		if (isset($login_cookie['username']) &&	isset($login_cookie['password'])){
			$username = $login_cookie['username'];
			$password = $login_cookie['password'];
		}
	}

	// Look for session authentication.
	if ($phpiCal_config->login_cookies != 'yes') {
		if (!session_id()) {
			session_start();
			setcookie(session_name(), session_id(), time()+(60*60*24*7*12*10), '/', $phpiCal_config->cookie_uri, 0);
		}
		if (isset($_SESSION['username'], $_SESSION['password'])){
			$username = $_SESSION['username'];
			$password = $_SESSION['password'];
		}
	}

	// Look for a new username and password.
# Should only take these from post?
#	if (isset($_GET['username'], $_GET['password'])){
#		$username = $_GET['username'];
#		$password = $_GET['password'];
#	} else

	if (isset($_POST['username'], $_POST['password'])){
		$username = $_POST['username'];
		$password = $_POST['password'];
	}

	// Check to make sure the username and password is valid.
	if (!array_key_exists("$username:$password", $locked_map)) {
		// Remember the invalid login, because we may want to display
		// a message elsewhere or check validity.
		return array($username, $password, true);
	}

	// Set the login cookie or session authentication values.
	if ($phpiCal_config->login_cookies == 'yes' && empty($_COOKIE['phpicalendar_login'])) {
		$the_cookie = serialize(array('username' => $username, 'password' => $password));
		setcookie('phpicalendar_login', $the_cookie, time()+(60*60*24*7*12*10), '/', $phpiCal_config->cookie_uri, 0);
	} else {
		$_SESSION['username'] = $username;
		$_SESSION['password'] = $password;
	}

	// Return the username and password.
	return array($username, $password, $invalid_login);
}

// Logout the user. The username and password stored in cookies or the
// session will be deleted.
//
// Returns an empty username and password.
function user_logout() {
	global $phpiCal_config;

	// Clear the login cookie or session authentication values.
	if ($phpiCal_config->login_cookies == 'yes') {
		setcookie('phpicalendar_login', '', time()-(60*60*24*7), '/', $phpiCal_config->cookie_uri, 0);
		unset($_COOKIE['phpicalendar_login']);
	} else {
		// Check if the session has already been started.
		if (!session_id()) {
			session_start();
			setcookie(session_name(), session_id(), time()+(60*60*24*7*12*10), '/', $phpiCal_config->cookie_uri, 0);
		}

		// Clear the session authentication values.
		unset($_SESSION['username']);
		unset($_SESSION['password']);
	}

	// Return empty username and password.
	return array('', '');
}
?>

© 2014-2024 Faster IT GmbH | imprint | privacy policy