gwvpmini/gwvpmini_auth.php

   1 <?php
   2
   3 session_start();
   4
   5 $CALL_ME_FUNCTIONS["auth"] = "gwvpmini_AuthCallMe";\r
   6
   7 function gwvpmini_AuthCallMe()\r
   8 {\r
   9 \r
  10         error_log("in repoadmin callme");\r
  11         if(isset($_REQUEST["q"])) {\r
  12                 $query = $_REQUEST["q"];\r
  13                 $qspl = explode("/", $query);\r
  14                 if(isset($qspl[0])) {\r
  15                         if($qspl[0] == "login") {
  16                                 return "gwvpmini_AuthHandleLogin";
  17                         } else if($qspl[0] == "logout") {
  18                                 return "gwvpmini_AuthHandleLogout";
  19                         } else return false;\r
  20                 }\r
  21                 else return false;\r
  22         }\r
  23 \r
  24         return false;\r
  25 }\r
  26
  27 function gwvpmini_AuthHandleLogout()\r
  28 {\r
  29         global $BASE_URL;\r
  30 \r
  31         unset($_SESSION["isloggedin"]);\r
  32         unset($_SESSION["username"]);\r
  33         unset($_SESSION["fullname"]);\r
  34         unset($_SESSION["usertype"]);\r
  35         unset($_SESSION["id"]);\r
  36         \r
  37         gwvpmini_SendMessage("info", "Logged out");\r
  38         header("Location: $BASE_URL");\r
  39 }\r
  40
  41
  42 function gwvpmini_AuthHandleLogin()
  43 {
  44         global $BASE_URL;\r
  45         \r
  46         $user = "";\r
  47         $pass = "";\r
  48         if(isset($_REQUEST["username"])) $user = $_REQUEST["username"];\r
  49         if(isset($_REQUEST["password"])) $pass = $_REQUEST["password"];\r
  50         \r
  51         if(gwvpmini_authUserPass($user, $pass) === false) {\r
  52                 gwvpmini_SendMessage("error", "Login Failed");\r
  53                 header("Location: $BASE_URL");\r
  54         } else {\r
  55                 $details = gwvpmini_getUser($user);\r
  56                 $_SESSION["isloggedin"] = true;\r
  57                 $_SESSION["username"] = "$user";\r
  58                 $_SESSION["fullname"] = $details["fullname"];\r
  59                 $_SESSION["id"] = $details["id"];\r
  60                 gwvpmini_SendMessage("info", "Welcome ".$details["fullname"]." you are logged in");\r
  61                 header("Location: $BASE_URL");\r
  62                 return true;\r
  63         }\r
  64         \r
  65
  66 }
  67
  68 function gwvpmini_SingleLineLoginForm()\r
  69 {\r
  70         global $BASE_URL;\r
  71 \r
  72         echo "<form method=\"post\" action=\"$BASE_URL/login\">Username <input type=\"text\" name=\"username\" class=\"login\">";\r
  73         echo " Passowrd <input type=\"password\" name=\"password\" class=\"login\"><input type=\"submit\" name=\"login\" value=\"Login\" class=\"loginbutton\">";\r
  74         if(gwvpmini_IsRegistrationEnabled()) echo "<a href=\"$BASE_URL/register\">Register</a></form>";\r
  75         else echo "</form>";\r
  76 }\r
  77
  78
  79 function gwvpmini_IsRegistrationEnabled()
  80 {
  81         global $can_register;
  82         return $can_register;
  83 }
  84
  85 function gwvpmini_isLoggedIn()
  86 {
  87         global $_SESSION;
  88
  89         if(isset($_SESSION)) {
  90                 if(isset($_SESSION["username"])) {
  91                         if(!gwvpmini_isUserEnabled($_SESSION["id"])) return false;
  92                         return true;
  93                 }
  94         }
  95
  96         return false;
  97 }
  98
  99 function gwvpmini_AskForBasicAuth()\r
 100 {
 101         error_log("SEND BASIC AUTH");
 102         header_remove("Pragma");
 103         header_remove("Cache-Control");\r
 104         header_remove("Set-Cookie");
 105         header_remove("Expires");\r
 106         header_remove("X-Powered-By");\r
 107         header_remove("Vary");\r
 108
 109         header('HTTP/1.1 401 Unauthorized');
 110         header('WWW-Authenticate: Basic realm="GITRepo"');\r
 111 }\r
 112
 113
 114 function gwvpmini_checkBasicAuthLogin()\r
 115 {\r
 116         $user = false;\r
 117         $pass = false;\r
 118         if(isset($_SERVER["PHP_AUTH_USER"])) {\r
 119                 $user = $_SERVER["PHP_AUTH_USER"];\r
 120         } else return false;\r
 121 \r
 122         if(isset($_SERVER["PHP_AUTH_PW"])) {\r
 123                 $pass = $_SERVER["PHP_AUTH_PW"];\r
 124         } else return false;\r
 125 \r
 126         error_log("passing basic auth for $user, $pass to backend");\r
 127         $auth = gwvpmini_authUserPass($user, $pass);\r
 128         if($auth !== false) {\r
 129                 error_log("auth passes");\r
 130         } else {\r
 131                 error_log("auth failes");\r
 132         }\r
 133 \r
 134         return $auth;\r
 135 }\r
 136
 137
 138 function gwvpmini_isUserAdmin($id=-1)
 139 {
 140
 141
 142         if($id == -1) {
 143                 if(isset($_SESSION)) if(isset($_SESSION["id"])) $id = $_SESSION["id"];
 144         }
 145
 146         if($id == -1) return false;
 147
 148         $lev = gwvpmini_userLevel($id);
 149
 150         if($lev == 1) return true;
 151
 152         return false;
 153 }
 154
 155 function gwvpmini_authUserPass($user, $pass)
 156 {
 157         $details = gwvpmini_getUser($user);
 158         if($details == false) {
 159                 error_log("no user details for $user");
 160                 return false;
 161         }
 162
 163         if(!gwvpmini_isUserEnabled($details["id"])) return false;
 164
 165         if(sha1($pass)!=$details["password"]) return false;
 166
 167         return $details["username"];
 168 }
 169
 170 function gwvpmini_isUserEnabled($id=-1)
 171 {
 172         if($id == -1) {\r
 173                 if(isset($_SESSION)) if(isset($_SESSION["id"])) $id = $_SESSION["id"];\r
 174         }\r
 175         \r
 176         if($id == -1) return false;\r
 177         \r
 178         $lev_t = gwvpmini_getUser(null, null, $id);
 179
 180         $lev = $lev_t["status"];\r
 181         \r
 182         if($lev == 0) return true;\r
 183         \r
 184         return false;\r
 185
 186 }
 187
 188 ?>