gwvpmini/gwvpmini_auth.php

   1 <?php
   2
   3 session_start();
   4
   5 $CALL_ME_FUNCTIONS["auth"] = "gwvpmini_AuthCallMe";\r
   6
   7 function gwvpmini_AuthCallMe()\r
   8 {\r
   9 \r
  10         error_log("in repoadmin callme");\r
  11         if(isset($_REQUEST["q"])) {\r
  12                 $query = $_REQUEST["q"];\r
  13                 $qspl = explode("/", $query);\r
  14                 if(isset($qspl[0])) {\r
  15                         if($qspl[0] == "login") {
  16                                 return "gwvpmini_AuthHandleLogin";
  17                         } else if($qspl[0] == "logout") {
  18                                 return "gwvpmini_AuthHandleLogout";
  19                         } else return false;\r
  20                 }\r
  21                 else return false;\r
  22         }\r
  23 \r
  24         return false;\r
  25 }\r
  26
  27 function gwvpmini_AuthHandleLogout()\r
  28 {\r
  29         global $BASE_URL;\r
  30 \r
  31         unset($_SESSION["isloggedin"]);\r
  32         unset($_SESSION["username"]);\r
  33         unset($_SESSION["fullname"]);\r
  34         unset($_SESSION["usertype"]);\r
  35         unset($_SESSION["id"]);\r
  36         \r
  37         gwvpmini_SendMessage("info", "Logged out");\r
  38         header("Location: $BASE_URL");\r
  39 }\r
  40
  41
  42 function gwvpmini_AuthHandleLogin()
  43 {
  44         global $BASE_URL;\r
  45         \r
  46         $user = "";\r
  47         $pass = "";\r
  48         if(isset($_REQUEST["username"])) $user = $_REQUEST["username"];\r
  49         if(isset($_REQUEST["password"])) $pass = $_REQUEST["password"];\r
  50         \r
  51         if(gwvpmini_authUserPass($user, $pass) === false) {\r
  52                 gwvpmini_SendMessage("error", "Login Failed");\r
  53                 header("Location: $BASE_URL");\r
  54         } else {\r
  55                 $details = gwvpmini_getUser($user);\r
  56                 $_SESSION["isloggedin"] = true;\r
  57                 $_SESSION["username"] = "$user";\r
  58                 $_SESSION["fullname"] = $details["fullname"];\r
  59                 $_SESSION["id"] = $details["id"];\r
  60                 gwvpmini_SendMessage("info", "Welcome ".$details["fullname"]." you are logged in");\r
  61                 header("Location: $BASE_URL");\r
  62                 return true;\r
  63         }\r
  64         \r
  65
  66 }
  67
  68 function gwvpmini_SingleLineLoginForm()\r
  69 {\r
  70         global $BASE_URL;\r
  71 \r
  72         echo "<form method=\"post\" action=\"$BASE_URL/login\">Username <input type=\"text\" name=\"username\" class=\"login\">";\r
  73         echo " Passowrd <input type=\"text\" name=\"password\" class=\"login\"><input type=\"submit\" name=\"login\" value=\"Login\" class=\"loginbutton\">";\r
  74         if(gwvpmini_IsRegistrationEnabled()) echo "<a href=\"$BASE_URL/register\">Register</a></form>";\r
  75         else echo "</form><br>";\r
  76 }\r
  77
  78
  79 function gwvpmini_IsRegistrationEnabled()
  80 {
  81         return true;
  82 }
  83
  84 function gwvpmini_isLoggedIn()
  85 {
  86         global $_SESSION;
  87
  88         if(isset($_SESSION)) {
  89                 if(isset($_SESSION["username"])) {
  90                         return true;
  91                 }
  92         }
  93
  94         return false;
  95 }
  96
  97 function gwvpmini_AskForBasicAuth()\r
  98 {
  99         error_log("SEND BASIC AUTH");\r
 100         header('HTTP/1.1 401 Unauthorized');
 101         header('WWW-Authenticate: Basic realm="GITRepo"');\r
 102 }\r
 103
 104
 105 function gwvpmini_checkBasicAuthLogin()\r
 106 {\r
 107         $user = false;\r
 108         $pass = false;\r
 109         if(isset($_SERVER["PHP_AUTH_USER"])) {\r
 110                 $user = $_SERVER["PHP_AUTH_USER"];\r
 111         } else return false;\r
 112 \r
 113         if(isset($_SERVER["PHP_AUTH_PW"])) {\r
 114                 $pass = $_SERVER["PHP_AUTH_PW"];\r
 115         } else return false;\r
 116 \r
 117         error_log("passing basic auth for $user, $pass to backend");\r
 118         $auth = gwvpmini_authUserPass($user, $pass);\r
 119         if($auth !== false) {\r
 120                 error_log("auth passes");\r
 121         } else {\r
 122                 error_log("auth failes");\r
 123         }\r
 124 \r
 125         return $auth;\r
 126 }\r
 127
 128
 129 function gwvpmini_isUserAdmin($id=-1)
 130 {
 131
 132
 133         if($id == -1) {
 134                 if(isset($_SESSION)) if(isset($_SESSION["id"])) $id = $_SESSION["id"];
 135         }
 136
 137         if($id == -1) return false;
 138
 139         $lev = gwvpmini_userLevel($id);
 140
 141         if($lev == 1) return true;
 142
 143         return false;
 144 }
 145
 146 function gwvpmini_authUserPass($user, $pass)
 147 {
 148         $details = gwvpmini_getUser($user);
 149         if($details == false) {
 150                 error_log("no user details for $user");
 151                 return false;
 152         }
 153
 154         if(sha1($pass)!=$details["password"]) return false;
 155
 156         return $details["username"];
 157 }
 158
 159 ?>