gwvpmini/gwvpmini_auth.php

   1 <?php
   2
   3 session_start();
   4
   5 $CALL_ME_FUNCTIONS["auth"] = "gwvpmini_AuthCallMe";\r
   6
   7 function gwvpmini_AuthCallMe()\r
   8 {\r
   9 \r
  10         error_log("in repoadmin callme");\r
  11         if(isset($_REQUEST["q"])) {\r
  12                 $query = $_REQUEST["q"];\r
  13                 $qspl = explode("/", $query);\r
  14                 if(isset($qspl[0])) {\r
  15                         if($qspl[0] == "login") {
  16                                 return "gwvpmini_AuthHandleLogin";
  17                         } else if($qspl[0] == "logout") {
  18                                 return "gwvpmini_AuthHandleLogout";
  19                         } else return false;\r
  20                 }\r
  21                 else return false;\r
  22         }\r
  23 \r
  24         return false;\r
  25 }\r
  26
  27 function gwvpmini_AuthHandleLogout()\r
  28 {\r
  29         global $BASE_URL;\r
  30 \r
  31         unset($_SESSION["isloggedin"]);\r
  32         unset($_SESSION["username"]);\r
  33         unset($_SESSION["fullname"]);\r
  34         unset($_SESSION["usertype"]);\r
  35         unset($_SESSION["id"]);\r
  36         \r
  37         gwvpmini_SendMessage("info", "Logged out");\r
  38         header("Location: $BASE_URL");\r
  39 }\r
  40
  41
  42 function gwvpmini_AuthHandleLogin()
  43 {
  44         global $BASE_URL;\r
  45         \r
  46         $user = "";\r
  47         $pass = "";\r
  48         if(isset($_REQUEST["username"])) $user = $_REQUEST["username"];\r
  49         if(isset($_REQUEST["password"])) $pass = $_REQUEST["password"];\r
  50         \r
  51         if(gwvpmini_authUserPass($user, $pass) === false) {\r
  52                 gwvpmini_SendMessage("error", "Login Failed");\r
  53                 header("Location: $BASE_URL");\r
  54         } else {\r
  55                 $details = gwvpmini_getUser($user);\r
  56                 $_SESSION["isloggedin"] = true;\r
  57                 $_SESSION["username"] = "$user";\r
  58                 $_SESSION["fullname"] = $details["fullname"];\r
  59                 $_SESSION["id"] = $details["id"];\r
  60                 gwvpmini_SendMessage("info", "Welcome ".$details["fullname"]." you are logged in");\r
  61                 header("Location: $BASE_URL");\r
  62                 return true;\r
  63         }\r
  64         \r
  65
  66 }
  67
  68 function gwvpmini_SingleLineLoginForm()\r
  69 {\r
  70         global $BASE_URL;\r
  71 \r
  72         echo "<form method=\"post\" action=\"$BASE_URL/login\">Username <input type=\"text\" name=\"username\" class=\"login\">";\r
  73         echo " Passowrd <input type=\"text\" name=\"password\" class=\"login\"><input type=\"submit\" name=\"login\" value=\"Login\" class=\"loginbutton\">";\r
  74         if(gwvpmini_IsRegistrationEnabled()) echo "<a href=\"$BASE_URL/register\">Register</a></form>";\r
  75         else echo "</form><br>";\r
  76 }\r
  77
  78
  79 function gwvpmini_IsRegistrationEnabled()
  80 {
  81         return true;
  82 }
  83
  84 function gwvpmini_isLoggedIn()
  85 {
  86         global $_SESSION;
  87
  88         if(isset($_SESSION)) {
  89                 if(isset($_SESSION["username"])) {
  90                         return true;
  91                 }
  92         }
  93
  94         return false;
  95 }
  96
  97 function gwvpmini_AskForBasicAuth()\r
  98 {
  99         error_log("SEND BASIC AUTH");
 100         header_remove("Pragma");
 101         header_remove("Cache-Control");\r
 102         header_remove("Set-Cookie");
 103         header_remove("Expires");\r
 104         header_remove("X-Powered-By");\r
 105         header_remove("Vary");\r
 106
 107         header('HTTP/1.1 401 Unauthorized');
 108         header('WWW-Authenticate: Basic realm="GITRepo"');\r
 109 }\r
 110
 111
 112 function gwvpmini_checkBasicAuthLogin()\r
 113 {\r
 114         $user = false;\r
 115         $pass = false;\r
 116         if(isset($_SERVER["PHP_AUTH_USER"])) {\r
 117                 $user = $_SERVER["PHP_AUTH_USER"];\r
 118         } else return false;\r
 119 \r
 120         if(isset($_SERVER["PHP_AUTH_PW"])) {\r
 121                 $pass = $_SERVER["PHP_AUTH_PW"];\r
 122         } else return false;\r
 123 \r
 124         error_log("passing basic auth for $user, $pass to backend");\r
 125         $auth = gwvpmini_authUserPass($user, $pass);\r
 126         if($auth !== false) {\r
 127                 error_log("auth passes");\r
 128         } else {\r
 129                 error_log("auth failes");\r
 130         }\r
 131 \r
 132         return $auth;\r
 133 }\r
 134
 135
 136 function gwvpmini_isUserAdmin($id=-1)
 137 {
 138
 139
 140         if($id == -1) {
 141                 if(isset($_SESSION)) if(isset($_SESSION["id"])) $id = $_SESSION["id"];
 142         }
 143
 144         if($id == -1) return false;
 145
 146         $lev = gwvpmini_userLevel($id);
 147
 148         if($lev == 1) return true;
 149
 150         return false;
 151 }
 152
 153 function gwvpmini_authUserPass($user, $pass)
 154 {
 155         $details = gwvpmini_getUser($user);
 156         if($details == false) {
 157                 error_log("no user details for $user");
 158                 return false;
 159         }
 160
 161         if(sha1($pass)!=$details["password"]) return false;
 162
 163         return $details["username"];
 164 }
 165
 166 ?>