gwvpmini/gwvpmini_auth.php

   1 <?php
   2
   3 session_start();
   4
   5 $CALL_ME_FUNCTIONS["auth"] = "gwvpmini_AuthCallMe";\r
   6
   7 function gwvpmini_AuthCallMe()\r
   8 {\r
   9 \r
  10         error_log("in repoadmin callme");\r
  11         if(isset($_REQUEST["q"])) {\r
  12                 $query = $_REQUEST["q"];\r
  13                 $qspl = explode("/", $query);\r
  14                 if(isset($qspl[0])) {\r
  15                         if($qspl[0] == "login") {
  16                                 return "gwvpmini_AuthHandleLogin";
  17                         } else if($qspl[0] == "logout") {
  18                                 return "gwvpmini_AuthHandleLogout";
  19                         } else return false;\r
  20                 }\r
  21                 else return false;\r
  22         }\r
  23 \r
  24         return false;\r
  25 }\r
  26
  27 function gwvpmini_AuthHandleLogout()\r
  28 {\r
  29         global $BASE_URL;\r
  30 \r
  31         unset($_SESSION["isloggedin"]);\r
  32         unset($_SESSION["username"]);\r
  33         unset($_SESSION["fullname"]);\r
  34         unset($_SESSION["usertype"]);\r
  35         unset($_SESSION["id"]);\r
  36         \r
  37         gwvpmini_SendMessage("info", "Logged out");\r
  38         header("Location: $BASE_URL");\r
  39 }\r
  40
  41
  42 function gwvpmini_AuthHandleLogin()
  43 {
  44         global $BASE_URL;\r
  45         \r
  46         $user = "";\r
  47         $pass = "";\r
  48         if(isset($_REQUEST["username"])) $user = $_REQUEST["username"];\r
  49         if(isset($_REQUEST["password"])) $pass = $_REQUEST["password"];\r
  50         \r
  51         if(gwvpmini_authUserPass($user, $pass) === false) {\r
  52                 gwvpmini_SendMessage("error", "Login Failed");\r
  53                 header("Location: $BASE_URL");\r
  54         } else {\r
  55                 $details = gwvpmini_getUser($user);\r
  56                 $_SESSION["isloggedin"] = true;\r
  57                 $_SESSION["username"] = "$user";\r
  58                 $_SESSION["fullname"] = $details["fullname"];\r
  59                 $_SESSION["id"] = $details["id"];\r
  60                 gwvpmini_SendMessage("info", "Welcome ".$details["fullname"]." you are logged in");\r
  61                 header("Location: $BASE_URL");\r
  62                 return true;\r
  63         }\r
  64         \r
  65
  66 }
  67
  68 function gwvpmini_SingleLineLoginForm()\r
  69 {\r
  70         global $BASE_URL;\r
  71 \r
  72         echo "<form method=\"post\" action=\"$BASE_URL/login\">Username <input type=\"text\" name=\"username\" class=\"login\">";\r
  73         echo " Passowrd <input type=\"password\" name=\"password\" class=\"login\"><input type=\"submit\" name=\"login\" value=\"Login\" class=\"loginbutton\">";\r
  74         if(gwvpmini_IsRegistrationEnabled()) echo "<a href=\"$BASE_URL/register\">Register</a></form>";\r
  75         else echo "</form>";\r
  76 }\r
  77
  78
  79 function gwvpmini_IsRegistrationEnabled()
  80 {
  81         global $can_register;
  82         return $can_register;
  83 }
  84
  85 function gwvpmini_isLoggedIn()
  86 {
  87         global $_SESSION;
  88
  89         if(isset($_SESSION)) {
  90                 if(isset($_SESSION["username"])) {
  91                         return true;
  92                 }
  93         }
  94
  95         return false;
  96 }
  97
  98 function gwvpmini_AskForBasicAuth()\r
  99 {
 100         error_log("SEND BASIC AUTH");
 101         header_remove("Pragma");
 102         header_remove("Cache-Control");\r
 103         header_remove("Set-Cookie");
 104         header_remove("Expires");\r
 105         header_remove("X-Powered-By");\r
 106         header_remove("Vary");\r
 107
 108         header('HTTP/1.1 401 Unauthorized');
 109         header('WWW-Authenticate: Basic realm="GITRepo"');\r
 110 }\r
 111
 112
 113 function gwvpmini_checkBasicAuthLogin()\r
 114 {\r
 115         $user = false;\r
 116         $pass = false;\r
 117         if(isset($_SERVER["PHP_AUTH_USER"])) {\r
 118                 $user = $_SERVER["PHP_AUTH_USER"];\r
 119         } else return false;\r
 120 \r
 121         if(isset($_SERVER["PHP_AUTH_PW"])) {\r
 122                 $pass = $_SERVER["PHP_AUTH_PW"];\r
 123         } else return false;\r
 124 \r
 125         error_log("passing basic auth for $user, $pass to backend");\r
 126         $auth = gwvpmini_authUserPass($user, $pass);\r
 127         if($auth !== false) {\r
 128                 error_log("auth passes");\r
 129         } else {\r
 130                 error_log("auth failes");\r
 131         }\r
 132 \r
 133         return $auth;\r
 134 }\r
 135
 136
 137 function gwvpmini_isUserAdmin($id=-1)
 138 {
 139
 140
 141         if($id == -1) {
 142                 if(isset($_SESSION)) if(isset($_SESSION["id"])) $id = $_SESSION["id"];
 143         }
 144
 145         if($id == -1) return false;
 146
 147         $lev = gwvpmini_userLevel($id);
 148
 149         if($lev == 1) return true;
 150
 151         return false;
 152 }
 153
 154 function gwvpmini_authUserPass($user, $pass)
 155 {
 156         $details = gwvpmini_getUser($user);
 157         if($details == false) {
 158                 error_log("no user details for $user");
 159                 return false;
 160         }
 161
 162         if(sha1($pass)!=$details["password"]) return false;
 163
 164         return $details["username"];
 165 }
 166
 167 ?>