[gwvp.git] / gwvplib / gwvpauth.php

<?php

// we call it 00aaa so it gets called first
$CALL_ME_FUNCTIONS["00aaa"] = "gwvp_AuthCallMe";

function gwvp_AuthCallMe()
{
        global $LOGIN_TYPE;
        session_start();

        if(isset($_REQUEST["q"])) {
                $query = explode("/", $_REQUEST["q"]);
                if($query[0] == "login") return "gwvp_AuthHandleLogin";
                if($query[0] == "logout") return "gwvp_AuthHandleLogout";
                if($query[0] == "register") {
                        if(isset($query[1])) {
                                return "qwvp_attemptRegistration";
                        }
                        return "gwvp_RegistrationCall";
                }
        }
        $login = gwvp_isLoggedIn();
        
        error_log("authcallme as $login");
        if($login!== false) {
                if(gwvp_IsUserAdmin(null, $login)) {
                        $LOGIN_TYPE = "admin";
                } else {
                        $LOGIN_TYPE = "user";
                }
        } else {
                $LOGIN_TYPE = "anon";
        }
        
        return false;
}

function gwvp_AskForBasicAuth()
{
        if(!isset($_SERVER["PHP_AUTH_USER"])) {
                header('WWW-Authenticate: Basic realm="My Realm"');
                header('HTTP/1.0 401 Unauthorized');
                exit(0);
        } else return; 
}

// $levels is checked against $LOGIN_TYPE, levels can be either just "admin" or admin,user anon,user anon, etc.
function gwvp_CheckAuthLevel($levels)
{
        global $LOGIN_TYPE;
        
        $spl = explode(",", $levels);
        foreach($spl as $levs) {
                if($LOGIN_TYPE == $levs) {
                        return true;
                }
        }
        
        return false;
}

function gwvp_fourZeroThree()
{
        header("HTTP/1.0 403 Permission Denied");
        exit(0);
}

function gwvp_AuthNoPerms()
{
        gwvp_goMainPage("gwvp_AuthNoPermsBody");
}

function gwvp_AuthNoPermsBody()
{
        echo "You have no permissions for this page, do you need to login?";
}

function gwvp_AuthHandleLogout()
{
        global $BASE_URL;
        
        unset($_SESSION["isloggedin"]);
        unset($_SESSION["username"]);
        unset($_SESSION["fullname"]);
        unset($_SESSION["usertype"]);
        
        gwvp_SendMessage("info", "Logged out");
        header("Location: $BASE_URL");
}

function gwvp_RegistrationCall()
{
        if(gwvp_IsRegistrationEnabled()) {
                gwvp_goMainPage("gwvp_RegistrationPageBody");
        } else {
                gwvp_goMainPage("gwvp_RegistrationDisabledBody");
        }
}

function gwvp_authUserPass($user, $pass)
{
        $details = gwvp_getUser($user);
        if($details == false) {
                return false;
        }
        
        if(sha1($pass)!=$details["password"]) return false;
        
        return $details["username"];
}

function gwvp_AuthHandleLogin()
{
        global $BASE_URL;

        $user = "";
        $pass = "";
        if(isset($_REQUEST["username"])) $user = $_REQUEST["username"];
        if(isset($_REQUEST["password"])) $pass = $_REQUEST["password"];

        if(gwvp_authUserPass($user, $pass) === false) {
                gwvp_SendMessage("error", "Login Failed");
                header("Location: $BASE_URL");
        } else {
                $details = gwvp_getUser($user);
                $_SESSION["isloggedin"] = true;
                $_SESSION["username"] = "$user";
                $_SESSION["fullname"] = $details["fullname"];
                $_SESSION["id"] = $details["id"];
                if(gwvp_IsUserAdmin($details["email"])) {
                        $_SESSION["usertype"] = "admin";
                } else {
                        $_SESSION["usertype"] = "user";
                }
                gwvp_SendMessage("info", "Welcome, ".$details["fullname"]." you are logged in");
                header("Location: $BASE_URL");
                return true;
        }

}

function gwvp_RegistrationPageBody()
{
        global $BASE_URL;
        
        // TODO: registration page needs to be prettier - mostly the image for the captcha
        
        ?>
<form method="post" action="<?php echo $BASE_URL?>/register/try">
        <table>
                <tr>
                        <td>Name</td>
                        <td><input name="name" type="text"></td>
                        <td>Your Full Name</td>
                        <td rowspan="4">
                                <?php if(gwvp_haveCaptcha()) {?>
                                <img id="captcha" src="<?php echo $BASE_URL?>/securimage/" alt="CAPTCHA Image" /><br>
                                <input type="text" name="captcha_code" size="10" maxlength="6" />
                                <a href="#" onclick="document.getElementById('captcha').src = '<?php echo $BASE_URL?>/securimage/' + Math.random(); return false">[ Different Image ]</a>
                                <?php } ?>
                        </td>
                </tr>
                <tr>
                        <td>Email</td>
                        <td><input name="email" type="text"></td>
                        <td>Your Email Address</td>
                </tr>
                <tr>
                        <td>User Name</td>
                        <td><input name="username" type="text"></td>
                        <td>The Name Used to Refer to you on the site</td>
                </tr>
                
                
                <tr>
                        <td><input type="submit" name="register" value="Register"></td>
                </tr>
        </table>
</form>
        <?php
}

function qwvp_attemptRegistration()
{
        if(gwvp_haveCaptcha()) {
                $securimage = new Securimage();
                if ($securimage->check($_POST['captcha_code']) == false) {
                  // the code was incorrect
                  // you should handle the error so that the form processor doesn't continue
                
                  // or you can use the following code if there is no validation or you do not know how
                  echo "The security code entered was incorrect.<br /><br />";
                  echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";
                } else {
                        echo "code was right";
                }
                
        }
}

function gwvp_checkBasicAuthLogin()
{
        $user = false;
        $pass = false;
        if(isset($_SERVER["PHP_AUTH_USER"])) {
                $user = $_SERVER["PHP_AUTH_USER"];
        } else return false;
        
        if(isset($_SERVER["PHP_AUTH_PW"])) {
                $pass = $_SERVER["PHP_AUTH_PW"];
        } else return false;
        
        return gwvp_authUserPass($user, $pass);
}

function gwvp_IsLoggedIn()
{
        if(isset($_SESSION["isloggedin"])) {
                if($_SESSION["isloggedin"]) {
                        return $_SESSION["username"];
                } else return false;
        } else return false;
}

function gwvp_SingleLineLoginForm()
{
        global $BASE_URL;

        echo "<form method=\"post\" action=\"$BASE_URL/login\">Username <input type=\"text\" name=\"username\" class=\"login\">";
        echo " Passowrd <input type=\"text\" name=\"password\" class=\"login\"><input type=\"submit\" name=\"login\" value=\"Login\" class=\"loginbutton\">";
        if(gwvp_IsRegistrationEnabled()) echo "<a href=\"$BASE_URL/register\">Register</a></form>";
        else echo "</form><br>";
}


function gwvp_IsRegistrationEnabled()
{
        return true;
}

// TODO translate info here
function gwvp_GetFullName($login)
{
        return $login;
}
?>