3 // we call it 00aaa so it gets called first
4 $CALL_ME_FUNCTIONS["00aaa"] = "gwvp_AuthCallMe";
6 function gwvp_AuthCallMe()
11 if(isset($_REQUEST["q"])) {
12 $query = explode("/", $_REQUEST["q"]);
13 if($query[0] == "login") return "gwvp_AuthHandleLogin";
14 if($query[0] == "logout") return "gwvp_AuthHandleLogout";
15 if($query[0] == "register") {
16 if(isset($query[1])) {
17 return "qwvp_attemptRegistration";
19 return "gwvp_RegistrationCall";
22 $login = gwvp_isLoggedIn();
24 error_log("authcallme as $login");
26 if(gwvp_IsUserAdmin(null, $login)) {
27 $LOGIN_TYPE = "admin";
38 function gwvp_AskForBasicAuth()
40 error_log("AUTH: asking for basic auth");
41 if(!isset($_SERVER["PHP_AUTH_USER"])) {
42 header('WWW-Authenticate: Basic realm="My Realm"');
43 header('HTTP/1.0 401 Unauthorized');
47 // $levels is checked against $LOGIN_TYPE, levels can be either just "admin" or admin,user anon,user anon, etc.
48 function gwvp_CheckAuthLevel($levels)
52 $spl = explode(",", $levels);
53 foreach($spl as $levs) {
54 if($LOGIN_TYPE == $levs) {
62 function gwvp_AuthNoPerms()
64 gwvp_goMainPage("gwvp_AuthNoPermsBody");
67 function gwvp_AuthNoPermsBody()
69 echo "You have no permissions for this page, do you need to login?";
72 function gwvp_AuthHandleLogout()
76 unset($_SESSION["isloggedin"]);
77 unset($_SESSION["username"]);
78 unset($_SESSION["fullname"]);
79 unset($_SESSION["usertype"]);
81 gwvp_SendMessage("info", "Logged out");
82 header("Location: $BASE_URL");
85 function gwvp_RegistrationCall()
87 if(gwvp_IsRegistrationEnabled()) {
88 gwvp_goMainPage("gwvp_RegistrationPageBody");
90 gwvp_goMainPage("gwvp_RegistrationDisabledBody");
94 function gwvp_authUserPass($user, $pass)
96 $details = gwvp_getUser($user);
97 if($details == false) {
101 if(sha1($pass)!=$details["password"]) return false;
103 return $details["username"];
106 function gwvp_AuthHandleLogin()
112 if(isset($_REQUEST["username"])) $user = $_REQUEST["username"];
113 if(isset($_REQUEST["password"])) $pass = $_REQUEST["password"];
115 if(gwvp_authUserPass($user, $pass) === false) {
116 gwvp_SendMessage("error", "Login Failed");
117 header("Location: $BASE_URL");
119 $details = gwvp_getUser($user);
120 $_SESSION["isloggedin"] = true;
121 $_SESSION["username"] = "$user";
122 $_SESSION["fullname"] = $details["fullname"];
123 $_SESSION["id"] = $details["id"];
124 if(gwvp_IsUserAdmin($details["email"])) {
125 $_SESSION["usertype"] = "admin";
127 $_SESSION["usertype"] = "user";
129 gwvp_SendMessage("info", "Welcome, ".$details["fullname"]." you are logged in");
130 header("Location: $BASE_URL");
136 function gwvp_RegistrationPageBody()
140 // TODO: registration page needs to be prettier - mostly the image for the captcha
143 <form method="post" action="<?php echo $BASE_URL?>/register/try">
147 <td><input name="name" type="text"></td>
148 <td>Your Full Name</td>
150 <?php if(gwvp_haveCaptcha()) {?>
151 <img id="captcha" src="<?php echo $BASE_URL?>/securimage/" alt="CAPTCHA Image" /><br>
152 <input type="text" name="captcha_code" size="10" maxlength="6" />
153 <a href="#" onclick="document.getElementById('captcha').src = '<?php echo $BASE_URL?>/securimage/' + Math.random(); return false">[ Different Image ]</a>
159 <td><input name="email" type="text"></td>
160 <td>Your Email Address</td>
164 <td><input name="username" type="text"></td>
165 <td>The Name Used to Refer to you on the site</td>
170 <td><input type="submit" name="register" value="Register"></td>
177 function qwvp_attemptRegistration()
179 if(gwvp_haveCaptcha()) {
180 $securimage = new Securimage();
181 if ($securimage->check($_POST['captcha_code']) == false) {
182 // the code was incorrect
183 // you should handle the error so that the form processor doesn't continue
185 // or you can use the following code if there is no validation or you do not know how
186 echo "The security code entered was incorrect.<br /><br />";
187 echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";
189 echo "code was right";
195 function gwvp_checkBasicAuthLogin()
199 if(isset($_SERVER["PHP_AUTH_USER"])) {
200 $user = $_SERVER["PHP_AUTH_USER"];
203 if(isset($_SERVER["PHP_AUTH_PW"])) {
204 $pass = $_SERVER["PHP_AUTH_PW"];
207 error_log("passing basic auth for $user, $pass to backend");
208 $auth = gwvp_authUserPass($user, $pass);
209 if($auth !== false) {
210 error_log("auth passes");
216 function gwvp_IsLoggedIn()
218 if(isset($_SESSION["isloggedin"])) {
219 if($_SESSION["isloggedin"]) {
220 return $_SESSION["username"];
225 function gwvp_SingleLineLoginForm()
229 echo "<form method=\"post\" action=\"$BASE_URL/login\">Username <input type=\"text\" name=\"username\" class=\"login\">";
230 echo " Passowrd <input type=\"text\" name=\"password\" class=\"login\"><input type=\"submit\" name=\"login\" value=\"Login\" class=\"loginbutton\">";
231 if(gwvp_IsRegistrationEnabled()) echo "<a href=\"$BASE_URL/register\">Register</a></form>";
232 else echo "</form><br>";
236 function gwvp_IsRegistrationEnabled()
241 // TODO translate info here
242 function gwvp_GetFullName($login)