wow, i just pulled a repo via git from this interface... its

[gwvp.git] / gwvplib / gwvpauth.php

<?php

// we call it 00aaa so it gets called first
$CALL_ME_FUNCTIONS["00aaa"] = "gwvp_AuthCallMe";

function gwvp_AuthCallMe()
{
        global $LOGIN_TYPE;
        session_start();

        if(isset($_REQUEST["q"])) {
                $query = $_REQUEST["q"];
                if($query == "login") return "gwvp_AuthHandleLogin";
                if($query == "logout") return "gwvp_AuthHandleLogout";
                if($query == "register") return "gwvp_RegistrationCall";
        }
        $login = gwvp_isLoggedIn();
        
        error_log("authcallme as $login");
        if($login!== false) {
                if(gwvp_IsUserAdmin(null, $login)) {
                        $LOGIN_TYPE = "admin";
                } else {
                        $LOGIN_TYPE = "user";
                }
        } else {
                $LOGIN_TYPE = "anon";
        }
        
        return false;
}

function gwvp_AskForBasicAuth()
{
        if(!isset($_SERVER["PHP_AUTH_USER"])) {
                header('WWW-Authenticate: Basic realm="My Realm"');
                header('HTTP/1.0 401 Unauthorized');
                exit(0);
        } else return; 
}

// $levels is checked against $LOGIN_TYPE, levels can be either just "admin" or admin,user anon,user anon, etc.
function gwvp_CheckAuthLevel($levels)
{
        global $LOGIN_TYPE;
        
        $spl = explode(",", $levels);
        foreach($spl as $levs) {
                if($LOGIN_TYPE == $levs) {
                        return true;
                }
        }
        
        return false;
}

function gwvp_fourZeroThree()
{
        header("HTTP/1.0 403 Permission Denied");
        exit(0);
}

function gwvp_AuthNoPerms()
{
        gwvp_goMainPage("gwvp_AuthNoPermsBody");
}

function gwvp_AuthNoPermsBody()
{
        echo "You have no permissions for this page, do you need to login?";
}

function gwvp_AuthHandleLogout()
{
        global $BASE_URL;
        
        unset($_SESSION["isloggedin"]);
        unset($_SESSION["username"]);
        unset($_SESSION["fullname"]);
        unset($_SESSION["usertype"]);
        
        gwvp_SendMessage("info", "Logged out");
        header("Location: $BASE_URL");
}

function gwvp_RegistrationCall()
{
        if(gwvp_IsRegistrationEnabled()) {
                gwvp_goMainPage("gwvp_RegistrationPageBody");
        } else {
                gwvp_goMainPage("gwvp_RegistrationDisabledBody");
        }
}

function gwvp_authUserPass($user, $pass)
{
        $details = gwvp_getUser($user);
        if($details == false) {
                return false;
        }
        
        if(sha1($pass)!=$details["password"]) return false;
        
        return $details["username"];
}

function gwvp_AuthHandleLogin()
{
        global $BASE_URL;

        $user = "";
        $pass = "";
        if(isset($_REQUEST["username"])) $user = $_REQUEST["username"];
        if(isset($_REQUEST["password"])) $pass = $_REQUEST["password"];

        if(gwvp_authUserPass($user, $pass) === false) {
                gwvp_SendMessage("error", "Login Failed");
                header("Location: $BASE_URL");
        } else {
                $_SESSION["isloggedin"] = true;
                $_SESSION["username"] = "$user";
                $_SESSION["fullname"] = $details["fullname"];
                if(gwvp_IsUserAdmin($details["email"])) {
                        $_SESSION["usertype"] = "admin";
                } else {
                        $_SESSION["usertype"] = "user";
                }
                gwvp_SendMessage("info", "Welcome, ".$details["fullname"]." you are logged in");
                header("Location: $BASE_URL");
                return true;
        }

}

function gwvp_RegistrationPageBody()
{
        ?>
<form method="post">
        <table>
                <tr>
                        <td>Name</td>
                        <td><input name="name" type="text"></td>
                        <td>Your Full Name</td>
                </tr>
                <tr>
                        <td>Email</td>
                        <td><input name="email" type="text"></td>
                        <td>Your Email Address</td>
                </tr>
                <tr>
                        <td>User Name</td>
                        <td><input name="username" type="text"></td>
                        <td>The Name Used to Refer to you on the site</td>
                </tr>
                <tr>
                        <td><input type="submit" name="register" value="Register"></td>
                </tr>
        </table>
</form>
        <?php
}

function gwvp_checkBasicAuthLogin()
{
        $user = false;
        $pass = false;
        if(isset($_SERVER["PHP_AUTH_USER"])) {
                $user = $_SERVER["PHP_AUTH_USER"];
        } else return false;
        
        if(isset($_SERVER["PHP_AUTH_PW"])) {
                $pass = $_SERVER["PHP_AUTH_PW"];
        } else return false;
        
        return gwvp_authUserPass($user, $pass);
}

function gwvp_IsLoggedIn()
{
        if(isset($_SESSION["isloggedin"])) {
                if($_SESSION["isloggedin"]) {
                        return $_SESSION["username"];
                } else return false;
        } else return false;
}

function gwvp_SingleLineLoginForm()
{
        global $BASE_URL;

        echo "<form method=\"post\" action=\"$BASE_URL/login\">Username <input type=\"text\" name=\"username\" class=\"login\">";
        echo " Passowrd <input type=\"text\" name=\"password\" class=\"login\"><input type=\"submit\" name=\"login\" value=\"Login\" class=\"loginbutton\">";
        if(gwvp_IsRegistrationEnabled()) echo "<a href=\"$BASE_URL/register\">Register</a></form>";
        else echo "</form>";
}


function gwvp_IsRegistrationEnabled()
{
        return true;
}

// TODO translate info here
function gwvp_GetFullName($login)
{
        return $login;
}
?>