gwvplib/gwvpauth.php

   1 <?php
   2
   3 // we call it 00aaa so it gets called first
   4 $CALL_ME_FUNCTIONS["00aaa"] = "gwvp_AuthCallMe";
   5
   6 function gwvp_AuthCallMe()
   7 {
   8         global $LOGIN_TYPE;
   9         session_start();
  10
  11         if(isset($_REQUEST["q"])) {
  12                 $query = explode("/", $_REQUEST["q"]);
  13                 if($query[0] == "login") return "gwvp_AuthHandleLogin";
  14                 if($query[0] == "logout") return "gwvp_AuthHandleLogout";
  15                 if($query[0] == "register") {
  16                         if(isset($query[1])) {
  17                                 return "qwvp_attemptRegistration";
  18                         }
  19                         return "gwvp_RegistrationCall";
  20                 }
  21         }
  22         $login = gwvp_isLoggedIn();
  23
  24         error_log("authcallme as $login");
  25         if($login!== false) {
  26                 if(gwvp_IsUserAdmin(null, $login)) {
  27                         $LOGIN_TYPE = "admin";
  28                 } else {
  29                         $LOGIN_TYPE = "user";
  30                 }
  31         } else {
  32                 $LOGIN_TYPE = "anon";
  33         }
  34
  35         return false;
  36 }
  37
  38 function gwvp_AskForBasicAuth()
  39 {
  40         error_log("AUTH: asking for basic auth");
  41         if(!isset($_SERVER["PHP_AUTH_USER"])) {
  42                 header('WWW-Authenticate: Basic realm="My Realm"');
  43                 header('HTTP/1.0 401 Unauthorized');
  44         } else return;
  45 }
  46
  47 // $levels is checked against $LOGIN_TYPE, levels can be either just "admin" or admin,user anon,user anon, etc.
  48 function gwvp_CheckAuthLevel($levels)
  49 {
  50         global $LOGIN_TYPE;
  51
  52         $spl = explode(",", $levels);
  53         foreach($spl as $levs) {
  54                 if($LOGIN_TYPE == $levs) {
  55                         return true;
  56                 }
  57         }
  58
  59         return false;
  60 }
  61
  62 function gwvp_AuthNoPerms()
  63 {
  64         gwvp_goMainPage("gwvp_AuthNoPermsBody");
  65 }
  66
  67 function gwvp_AuthNoPermsBody()
  68 {
  69         echo "You have no permissions for this page, do you need to login?";
  70 }
  71
  72 function gwvp_AuthHandleLogout()
  73 {
  74         global $BASE_URL;
  75
  76         unset($_SESSION["isloggedin"]);
  77         unset($_SESSION["username"]);
  78         unset($_SESSION["fullname"]);
  79         unset($_SESSION["usertype"]);
  80
  81         gwvp_SendMessage("info", "Logged out");
  82         header("Location: $BASE_URL");
  83 }
  84
  85 function gwvp_RegistrationCall()
  86 {
  87         if(gwvp_IsRegistrationEnabled()) {
  88                 gwvp_goMainPage("gwvp_RegistrationPageBody");
  89         } else {
  90                 gwvp_goMainPage("gwvp_RegistrationDisabledBody");
  91         }
  92 }
  93
  94 function gwvp_authUserPass($user, $pass)
  95 {
  96         $details = gwvp_getUser($user);
  97         if($details == false) {
  98                 return false;
  99         }
 100
 101         if(sha1($pass)!=$details["password"]) return false;
 102
 103         return $details["username"];
 104 }
 105
 106 function gwvp_AuthHandleLogin()
 107 {
 108         global $BASE_URL;
 109
 110         $user = "";
 111         $pass = "";
 112         if(isset($_REQUEST["username"])) $user = $_REQUEST["username"];
 113         if(isset($_REQUEST["password"])) $pass = $_REQUEST["password"];
 114
 115         if(gwvp_authUserPass($user, $pass) === false) {
 116                 gwvp_SendMessage("error", "Login Failed");
 117                 header("Location: $BASE_URL");
 118         } else {
 119                 $details = gwvp_getUser($user);
 120                 $_SESSION["isloggedin"] = true;
 121                 $_SESSION["username"] = "$user";
 122                 $_SESSION["fullname"] = $details["fullname"];
 123                 $_SESSION["id"] = $details["id"];
 124                 if(gwvp_IsUserAdmin($details["email"])) {
 125                         $_SESSION["usertype"] = "admin";
 126                 } else {
 127                         $_SESSION["usertype"] = "user";
 128                 }
 129                 gwvp_SendMessage("info", "Welcome, ".$details["fullname"]." you are logged in");
 130                 header("Location: $BASE_URL");
 131                 return true;
 132         }
 133
 134 }
 135
 136 function gwvp_RegistrationPageBody()
 137 {
 138         global $BASE_URL;
 139
 140         // TODO: registration page needs to be prettier - mostly the image for the captcha
 141
 142         ?>
 143 <form method="post" action="<?php echo $BASE_URL?>/register/try">
 144         <table>
 145                 <tr>
 146                         <td>Name</td>
 147                         <td><input name="name" type="text"></td>
 148                         <td>Your Full Name</td>
 149                         <td rowspan="4">
 150                                 <?php if(gwvp_haveCaptcha()) {?>
 151                                 <img id="captcha" src="<?php echo $BASE_URL?>/securimage/" alt="CAPTCHA Image" /><br>
 152                                 <input type="text" name="captcha_code" size="10" maxlength="6" />
 153                                 <a href="#" onclick="document.getElementById('captcha').src = '<?php echo $BASE_URL?>/securimage/' + Math.random(); return false">[ Different Image ]</a>
 154                                 <?php } ?>
 155                         </td>
 156                 </tr>
 157                 <tr>
 158                         <td>Email</td>
 159                         <td><input name="email" type="text"></td>
 160                         <td>Your Email Address</td>
 161                 </tr>
 162                 <tr>
 163                         <td>User Name</td>
 164                         <td><input name="username" type="text"></td>
 165                         <td>The Name Used to Refer to you on the site</td>
 166                 </tr>
 167
 168
 169                 <tr>
 170                         <td><input type="submit" name="register" value="Register"></td>
 171                 </tr>
 172         </table>
 173 </form>
 174         <?php
 175 }
 176
 177 function qwvp_attemptRegistration()
 178 {
 179         if(gwvp_haveCaptcha()) {
 180                 $securimage = new Securimage();
 181                 if ($securimage->check($_POST['captcha_code']) == false) {
 182                   // the code was incorrect
 183                   // you should handle the error so that the form processor doesn't continue
 184
 185                   // or you can use the following code if there is no validation or you do not know how
 186                   echo "The security code entered was incorrect.<br /><br />";
 187                   echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";
 188                 } else {
 189                         echo "code was right";
 190                 }
 191
 192         }
 193 }
 194
 195 function gwvp_checkBasicAuthLogin()
 196 {
 197         $user = false;
 198         $pass = false;
 199         if(isset($_SERVER["PHP_AUTH_USER"])) {
 200                 $user = $_SERVER["PHP_AUTH_USER"];
 201         } else return false;
 202
 203         if(isset($_SERVER["PHP_AUTH_PW"])) {
 204                 $pass = $_SERVER["PHP_AUTH_PW"];
 205         } else return false;
 206
 207         error_log("passing basic auth for $user, $pass to backend");
 208         $auth = gwvp_authUserPass($user, $pass);
 209         if($auth !== false) {
 210                 error_log("auth passes");
 211         }
 212
 213         return $auth;
 214 }
 215
 216 function gwvp_IsLoggedIn()
 217 {
 218         if(isset($_SESSION["isloggedin"])) {
 219                 if($_SESSION["isloggedin"]) {
 220                         return $_SESSION["username"];
 221                 } else return false;
 222         } else return false;
 223 }
 224
 225 function gwvp_SingleLineLoginForm()
 226 {
 227         global $BASE_URL;
 228
 229         echo "<form method=\"post\" action=\"$BASE_URL/login\">Username <input type=\"text\" name=\"username\" class=\"login\">";
 230         echo " Passowrd <input type=\"text\" name=\"password\" class=\"login\"><input type=\"submit\" name=\"login\" value=\"Login\" class=\"loginbutton\">";
 231         if(gwvp_IsRegistrationEnabled()) echo "<a href=\"$BASE_URL/register\">Register</a></form>";
 232         else echo "</form><br>";
 233 }
 234
 235
 236 function gwvp_IsRegistrationEnabled()
 237 {
 238         return true;
 239 }
 240
 241 // TODO translate info here
 242 function gwvp_GetFullName($login)
 243 {
 244         return $login;
 245 }
 246 ?>