implemented authentication levels of anon,user,admin and setup the

[gwvp.git] / gwvplib / gwvpauth.php

diff --git a/gwvplib/gwvpauth.php b/gwvplib/gwvpauth.php
index 73107e5..09be32d 100644 (file)
--- a/gwvplib/gwvpauth.php
+++ b/gwvplib/gwvpauth.php
@@ -1,21 +1,63 @@
 <?php
 
+// we call it 00aaa so it gets called first
 $CALL_ME_FUNCTIONS["00aaa"] = "gwvp_AuthCallMe";
 
 function gwvp_AuthCallMe()
 {
+       global $LOGIN_TYPE;
        session_start();
-       
+
        if(isset($_REQUEST["q"])) {
                $query = $_REQUEST["q"];
                if($query == "login") return "gwvp_AuthHandleLogin";
+               if($query == "logout") return "gwvp_AuthHandleLogout";
                if($query == "register") return "gwvp_RegistrationCall";
-               else return false;
+       }
+       $login = gwvp_isLoggedIn();
+       
+       error_log("authcallme as $login");
+       if($login!== false) {
+               if(gwvp_IsUserAdmin(null, $login)) {
+                       $LOGIN_TYPE = "admin";
+               } else {
+                       $LOGIN_TYPE = "user";
+               }
+       } else {
+               $LOGIN_TYPE = "anon";
        }
        
        return false;
 }
 
+// $levels is checked against $LOGIN_TYPE, levels can be either just "admin" or admin,user anon,user anon, etc.
+function gwvp_CheckAuthLevel($levels)
+{
+       global $LOGIN_TYPE;
+       
+       $spl = explode(",", $levels);
+       foreach($spl as $levs) {
+               if($LOGIN_TYPE == $levs) {
+                       return true;
+               }
+       }
+       
+       return false;
+}
+
+function gwvp_AuthHandleLogout()
+{
+       global $BASE_URL;
+       
+       unset($_SESSION["isloggedin"]);
+       unset($_SESSION["username"]);
+       unset($_SESSION["fullname"]);
+       unset($_SESSION["usertype"]);
+       
+       gwvp_SendMessage("info", "Logged out");
+       header("Location: $BASE_URL");
+}
+
 function gwvp_RegistrationCall()
 {
        if(gwvp_IsRegistrationEnabled()) {
@@ -28,33 +70,64 @@ function gwvp_RegistrationCall()
 function gwvp_AuthHandleLogin()
 {
        global $BASE_URL;
+
        $user = "";
        $pass = "";
        if(isset($_REQUEST["username"])) $user = $_REQUEST["username"];
        if(isset($_REQUEST["password"])) $pass = $_REQUEST["password"];
-       
-       // auth the user
-       if($user == "user" && $pass == "pass") {
-               $_SESSION["isloggedin"] = true;
-               $_SESSION["username"] = "user";
-       } else {
+
+       $details = gwvp_getUser($user);
+       if($details == false) {
                gwvp_SendMessage("error", "Login Failed");
+               header("Location: $BASE_URL");
+               return false;
        }
-       
-       header("Location: $BASE_URL");
+
+       if(sha1($pass)!=$details["password"]) {
+               gwvp_SendMessage("error", "Login Failed");
+               header("Location: $BASE_URL");
+               return false;
+       } else {
+               $_SESSION["isloggedin"] = true;
+               $_SESSION["username"] = "$user";
+               $_SESSION["fullname"] = $details["fullname"];
+               if(gwvp_IsUserAdmin($details["email"])) {
+                       $_SESSION["usertype"] = "admin";
+               } else {
+                       $_SESSION["usertype"] = "user";
+               }
+               gwvp_SendMessage("info", "Welcome, ".$details["fullname"]." you are logged in");
+               header("Location: $BASE_URL");
+               return true;
+       }
+
 }
 
 function gwvp_RegistrationPageBody()
 {
        ?>
-       <form method="post">
+<form method="post">
        <table>
-       <tr><td>Name</td><td><input name="name" type="text"></td><td>Your Full Name</td></tr>
-       <tr><td>Email</td><td><input name="email" type="text"></td><td>Your Email Address</td></tr>
-       <tr><td>User Name</td><td><input name="username" type="text"></td><td>The Name Used to Refer to you on the site</td></tr>
-       <tr><td><input type="submit" name="register" value="Register"></td></tr>
+               <tr>
+                       <td>Name</td>
+                       <td><input name="name" type="text"></td>
+                       <td>Your Full Name</td>
+               </tr>
+               <tr>
+                       <td>Email</td>
+                       <td><input name="email" type="text"></td>
+                       <td>Your Email Address</td>
+               </tr>
+               <tr>
+                       <td>User Name</td>
+                       <td><input name="username" type="text"></td>
+                       <td>The Name Used to Refer to you on the site</td>
+               </tr>
+               <tr>
+                       <td><input type="submit" name="register" value="Register"></td>
+               </tr>
        </table>
-       </form>
+</form>
        <?php
 }
 
@@ -70,7 +143,7 @@ function gwvp_IsLoggedIn()
 function gwvp_SingleLineLoginForm()
 {
        global $BASE_URL;
-       
+
        echo "<form method=\"post\" action=\"$BASE_URL/login\">Username <input type=\"text\" name=\"username\" class=\"login\">";
        echo " Passowrd <input type=\"text\" name=\"password\" class=\"login\"><input type=\"submit\" name=\"login\" value=\"Login\" class=\"loginbutton\">";
        if(gwvp_IsRegistrationEnabled()) echo "<a href=\"$BASE_URL/register\">Register</a></form>";