session_start();
if(isset($_REQUEST["q"])) {
- $query = $_REQUEST["q"];
- if($query == "login") return "gwvp_AuthHandleLogin";
- if($query == "logout") return "gwvp_AuthHandleLogout";
- if($query == "register") return "gwvp_RegistrationCall";
+ $query = explode("/", $_REQUEST["q"]);
+ if($query[0] == "login") return "gwvp_AuthHandleLogin";
+ if($query[0] == "logout") return "gwvp_AuthHandleLogout";
+ if($query[0] == "register") {
+ if(isset($query[1])) {
+ return "qwvp_attemptRegistration";
+ }
+ return "gwvp_RegistrationCall";
+ }
}
$login = gwvp_isLoggedIn();
return false;
}
+function gwvp_AskForBasicAuth()
+{
+ error_log("AUTH: asking for basic auth");
+ if(!isset($_SERVER["PHP_AUTH_USER"])) {
+ header('WWW-Authenticate: Basic realm="GIT Repo"');
+ header('HTTP/1.1 401 Unauthorized');
+ } else return;
+}
+
// $levels is checked against $LOGIN_TYPE, levels can be either just "admin" or admin,user anon,user anon, etc.
function gwvp_CheckAuthLevel($levels)
{
return false;
}
+function gwvp_AuthNoPerms()
+{
+ gwvp_goMainPage("gwvp_AuthNoPermsBody");
+}
+
+function gwvp_AuthNoPermsBody()
+{
+ echo "You have no permissions for this page, do you need to login?";
+}
+
function gwvp_AuthHandleLogout()
{
global $BASE_URL;
}
}
+function gwvp_authUserPass($user, $pass)
+{
+ $details = gwvp_getUser($user);
+ if($details == false) {
+ return false;
+ }
+
+ if(sha1($pass)!=$details["password"]) return false;
+
+ return $details["username"];
+}
+
function gwvp_AuthHandleLogin()
{
global $BASE_URL;
if(isset($_REQUEST["username"])) $user = $_REQUEST["username"];
if(isset($_REQUEST["password"])) $pass = $_REQUEST["password"];
- $details = gwvp_getUser($user);
- if($details == false) {
+ if(gwvp_authUserPass($user, $pass) === false) {
gwvp_SendMessage("error", "Login Failed");
header("Location: $BASE_URL");
- return false;
- }
-
- if(sha1($pass)!=$details["password"]) {
- gwvp_SendMessage("error", "Login Failed");
- header("Location: $BASE_URL");
- return false;
} else {
+ $details = gwvp_getUser($user);
$_SESSION["isloggedin"] = true;
$_SESSION["username"] = "$user";
$_SESSION["fullname"] = $details["fullname"];
+ $_SESSION["id"] = $details["id"];
if(gwvp_IsUserAdmin($details["email"])) {
$_SESSION["usertype"] = "admin";
} else {
function gwvp_RegistrationPageBody()
{
+ global $BASE_URL;
+
+ // TODO: registration page needs to be prettier - mostly the image for the captcha
+
?>
-<form method="post">
+<form method="post" action="<?php echo $BASE_URL?>/register/try">
<table>
<tr>
<td>Name</td>
<td><input name="name" type="text"></td>
<td>Your Full Name</td>
+ <td rowspan="4">
+ <?php if(gwvp_haveCaptcha()) {?>
+ <img id="captcha" src="<?php echo $BASE_URL?>/securimage/" alt="CAPTCHA Image" /><br>
+ <input type="text" name="captcha_code" size="10" maxlength="6" />
+ <a href="#" onclick="document.getElementById('captcha').src = '<?php echo $BASE_URL?>/securimage/' + Math.random(); return false">[ Different Image ]</a>
+ <?php } ?>
+ </td>
</tr>
<tr>
<td>Email</td>
<td><input name="username" type="text"></td>
<td>The Name Used to Refer to you on the site</td>
</tr>
+
+
<tr>
<td><input type="submit" name="register" value="Register"></td>
</tr>
<?php
}
+function qwvp_attemptRegistration()
+{
+ if(gwvp_haveCaptcha()) {
+ $securimage = new Securimage();
+ if ($securimage->check($_POST['captcha_code']) == false) {
+ // the code was incorrect
+ // you should handle the error so that the form processor doesn't continue
+
+ // or you can use the following code if there is no validation or you do not know how
+ echo "The security code entered was incorrect.<br /><br />";
+ echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";
+ } else {
+ echo "code was right";
+ }
+
+ }
+}
+
+function gwvp_checkBasicAuthLogin()
+{
+ $user = false;
+ $pass = false;
+ if(isset($_SERVER["PHP_AUTH_USER"])) {
+ $user = $_SERVER["PHP_AUTH_USER"];
+ } else return false;
+
+ if(isset($_SERVER["PHP_AUTH_PW"])) {
+ $pass = $_SERVER["PHP_AUTH_PW"];
+ } else return false;
+
+ error_log("passing basic auth for $user, $pass to backend");
+ $auth = gwvp_authUserPass($user, $pass);
+ if($auth !== false) {
+ error_log("auth passes");
+ }
+
+ return $auth;
+}
+
function gwvp_IsLoggedIn()
{
if(isset($_SESSION["isloggedin"])) {
echo "<form method=\"post\" action=\"$BASE_URL/login\">Username <input type=\"text\" name=\"username\" class=\"login\">";
echo " Passowrd <input type=\"text\" name=\"password\" class=\"login\"><input type=\"submit\" name=\"login\" value=\"Login\" class=\"loginbutton\">";
if(gwvp_IsRegistrationEnabled()) echo "<a href=\"$BASE_URL/register\">Register</a></form>";
- else echo "</form>";
+ else echo "</form><br>";
}