session_start();
if(isset($_REQUEST["q"])) {
- $query = $_REQUEST["q"];
- if($query == "login") return "gwvp_AuthHandleLogin";
- if($query == "logout") return "gwvp_AuthHandleLogout";
- if($query == "register") return "gwvp_RegistrationCall";
+ $query = explode("/", $_REQUEST["q"]);
+ if($query[0] == "login") return "gwvp_AuthHandleLogin";
+ if($query[0] == "logout") return "gwvp_AuthHandleLogout";
+ if($query[0] == "register") {
+ if(isset($query[1])) {
+ return "qwvp_attemptRegistration";
+ }
+ return "gwvp_RegistrationCall";
+ }
}
$login = gwvp_isLoggedIn();
function gwvp_AskForBasicAuth()
{
+ error_log("AUTH: asking for basic auth");
if(!isset($_SERVER["PHP_AUTH_USER"])) {
- header('WWW-Authenticate: Basic realm="My Realm"');
- header('HTTP/1.0 401 Unauthorized');
- exit(0);
+ header('WWW-Authenticate: Basic realm="GIT Repo"');
+ header('HTTP/1.1 401 Unauthorized');
} else return;
}
return false;
}
-function gwvp_fourZeroThree()
-{
- header("HTTP/1.0 403 Permission Denied");
- exit(0);
-}
-
function gwvp_AuthNoPerms()
{
gwvp_goMainPage("gwvp_AuthNoPermsBody");
gwvp_SendMessage("error", "Login Failed");
header("Location: $BASE_URL");
} else {
+ $details = gwvp_getUser($user);
$_SESSION["isloggedin"] = true;
$_SESSION["username"] = "$user";
$_SESSION["fullname"] = $details["fullname"];
+ $_SESSION["id"] = $details["id"];
if(gwvp_IsUserAdmin($details["email"])) {
$_SESSION["usertype"] = "admin";
} else {
function gwvp_RegistrationPageBody()
{
+ global $BASE_URL;
+
+ // TODO: registration page needs to be prettier - mostly the image for the captcha
+
?>
-<form method="post">
+<form method="post" action="<?php echo $BASE_URL?>/register/try">
<table>
<tr>
<td>Name</td>
<td><input name="name" type="text"></td>
<td>Your Full Name</td>
+ <td rowspan="4">
+ <?php if(gwvp_haveCaptcha()) {?>
+ <img id="captcha" src="<?php echo $BASE_URL?>/securimage/" alt="CAPTCHA Image" /><br>
+ <input type="text" name="captcha_code" size="10" maxlength="6" />
+ <a href="#" onclick="document.getElementById('captcha').src = '<?php echo $BASE_URL?>/securimage/' + Math.random(); return false">[ Different Image ]</a>
+ <?php } ?>
+ </td>
</tr>
<tr>
<td>Email</td>
<td><input name="username" type="text"></td>
<td>The Name Used to Refer to you on the site</td>
</tr>
+
+
<tr>
<td><input type="submit" name="register" value="Register"></td>
</tr>
<?php
}
+function qwvp_attemptRegistration()
+{
+ if(gwvp_haveCaptcha()) {
+ $securimage = new Securimage();
+ if ($securimage->check($_POST['captcha_code']) == false) {
+ // the code was incorrect
+ // you should handle the error so that the form processor doesn't continue
+
+ // or you can use the following code if there is no validation or you do not know how
+ echo "The security code entered was incorrect.<br /><br />";
+ echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";
+ } else {
+ echo "code was right";
+ }
+
+ }
+}
+
function gwvp_checkBasicAuthLogin()
{
$user = false;
$pass = $_SERVER["PHP_AUTH_PW"];
} else return false;
- return gwvp_authUserPass($user, $pass);
+ error_log("passing basic auth for $user, $pass to backend");
+ $auth = gwvp_authUserPass($user, $pass);
+ if($auth !== false) {
+ error_log("auth passes");
+ }
+
+ return $auth;
}
function gwvp_IsLoggedIn()
echo "<form method=\"post\" action=\"$BASE_URL/login\">Username <input type=\"text\" name=\"username\" class=\"login\">";
echo " Passowrd <input type=\"text\" name=\"password\" class=\"login\"><input type=\"submit\" name=\"login\" value=\"Login\" class=\"loginbutton\">";
if(gwvp_IsRegistrationEnabled()) echo "<a href=\"$BASE_URL/register\">Register</a></form>";
- else echo "</form>";
+ else echo "</form><br>";
}