<?php
+// we call it 00aaa so it gets called first
$CALL_ME_FUNCTIONS["00aaa"] = "gwvp_AuthCallMe";
function gwvp_AuthCallMe()
{
+ global $LOGIN_TYPE;
session_start();
-
+
if(isset($_REQUEST["q"])) {
- $query = $_REQUEST["q"];
- if($query == "login") return "gwvp_AuthHandleLogin";
- if($query == "register") return "gwvp_RegistrationCall";
- else return false;
+ $query = explode("/", $_REQUEST["q"]);
+ if($query[0] == "login") return "gwvp_AuthHandleLogin";
+ if($query[0] == "logout") return "gwvp_AuthHandleLogout";
+ if($query[0] == "register") {
+ if(isset($query[1])) {
+ return "qwvp_attemptRegistration";
+ }
+ return "gwvp_RegistrationCall";
+ }
+ }
+ $login = gwvp_isLoggedIn();
+
+ error_log("authcallme as $login");
+ if($login!== false) {
+ if(gwvp_IsUserAdmin(null, $login)) {
+ $LOGIN_TYPE = "admin";
+ } else {
+ $LOGIN_TYPE = "user";
+ }
+ } else {
+ $LOGIN_TYPE = "anon";
+ }
+
+ return false;
+}
+
+function gwvp_AskForBasicAuth()
+{
+ if(!isset($_SERVER["PHP_AUTH_USER"])) {
+ header('WWW-Authenticate: Basic realm="My Realm"');
+ header('HTTP/1.0 401 Unauthorized');
+ exit(0);
+ } else return;
+}
+
+// $levels is checked against $LOGIN_TYPE, levels can be either just "admin" or admin,user anon,user anon, etc.
+function gwvp_CheckAuthLevel($levels)
+{
+ global $LOGIN_TYPE;
+
+ $spl = explode(",", $levels);
+ foreach($spl as $levs) {
+ if($LOGIN_TYPE == $levs) {
+ return true;
+ }
}
return false;
}
+function gwvp_fourZeroThree()
+{
+ header("HTTP/1.0 403 Permission Denied");
+ exit(0);
+}
+
+function gwvp_AuthNoPerms()
+{
+ gwvp_goMainPage("gwvp_AuthNoPermsBody");
+}
+
+function gwvp_AuthNoPermsBody()
+{
+ echo "You have no permissions for this page, do you need to login?";
+}
+
+function gwvp_AuthHandleLogout()
+{
+ global $BASE_URL;
+
+ unset($_SESSION["isloggedin"]);
+ unset($_SESSION["username"]);
+ unset($_SESSION["fullname"]);
+ unset($_SESSION["usertype"]);
+
+ gwvp_SendMessage("info", "Logged out");
+ header("Location: $BASE_URL");
+}
+
function gwvp_RegistrationCall()
{
if(gwvp_IsRegistrationEnabled()) {
}
}
+function gwvp_authUserPass($user, $pass)
+{
+ $details = gwvp_getUser($user);
+ if($details == false) {
+ return false;
+ }
+
+ if(sha1($pass)!=$details["password"]) return false;
+
+ return $details["username"];
+}
+
function gwvp_AuthHandleLogin()
{
global $BASE_URL;
+
$user = "";
$pass = "";
if(isset($_REQUEST["username"])) $user = $_REQUEST["username"];
if(isset($_REQUEST["password"])) $pass = $_REQUEST["password"];
-
- // auth the user
- if($user == "user" && $pass == "pass") {
- $_SESSION["isloggedin"] = true;
- $_SESSION["username"] = "user";
- } else {
+
+ if(gwvp_authUserPass($user, $pass) === false) {
gwvp_SendMessage("error", "Login Failed");
+ header("Location: $BASE_URL");
+ } else {
+ $details = gwvp_getUser($user);
+ $_SESSION["isloggedin"] = true;
+ $_SESSION["username"] = "$user";
+ $_SESSION["fullname"] = $details["fullname"];
+ $_SESSION["id"] = $details["id"];
+ if(gwvp_IsUserAdmin($details["email"])) {
+ $_SESSION["usertype"] = "admin";
+ } else {
+ $_SESSION["usertype"] = "user";
+ }
+ gwvp_SendMessage("info", "Welcome, ".$details["fullname"]." you are logged in");
+ header("Location: $BASE_URL");
+ return true;
}
-
- header("Location: $BASE_URL");
+
}
function gwvp_RegistrationPageBody()
{
+ global $BASE_URL;
+
+ // TODO: registration page needs to be prettier - mostly the image for the captcha
+
?>
- <form method="post">
+<form method="post" action="<?php echo $BASE_URL?>/register/try">
<table>
- <tr><td>Name</td><td><input name="name" type="text"></td><td>Your Full Name</td></tr>
- <tr><td>Email</td><td><input name="email" type="text"></td><td>Your Email Address</td></tr>
- <tr><td>Nick Name</td><td><input name="nickname" type="text"></td><td>The Name Used to Refer to you on the site</td></tr>
- <tr><td><input type="submit" name="register" value="Register"></td></tr>
+ <tr>
+ <td>Name</td>
+ <td><input name="name" type="text"></td>
+ <td>Your Full Name</td>
+ <td rowspan="4">
+ <?php if(gwvp_haveCaptcha()) {?>
+ <img id="captcha" src="<?php echo $BASE_URL?>/securimage/" alt="CAPTCHA Image" /><br>
+ <input type="text" name="captcha_code" size="10" maxlength="6" />
+ <a href="#" onclick="document.getElementById('captcha').src = '<?php echo $BASE_URL?>/securimage/' + Math.random(); return false">[ Different Image ]</a>
+ <?php } ?>
+ </td>
+ </tr>
+ <tr>
+ <td>Email</td>
+ <td><input name="email" type="text"></td>
+ <td>Your Email Address</td>
+ </tr>
+ <tr>
+ <td>User Name</td>
+ <td><input name="username" type="text"></td>
+ <td>The Name Used to Refer to you on the site</td>
+ </tr>
+
+
+ <tr>
+ <td><input type="submit" name="register" value="Register"></td>
+ </tr>
</table>
- </form>
+</form>
<?php
}
+function qwvp_attemptRegistration()
+{
+ if(gwvp_haveCaptcha()) {
+ $securimage = new Securimage();
+ if ($securimage->check($_POST['captcha_code']) == false) {
+ // the code was incorrect
+ // you should handle the error so that the form processor doesn't continue
+
+ // or you can use the following code if there is no validation or you do not know how
+ echo "The security code entered was incorrect.<br /><br />";
+ echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";
+ } else {
+ echo "code was right";
+ }
+
+ }
+}
+
+function gwvp_checkBasicAuthLogin()
+{
+ $user = false;
+ $pass = false;
+ if(isset($_SERVER["PHP_AUTH_USER"])) {
+ $user = $_SERVER["PHP_AUTH_USER"];
+ } else return false;
+
+ if(isset($_SERVER["PHP_AUTH_PW"])) {
+ $pass = $_SERVER["PHP_AUTH_PW"];
+ } else return false;
+
+ return gwvp_authUserPass($user, $pass);
+}
+
function gwvp_IsLoggedIn()
{
if(isset($_SESSION["isloggedin"])) {
function gwvp_SingleLineLoginForm()
{
global $BASE_URL;
-
+
echo "<form method=\"post\" action=\"$BASE_URL/login\">Username <input type=\"text\" name=\"username\" class=\"login\">";
echo " Passowrd <input type=\"text\" name=\"password\" class=\"login\"><input type=\"submit\" name=\"login\" value=\"Login\" class=\"loginbutton\">";
if(gwvp_IsRegistrationEnabled()) echo "<a href=\"$BASE_URL/register\">Register</a></form>";