X-Git-Url: http://git.pjr.cc/?p=gwvp.git;a=blobdiff_plain;f=gwvplib%2Fgwvpauth.php;h=5056c061832206075f73f93914035aa5b298bbbd;hp=09be32d5fe90b1495fb257c7589a0ca5aa62f1dd;hb=20d1cc1a856b039329b382a8119454099896c938;hpb=3dd9dc99f86e65eaf029f37329614dd2d06cea26

diff --git a/gwvplib/gwvpauth.php b/gwvplib/gwvpauth.php
index 09be32d..5056c06 100644
--- a/gwvplib/gwvpauth.php
+++ b/gwvplib/gwvpauth.php
@@ -9,10 +9,15 @@ function gwvp_AuthCallMe()
 	session_start();
 
 	if(isset($_REQUEST["q"])) {
-		$query = $_REQUEST["q"];
-		if($query == "login") return "gwvp_AuthHandleLogin";
-		if($query == "logout") return "gwvp_AuthHandleLogout";
-		if($query == "register") return "gwvp_RegistrationCall";
+		$query = explode("/", $_REQUEST["q"]);
+		if($query[0] == "login") return "gwvp_AuthHandleLogin";
+		if($query[0] == "logout") return "gwvp_AuthHandleLogout";
+		if($query[0] == "register") {
+			if(isset($query[1])) {
+				return "qwvp_attemptRegistration";
+			}
+			return "gwvp_RegistrationCall";
+		}
 	}
 	$login = gwvp_isLoggedIn();
 	
@@ -30,6 +35,15 @@ function gwvp_AuthCallMe()
 	return false;
 }
 
+function gwvp_AskForBasicAuth()
+{
+	if(!isset($_SERVER["PHP_AUTH_USER"])) {
+		header('WWW-Authenticate: Basic realm="My Realm"');
+		header('HTTP/1.0 401 Unauthorized');
+		exit(0);
+	} else return; 
+}
+
 // $levels is checked against $LOGIN_TYPE, levels can be either just "admin" or admin,user anon,user anon, etc.
 function gwvp_CheckAuthLevel($levels)
 {
@@ -45,6 +59,22 @@ function gwvp_CheckAuthLevel($levels)
 	return false;
 }
 
+function gwvp_fourZeroThree()
+{
+	header("HTTP/1.0 403 Permission Denied");
+	exit(0);
+}
+
+function gwvp_AuthNoPerms()
+{
+	gwvp_goMainPage("gwvp_AuthNoPermsBody");
+}
+
+function gwvp_AuthNoPermsBody()
+{
+	echo "You have no permissions for this page, do you need to login?";
+}
+
 function gwvp_AuthHandleLogout()
 {
 	global $BASE_URL;
@@ -67,6 +97,18 @@ function gwvp_RegistrationCall()
 	}
 }
 
+function gwvp_authUserPass($user, $pass)
+{
+	$details = gwvp_getUser($user);
+	if($details == false) {
+		return false;
+	}
+	
+	if(sha1($pass)!=$details["password"]) return false;
+	
+	return $details["username"];
+}
+
 function gwvp_AuthHandleLogin()
 {
 	global $BASE_URL;
@@ -76,21 +118,15 @@ function gwvp_AuthHandleLogin()
 	if(isset($_REQUEST["username"])) $user = $_REQUEST["username"];
 	if(isset($_REQUEST["password"])) $pass = $_REQUEST["password"];
 
-	$details = gwvp_getUser($user);
-	if($details == false) {
-		gwvp_SendMessage("error", "Login Failed");
-		header("Location: $BASE_URL");
-		return false;
-	}
-
-	if(sha1($pass)!=$details["password"]) {
+	if(gwvp_authUserPass($user, $pass) === false) {
 		gwvp_SendMessage("error", "Login Failed");
 		header("Location: $BASE_URL");
-		return false;
 	} else {
+		$details = gwvp_getUser($user);
 		$_SESSION["isloggedin"] = true;
 		$_SESSION["username"] = "$user";
 		$_SESSION["fullname"] = $details["fullname"];
+		$_SESSION["id"] = $details["id"];
 		if(gwvp_IsUserAdmin($details["email"])) {
 			$_SESSION["usertype"] = "admin";
 		} else {
@@ -105,13 +141,24 @@ function gwvp_AuthHandleLogin()
 
 function gwvp_RegistrationPageBody()
 {
+	global $BASE_URL;
+	
+	// TODO: registration page needs to be prettier - mostly the image for the captcha
+	
 	?>
-<form method="post">
+<form method="post" action="<?php echo $BASE_URL?>/register/try">
 	<table>
 		<tr>
 			<td>Name</td>
 			<td><input name="name" type="text"></td>
 			<td>Your Full Name</td>
+			<td rowspan="4">
+				<?php if(gwvp_haveCaptcha()) {?>
+				<img id="captcha" src="<?php echo $BASE_URL?>/securimage/" alt="CAPTCHA Image" /><br>
+				<input type="text" name="captcha_code" size="10" maxlength="6" />
+				<a href="#" onclick="document.getElementById('captcha').src = '<?php echo $BASE_URL?>/securimage/' + Math.random(); return false">[ Different Image ]</a>
+				<?php } ?>
+			</td>
 		</tr>
 		<tr>
 			<td>Email</td>
@@ -123,6 +170,8 @@ function gwvp_RegistrationPageBody()
 			<td><input name="username" type="text"></td>
 			<td>The Name Used to Refer to you on the site</td>
 		</tr>
+		
+		
 		<tr>
 			<td><input type="submit" name="register" value="Register"></td>
 		</tr>
@@ -131,6 +180,39 @@ function gwvp_RegistrationPageBody()
 	<?php
 }
 
+function qwvp_attemptRegistration()
+{
+	if(gwvp_haveCaptcha()) {
+		$securimage = new Securimage();
+		if ($securimage->check($_POST['captcha_code']) == false) {
+		  // the code was incorrect
+		  // you should handle the error so that the form processor doesn't continue
+		
+		  // or you can use the following code if there is no validation or you do not know how
+		  echo "The security code entered was incorrect.<br /><br />";
+		  echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";
+		} else {
+			echo "code was right";
+		}
+		
+	}
+}
+
+function gwvp_checkBasicAuthLogin()
+{
+	$user = false;
+	$pass = false;
+	if(isset($_SERVER["PHP_AUTH_USER"])) {
+		$user = $_SERVER["PHP_AUTH_USER"];
+	} else return false;
+	
+	if(isset($_SERVER["PHP_AUTH_PW"])) {
+		$pass = $_SERVER["PHP_AUTH_PW"];
+	} else return false;
+	
+	return gwvp_authUserPass($user, $pass);
+}
+
 function gwvp_IsLoggedIn()
 {
 	if(isset($_SESSION["isloggedin"])) {

Name	Your Full Name	+ + + + [ Different Image ] + +
Email	The Name Used to Refer to you on the site