X-Git-Url: http://git.pjr.cc/?p=gwvp.git;a=blobdiff_plain;f=gwvplib%2Fgwvpauth.php;h=5056c061832206075f73f93914035aa5b298bbbd;hp=73107e5abff11027eef75a01b414ce007b941281;hb=20d1cc1a856b039329b382a8119454099896c938;hpb=d6d341a5742ed8021fa768c924846e04d46156e1

diff --git a/gwvplib/gwvpauth.php b/gwvplib/gwvpauth.php
index 73107e5..5056c06 100644
--- a/gwvplib/gwvpauth.php
+++ b/gwvplib/gwvpauth.php
@@ -1,21 +1,93 @@
 <?php
 
+// we call it 00aaa so it gets called first
 $CALL_ME_FUNCTIONS["00aaa"] = "gwvp_AuthCallMe";
 
 function gwvp_AuthCallMe()
 {
+	global $LOGIN_TYPE;
 	session_start();
-	
+
 	if(isset($_REQUEST["q"])) {
-		$query = $_REQUEST["q"];
-		if($query == "login") return "gwvp_AuthHandleLogin";
-		if($query == "register") return "gwvp_RegistrationCall";
-		else return false;
+		$query = explode("/", $_REQUEST["q"]);
+		if($query[0] == "login") return "gwvp_AuthHandleLogin";
+		if($query[0] == "logout") return "gwvp_AuthHandleLogout";
+		if($query[0] == "register") {
+			if(isset($query[1])) {
+				return "qwvp_attemptRegistration";
+			}
+			return "gwvp_RegistrationCall";
+		}
+	}
+	$login = gwvp_isLoggedIn();
+	
+	error_log("authcallme as $login");
+	if($login!== false) {
+		if(gwvp_IsUserAdmin(null, $login)) {
+			$LOGIN_TYPE = "admin";
+		} else {
+			$LOGIN_TYPE = "user";
+		}
+	} else {
+		$LOGIN_TYPE = "anon";
+	}
+	
+	return false;
+}
+
+function gwvp_AskForBasicAuth()
+{
+	if(!isset($_SERVER["PHP_AUTH_USER"])) {
+		header('WWW-Authenticate: Basic realm="My Realm"');
+		header('HTTP/1.0 401 Unauthorized');
+		exit(0);
+	} else return; 
+}
+
+// $levels is checked against $LOGIN_TYPE, levels can be either just "admin" or admin,user anon,user anon, etc.
+function gwvp_CheckAuthLevel($levels)
+{
+	global $LOGIN_TYPE;
+	
+	$spl = explode(",", $levels);
+	foreach($spl as $levs) {
+		if($LOGIN_TYPE == $levs) {
+			return true;
+		}
 	}
 	
 	return false;
 }
 
+function gwvp_fourZeroThree()
+{
+	header("HTTP/1.0 403 Permission Denied");
+	exit(0);
+}
+
+function gwvp_AuthNoPerms()
+{
+	gwvp_goMainPage("gwvp_AuthNoPermsBody");
+}
+
+function gwvp_AuthNoPermsBody()
+{
+	echo "You have no permissions for this page, do you need to login?";
+}
+
+function gwvp_AuthHandleLogout()
+{
+	global $BASE_URL;
+	
+	unset($_SESSION["isloggedin"]);
+	unset($_SESSION["username"]);
+	unset($_SESSION["fullname"]);
+	unset($_SESSION["usertype"]);
+	
+	gwvp_SendMessage("info", "Logged out");
+	header("Location: $BASE_URL");
+}
+
 function gwvp_RegistrationCall()
 {
 	if(gwvp_IsRegistrationEnabled()) {
@@ -25,39 +97,122 @@ function gwvp_RegistrationCall()
 	}
 }
 
+function gwvp_authUserPass($user, $pass)
+{
+	$details = gwvp_getUser($user);
+	if($details == false) {
+		return false;
+	}
+	
+	if(sha1($pass)!=$details["password"]) return false;
+	
+	return $details["username"];
+}
+
 function gwvp_AuthHandleLogin()
 {
 	global $BASE_URL;
+
 	$user = "";
 	$pass = "";
 	if(isset($_REQUEST["username"])) $user = $_REQUEST["username"];
 	if(isset($_REQUEST["password"])) $pass = $_REQUEST["password"];
-	
-	// auth the user
-	if($user == "user" && $pass == "pass") {
-		$_SESSION["isloggedin"] = true;
-		$_SESSION["username"] = "user";
-	} else {
+
+	if(gwvp_authUserPass($user, $pass) === false) {
 		gwvp_SendMessage("error", "Login Failed");
+		header("Location: $BASE_URL");
+	} else {
+		$details = gwvp_getUser($user);
+		$_SESSION["isloggedin"] = true;
+		$_SESSION["username"] = "$user";
+		$_SESSION["fullname"] = $details["fullname"];
+		$_SESSION["id"] = $details["id"];
+		if(gwvp_IsUserAdmin($details["email"])) {
+			$_SESSION["usertype"] = "admin";
+		} else {
+			$_SESSION["usertype"] = "user";
+		}
+		gwvp_SendMessage("info", "Welcome, ".$details["fullname"]." you are logged in");
+		header("Location: $BASE_URL");
+		return true;
 	}
-	
-	header("Location: $BASE_URL");
+
 }
 
 function gwvp_RegistrationPageBody()
 {
+	global $BASE_URL;
+	
+	// TODO: registration page needs to be prettier - mostly the image for the captcha
+	
 	?>
-	<form method="post">
+<form method="post" action="<?php echo $BASE_URL?>/register/try">
 	<table>
-	<tr><td>Name</td><td><input name="name" type="text"></td><td>Your Full Name</td></tr>
-	<tr><td>Email</td><td><input name="email" type="text"></td><td>Your Email Address</td></tr>
-	<tr><td>User Name</td><td><input name="username" type="text"></td><td>The Name Used to Refer to you on the site</td></tr>
-	<tr><td><input type="submit" name="register" value="Register"></td></tr>
+		<tr>
+			<td>Name</td>
+			<td><input name="name" type="text"></td>
+			<td>Your Full Name</td>
+			<td rowspan="4">
+				<?php if(gwvp_haveCaptcha()) {?>
+				<img id="captcha" src="<?php echo $BASE_URL?>/securimage/" alt="CAPTCHA Image" /><br>
+				<input type="text" name="captcha_code" size="10" maxlength="6" />
+				<a href="#" onclick="document.getElementById('captcha').src = '<?php echo $BASE_URL?>/securimage/' + Math.random(); return false">[ Different Image ]</a>
+				<?php } ?>
+			</td>
+		</tr>
+		<tr>
+			<td>Email</td>
+			<td><input name="email" type="text"></td>
+			<td>Your Email Address</td>
+		</tr>
+		<tr>
+			<td>User Name</td>
+			<td><input name="username" type="text"></td>
+			<td>The Name Used to Refer to you on the site</td>
+		</tr>
+		
+		
+		<tr>
+			<td><input type="submit" name="register" value="Register"></td>
+		</tr>
 	</table>
-	</form>
+</form>
 	<?php
 }
 
+function qwvp_attemptRegistration()
+{
+	if(gwvp_haveCaptcha()) {
+		$securimage = new Securimage();
+		if ($securimage->check($_POST['captcha_code']) == false) {
+		  // the code was incorrect
+		  // you should handle the error so that the form processor doesn't continue
+		
+		  // or you can use the following code if there is no validation or you do not know how
+		  echo "The security code entered was incorrect.<br /><br />";
+		  echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";
+		} else {
+			echo "code was right";
+		}
+		
+	}
+}
+
+function gwvp_checkBasicAuthLogin()
+{
+	$user = false;
+	$pass = false;
+	if(isset($_SERVER["PHP_AUTH_USER"])) {
+		$user = $_SERVER["PHP_AUTH_USER"];
+	} else return false;
+	
+	if(isset($_SERVER["PHP_AUTH_PW"])) {
+		$pass = $_SERVER["PHP_AUTH_PW"];
+	} else return false;
+	
+	return gwvp_authUserPass($user, $pass);
+}
+
 function gwvp_IsLoggedIn()
 {
 	if(isset($_SESSION["isloggedin"])) {
@@ -70,7 +225,7 @@ function gwvp_IsLoggedIn()
 function gwvp_SingleLineLoginForm()
 {
 	global $BASE_URL;
-	
+
 	echo "<form method=\"post\" action=\"$BASE_URL/login\">Username <input type=\"text\" name=\"username\" class=\"login\">";
 	echo " Passowrd <input type=\"text\" name=\"password\" class=\"login\"><input type=\"submit\" name=\"login\" value=\"Login\" class=\"loginbutton\">";
 	if(gwvp_IsRegistrationEnabled()) echo "<a href=\"$BASE_URL/register\">Register</a></form>";

Name	Your Full Name
Email	Your Email Address
User Name	The Name Used to Refer to you on the site

Name	Your Full Name	+ + + + [ Different Image ] + +
Email	Your Email Address
User Name	The Name Used to Refer to you on the site