search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Linux multi-monitor fullscreen support
[ryzomcore.git] / nelns / admin / public_html / session_auth.php
blobddf0a60de72ad41420cc47d4af4c72eb8fc936df
1 <?php
2 // NeL - MMORPG Framework <http://dev.ryzom.com/projects/nel/>
3 // Copyright (C) 2010 Winch Gate Property Limited
4 //
5 // This program is free software: you can redistribute it and/or modify
6 // it under the terms of the GNU Affero General Public License as
7 // published by the Free Software Foundation, either version 3 of the
8 // License, or (at your option) any later version.
9 //
10 // This program is distributed in the hope that it will be useful,
11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 // GNU Affero General Public License for more details.
14 //
15 // You should have received a copy of the GNU Affero General Public License
16 // along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18 // authenticate
19 function auth(&$error)
20 {
21 global $command, $sessionAuth, $admcookielogin, $admcookiepassword, $sessionAuth;
22 global $admlogin, $admpassword, $uid, $gid, $useCookie, $group, $HTTP_POST_VARS;
23 unset($error);
24
25 switch($HTTP_POST_VARS["command"])
26 {
27 case "logout":
28 addToLog("Logout!");
29
30 $uid = $sessionAuth["uid"];
31 logUser($uid, "LOGOUT");
32
33 //session_unregister("sessionAuth");
34 unset($_SESSION["sessionAuth"]);
35 session_destroy();
36
37 // erases cookies
38 eraseCookies();
39
40 unset($admlogin);
41 unset($admpassword);
42 unset($admcookielogin);
43 unset($admcookiepassword);
44 unset($uid);
45
46 htmlProlog($_SERVER['PHP_SELF'], "Logout", false);
47
48 echo "<center>\n";
49 echo "You are not logged any more<br>\n";
50 echo "Click <a href='index.php'>here</a> to login<br>\n";
51 echo "</center>\n";
52
53 htmlEpilog();
54
55 die();
56 break;
57
58 case "chPassword":
59 addToLog("Change pass!");
60 global $chOldPass, $chNewPass, $chConfirmNewPass;
61
62 if (!($uid = validateId($admlogin, $admpassword, $useCookie, $gid, $group)))
63 {
64 $error = "Invalid login '$admlogin'";
65 eraseCookies();
66 return 0;
67 }
68
69 if (crypt($chOldPass, "NL") == $admpassword && $chNewPass == $chConfirmNewPass)
70 {
71 sqlquery("UPDATE user SET password='".crypt($chNewPass, "NL")."' WHERE uid='$uid'");
72 $admpassword = $chNewPass;
73
74 addToLog("Changed password to '$chNewPass':'".crypt($chNewPass, "NL")."'");
75
76 //session_unregister("sessionAuth");
77 unset($_SESSION["sessionAuth"]);
78 session_destroy();
79 }
80
81 case "login":
82 $admpassword = crypt($admpassword, "NL");
83
84 addToLog("Login! -- admlogin='$admlogin', admpassword='$admpassword'");
85
86 if (!($uid = validateId($admlogin, $admpassword, $useCookie, $gid, $group)))
87 {
88 $error = "Invalid login '$admlogin'";
89 print $error;
90 eraseCookies();
91 return 0;
92 }
93
94 $sessionAuth = array ("admlogin" => $admlogin, "admpassword" => $admpassword, "uid" => $uid);
95 //session_register("sessionAuth");
96 $_SESSION["sessionAuth"] = $sessionAuth;
97
98 if ($useCookie)
99 setupCookies($admlogin, $admpassword);
100
101 logUser($uid, "LOGIN");
102
103 return 1;
104 break;
105
106 default:
107
108 if (!isset($sessionAuth) || $sessionAuth["admlogin"] == "")
109 {
110 print "no sessionauth or admlogin is blank";
111 if (!isset($admcookielogin))
112 {
113 addToLog("cookie not set");
114 return false;
115 }
116 else
117 {
118 $admlogin = $admcookielogin;
119 $admpassword = $admcookiepassword;
120 }
121 }
122 else
123 {
124 $admlogin = $sessionAuth["admlogin"];
125 $admpassword = $sessionAuth["admpassword"];
126 $uid = $sessionAuth["uid"];
127 }
128
129 if (!($uid = validateId($admlogin, $admpassword, $useCookie, $gid, $group)))
130 {
131 if (!$uid)
132 {
133 $error = "Invalid login '$admlogin'";
134 eraseCookies();
135 return false;
136 }
137 }
138
139 $sessionAuth = array ("admlogin" => $admlogin, "admpassword" => $admpassword, "uid" => $uid);
140 //session_register("sessionAuth");
141 $_SESSION["sessionAuth"] = $sessionAuth;
142
143 if ($useCookie)
144 setupCookies($admlogin, $admpassword);
145 else
146 eraseCookies();
147
148 //logUser($uid, "BROWSE");
149
150 return 1;
151 break;
152 }
153 }
154
155
156 // validate id
157 function validateId($admlogin, $admpassword, &$useCookies, &$gid, &$group)
158 {
159 global $REMOTE_ADDR;
160
161 if (!ereg('^[a-zA-Z0-9]+$', $admlogin))
162 {
163 //echo "DETECTED potential hacking login='$admlogin'<br>\n";
164 return false;
165 }
166
167 addToLog("Validate login: '$admlogin'/'$admpassword'...");
168 $res = mysql_query("SELECT auth.password AS password, auth.uid AS uid, auth.useCookie AS useCookie, auth.gid AS gid, ugroup.login AS gname, auth.allowed_ip AS allowed_ip FROM user AS auth, user AS ugroup WHERE BINARY auth.login='$admlogin' AND auth.gid=ugroup.uid");
169 if (!$res || !($arr=mysql_fetch_array($res)) || !($arr["uid"]) || $admpassword != $arr["password"])
170 {
171 addToLog("failed !!");
172 return false;
173 }
174 $allowed_ip = $arr["allowed_ip"];
175 if ($allowed_ip != "" && strstr($REMOTE_ADDR, $allowed_ip) == FALSE)
176 return false;
177
178 addToLog("success");
179 $useCookies = ($arr["useCookie"] == "yes");
180 $gid = $arr["gid"];
181 $group = $arr["gname"];
182 return $arr["uid"];
183 }
184
185
186 // setup cookies
187 function setupCookies($admlogin, $admpassword)
188 {
189 /*
190 setcookie("admcookielogin", $admlogin, time()+3600*24*15);
191 setcookie("admcookiepassword", $admpassword, time()+3600*24*15);
192 */
193 addToLog("cookies set to admlogin=$admlogin admpassword=$admpassword");
194 }
195
196 // erase cookies
197 function eraseCookies()
198 {
199 setcookie("admcookielogin");
200 setcookie("admcookiepassword");
201
202 addToLog("cookies reset");
203 }
204
205 // log user
206 function logUser($uid, $act, $prefix="")
207 {
208 global $HTTP_USER_AGENT, $REMOTE_ADDR, $userlogpath;
209
210 $result = sqlquery("SELECT login FROM user WHERE uid='$uid'");
211 if ($result && ($result=sqlfetch($result)))
212 {
213 $login = $result["login"];
214 $filename = $userlogpath."/".$login.".log";
215 $file = fopen($filename, "a");
216 if ($file)
217 {
218 fwrite($file, ($prefix!="" ? $prefix." " : "").date("Y/m/d H:i:s")." $uid:$login:$HTTP_USER_AGENT:$REMOTE_ADDR $act\n");
219 fclose($file);
220 }
221 }
222 else
223 {
224 $filename = $userlogpath."/unreferenced_user.log";
225 $file = fopen($filename, "a");
226 if ($file)
227 {
228 fwrite($file, date("Y/m/d H:i:s")." $uid:<unknown login>:$HTTP_USER_AGENT:$REMOTE_ADDR $act\n");
229 fclose($file);
230 }
231 }
232
233 /*
234 $result = sqlquery("SELECT http_agent, remote_address, act FROM user_log WHERE uid='$uid' ORDER BY log_date DESC LIMIT 1");
235 if (!$result || !($arr=mysql_fetch_array($result)) || $arr["http_agent"]!=$HTTP_USER_AGENT || $arr["remote_address"]!=$REMOTE_ADDR || $arr["act"]!=$act)
236 {
237 sqlquery("INSERT INTO user_log SET uid='$uid', http_agent='$HTTP_USER_AGENT', remote_address='$REMOTE_ADDR', log_date=NOW(), act='$act'");
238 }
239 */
240 }
241 ?>