/*
+----------------------------------------------------------------------+
| PEAR Web site version 1.0 |
+----------------------------------------------------------------------+
| Copyright (c) 2001-2005 The PHP Group |
+----------------------------------------------------------------------+
| This source file is subject to version 2.02 of the PHP license, |
| that is bundled with this package in the file LICENSE, and is |
| available at through the world-wide-web at |
| http://www.php.net/license/2_02.txt. |
| If you did not receive a copy of the PHP license and are unable to |
| obtain it through the world-wide-web, please send a note to |
| license@php.net so we can mail you a copy immediately. |
+----------------------------------------------------------------------+
| Authors: |
+----------------------------------------------------------------------+
$Id$
*/
date_default_timezone_set('UTC');
require_once 'pear-config.php';
require_once 'PEAR.php';
include_once 'pear-format-html.php';
include_once 'pear-auth.php';
require_once 'Validate.php';
if (!empty($_GET['logout']) && $_GET['logout'] === '1') {
auth_logout();
}
if (!empty($_COOKIE['PEAR_USER']) && !auth_verify($_COOKIE['PEAR_USER'], $_COOKIE['PEAR_PW'])) {
auth_kill_cookies();
auth_reject(null, 'Invalid username or password');
}
$_SESSION['PEAR_USER'] = $_POST['PEAR_USER'];
/*
* Update users lastlogin
*/
$query = 'UPDATE users SET lastlogin = NOW() WHERE handle = ?';
$dbh->query($query, array($_POST['PEAR_USER']));
/*
* Update users password if it is held in the db
* crypt()ed.
*/
if (strlen(@$auth_user->password) == 13) {
// $auth_user comes from auth_verify() function
$query = 'UPDATE users SET password = ? WHERE handle = ?';
$dbh->query($query, array(md5($_POST['PEAR_PW']), $_POST['PEAR_USER']));
}
/*
* Determine URL
*/
if (isset($_POST['PEAR_OLDURL']) && basename($_POST['PEAR_OLDURL']) != 'login.php') {
localRedirect($_POST['PEAR_OLDURL']);
} else {
localRedirect('index.php');
}
exit;
}
$msg = '';
if (isset($_POST['PEAR_USER']) || isset($_POST['PEAR_PW'])) {
$msg = 'Invalid username or password.';
}
auth_reject(PEAR_AUTH_REALM, $msg);
+----------------------------------------------------------------------+
| PEAR Web site version 1.0 |
+----------------------------------------------------------------------+
| Copyright (c) 2001-2003 The PHP Group |
+----------------------------------------------------------------------+
| This source file is subject to version 2.02 of the PHP license, |
| that is bundled with this package in the file LICENSE, and is |
| available at through the world-wide-web at |
| http://www.php.net/license/2_02.txt. |
| If you did not receive a copy of the PHP license and are unable to |
| obtain it through the world-wide-web, please send a note to |
| license@php.net so we can mail you a copy immediately. |
+----------------------------------------------------------------------+
| Authors: |
+----------------------------------------------------------------------+
$Id$
*/
if (isset($showmsg)) {
$delay = 3;
Header("Refresh: {$delay}; url=\"" . htmlspecialchars($_SERVER['PHP_SELF']) . "\"");
response_header("Logging Out...");
// $ua = $HTTP_USER_AGENT;
$logoutmsg = "Authorization failed. Retry?";
report_error("Press 'Cancel' when presented a new login box or " . "one saying '{$logoutmsg}'<br />");
response_footer();
} else {
Header("HTTP/1.0 401 Unauthorized");
Header("WWW-authenticate: basic realm=\"PEAR user\"");
Header("Refresh: 1; url=\"./\"");
auth_reject(PEAR_AUTH_REALM, "Logging out");
}
function auth_require()
{
global $auth_user;
$res = true;
$user = @$_COOKIE['PEAR_USER'];
$passwd = @$_COOKIE['PEAR_PW'];
if (!auth_verify($user, $passwd)) {
auth_reject();
// exits
}
$num = func_num_args();
for ($i = 0; $i < $num; $i++) {
$arg = func_get_arg($i);
$res = auth_check($arg);
if ($res === true) {
return true;
}
}
if ($res === false) {
response_header("Insufficient Privileges");
report_error("Insufficient Privileges");
response_footer();
exit;
}
return true;
}
function auth_require($admin = false)
{
global $auth_user;
$res = true;
if (!is_logged_in()) {
auth_reject();
// exits
}
$num = func_num_args();
for ($i = 0; $i < $num; $i++) {
$arg = func_get_arg($i);
$res = auth_check($arg);
if ($res == true) {
return true;
}
}
if ($res == false) {
response_header("Insufficient Privileges");
report_error("Insufficient Privileges");
response_footer();
exit;
}
return true;
}