if ($parms->getParm('add') == 'stage2') { // gets user object based on username $user = $kdb->getUserUsername($parms->getParm('username')); // check we got a user back if ($user == null) { if ($debug) { print "User doesn't exist " . $parms->getParm('username') . "\n"; } loginFail(); } // Get username and password and check - first check shouldn't hit but additional check if ($user->getUsername() != $parms->getParm('username') || md5($parms->getParm('password')) != $user->getPassword()) { if ($debug) { print "Login failure user: "******" password: "******" \n"; } loginFail(); } // check we have sufficient permission - ie. admin if (!$user->isAdmin()) { noPermission(); } // If we get here we are logged in so can add entry if ($debug) { print "Login successful " . $user->getUsername() . " \n"; } // create rule object with defaults - populate below $rule = new Rule(); $siteentry = $kdb->getSiteSitename($parms->getParm('site')); // Does sitename exist - if not null already have an entry if ($siteentry != null) { // we need the siteid for the rules entry
} // gets user object based on username $user = $kdb->getUserUsername($username); // check we got a user back if ($user == null) { if ($debug) { print "No matching user found\n"; } loginFail('usernamepassword'); } // Get username and password and check - first check shouldn't hit but additional check if ($user->getusername() != $username || md5($password) != $user->getPassword()) { if ($debug) { print "Login fail " . $user->getUsername() . "\n"; } loginFail('usernamepassword'); } /* don't need to be admin / supervisor - but normal user can only change password etc.*/ // setup session $session->setUsername($username); $redirect = $parms->getParm('redirect'); // if redirect blank then go to dashboard if ($redirect == '') { $redirect = "dashboard.php"; } // redirect to page header("Location: " . $redirect); } else { // Reach here then login details weren't provided - perhaps come direct to login page // url if not supplied will be empty - which we just forward on as empty '' $redirect = $parms->getParm('redirect');
loginFail('usernamepassword'); } // check we have sufficient permission - ie. supervisor if (!$user->isSupervisor()) { noPermission(); } // check permission (only tested for int - so need to check it's between 1 (no point in 0) and 9 // we don't check this until after checking supervisor - must be valid login from admin first // don't allow upgrade to 10 $permission_req = $parms->getParm('allowlevel'); if ($permission_req < 1 || $permission_req > 9) { noPermission(); } // duration = time to login relative time entry (eg. 2 hours) - do allow login a computer forever, but not through this page if ($parms->getParm('timeallowed') == '') { loginFail('Invalid login duration'); } $loginexpirytime = strtotime($parms->getParm('timeallowed')); // Note that duration is set to maximum of the admin user rather than the regular user // We don't neccessarily know who the other user is to be able to apply specific user details in any meaningful way // check duration against maximum permitted for this user if ($user->getLoginexpiry() != 0) { // if login is more than this user is allowed then we set to the admin user's max if ($loginexpirytime > time() + $user->getLoginexpiry()) { $loginexpirytime = time() + $user->getLoginexpiry(); } } // Get IP address from the server - which means they must have excluded proxy for local access // can't neccessarily trust user provided ip address, although perhaps in future may need to add option to get address from user in case they can't exclude proxy (eg. Midori) $ipaddress = $_SERVER['REMOTE_ADDR']; // check this isn't the local ip address on the