//If validation of the Sign in form if (isset($_POST["go"])) { //Login & pass from form $login = strtolower(checkInput("post", "login", "/^[a-zA-Z0-9]{1,}\$/")); $password = checkInput("post", "password", "/.*/"); $id_country = checkInput("post", "id_country", "/^[1-4]\$/"); //If inputs are ok if ($login != false && $password != false && $id_country != false) { //Check user $db = connectDataBase(); $sql = "SELECT `user_login`, `group_name` FROM `webapp_users`\n\t\t\t\t\tWHERE `user_login` = '{$login}'\n\t\t\t\t\tAND `user_pass` = SHA1('{$password}')\n\t\t\t\t\tLIMIT 1;"; $query = $db->query($sql); //Ok if one result if ($query->rowCount() == 1) { //Save user information in session $_SESSION["user"] = getInfosFromLogin($login); //If account is correctly configured if ($_SESSION["user"] != false) { //Create cookies $hash = hash("sha512", "{$cookie_password} {$login}"); setcookie("ok", $hash, $cookie_time_to_live, "/" . $cookie_path . "/"); setcookie("id_country", $id_country, $cookie_time_to_live, "/" . $cookie_path . "/"); //Create user file cache createFile("", $hash); //Ok in session $_SESSION["ok"] = $hash; //--------------------------------------------------------------------------- // // Install database --- Start // //---------------------------------------------------------------------------
function check_connected() { global $cookie_password; global $area_default, $area_allow, $area_deny; //If the user doesn't have a cookie and doesn't try to connect if (!isset($_COOKIE["ok"]) && !isset($_SESSION["ok"])) { //echo "no cookie, no session<hr>"; return false; //Else the user has a cookie or he is connecting } else { //Default $go = false; //If the user has a cookie => get login from it if (isset($_COOKIE["ok"])) { $login = getLoginFromCookie(); if ($login != false) { $_SESSION["user"] = getInfosFromLogin($login); $_SESSION["ok"] = $_COOKIE["ok"]; $_SESSION["id_country"] = $_COOKIE["id_country"]; $go = true; } //The user is connecting } elseif (isset($_SESSION["ok"])) { $go = true; } //Bad authentication if (!$go) { //echo "bad cookie<hr>"; return false; } //Check grant if ($_SESSION["user"]["group"] != "root") { //if the running page has rules if (!empty($area_allow) || !empty($area_deny)) { //Default : everybody is allowed if ($area_default == "allow") { $go = true; //Foreach group to deny foreach ($area_deny as $group) { if ($group == $_SESSION["user"]["group"]) { $go = false; break; } } //Else : everybody is denied } elseif ($area_default == "deny") { $go = false; //Foreach group to allow foreach ($area_allow as $group) { if ($group == $_SESSION["user"]["group"]) { $go = true; break; } } } } //Access forbiden if (!$go) { //echo "no option<hr>"; return false; } } } //Ok return true; }