Example #1
0
File: auth.php Project: MrWnn/cacti
function check_auth_cookie()
{
    if (isset($_COOKIE['cacti_remembers']) && read_config_option('auth_cache_enabled') == 'on') {
        $parts = explode(',', $_COOKIE['cacti_remembers']);
        $user = $parts[0];
        if ($user != '') {
            $user_info = db_fetch_row_prepared('SELECT id, username 
				FROM user_auth 
				WHERE username = ?', array($user));
            if (!empty($user_info)) {
                if (isset($parts[1])) {
                    $nssecret = $parts[1];
                    $secret = hash('sha512', $nssecret, false);
                    $found = db_fetch_cell_prepared('SELECT user_id 
						FROM user_auth_cache 
						WHERE user_id = ? AND token = ?', array($user_info['id'], $secret));
                    if (empty($found)) {
                        return false;
                    } else {
                        set_auth_cookie($user_info);
                        cacti_log("LOGIN: User '" . $user_info['username'] . "' Authenticated via Authentication Cookie", false, 'AUTH');
                        db_execute_prepared('INSERT INTO user_log 
							(username, user_id, result, ip, time) 
							VALUES 
							(?, ?, 2, ?, NOW())', array($user, $user_info['id'], $_SERVER['REMOTE_ADDR']));
                        return $user_info['id'];
                    }
                }
            }
        }
    }
    return false;
}
Example #2
0
function login() {
  try {
    $A = new Auth();
  } catch(Exception $e) {
    die($e->getMessage());
  }


  if($_POST['password']) {
    $P = new Password();

    if(!$P->isValid($_POST['password'])) {
      $pass_incorrect = true;
    } else {
      $set_cookie = true;

      $cookieval = set_auth_cookie();

      try {
        $A->create($cookieval);
      } catch(Exception $e) {
        die($e->getMessage());
      }
    }
  } else {
    if(isset($_COOKIE['auth']) && $A->isValid($_COOKIE['auth']))
      $already_set = true;
  }
  ?>

  <!DOCTYPE html>
  <html>
  <head><title>set scraps password</title></head>
  <body>

  <?php if($pass_incorrect): ?>

    <p>The password entered does not match the current password.</p>

  <?php elseif($set_cookie): ?>

    <p>Y'all should be logged in now.</p>

  <?php elseif($already_set): ?>

    <p>Y'all is already logged in.</p>

  <?php else: ?>

    <form method="post">
    <input name="password" type="password" placeholder="Password?" \>
    <input type="submit" value="Login" />
    </form>

    </body>
    </html>

  <?php endif;
}
Example #3
0
function destroy_session($session_key)
{
    global $dbconn;
    global $auth_settings;
    if (strlen($session_key) != $auth_settings['token_length']) {
        return FALSE;
    }
    // Delete the session cookie
    set_auth_cookie("", time() - 3600);
    $sql = "DELETE FROM sessions\n\t\tWHERE session_key = :sk\n\t\tOR expire_time < UNIX_TIMESTAMP()";
    $stmt = $dbconn->prepare($sql);
    $stmt->bindParam(':sk', $session_key, PDO::PARAM_STR);
    return $stmt->execute();
}
Example #4
0
        }
    }
    /* Process the user  */
    if (sizeof($user)) {
        cacti_log("LOGIN: User '" . $user['username'] . "' Authenticated", false, 'AUTH');
        db_execute_prepared('INSERT INTO user_log (username, user_id, result, ip, time) VALUES (?, ?, 1, ?, NOW())', array($username, $user['id'], $_SERVER['REMOTE_ADDR']));
        /* is user enabled */
        $user_enabled = $user['enabled'];
        if ($user_enabled != 'on') {
            /* Display error */
            auth_display_custom_error_message('Access Denied, user account disabled.');
            exit;
        }
        /* remember this user */
        if (isset($_POST['remember_me']) && read_config_option('auth_cache_enabled') == 'on') {
            set_auth_cookie($user);
        }
        /* set the php session */
        $_SESSION['sess_user_id'] = $user['id'];
        /* handle 'force change password' */
        if ($user['must_change_password'] == 'on' && read_config_option('auth_method') == 1) {
            $_SESSION['sess_change_password'] = true;
        }
        $group_options = db_fetch_cell_prepared('SELECT MAX(login_opts)
			FROM user_auth_group AS uag
			INNER JOIN user_auth_group_members AS uagm
			ON uag.id=uagm.group_id
			WHERE user_id=?', array($_SESSION['sess_user_id']));
        if ($group_options > 0) {
            $user['login_opts'] = $group_options;
        }