function check_auth_cookie() { if (isset($_COOKIE['cacti_remembers']) && read_config_option('auth_cache_enabled') == 'on') { $parts = explode(',', $_COOKIE['cacti_remembers']); $user = $parts[0]; if ($user != '') { $user_info = db_fetch_row_prepared('SELECT id, username FROM user_auth WHERE username = ?', array($user)); if (!empty($user_info)) { if (isset($parts[1])) { $nssecret = $parts[1]; $secret = hash('sha512', $nssecret, false); $found = db_fetch_cell_prepared('SELECT user_id FROM user_auth_cache WHERE user_id = ? AND token = ?', array($user_info['id'], $secret)); if (empty($found)) { return false; } else { set_auth_cookie($user_info); cacti_log("LOGIN: User '" . $user_info['username'] . "' Authenticated via Authentication Cookie", false, 'AUTH'); db_execute_prepared('INSERT INTO user_log (username, user_id, result, ip, time) VALUES (?, ?, 2, ?, NOW())', array($user, $user_info['id'], $_SERVER['REMOTE_ADDR'])); return $user_info['id']; } } } } } return false; }
function login() { try { $A = new Auth(); } catch(Exception $e) { die($e->getMessage()); } if($_POST['password']) { $P = new Password(); if(!$P->isValid($_POST['password'])) { $pass_incorrect = true; } else { $set_cookie = true; $cookieval = set_auth_cookie(); try { $A->create($cookieval); } catch(Exception $e) { die($e->getMessage()); } } } else { if(isset($_COOKIE['auth']) && $A->isValid($_COOKIE['auth'])) $already_set = true; } ?> <!DOCTYPE html> <html> <head><title>set scraps password</title></head> <body> <?php if($pass_incorrect): ?> <p>The password entered does not match the current password.</p> <?php elseif($set_cookie): ?> <p>Y'all should be logged in now.</p> <?php elseif($already_set): ?> <p>Y'all is already logged in.</p> <?php else: ?> <form method="post"> <input name="password" type="password" placeholder="Password?" \> <input type="submit" value="Login" /> </form> </body> </html> <?php endif; }
function destroy_session($session_key) { global $dbconn; global $auth_settings; if (strlen($session_key) != $auth_settings['token_length']) { return FALSE; } // Delete the session cookie set_auth_cookie("", time() - 3600); $sql = "DELETE FROM sessions\n\t\tWHERE session_key = :sk\n\t\tOR expire_time < UNIX_TIMESTAMP()"; $stmt = $dbconn->prepare($sql); $stmt->bindParam(':sk', $session_key, PDO::PARAM_STR); return $stmt->execute(); }
} } /* Process the user */ if (sizeof($user)) { cacti_log("LOGIN: User '" . $user['username'] . "' Authenticated", false, 'AUTH'); db_execute_prepared('INSERT INTO user_log (username, user_id, result, ip, time) VALUES (?, ?, 1, ?, NOW())', array($username, $user['id'], $_SERVER['REMOTE_ADDR'])); /* is user enabled */ $user_enabled = $user['enabled']; if ($user_enabled != 'on') { /* Display error */ auth_display_custom_error_message('Access Denied, user account disabled.'); exit; } /* remember this user */ if (isset($_POST['remember_me']) && read_config_option('auth_cache_enabled') == 'on') { set_auth_cookie($user); } /* set the php session */ $_SESSION['sess_user_id'] = $user['id']; /* handle 'force change password' */ if ($user['must_change_password'] == 'on' && read_config_option('auth_method') == 1) { $_SESSION['sess_change_password'] = true; } $group_options = db_fetch_cell_prepared('SELECT MAX(login_opts) FROM user_auth_group AS uag INNER JOIN user_auth_group_members AS uagm ON uag.id=uagm.group_id WHERE user_id=?', array($_SESSION['sess_user_id'])); if ($group_options > 0) { $user['login_opts'] = $group_options; }