function SQLAuthenticate()
{
global $db;
global $password_encryption;
global $session_key;
if (isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"])) {
//Username and password are set, lets try to authenticate.
$session_pass = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($session_key), base64_decode($_SESSION["userpwd"]), MCRYPT_MODE_CBC, md5(md5($session_key))), "");
$rowObj = $db->queryRow("SELECT id, fullname, password FROM users WHERE username="******"userlogin"], 'text') . " AND active=1");
if ($rowObj) {
if (Poweradmin\Password::verify($session_pass, $rowObj['password'])) {
$_SESSION["userid"] = $rowObj["id"];
$_SESSION["name"] = $rowObj["fullname"];
$_SESSION["auth_used"] = "internal";
if (isset($_POST["authenticate"])) {
log_notice(sprintf('Successful authentication attempt from [%s] for user \'%s\'', $_SERVER['REMOTE_ADDR'], $_SESSION["userlogin"]));
//If a user has just authenticated, redirect him to requested page
session_write_close();
$redirect_url = $_POST["query_string"] ? $_SERVER['SCRIPT_NAME'] . "?" . $_POST["query_string"] : $_SERVER['SCRIPT_NAME'];
clean_page($redirect_url);
exit;
}
} else {
if (isset($_POST['authenticate'])) {
// auth( _('Authentication failed! - <a href="reset_password.php">(forgot password)</a>'),"error");
auth(_('Authentication failed!'), "error");
} else {
auth();
}
}
} else {
if (isset($_POST['authenticate'])) {
log_warn(sprintf('Failed authentication attempt from [%s]', $_SERVER['REMOTE_ADDR']));
//Authentication failed, retry.
// auth( _('Authentication failed! - <a href="reset_password.php">(forgot password)</a>'),"error");
auth(_('Authentication failed!'), "error");
} else {
unset($_SESSION["userpwd"]);
unset($_SESSION["userlogin"]);
auth();
}
}
} else {
//No username and password set, show auth form (again).
auth();
}
}
/**
* Add a new user
*
* @param mixed[] $details Array of User details
*
* @return boolean true on success, false otherwise
*/
function add_new_user_local($details)
{
global $db;
if (!do_hook('verify_permission', 'user_add_new')) {
error(ERR_PERM_ADD_USER);
return false;
} elseif (user_exists($details['username'])) {
error(ERR_USER_EXIST);
return false;
} elseif (!is_valid_email($details['email'])) {
error(ERR_INV_EMAIL);
return false;
} elseif ($details['active'] == 1) {
$active = 1;
} else {
$active = 0;
}
$query = "INSERT INTO users (username, password, fullname, email, description,";
if (do_hook('verify_permission', 'user_edit_templ_perm')) {
$query .= ' perm_templ,';
}
$password_hash = Poweradmin\Password::hash($details['password']);
$query .= " active) VALUES (" . $db->quote($details['username'], 'text') . ", " . $db->quote($password_hash, 'text') . ", " . $db->quote($details['fullname'], 'text') . ", " . $db->quote($details['email'], 'text') . ", " . $db->quote($details['descr'], 'text') . ", ";
if (do_hook('verify_permission', 'user_edit_templ_perm')) {
$query .= $db->quote($details['perm_templ'], 'integer') . ", ";
}
$query .= $db->quote($active, 'integer') . ")";
$response = $db->query($query);
if (PEAR::isError($response)) {
error($response->getMessage());
return false;
}
return true;
}
echo "<input type=\"hidden\" name=\"dns_ns1\" value=\"" . $dns_ns1 . "\">";
echo "<input type=\"hidden\" name=\"dns_ns2\" value=\"" . $dns_ns2 . "\">";
echo "<input type=\"hidden\" name=\"step\" value=\"" . $current_step . "\">";
echo "<input type=\"hidden\" name=\"language\" value=\"" . $language . "\">";
echo "<input type=\"submit\" name=\"submit\" value=\"" . _('Go to step') . " " . $current_step . "\">";
echo "</form>";
break;
case 6:
// Try to create configuration file
$config_file_created = false;
$configuration = '';
// FIXME
if (is_writeable(LOCAL_CONFIG_FILE)) {
$local_config = fopen(LOCAL_CONFIG_FILE, "w");
fwrite($local_config, $configuration);
fclose($local_config);
$config_file_created = true;
}
// No need to set database port if it's standard port for that db
$db_port = $_POST['db_type'] == 'mysql' && $_POST['db_port'] != 3306 || $_POST['db_type'] == 'pgsql' && $_POST['db_port'] != 5432 ? $_POST['db_port'] : '';
// For SQLite we should provide path to db file
$db_file = $_POST['db_type'] == 'sqlite' ? $db_file = $_POST['db_name'] : '';
echo $twig->render('step6.html', array('next_step' => ++$current_step, 'language' => $language, 'config_file_created' => $config_file_created, 'local_config_file' => LOCAL_CONFIG_FILE, 'session_key' => Poweradmin\Password::salt(SESSION_KEY_LENGTH), 'iface_lang' => $language, 'dns_hostmaster' => $_POST['dns_hostmaster'], 'dns_ns1' => $_POST['dns_ns1'], 'dns_ns2' => $_POST['dns_ns2'], 'db_host' => $_POST['db_host'], 'db_user' => $_POST['pa_db_user'], 'db_pass' => $_POST['pa_db_pass'], 'db_name' => $_POST['db_name'], 'db_type' => $_POST['db_type'], 'db_port' => $db_port, 'db_charset' => $_POST['db_charset'], 'pa_pass' => $_POST['pa_pass']));
break;
case 7:
echo $twig->render('step7.html');
break;
default:
break;
}
echo $twig->render('footer.html', array('version' => Poweradmin\Version::VERSION));
