Exemple #1
0
/*
   +----------------------------------------------------------------------+
   | PEAR Web site version 1.0                                            |
   +----------------------------------------------------------------------+
   | Copyright (c) 2001-2005 The PHP Group                                |
   +----------------------------------------------------------------------+
   | This source file is subject to version 2.02 of the PHP license,      |
   | that is bundled with this package in the file LICENSE, and is        |
   | available at through the world-wide-web at                           |
   | http://www.php.net/license/2_02.txt.                                 |
   | If you did not receive a copy of the PHP license and are unable to   |
   | obtain it through the world-wide-web, please send a note to          |
   | license@php.net so we can mail you a copy immediately.               |
   +----------------------------------------------------------------------+
   | Authors:                                                             |
   +----------------------------------------------------------------------+
   $Id$
*/
date_default_timezone_set('UTC');
require_once 'pear-config.php';
require_once 'PEAR.php';
include_once 'pear-format-html.php';
include_once 'pear-auth.php';
require_once 'Validate.php';
if (!empty($_GET['logout']) && $_GET['logout'] === '1') {
    auth_logout();
}
if (!empty($_COOKIE['PEAR_USER']) && !auth_verify($_COOKIE['PEAR_USER'], $_COOKIE['PEAR_PW'])) {
    auth_kill_cookies();
    auth_reject(null, 'Invalid username or password');
}
Exemple #2
0
    $_SESSION['PEAR_USER'] = $_POST['PEAR_USER'];
    /*
     * Update users lastlogin
     */
    $query = 'UPDATE users SET lastlogin = NOW() WHERE handle = ?';
    $dbh->query($query, array($_POST['PEAR_USER']));
    /*
     * Update users password if it is held in the db
     * crypt()ed.
     */
    if (strlen(@$auth_user->password) == 13) {
        // $auth_user comes from auth_verify() function
        $query = 'UPDATE users SET password = ? WHERE handle = ?';
        $dbh->query($query, array(md5($_POST['PEAR_PW']), $_POST['PEAR_USER']));
    }
    /*
     * Determine URL
     */
    if (isset($_POST['PEAR_OLDURL']) && basename($_POST['PEAR_OLDURL']) != 'login.php') {
        localRedirect($_POST['PEAR_OLDURL']);
    } else {
        localRedirect('index.php');
    }
    exit;
}
$msg = '';
if (isset($_POST['PEAR_USER']) || isset($_POST['PEAR_PW'])) {
    $msg = 'Invalid username or password.';
}
auth_reject(PEAR_AUTH_REALM, $msg);
Exemple #3
0
   +----------------------------------------------------------------------+
   | PEAR Web site version 1.0                                            |
   +----------------------------------------------------------------------+
   | Copyright (c) 2001-2003 The PHP Group                                |
   +----------------------------------------------------------------------+
   | This source file is subject to version 2.02 of the PHP license,      |
   | that is bundled with this package in the file LICENSE, and is        |
   | available at through the world-wide-web at                           |
   | http://www.php.net/license/2_02.txt.                                 |
   | If you did not receive a copy of the PHP license and are unable to   |
   | obtain it through the world-wide-web, please send a note to          |
   | license@php.net so we can mail you a copy immediately.               |
   +----------------------------------------------------------------------+
   | Authors:                                                             |
   +----------------------------------------------------------------------+
   $Id$
*/
if (isset($showmsg)) {
    $delay = 3;
    Header("Refresh: {$delay}; url=\"" . htmlspecialchars($_SERVER['PHP_SELF']) . "\"");
    response_header("Logging Out...");
    //	$ua = $HTTP_USER_AGENT;
    $logoutmsg = "Authorization failed. Retry?";
    report_error("Press 'Cancel' when presented a new login box or " . "one saying '{$logoutmsg}'<br />");
    response_footer();
} else {
    Header("HTTP/1.0 401 Unauthorized");
    Header("WWW-authenticate: basic realm=\"PEAR user\"");
    Header("Refresh: 1; url=\"./\"");
    auth_reject(PEAR_AUTH_REALM, "Logging out");
}
Exemple #4
0
function auth_require()
{
    global $auth_user;
    $res = true;
    $user = @$_COOKIE['PEAR_USER'];
    $passwd = @$_COOKIE['PEAR_PW'];
    if (!auth_verify($user, $passwd)) {
        auth_reject();
        // exits
    }
    $num = func_num_args();
    for ($i = 0; $i < $num; $i++) {
        $arg = func_get_arg($i);
        $res = auth_check($arg);
        if ($res === true) {
            return true;
        }
    }
    if ($res === false) {
        response_header("Insufficient Privileges");
        report_error("Insufficient Privileges");
        response_footer();
        exit;
    }
    return true;
}
Exemple #5
0
function auth_require($admin = false)
{
    global $auth_user;
    $res = true;
    if (!is_logged_in()) {
        auth_reject();
        // exits
    }
    $num = func_num_args();
    for ($i = 0; $i < $num; $i++) {
        $arg = func_get_arg($i);
        $res = auth_check($arg);
        if ($res == true) {
            return true;
        }
    }
    if ($res == false) {
        response_header("Insufficient Privileges");
        report_error("Insufficient Privileges");
        response_footer();
        exit;
    }
    return true;
}