function do_login() { global $DB, $ip, $username, $userdata; switch (AUTH_METHOD) { // Generic authentication code for IPADDRESS and PHP_SESSIONS; // some specializations are handled by if-statements. case 'IPADDRESS': case 'PHP_SESSIONS': $user = trim($_POST['login']); $pass = trim($_POST['passwd']); $title = 'Authenticate user'; $menu = false; if (empty($user) || empty($pass)) { show_failed_login("Please supply a username and password."); } do_login_native($user, $pass); if (AUTH_METHOD == 'IPADDRESS') { $cnt = $DB->q('RETURNAFFECTED UPDATE user SET ip_address = %s WHERE username = %s', $ip, $username); if ($cnt != 1) { error("cannot set IP for '{$username}'"); } } if (AUTH_METHOD == 'PHP_SESSIONS') { session_start(); $_SESSION['username'] = $username; auditlog('user', $userdata['userid'], 'logged in', $ip); } break; case 'LDAP': $user = trim($_POST['login']); $pass = trim($_POST['passwd']); $title = 'Authenticate user'; $menu = false; if (empty($user) || empty($pass)) { show_failed_login("Please supply a username and password."); } $userdata = $DB->q('MAYBETUPLE SELECT * FROM user WHERE username = %s AND enabled = 1', $user); if (!$userdata || !ldap_check_credentials($userdata['username'], $pass)) { sleep(1); show_failed_login("Invalid username or password supplied. " . "Please try again or contact a staff member."); } $username = $userdata['username']; session_start(); $_SESSION['username'] = $username; auditlog('user', $userdata['userid'], 'logged in', $ip); break; case 'EXTERNAL': if (empty($_SERVER['REMOTE_USER'])) { show_failed_login("No authentication data provided by Apache."); } break; default: error("Unknown authentication method '" . AUTH_METHOD . "' requested, or login not supported."); } // Authentication success. We could just return here, but we do a // redirect to clear the POST data from the browser. $DB->q('UPDATE user SET last_login = %s, last_ip_address = %s WHERE username = %s', now(), $ip, $username); $script = $_SERVER['PHP_SELF']; if (preg_match('/\\/public\\/login\\.php$/', $_SERVER['PHP_SELF'])) { logged_in(); // fill userdata if (checkrole('jury') || checkrole('balloon')) { header("Location: ../jury/"); exit; } else { if (checkrole('team')) { header("Location: ../team/"); exit; } } } header("Location: ./"); exit; }
<?php /** * Include required files. * * Part of the DOMjudge Programming Contest Jury System and licenced * under the GNU GPL. See README and COPYING for details. */ require_once '../configure.php'; /* For plugins to have jury access rights to the DB, they should * successfully authenticate as user 'jury'. */ require_once LIBDIR . '/init.php'; require_once LIBWWWDIR . '/common.php'; require_once LIBWWWDIR . '/print.php'; require_once LIBWWWDIR . '/auth.php'; setup_database_connection(); if (!logged_in() && isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { do_login_native($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); $userdata['roles'] = get_user_roles($userdata['userid']); } if (!checkrole('full_event_reader')) { error("User role full_event_reader required."); } define('IS_JURY', true); define('IS_PUBLIC', false); $cdatas = getCurContests(TRUE); $cids = array_keys($cdatas);