function Authenticate($username, $password) { $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); if ((AuthenticateUnixUser($username, $password)) && (!$GLOBALS['ispublic'])) { $sqlstring = "insert into remote_logins (username, ip, login_date, login_result) values ('$username', '" . $_SERVER['REMOTE_ADDR'] . "', now(), 'success')"; $result = mysql_query($sqlstring) or die("Query failed: " . mysql_error() . "<br><i>$sqlstring</i><br>"); return true; } else { //echo "Not a UNIX account, trying standard account"; if (AuthenticateStandardUser($username, $password)) { $sqlstring = "insert into remote_logins (username, ip, login_date, login_result) values ('$username', '" . $_SERVER['REMOTE_ADDR'] . "', now(), 'success')"; $result = mysql_query($sqlstring) or die("Query failed: " . mysql_error() . "<br><i>$sqlstring</i><br>"); return true; } else { $sqlstring = "insert into remote_logins (username, ip, login_date, login_result) values ('$username', '" . $_SERVER['REMOTE_ADDR'] . "', now(), 'failure')"; $result = mysql_query($sqlstring) or die("Query failed: " . mysql_error() . "<br><i>$sqlstring</i><br>"); return false; } } }
function CheckLogin($username, $password) { $validlogin = false; //if ($GLOBALS['cfg']['enablecas']){ // Debug(__FILE__, __LINE__,"Checking against CAS server"); // echo "Using CAS authentication<br>"; // $username = AuthenticateCASUser(); // exit(0); // if ($username != "") { // $validlogin = true; // } //} //else { if (AuthenticateUnixUser($username, $password) && !$GLOBALS['ispublic']) { Debug(__FILE__, __LINE__, "This is a Unix user account"); $validlogin = true; } else { Debug(__FILE__, __LINE__, "Not a unix user account"); if (AuthenticateStandardUser($username, $password)) { $validlogin = true; } else { return false; } } //} if ($validlogin) { DoLogin($username); return true; } }
function DoLogin($username, $password) { if ((AuthenticateUnixUser($username, $password)) && (!$GLOBALS['ispublic'])) { Debug(__FILE__, __LINE__,"This is a Unix user account"); /* check if they are an admin */ $sqlstring = "select user_isadmin from users where username = '******'"; $result = MySQLQuery($sqlstring, __FILE__, __LINE__); $row = mysql_fetch_array($result, MYSQL_ASSOC); if ($row['user_isadmin'] == '1') $isadmin = true; else $isadmin = false; if (mysql_num_rows($result) > 0) { $sqlstring = "update users set user_lastlogin = now() where username = '******'"; $result = MySQLQuery($sqlstring, __FILE__, __LINE__); $sqlstring = "update users set user_logincount = user_logincount + 1 where username = '******'"; $result = MySQLQuery($sqlstring, __FILE__, __LINE__); } else { $sqlstring = "insert into users (username, login_type, user_lastlogin, user_logincount, user_enabled) values ('$username', 'NIS', now(), 1, 1)"; $result = MySQLQuery($sqlstring, __FILE__, __LINE__); } $_SESSION['username'] = $username; $_SESSION['validlogin'] = "******"; if ($isadmin) $_SESSION['isadmin'] = "true"; else $_SESSION['isadmin'] = "false"; $sqlstring = "select instance_id from user_instance where user_id = (select user_id from users where username = '******')"; $result = MySQLQuery($sqlstring, __FILE__, __LINE__); $row = mysql_fetch_array($result, MYSQL_ASSOC); $instanceid = $row['instance_id']; //echo "[$sqlstring] - [$instanceid]<br>"; if ($instanceid == '') { $sqlstring = "insert into user_instance (user_id, instance_id) values ((select user_id from users where username = '******'),(select instance_id from instance where instance_default = 1))"; $result = MySQLQuery($sqlstring, __FILE__, __LINE__); $sqlstring = "select instance_id from instance where instance_default = 1"; $result = MySQLQuery($sqlstring, __FILE__, __LINE__); $row = mysql_fetch_array($result, MYSQL_ASSOC); $instanceid = $row['instance_id']; } $sqlstring = "select instance_name from instance where instance_id = $instanceid"; $result = MySQLQuery($sqlstring,__FILE__,__LINE__); $row = mysql_fetch_array($result, MYSQL_ASSOC); $instancename = $row['instance_name']; Debug(__FILE__, __LINE__,"[$sqlstring] - [$instancename]"); $_SESSION['instanceid'] = $instanceid; $_SESSION['instancename'] = $instancename; //exit(0); return true; } else { Debug(__FILE__, __LINE__,"Not a unix user account"); if (AuthenticateStandardUser($username, $password)) { /* check if they are an admin */ $sqlstring = "select user_isadmin from users where username = '******'"; $result = MySQLQuery($sqlstring, __FILE__, __LINE__); $row = mysql_fetch_array($result, MYSQL_ASSOC); if ($row['user_isadmin'] == '1') $isadmin = true; else $isadmin = false; $sqlstring = "update users set user_lastlogin = now() where username = '******'"; $result = MySQLQuery($sqlstring, __FILE__, __LINE__); $sqlstring = "update users set user_logincount = user_logincount + 1 where username = '******'"; $result = MySQLQuery($sqlstring, __FILE__, __LINE__); $_SESSION['username'] = $username; $_SESSION['validlogin'] = "******"; if ($isadmin) $_SESSION['isadmin'] = "true"; else $_SESSION['isadmin'] = "false"; $sqlstring = "select instance_id from user_instance where user_id = (select user_id from users where username = '******')"; $result = MySQLQuery($sqlstring, __FILE__, __LINE__); $row = mysql_fetch_array($result, MYSQL_ASSOC); $instanceid = $row['instance_id']; //echo "[$sqlstring] - [$instanceid]<br>"; if ($instanceid == '') { $sqlstring = "insert into user_instance (user_id, instance_id) values ((select user_id from users where username = '******'),(select instance_id from instance where instance_default = 1))"; $result = MySQLQuery($sqlstring, __FILE__, __LINE__); $sqlstring = "select instance_id from instance where instance_default = 1"; $result = MySQLQuery($sqlstring, __FILE__, __LINE__); $row = mysql_fetch_array($result, MYSQL_ASSOC); $instanceid = $row['instance_id']; } $sqlstring = "select instance_name from instance where instance_id = $instanceid"; $result = MySQLQuery($sqlstring,__FILE__,__LINE__); $row = mysql_fetch_array($result, MYSQL_ASSOC); $instancename = $row['instance_name']; //echo "[$sqlstring] - [$instancename]<br>"; $_SESSION['instanceid'] = $instanceid; $_SESSION['instancename'] = $instancename; return true; } else { return false; } } }