function ChkLevel($token) { global $defined; if (empty($token)) { $level->value = -1; } else { $auth = new Encryption(); $db = new dbConn(); $val = new ValidateStrings(); $array = $auth->DecodeAuthToken($token); $data = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']); $query = "SELECT `level` FROM `auth_users` WHERE `level` = \"" . base64_decode($array[2]) . "\""; $value = $db->dbQuery($val->ValidateSQL($query, $data), $data); $array = $db->dbArrayResults($value); $level->value = $array[0]['level']; $db->dbFreeData($query); $db->dbCloseConn($data); } return $level->value; }
$ERROR = $err->GenerateErrorLink("help/help.html", "#undef", $defined['error'], $errors['undef_sql'], NULL, NULL); // valid user found } elseif ($auth->AuthUser($_POST['user'], $_POST['pass'], $_SESSION['token']) === 0) { // perform permissions check with access level and group data if ($level->ChkLevel($_SESSION['token']) === "admin") { // define some variables for the template etc. $JS = " hidediv('extras'); hidediv('perms');"; $FILE = "manage.pools.tpl"; // initialize a db connection handle $dbconn = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']); // provide count of online users $online = "SELECT * FROM `admin_sessions`"; $ret = $db->dbQuery($val->ValidateSQL($online, $dbconn), $dbconn); $usersoline = $db->dbNumRows($ret); // decode our authentication token to get our group membership $user_details = $encrypt->DecodeAuthToken($_SESSION['token']); $group = base64_decode($user_details[3]); // get an array of subnets the ISC DHCPD service may listen on $query = "SELECT `name`, `broadcast` FROM `conf_adapters` ORDER BY `broadcast` ASC"; if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === -1) { $error = $err->GenerateErrorLink("help/help.html", "#config_subnets", $defined['error'], $errors['db_select'], NULL, NULL); } else { $tmp = $db->dbArrayResultsAssoc($value); // filter for empty stuff for ($x = 0; $x < count($tmp); $x++) { if (!empty($tmp[$x]['broadcast'])) { $interface_list[$tmp[$x]['name']] = $tmp[$x]['broadcast']; } } } // Look for a GET id post to edit existing dnssec keys
function AuthUser($user, $pass, $token) { // our global config opts global $defined; // initialize classes $db = new dbConn(); $val = new ValidateStrings(); $lib = new Authenticate(); $auth = new Encryption(); $sess = new Sessions(); $misc = new MiscFunctions(); $exit = new ExitApp(); // check our authentication requirements if (empty($user) && empty($pass) && empty($token)) { return -1; } // we have an existing authentication token present if (!empty($token) && empty($user) && empty($pass)) { $array = $auth->DecodeAuthToken($token); $user = base64_decode($array[0]); $pass = base64_decode($array[1]); $time = $array[4]; $current = $misc->GenTime(); if ($lib->AuthTimeOut($defined['timeout'], $time, $current) === -1) { return -2; } } // perform validation on username and password if ($val->ValidateAlphaChar($user) === -1 || $val->ValidateParagraph($pass) === -1) { return -3; } // see if the user exists for authenticaiton $data = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']); $query = "SELECT * FROM `auth_users` WHERE `username` = \"{$user}\" AND `password` = sha1( \"{$pass}\" )"; $query = $val->ValidateSQL($query, $data); // database problem if (($value = $db->dbQuery($query, $data)) === -1) { return -5; } // check user match if ($db->dbNumRows($value) === -1 || $db->dbNumRows($value) === 0) { return -4; } else { $return = 0; } // create our authentication session token if (empty($token)) { $array = $db->dbArrayResults($value); $x = $auth->GeneratePrivateKey($defined['enckeygen']); $access_date = $misc->GenDate(); $access_time = $misc->GenTimeRead(); $query = "UPDATE `auth_users` SET `access_date` = \"" . $access_date . "\", `access_time` = \"" . $access_time . "\", `session` = \"{$x}\" WHERE `id` = \"" . $array[0]['id'] . "\""; $value = $val->ValidateSQL($query, $data); if (($value = $db->dbQuery($value, $data)) === -1) { return -5; } $x = $auth->EncodePrivToHex($x); if (($token = $auth->EncodeAuthToken($array[0]['username'], $pass, $array[0]['level'], $array[0]['group'], $misc->GenTime(), $x)) !== -1) { $sess->RegisterSession("token", $token); $return = 0; } } $db->dbFreeData($query); $db->dbCloseConn($data); return $return; }