Пример #1
0
    <?
    $userId = $_SESSION['user'];
    if (!check_rights("2")) {
        print_lack_of_privledge_warning();
    }
}
?>
<h2>User Management</h2> <p> Adding/Modifying and deleting users ... </p>

<form action="<? print $PHP_SELF; ?>" method="post">

<?
$sessionToken = $_SESSION["token"];

if (($action == 1) && ($sessionToken == $formToken)) {
    add_update_user($username, $md5, $password, $firstname, $lastname, $email, $totalGroup, $randomPass);
    $sessionToken  = $sessionToken + 1;
    $_SESSION["token"] = $sessionToken;

}
elseif (($action == 2) && ($sessionToken == $formToken)){
    inactivate_user ($username);
    $sessionToken  = $sessionToken + 1;
    $_SESSION["token"] = $sessionToken;

}

?>

<fieldset>
<legend>Current Users </legend>
Пример #2
0
function verify() {

    if (isset($_SESSION['user'])) {

        // Return: Already logged in
        return true;

    }

    $userName = $_POST["userName"];
    $password = $_POST["md5"];

    $userName = sanitize_input($userName,2);
    $password = sanitize_input($password,1);

    ### Disable clear text password.  Password is encrypted in the browser with javascript
    #$password = $_POST["password"];


    // Assuming we have a valid username/password, check LDAP for authentication
    if (($userName != "") && ($password != "")) {


        $ldapVerified = ldap_auth ($userName, $password);

    } else {

        // user must log in
        $text = "Please login";
        write_log_in( $text );
        exit;

    }

    // If LDAP is disabled, use database to authenticate
    if ($ldapVerified == -1) {

        // verify username/password and log in
        $query = "
            SELECT id
            FROM people
            WHERE username = '******'
            AND password = '******'
            AND status > 0";

        $result = run_query($query);
        $numMatchingUsers = count($result);

    } elseif ($ldapVerified == 0) {

         // LDAP is enabled but authentication failed -> deny login
         $numMatchingUsers = 0;

    } elseif ($ldapVerified == 1) {

        // LDAP authentication succeeded

        // Remove the domain portion of the username
        $shortUserName = get_user_sans_domain($userName);

        // Get the userid for the short form of the username after authenticating with domain
        $result = get_ldap_userid($shortUserName);
        $numMatchingUsers = count($result);

    } else {

        $msg = "Unable to authenticate: Unknown return code from ldap_auth: ($ldapVerified)";
        log_entry ($msg);
        die ($msg);

    }

    if ( ($numMatchingUsers == 0) and ($ldapVerified == 1) ) {

        // New user exists in LDAP.  Create entry for new user.

        $msg = "Creating new user entry for $userName after authenticating with LDAP.";
        log_entry($msg);

        // Remove the domain portion of the username
        $shortUserName = get_user_sans_domain($userName);
        // add_update_user($username, $md5, $password, $firstname, $lastname, $email, $totalGroup, $randomPass);
        add_update_user($shortUserName, "LDAP", "LDAP", $shortUserName, null,null, "users", null);

        $result = get_ldap_userid($shortUserName);
        $numMatchingUsers = count($result);


    }

    if ($numMatchingUsers > 0) {

        // Make sure we don't have more than one matching user (should be impossible)
        if ($numMatchingUsers > 1) {
            $msg = "Error: Multiple users with the same username: $userName";
            log_entry ($msg);
            die ($msg);
        }

        $user = implode ("", $result);

        // register session variables and log the login
        $_SESSION['user'] = $user;
        $_SESSION['username'] = $userName;

        log_session ("login");

        $cmd = "UPDATE people SET last_login = now() WHERE id = $user";


        // Get the user's rights and save them in a session var
        $query = "
            SELECT rights.Actionid
            FROM  people_groups, rights
            WHERE people_groups.userid = '$user'
            AND   people_groups.groupid = rights.Usergroupid";

        $actionId = run_query($query);
        $_SESSION['rights'] = $actionId;

        run_sql_cmd($cmd);

        // Return: successful login
        return true;

    } elseif (
                ($numMatchingUsers == 0)
                and ( ($ldapVerified == 0) or ($ldapVerified == -1) )
             ) {

        // bad user and password

        $_SESSION['badlogin'] = $userName;
        log_session ("badlogin");

        $text = "Invalid username and/or password";
        write_log_in( $text );
        exit;

    } else {

        // This should never happen.
        debug_msg ("Unanticipated condition: numMatchingUsers=($numMatchingUsers) and ldapVerified=($ldapVerified)");

        $msg = "Error: Unrecoverable condition during login for user ($userName)";
        log_entry ($msg);
        die ($msg);

    }

} // end verify function