Пример #1
0
/*
   +----------------------------------------------------------------------+
   | PEAR Web site version 1.0                                            |
   +----------------------------------------------------------------------+
   | Copyright (c) 2001-2005 The PHP Group                                |
   +----------------------------------------------------------------------+
   | This source file is subject to version 2.02 of the PHP license,      |
   | that is bundled with this package in the file LICENSE, and is        |
   | available at through the world-wide-web at                           |
   | http://www.php.net/license/2_02.txt.                                 |
   | If you did not receive a copy of the PHP license and are unable to   |
   | obtain it through the world-wide-web, please send a note to          |
   | license@php.net so we can mail you a copy immediately.               |
   +----------------------------------------------------------------------+
   | Authors:                                                             |
   +----------------------------------------------------------------------+
   $Id$
*/
date_default_timezone_set('UTC');
require_once 'pear-config.php';
require_once 'PEAR.php';
include_once 'pear-format-html.php';
include_once 'pear-auth.php';
require_once 'Validate.php';
if (!empty($_GET['logout']) && $_GET['logout'] === '1') {
    auth_logout();
}
if (!empty($_COOKIE['PEAR_USER']) && !auth_verify($_COOKIE['PEAR_USER'], $_COOKIE['PEAR_PW'])) {
    auth_kill_cookies();
    auth_reject(null, 'Invalid username or password');
}
Пример #2
0
function auth_require()
{
    global $auth_user;
    $res = true;
    $user = @$_COOKIE['PEAR_USER'];
    $passwd = @$_COOKIE['PEAR_PW'];
    if (!auth_verify($user, $passwd)) {
        auth_reject();
        // exits
    }
    $num = func_num_args();
    for ($i = 0; $i < $num; $i++) {
        $arg = func_get_arg($i);
        $res = auth_check($arg);
        if ($res === true) {
            return true;
        }
    }
    if ($res === false) {
        response_header("Insufficient Privileges");
        report_error("Insufficient Privileges");
        response_footer();
        exit;
    }
    return true;
}
Пример #3
0
 * To figure out cookies are REALLY off, check to see if the person came
 * from within the PEAR website or just submitted the login form.
 */
if (!isset($_COOKIE[session_name()]) && (strpos(@$_SERVER['HTTP_REFERER'], @$_GET['redirect']) !== false || isset($_POST['PEAR_USER']) && isset($_POST['PEAR_PW']))) {
    //    auth_reject(PEAR_AUTH_REALM, 'Cookies must be enabled to log in.');
}
/*
 * If they're already logged in, say so.
 */
if (!empty($auth_user)) {
    response_header('Login');
    echo '<div class="warnings">You are already logged in.</div>';
    response_footer();
    exit;
}
if (isset($_POST['PEAR_USER'], $_POST['PEAR_PW']) && auth_verify(@$_POST['PEAR_USER'], @$_POST['PEAR_PW'])) {
    if (!empty($_POST['PEAR_PERSIST'])) {
        setcookie('REMEMBER_ME', 1, 2147483647, '/');
        setcookie(session_name(), session_id(), 2147483647, '/');
    } else {
        $expire = 0;
        setcookie('REMEMBER_ME', 0, 2147483647, '/');
        setcookie(session_name(), session_id(), null, '/');
    }
    $_SESSION['PEAR_USER'] = $_POST['PEAR_USER'];
    /*
     * Update users lastlogin
     */
    $query = 'UPDATE users SET lastlogin = NOW() WHERE handle = ?';
    $dbh->query($query, array($_POST['PEAR_USER']));
    /*
Пример #4
0
// If they're already logged in, say so.
if (isset($auth_user) && $auth_user) {
    response_header('Login');
    echo '<div class="warnings">You are already logged in.</div>';
    response_footer();
    exit;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    if (empty($_POST['PEAR_USER']) || empty($_POST['PEAR_PW'])) {
        auth_reject(PEAR_AUTH_REALM, 'You must provide a username and a password.');
    }
} else {
    auth_reject(PEAR_AUTH_REALM, '');
}
$password = !empty($_POST['isMD5']) ? $_POST['PEAR_PW'] : md5($_POST['PEAR_PW']);
if (auth_verify($_POST['PEAR_USER'], $password)) {
    $expire = !empty($_POST['PEAR_PERSIST']) ? 2147483647 : 0;
    setcookie('PEAR_USER', $_POST['PEAR_USER'], $expire, '/');
    setcookie('PEAR_PW', $password, $expire, '/');
    // mark user as active if they were inactive
    $dbh->query('UPDATE users SET active = 1 WHERE handle = ?', array($_POST['PEAR_USER']));
    // Determine URL
    if (isset($_POST['PEAR_OLDURL']) && basename($_POST['PEAR_OLDURL']) != 'login.php' && !preg_match('|://|', $_POST['PEAR_OLDURL'])) {
        localRedirect($_POST['PEAR_OLDURL']);
    } else {
        localRedirect('/index.php');
    }
    exit;
}
$msg = '';
if (isset($_POST['PEAR_USER']) || isset($_POST['PEAR_PW'])) {