From afc703b0aff8495c0e0c77b80de8dbd9c94db558 Mon Sep 17 00:00:00 2001 From: Michael Joseph Date: Fri, 20 Dec 2002 11:32:21 +0000 Subject: [PATCH] initial revisions of new authentication and controller implementation --- control.php | 46 ++++++++++++++++++++++++++++++++++++++++++++++ lib/Authenticator.inc | 115 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ lib/control.inc | 44 ++++++++++++++++++++++++++++++++++++++++++++ login.php | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 275 insertions(+), 0 deletions(-) create mode 100644 control.php create mode 100644 lib/Authenticator.inc create mode 100644 lib/control.inc create mode 100644 login.php diff --git a/control.php b/control.php new file mode 100644 index 0000000..251a7ea --- /dev/null +++ b/control.php @@ -0,0 +1,46 @@ +siteMap->getPage($action, getUserClass($userID)) + +if (isset($page)) { + redirect($page); +} else { + // TODO: build no permission page + print "you do not have access to view this page! please go away, and come back when you do."; +} + +?> diff --git a/lib/Authenticator.inc b/lib/Authenticator.inc new file mode 100644 index 0000000..3f118be --- /dev/null +++ b/lib/Authenticator.inc @@ -0,0 +1,115 @@ +owl_users_table where username = '$username' and password = '" . md5($password) . "'"; + $sql->query($query); + //$sql->query("select * from $default->owl_users_table where username = '$username' and password = '" . md5($password) . "'"); + $numrows = $sql->num_rows($sql); + // Bozz Begin added Password Encryption above, but for now + // I will allow admin to use non crypted password until he + // upgrades all users + if ($numrows == "1") { + while($sql->next_record()) { + if ( $sql->f("disabled") == 1 ) { + $userDetails["status"] = 2; + } else { + $userDetails["status"] = 1; + $userDetails["userName"] = $sql->f("username"); + $userDetails["userID"] = $sql->f("id"); + $userDetails["groupID"] = $sql->f("groupid"); + $maxsessions = $sql->f("maxsessions") + 1; + } + } + // Remove this else in a future version + } elseif ($username == "admin") { + // username admin check password + $sql->query("select * from $default->owl_users_table where username = '$username' and password = '$password'"); + $numrows = $sql->num_rows($sql); + if ($numrows == "1") { + while($sql->next_record()) { + $userDetails["status"] = 1; + $userDetails["userName"] = $sql->f("username"); + $userDetails["userID"] = $sql->f("id"); + $userDetails["groupID"] = $sql->f("groupid"); + $maxsessions = $sql->f("maxsessions") + 1; + } + } + // login failure + } else { + $userDetails["status"] = 0; + } + + if (isset($userDetails["userID"]) && ($userDetails["status"] != 0)) { + // remove stale sessions from the database for the user + // that is signing on. + Owl_Session::removeStaleSessions($userDetails["userID"]); + + // Check if Maxsessions has been reached + $sql = new Owl_DB; + $sql->query("select * from $default->owl_sessions_table where uid = '".$userDetails["userID"]."'"); + if ($sql->num_rows($sql) >= $maxsessions && $userDetails["status"] != 0) { + if ( $userDetails["groupID"] == 0) { + // ignore maxsessions check for admin group + $userDetails["status"] = 1; + } else { + // return too many sessions status code + $userDetails["status"] = 3; + } + } + } + return $userDetails; + } + + /** + * Logs the user out of the application + * + * @param userID + * the ID of user logging out + * @param sessionID + * the user's sessionID + */ + function logout($userID, $sessionID) { + // remove session from db + Owl_Session::remove($sessionID) + } + + +} + +/** + * Perform authentication tasks against the database. + */ +class DBAuthenticator extends Authenticator { +} + +/** + * Perform authentication tasks against LDAP compliant directory server. + */ +class LDAPAuthenticator extends Authenticator { +} + +?> diff --git a/lib/control.inc b/lib/control.inc new file mode 100644 index 0000000..7edfeed --- /dev/null +++ b/lib/control.inc @@ -0,0 +1,44 @@ +owl_root_url . "/"; + // if we have a session + if (isset($uid->sessdata["sessid"])) { + // check url for parameters and add sessid accordingly + if (strstr($url, "?")) { + $url = $url . "&sess=". $uid->sessdata["sessid"]; + } else { + $url = $url . "?sess=". $uid->sessdata["sessid"]; + } + } + header("Location: $url"); +} + +/** + * Redirects to login if no session is present + */ +function checkSession($sessionID) { + $sessionStatus = Owl_Session::verify($sessionID); + switch ($sessionStatus["status"]) { + + } +} + diff --git a/login.php b/login.php new file mode 100644 index 0000000..1f1b400 --- /dev/null +++ b/login.php @@ -0,0 +1,70 @@ +"); + print("
$lang_engine
$lang_version: $default->version
"); + print "
"; + + if (isset($fileid)) { + print ""; + print ""; + } + + print ""; + print "
$lang_username:
$lang_password:
"; + print "\n"; + print "\n"; + print "

"; + include("./lib/footer.inc"); + +} elseif ($loginAction == "login") { + + // check the requirements + if (checkrequirements() == 1) { + // TODO: appropriate error message + exit; + } else { + // if requirements are met and we have a username and password to authenticate + if( isset($fUserName) && isset($fPassword) ) { + // verifies the login and password of the user + $userDetails = Authenticator::login($fUserName, $fUserName) + + switch ($userDetails["status"]) { + // successfully authenticated + case 1: + $sessionID = Owl_Session::create($userDetails["userID"]); + // check query string and forward to requested page + // else forward to dashboard (config defined page/action) + break; + // login disabled + case 2: + redirect("control.php?action=loginForm&loginFailureMessage="); + break; + // too many sessions + case 3 : + redirect("control.php?action=loginForm&loginFailureMessage="); + break; + default : + redirect("control.php?action=loginForm&loginFailureMessage="); + } + } else { + // didn't receive any login parameters, so redirect login form + $url = "control.php?action=loginForm"; + redirect($url); + } + } +} +?> + + -- libgit2 0.21.4