1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
<?/*
+-------------------------------------------------------------------------+
| raXnet Authentication Scripts |
+-------------------------------------------------------------------------+
| This code is currently maintained and debugged by Ian Berry, any |
| questions or comments regarding this code should be directed to: |
| - iberry@raxnet.net |
+-------------------------------------------------------------------------+
| - raXnet - http://www.raxnet.net/ |
+-------------------------------------------------------------------------+
*/?>
<? /* NON-AUTH STUFF */
header ("Cache-Control: no-cache, must-revalidate");
header ("Pragma: no-cache");
$current_path = dirname(__FILE__);
include ("$current_path/database.php");
/* check to see if this is a new installation */
include_once ("include/version_functions.php");
if (GetCurrentVersion() != $cacti_version) {
header ("Location: install.php");
exit;
}
/* END OF NON-AUTH STUFF */
include ("$current_path/config.php");
if ($config["global_auth"]["value"] == "on") {
$user_id = $HTTP_COOKIE_VARS[$conf_cookiename];
$host = getenv("REMOTE_ADDR");
if (getenv("HTTP_REFERER") == "") {
$referer = $HTTP_REFERER;
}else{
$referer = getenv("HTTP_REFERER");
}
if ($HTTP_COOKIE_VARS["changepassword"] == "1") {
header ("Location: $conf_web_path/changepassword.php?ref=$referer");
exit;
}
if ($guest_account == true) {
/* don't even bother with the guest code if we're already logged in */
if ($user_id == "") {
$sql_id = mysql_query("select id from auth_users where username=\"" . $config["guest_user"]["value"] . "\"",$cnn_id);
/* cannot find guest user */
if (mysql_num_rows($sql_id) == 0) {
print "<strong><font size=\"+1\" color=\"FF0000\">CANNOT FIND GUEST USER: " . $config["guest_user"]["value"] . "</font></strong>";
}else{
if ($user_id == "") {
$user_id = mysql_result($sql_id, 0, "id");
}
$res_id = mysql_query("select a.sectionid, a.userid, s.id, s.section from
auth_acl a left join auth_sections s on a.sectionid=s.id where s.section=\"$section\"
and a.userid=$user_id",$cnn_id);
if (mysql_num_rows($res_id) != 0) {
$au = 1;
}
}
}
}
if ($au != 1) {
$res_id = mysql_query("select a.sectionid, a.userid, s.id, s.section from
auth_acl a left join auth_sections s on a.sectionid=s.id where s.section=\"$section\"
and a.userid=\"$user_id\"",$cnn_id);
$rows = mysql_num_rows($res_id);
/* Make sure user is logged in */
if ($user_id == ""){
include_once ("$current_path/login.php");
exit;
}
/* Make sure they are authenticated */
if ($rows!=""){
$au = 1;
}else{
$au = 0;
include_once ("$current_path/noauth.php");
exit;
}
}
/* at this point this user is good to go... so get some setting about this
user and put them into variables to save excess SQL in the future */
$sql_id_auth = mysql_query("select graphpolicy from auth_users where id=$user_id", $cnn_id);
$config["graph_policy"]["auth"] = mysql_result($sql_id_auth, 0, "graphpolicy");
}
?>
|
