File: login.php

package info (click to toggle)
cacti 0.6.7-2.2
  • links: PTS
  • area: main
  • in suites: woody
  • size: 1,000 kB
  • ctags: 1,120
  • sloc: php: 5,059; sql: 922; sh: 302; perl: 81; makefile: 56
file content (135 lines) | stat: -rw-r--r-- 4,863 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
 
<?/* 
+-------------------------------------------------------------------------+
| raXnet Authentication Scripts                                           |
+-------------------------------------------------------------------------+
| This code is currently maintained and debugged by Ian Berry, any        |
| questions or comments regarding this code should be directed to:        |
| - iberry@raxnet.net                                                     |
+-------------------------------------------------------------------------+
| - raXnet - http://www.raxnet.net/                                       |
+-------------------------------------------------------------------------+
*/?>
<? 	$current_path = dirname(__FILE__);
	include ("$current_path/config.php");
	include_once ("$current_path/common.php");
	
 	if ($action=="login"){
		include_once (dirname(__FILE__) . "/database.php");
		
		$res_id_user = mysql_query("select * from auth_users where username=\"$username\" and password = PASSWORD(\"$password\")",$cnn_id);
		$rows_user = mysql_num_rows($res_id_user);
		$ip = trim(getenv("REMOTE_ADDR"));
		
		if ($rows_user == 0){
			$badpassword = true;
		}
		
		if ($badpassword != true) {
			/* do hostnmame matching */
			$res_id_host = mysql_query("select hostname,type from auth_hosts where userid=" . mysql_result($res_id_user, 0, "id") . " order by type",$cnn_id);
			$rows_host = mysql_num_rows($res_id_host); $i_host = 0;
			
			while ($i_host < $rows_host) {
				switch (mysql_result($res_id_host, $i_host, "type")) {
					case "1":
						if ($done != true) {
							if (mysql_result($res_id_host, $i_host, "hostname") == $ip) {
								$deny = true; $done = true;
							}
						}
						
						break;
					case "2":
						if ($done != true) {
							if (mysql_result($res_id_host, $i_host, "hostname") == $ip) {
								$deny = false; $done = true;
							}else{
								$deny = true;
							}
						}
						
						break;
				}
				$i_host++;
			}
			
			/* if the user is denied because of a hostname; log it and exit */
			if ($deny==true) {
				$res_id = mysql_query("insert into auth_log (username,success,ip) values(\"$username\",2,\"$ip\")",$cnn_id);
				include_once ("$current_path/noauth.php");
				exit;
			}
		}
		
		if ($badpassword != true){
			$ref = getenv("HTTP_REFERER"); 
			$user_id = mysql_result($res_id_user, 0, "id");
			mysql_query("insert into auth_log (username,success,ip) values(\"$username\",1,\"$ip\")",$cnn_id);
			header ("Set-Cookie: $conf_cookiename=$user_id; path=/;");
			
			if (mysql_result($res_id_user, 0, "mustchangepassword") == "on") {
				/* set this cookie to force a password change */
				header ("Set-Cookie: changepassword=1; path=/;");
			}
			
			/* ok, at the point the user has been sucessfully authenticated; so we must
			decide what to do next */
			switch (mysql_result($res_id_user, 0, "loginopts")) {
				case '1': /* referer */
					header("Location: $ref"); break;
				case '2': /* default console page */
					header("Location: index.php"); break;
				case '3': /* default graph page */
					header("Location: graph_view.php?action=tree"); break;
			}
			
			exit;
		}
	} ?>
<html>
<head>
	<title>Login to <?print $conf_realm_name;?></title>
	<link href="<?print "$conf_web_path/..";?>/css/main.css" rel="stylesheet">
</head>
<body>
<? /* apparently IIS 5/4 have a bug (Q176113) where setting a cookie and calling the header via
'Location' does not work. This seems to fix the bug for me at least... */ ?>
<form method="post" action="<?print $HTTP_SERVER_VARS["SCRIPT_NAME"];?>">
<table align="center">
	<tr>
		<td colspan="2"><img src="<?print "$conf_web_path/..";?>/images/login.gif" border="0" alt=""></td>
	</tr>
	<?if ($badpassword==true){
	$res_id = mysql_query("insert into auth_log (username,success,attemptedpass,ip) values(\"$username\",0,\"$password\",\"$ip\")",$cnn_id);?>
	<tr height="10"></tr>
	<tr>
		<td colspan="2"><font color="#FF0000"><strong>Invalid User Name/Password Please Retype:</strong></font></td>
	</tr><?}?>
	<tr height="10"></tr>
	<tr>
		<td colspan="2">Please enter your <?print $conf_realm_name;?> user name and password below:</td>
	</tr>
	<tr height="10"></tr>
	<tr>
		<td>User Name:</td>
		<td>
		<?if ($conf_drop_down_user_list==true){?>
		<select name="username">
		<? CreateList($cnn_id,"select username from auth_users","username","username", ""); ?>
		</select>
		<?}else{?>
		<input type="text" name="username" size="40"><?}?></td>
	</tr>
	<tr>
		<td>Password:</td>
		<td><input type="password" name="password" size="40"></td>
	</tr>
	<tr height="10"></tr>
	<tr>
		<td><input type="submit" value="Login"></td>
	</tr>
</table>
<input type="hidden" name="action" value="login">
</form>
</body>
</html>