File: authenticate.php

package info (click to toggle)
docbookwiki 0.9.1cvs-8
  • links: PTS
  • area: non-free
  • in suites: lenny
  • size: 17,572 kB
  • ctags: 4,443
  • sloc: xml: 28,920; php: 12,012; perl: 2,274; sh: 1,900; makefile: 81; sql: 10
file content (95 lines) | stat: -rw-r--r-- 2,574 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<?php
  /*
   This file is part of DocBookWiki.  DocBookWiki is a web application
   that displays and edits DocBook documents.

   Copyright (C) 2004, 2005, 2006, 2007
   Dashamir Hoxha, dashohoxha@users.sourceforge.net

   DocBookWiki is free software; you can redistribute it and/or modify
   it under the  terms of the GNU General  Public License as published
   by the Free  Software Foundation; either version 2  of the License,
   or (at your option) any later version.

   DocBookWiki is distributed in the  hope that it will be useful, but
   WITHOUT  ANY  WARRANTY;  without   even  the  implied  warranty  of
   MERCHANTABILITY or  FITNESS FOR A PARTICULAR PURPOSE.   See the GNU
   General Public License for more details.

   You should have  received a copy of the  GNU General Public License
   along  with  DocBookWiki;  if  not,  write  to  the  Free  Software
   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
   USA
  */

include_once 'global.php';

/** 
 * Checks if the given username and password are valid.
 * Returns true or false.
 */
function valid_user()
{
  $username = $_SERVER["PHP_AUTH_USER"];
  $password = $_SERVER["PHP_AUTH_PW"];

  if ($username=='superuser')
    {
      $crypted_passwd = shell_exec('cat .su/passwd');
      $crypted_passwd = trim($crypted_passwd);
    }
  else
    {
      //get the user data
      $get_user = "templates/scripts/users/get_user.sh";
      $record = shell_exec("$get_user $username");
      $fields = explode(':', $record);
      if ($fields[0]!=$username)  return false;
      $crypted_passwd = $fields[1];
      $email = $fields[3];
    }

  $valid = ($crypted_passwd == crypt($password, $crypted_passwd));
  if (!$valid) return false;

  if ($username=='superuser')
    {
      define('SU', 'true');
      define('USER', 'su');
      define('EMAIL', ADMIN_EMAIL);
    }
  else
    {
      define('SU', 'false');
      define('USER', $username);
      define('EMAIL', $email);
    }

  return true;
}

function authenticate()
{
  header("WWW-Authenticate: Basic realm=\"DocBook Editor\"");
  header("HTTP/1.0 401 Unauthorized");
  $host = $_SERVER['HTTP_HOST'];
  $file = $_SERVER['SCRIPT_NAME'];
  $url = 'http://'.$host.dirname($file).'/';
  print "
<html>
<head>
  <title>Unauthorized</title>
  <meta http-equiv='refresh' content='2;url=$url'>
</head>
<body>
<h1>Sorry, you cannot access this page.</h1>
</body>
";

  exit;
}

//authenticate if the user is unknown or not valid
if (!isset($_SERVER['PHP_AUTH_USER']))  authenticate();
 else if (!valid_user())  authenticate();
?>