[Summary view] [Print] [Text view]

   1  <?
   2  /* This file is part of JFFNMS
   3   * Copyright (C) <2002-2005> Javier Szyszlican <javier@szysz.com>
   4   * This program is licensed under the GNU GPL, full terms in the LICENSE file
   5   */
   6      $no_db=0;
   7      $auth_configuration_file = "config.php";
   8      $auth_dirs = array("../conf","../../../conf","../../conf");
   9  
  10      foreach ($auth_dirs as $auth_dir) {
  11          if (file_exists($auth_dir."/".$auth_configuration_file)) { 
  12              include($auth_dir."/".$auth_configuration_file); 
  13              break;
  14          } 
  15      }
  16      
  17      unset($auth_configuration_file);
  18      unset($auth_dirs);
  19      unset($authenticated);
  20      
  21      $client_pages = array( //pages the customer is allowed to see
  22              $jffnms_rel_path."/admin/calendar.php",
  23          $jffnms_rel_path."/view_performance.php",
  24          $jffnms_rel_path."/admin/reports/state_report.php"
  25          );
  26  
  27      switch ($jffnms_auth_method) {
  28          case "http":
  29          list ($authenticated, $auth_type, $auth_data) = $jffnms->authenticate ($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"],false);
  30      
  31          if(is_array($auth_data))
  32              extract($auth_data);
  33  
  34          if ($authenticated != 1 || ($HTTP_GET_VARS["logout"] == 1 && $HTTP_GET_VARS["OldAuth"] == $_SERVER["PHP_AUTH_USER"])) 
  35              http_authenticate();
  36          
  37          break;
  38  
  39          case "login":
  40          ini_set("session.save_handler", "files");
  41          session_name("jffnms");
  42          session_start();    
  43  
  44          if (isset($_REQUEST["logout"]) && ($_REQUEST["logout"]==1)) {
  45              session_destroy();
  46              session_start();
  47          }
  48  
  49          if (($jffnms_version=="0.0.0") && ($_SERVER["REMOTE_ADDR"]=="128.30.52.13")) { //W3C Validator
  50              $_REQUEST["user"]="admin";
  51              $_REQUEST["pass"]="admin";
  52          }
  53          
  54          if (!isset($_SESSION["authentification"]))
  55              $authentification = $jffnms->authenticate ($_REQUEST["user"],$_REQUEST["pass"],true,"from ".$_SERVER["REMOTE_ADDR"]);
  56  
  57          list ($authenticated, $auth_type, $auth_data) = $authentification;
  58      
  59          if(is_array($auth_data))
  60              extract($auth_data);
  61  
  62          if ($authenticated!=1) {
  63              if (!empty($_REQUEST["pass"]))
  64              $error = "Invalid Username or Password";
  65              else
  66              $error = "&nbsp;";
  67              
  68              include  ("login.php");
  69              die();
  70          } else 
  71              if (!isset($_SESSION["authentification"]))
  72              $_SESSION["authentification"]=$authentification;
  73  
  74          unset ($authentification);
  75          session_write_close();
  76          break;
  77          
  78          default:
  79          die("Bad Authentication Method.");
  80      }
  81      
  82      unset($authenticated);
  83              
  84      if ($auth_type==2) { //its a customer
  85          $GLOBALS["client_id"] = $auth_user_id; //overwrite the client_id to only show this customer data (the pages have to enforce it)
  86  
  87          if (!in_array($_SERVER['SCRIPT_NAME'], $client_pages)) {
  88              $url_limit = $jffnms_rel_path."/view_performance.php";
  89              Header("Location: $url_limit");
  90              die();
  91          }
  92      }
  93  
  94      unset($auth_type);
  95      unset($client_pages);
  96      unset($auth_data);
  97  
  98      if (!isset($clean_url_add_vara)) {
  99          $clean_url_add_vars = Array();
 100      }
 101  
 102      if (!isset($clean_url_del_vars)) {
 103          $clean_url_del_vars = Array();
 104      }
 105      
 106      clean_url($clean_url_add_vars, $clean_url_del_vars);
 107  ?>