[ PHPXref.com ] [ Generated: Sun Jul 20 18:28:41 2008 ] [ Limbo CMS 1.0.4.2 ]
[ Index ]     [ Variables ]     [ Functions ]     [ Classes ]     [ Constants ]     [ Statistics ]

title

Body

[close]

/classes/ -> class_auth.php (source)

   1  <?php
   2  defined( '_VALID_LM' ) or die( 'Direct Access to this location is not allowed.' );
   3  class Auth{
   4  
   5  var $id=false;
   6  var $gid=0;
   7  var $username='';
   8  var $name='';
   9  var $email='';
  10  //groups 1 = user , 2 = publisher  , 3 = manager , 4 = some , 5 = admin

  11  
  12  function Auth()
  13  {
  14  if(isset($_SESSION['uid']) && $_SESSION['uid']!='')
  15      {
  16      $this->id=$_SESSION['uid'];
  17      $this->initlogin();
  18      return;
  19      }
  20  //cokkie

  21  
  22  if(isset($_COOKIE['cuid']) && isset($_COOKIE['cusername']) && isset($_COOKIE['cpassword']))
  23      {
  24      global $conn,$lm_rand;
  25      $row=$conn->GetRow("SELECT * FROM #__users WHERE id=".$_COOKIE['cuid']);
  26      if($_COOKIE['cusername']==$row['username'] && $_COOKIE['cpassword']==md5($lm_rand.$row['password']) ) {
  27      $this->id=$_COOKIE['cuid'];
  28      $this->initlogin();
  29      }
  30      }
  31  }
  32  
  33  function initlogin()
  34  {
  35      global $conn,$lm_rand,$lm_website;
  36      $row=$conn->GetRow("SELECT * FROM #__users WHERE id=".$this->id);
  37      $this->gid=$row['gid'];
  38      $this->name=$row['name'];
  39      $this->username=$row['username'];
  40      $this->email=$row['email'];
  41      
  42      $etime=60*15; // fifteen minutes 

  43      if(isset($_POST['remember'])){$etime=3600*24*14;}
  44      
  45      $_SESSION['uid']=$this->id;
  46      
  47      setcookie("cuid",$this->id, time()+$etime);
  48      setcookie("cusername",$row['username'], time()+$etime);
  49      setcookie("cpassword",md5($lm_rand.$row['password']), time()+$etime);
  50  }
  51  
  52  function logout()
  53  {
  54  global $lm_website,$limbocore,$conn;
  55  setcookie("cuid","", time()-3600*24*14);
  56  setcookie("cusername","", time()-3600*24*14);
  57  setcookie("cpassword","", time()-3600*24*14);
  58  $conn->Execute("DELETE FROM #__simple_stats WHERE id>1 AND ip='".$_SERVER['REMOTE_ADDR']."'");
  59  session_destroy();
  60  $limbocore->redir($lm_website."index.php");
  61  }
  62  
  63  function login()
  64  {
  65  global $lm_website,$conn,$limbocore;
  66  $username = $_POST['username'];
  67  $password = $_POST['password'];
  68  if(!isset($username) || !isset($password) || $username=='' || $password=='' ) {
  69  echo "<script> alert('"._LOGIN_INCOMPLETE."'); window.history.go(-1); </script>\n";
  70  exit();
  71  }
  72  
  73  $rs=$conn->Execute("SELECT * FROM #__users WHERE username = '".dbencode($username)."' AND password = '".md5($password)."'");
  74  if($rs && $rs->RecordCount()>0)
  75      {
  76      $rsa=$rs->GetArray();
  77      if(!$rsa[0]['published']){
  78      echo "<script> alert('"._LOGIN_BLOCKED."'); window.history.go(-1); </script>\n";
  79      exit();
  80      }
  81      $this->id=$rsa[0]['id'];
  82      $conn->Execute("DELETE FROM #__simple_stats WHERE id>1 AND ip='".$_SERVER['REMOTE_ADDR']."'");
  83      $this->initlogin();
  84      $conn->Execute("UPDATE #__users SET lastvisitDate ='".time()."' WHERE id = ".$this->id);
  85      $limbocore->redir($lm_website."index.php");
  86      exit();
  87      }else 
  88      {
  89      echo "<script> alert('"._LOGIN_INCORRECT."'); window.history.go(-1); </script>\n";
  90      exit();
  91      }
  92  }
  93  
  94  function admin_login()
  95  {
  96  global $conn,$limbocore;
  97  $username = $_POST['login_username'];
  98  $password = $_POST['login_password'];
  99  $rs=$conn->Execute("SELECT id,name,username,published,gid FROM #__users WHERE username = '".dbencode($username)."' AND password = '".md5($password)."'");
 100  if($rs && $rs->RecordCount()>0)
 101      {
 102      $rsa=$rs->GetArray();
 103      if(!$rsa[0]['published']){
 104      echo "<script> alert('Your Login has been blocked'); window.history.go(-1); </script>\n";
 105      exit();
 106      }
 107      $this->id=$rsa[0]['id'];
 108      session_destroy();
 109      $this->initlogin();
 110      return;
 111      }else 
 112      {
 113      return;
 114      }
 115  }
 116  
 117  function isuser()
 118  {
 119  if($this->id)return true;
 120  else return false;
 121  }
 122  
 123  function isadmin()
 124  {
 125  if($this->id && $this->gid==5 ) return true;
 126  else return false;
 127  }
 128  
 129  /* a very very basic and light ACL */

 130  
 131  function isauth($action)
 132  {
 133  $level[1]='';
 134  $level[2]='=edit_content=';
 135  $level[3]='=admin_login=admin_content=admin_help='.$level[2];
 136  $level[4]='=admin_templates=admin_language=admin_menu=admin_components=admin_modules='.$level[3];
 137  $level[5]='';
 138      
 139  if($this->id ) {
 140  switch($this->gid){
 141      case 1: return false;
 142      case 2: if(strstr($level[2],$action))return true;
 143              else return false;
 144      case 3: if(strstr($level[3],$action))return true;
 145              else return false;
 146      case 4: if(strstr($level[4],$action))return true;
 147              else return false;
 148      case 5: return true;    
 149      }
 150  }
 151  else return false;
 152  }
 153  
 154  function register()
 155  {
 156  global $conn;
 157  global $reg_name,$reg_email,$reg_username,$reg_password,$time;
 158  
 159      /* check for username and email */

 160      $urow=$conn->Execute("SELECT id FROM #__users WHERE username='".dbencode($reg_username)."'");
 161      if($urow && $urow->RecordCount()>0)
 162          {
 163          echo "<script> alert('"._UNAME_INUSE."'); window.history.go(-1); </script>\n";
 164          exit();
 165          }
 166      $urow=$conn->Execute("SELECT id FROM #__users WHERE email='".dbencode($reg_email)."'");
 167      if($urow && $urow->RecordCount()>0)
 168          {
 169          echo "<script> alert('"._REGWARN_EMAIL_INUSE."'); window.history.go(-1); </script>\n";
 170          exit();
 171          }
 172      
 173  $conn->Execute("INSERT INTO #__users (name,username,email,password,registerDate) VALUES ('".dbencode($reg_name)."','".dbencode($reg_username)."','".dbencode($reg_email)."','".md5($reg_password)."','$time')" );
 174  }
 175  
 176  function update()
 177  {
 178  global $conn;
 179  global $lm_name,$lm_email,$lm_username,$lm_password;
 180  
 181      /* check for username and email */

 182      $urow=$conn->Execute("SELECT id FROM #__users WHERE username='".dbencode($lm_username)."' AND id<>".$this->id);
 183      if($urow && $urow->RecordCount()>0)
 184          {
 185          echo "<script> alert('"._UNAME_INUSE."'); window.history.go(-1); </script>\n";
 186          exit();
 187          }
 188      $urow=$conn->Execute("SELECT id FROM #__users WHERE email='".dbencode($lm_email)."' AND id<>".$this->id);
 189      if($urow && $urow->RecordCount()>0)
 190          {
 191          echo "<script> alert('"._REGWARN_EMAIL_INUSE."'); window.history.go(-1); </script>\n";
 192          exit();
 193          }
 194          
 195  $conn->Execute("UPDATE #__users SET name='".dbencode($lm_name)."',username='".dbencode($lm_username)."',email='".dbencode($lm_email)."',password='".md5($lm_password)."' WHERE id=".$this->id);
 196  }
 197  
 198  }
 199  
 200  $my = new Auth();
 201  
 202  if(!$my->id){
 203  $access_sql="AND access < 1"; //public accss

 204  }else
 205  {
 206  $access_sql="AND access < 2"; //redgistered access

 207  }
 208  ?>


[ Powered by PHPXref - Served by Debian GNU/Linux ]