[Summary view] [Print] [Text view]

   1  <?php
   2  /********************************************************************************
   3  * phpComasy, Content Management System                                            *
   4  * http://www.phpcomasy.org                                                      *
   5  *                                                                               *
   6  * Copyright (c) 2005 Emanuel Zuber (www.noreality.ch)                           *
   7  *                                                                               *
   8  * Released under the GNU General Public License                                 *
   9  ********************************************************************************/
  10  
  11  /* Includes */
  12  require_once("config.php");
  13  require_once ("classes/class.mysql.php");
  14  
  15  class security {
  16      var $data; // data from POST and GET
  17      var $web; // object of the previous class (web)
  18      
  19      // constructor
  20  	function security(&$data, &$web) {
  21          $this->data = $data;
  22          $this->web = &$web;
  23      }
  24      
  25  	function login($username, $password) {
  26          $db = new mysql();
  27          $db_result = $db->query("SELECT * FROM user WHERE username = '".$username."';");
  28          // if user exists
  29          if (mysql_num_rows($db_result) > 0) {
  30              $db_result_fetch = mysql_fetch_assoc($db_result);
  31              // check passwort
  32              if (sha1($password) == $db_result_fetch['password']) {
  33                  $_SESSION['user_id'] = $db_result_fetch['user_id'];
  34                  $_SESSION['user_firstname'] = $db_result_fetch['firstname'];
  35                  $_SESSION['user_lastname'] = $db_result_fetch['lastname'];
  36                  $_SESSION['user_username'] = $db_result_fetch['username'];
  37                  $_SESSION['user_email'] = $db_result_fetch['email'];
  38                  $_SESSION['user_language'] = $db_result_fetch['language'];
  39                  $_SESSION['user_role'] = $db_result_fetch['role'];
  40                  $this->web->tools->make_log_entry("User '".$_SESSION['user_username']."' was logged in.");
  41                  return 1;
  42              }
  43              else {
  44                  $this->web->tools->make_log_entry("User '".$username."' tried to log in.", "WARNING");
  45                  return 0;
  46              }
  47          }
  48          else {
  49              $this->web->tools->make_log_entry("User '".$username."' tried to log in.", "WARNING");
  50              return 0;
  51          }
  52      }
  53  
  54  	function login_action() {
  55          if (!$this->login($this->data['username'], $this->data['password'])) {
  56              $this->web->message->send_message(_MESSAGE_WRONG_LOGIN, $this->data['goto']);
  57          }
  58          else {
  59              $this->web->message->send_message(_MESSAGE_SUCCESSFULL_LOGIN, $this->data['goto']);
  60          }
  61      }
  62      
  63  	function logout() {
  64          $this->web->tools->make_log_entry("User '".$_SESSION['user_username']."' was logged out.");
  65  
  66          $_SESSION['user_id'] = '';
  67          $_SESSION['user_firstname'] = '';
  68          $_SESSION['user_lastname'] = '';
  69          $_SESSION['user_username'] = '';
  70          $_SESSION['user_email'] = '';
  71          $_SESSION['user_language'] = '';
  72          $_SESSION['user_role'] = '';
  73          session_destroy();
  74          $this->web->message->send_message(_MESSAGE_SUCCESSFULL_LOGOUT);
  75      }
  76  
  77  	function check_security() {
  78          if (($_SESSION['user_id'] != '') && ($_SESSION['user_username'] != '') && ($_SESSION['user_role'] == 'admin')) {
  79              return 1;
  80          }
  81          else {
  82              return 0;
  83          }
  84      }
  85      
  86  	function get_login_form($goto = 0, $portlet = 0) {
  87          if (($this->check_security() == 1) || ($_SESSION['user_role'] == 'member')) {
  88          } else {
  89              if ($portlet == 0) { $echo = _PLEASE_LOGIN; }
  90              else { $echo = '<h1>'._LOGIN.'</h1>'; }
  91  
  92              if ($goto == 0) {
  93                  $echo .= '<form action="index.php?action=login" method="post">';
  94              }
  95              else {
  96                  $echo .= '<form action="index.php?action=login&amp;goto='.$goto.'" method="post">';
  97              }
  98          
  99              $echo .= $this->web->form->input_field(_USERNAME, "text", "username", "", 20, $this->data['username']);
 100              $echo .= $this->web->form->input_field(_PASSWORD, "password", "password", "", 20, $this->data['password']);
 101              $echo .= $this->web->form->submit_button(_LOGIN);
 102              $echo .= $this->web->form->form_end();
 103              
 104              if ($this->web->settings->get_settings('member_allow_registration') == "true") {
 105                  $echo .= '<a href="'.$this->web->settings->get_settings('global_standard_filename').'?action=form_register">'._NOT_REGISTERED.'</a><br />';
 106              }
 107              $echo .= '<a href="'.$this->web->settings->get_settings('global_standard_filename').'?action=form_lost_password">'._LOST_PASSWORD.'</a><br />';
 108  
 109              
 110              return $echo;
 111          }
 112      }
 113  
 114  	function form_login() {
 115          $this->web->title = _LOGIN;
 116          $this->web->introduction = "";
 117          $this->web->content = $this->get_login_form();
 118      }
 119      
 120  }
 121  ?>