Commit 879604dc authored by Leigh B. Stoller's avatar Leigh B. Stoller

Add login authentication. These pages need a serious cleansing!

parent 7b797e16
......@@ -5,35 +5,21 @@
</head>
<body>
<?php
include("defs.php3");
#
# Only known and logged in users can be verified.
#
$auth_usr = "";
if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
$auth_usr=$Vals[1];
addslashes($auth_usr);
$query = "SELECT timeout FROM login WHERE uid=\"$auth_usr\"";
$result = mysql_db_query("tbdb", $query);
$n = mysql_num_rows($result);
if ($n == 0) {
echo "<h3>You are not logged in. Please go back to the ";
echo "<a href=\"tbdb.html\" target=\"_top\"> Home Page </a> ";
echo "and log in first.</h3></body></html>";
exit;
} else {
$row = mysql_fetch_row($result);
if ($row[0] < time()) { # if their login expired
echo "<h3>You have been logged out due to inactivity.
Please log in again.</h3>\n</body></html>";
$cmnd = "DELETE FROM login WHERE uid=\"$auth_usr\"";
mysql_db_query("tbdb", $cmnd);
exit;
} else {
$timeout = time() + 86400;
$cmnd = "UPDATE login SET timeout=\"$timeout\" where uid=\"$auth_usr\"";
mysql_db_query("tbdb", $cmnd);
}
}
} else {
unset($auth_usr);
if (ereg("php3\?([[:alnum:]]+)", $REQUEST_URI, $Vals)) {
$auth_usr=$Vals[1];
addslashes($auth_usr);
}
else {
unset($auth_usr);
}
LOGGEDINORDIE($auth_usr);
echo "
<h1>Approve new users in your Project</h1>
Use this page to approve new members of your Project. Once approved,
......
......@@ -5,35 +5,21 @@
</head>
<body>
<?php
include("defs.php3");
#
# Only known and logged in users can be verified.
#
$auth_usr = "";
if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
$auth_usr=$Vals[1];
addslashes($auth_usr);
$query = "SELECT timeout FROM login WHERE uid=\"$auth_usr\"";
$result = mysql_db_query("tbdb", $query);
$n = mysql_num_rows($result);
if ($n == 0) {
echo "<h3>You are not logged in. Please go back to the ";
echo "<a href=\"tbdb.html\" target=\"_top\"> Home Page </a> ";
echo "and log in first.</h3></body></html>";
exit;
} else {
$row = mysql_fetch_row($result);
if ($row[0] < time()) { # if their login expired
echo "<h3>You have been logged out due to inactivity.
Please log in again.</h3>\n</body></html>";
$cmnd = "DELETE FROM login WHERE uid=\"$auth_usr\"";
mysql_db_query("tbdb", $cmnd);
exit;
} else {
$timeout = time() + 86400;
$cmnd = "UPDATE login SET timeout=\"$timeout\" where uid=\"$auth_usr\"";
mysql_db_query("tbdb", $cmnd);
}
}
} else {
unset($auth_usr);
if (ereg("php3\?([[:alnum:]]+)", $REQUEST_URI, $Vals)) {
$auth_usr=$Vals[1];
addslashes($auth_usr);
}
else {
unset($auth_usr);
}
LOGGEDINORDIE($auth_usr);
echo "
<h1>Approving new users...</h1>
";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment