Commit 8f47deed authored by Leigh Stoller's avatar Leigh Stoller

Add login authorization to the new project page.

parent c7618f81
......@@ -7,17 +7,23 @@
<?php
include("defs.php3");
$auth_usr = "";
$uid = "";
if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
$auth_usr=$Vals[1];
addslashes($auth_usr);
$uid=$Vals[1];
addslashes($uid);
} else {
unset($auth_usr);
unset($uid);
}
$row = 0;
if (isset($auth_usr)) {
$uid = addslashes($auth_usr);
#
# If a uid came in, then we check to see if the login is valid.
# If the login is not valid, then quit cause we don't want to display the
# personal information for some random ?uid argument.
#
if (isset($uid)) {
if (CHECKLOGIN($uid) != 1) {
USERERROR("You are not logged in. Please log in and try again.", 1);
}
$query_result = mysql_db_query($TBDBNAME,
"SELECT * FROM users WHERE uid=\"$uid\"");
if (! $query_result) {
......@@ -26,6 +32,12 @@ if (isset($auth_usr)) {
}
$row = mysql_fetch_array($query_result);
}
else {
#
# No uid, so must be new.
#
$row = 0;
}
$expiretime = date("m/d/Y", time() + (86400 * 90));
......@@ -168,26 +180,22 @@ echo " </td>
</tr>\n";
#
# Password
# If a new usr, then provide a second password confirmation field.
# Otherwise, a blank spot.
#
if (! $row) {
echo "<tr>
<td>*Password:</td>
<td><input type=\"password\" name=\"password1\" size=\"8\"></td>
</tr>\n";
#
# If a new usr, then provide a second password confirmation field.
# Otherwise, a blank spot.
#
if (! $row) {
echo "<tr>
<td>*Retype<br>New Password:</td>
<td>*Retype Password:</td>
<td class=\"left\">
<input type=\"password\" name=\"password2\" size=\"8\"></td>
</tr>\n";
}
#
# Project information
#
......
......@@ -64,14 +64,6 @@ if (!isset($usr_phones) ||
strcmp($usr_phones, "") == 0) {
$formerror = "Phone #";
}
#
# The first password field must always be filled in. The second only
# if a new user, and we will catch that later.
#
if (!isset($password1) ||
strcmp($password1, "") == 0) {
$formerror = "Password";
}
if ($formerror != "No Error") {
USERERROR("Missing field; ".
......@@ -105,27 +97,30 @@ if ($row = mysql_fetch_row($project_result)) {
}
#
# See if this is a new user or one returning. We have to query the database
# for the uid, and then do the password thing. For a user returning, the
# password must be valid. For a new user, the password must pass our tests.
# See if this is a new user or one returning.
#
$pswd_query = "SELECT usr_pswd FROM users WHERE uid=\"$grp_head_uid\"";
$pswd_result = mysql_db_query($TBDBNAME, $pswd_query);
if (!$pswd_result) {
$err = mysql_error();
TBERROR("Database Error retrieving password for $grp_head_uid: $err\n", 1);
TBERROR("Database Error retrieving info for $grp_head_uid: $err\n", 1);
}
if ($row = mysql_fetch_row($pswd_result)) {
$db_encoding = $row[0];
$salt = substr($db_encoding,0,2);
if ($salt[0] == $salt[1]) { $salt = $salt[0]; }
$encoding = crypt("$password1", $salt);
if (strcmp($encoding, $db_encoding)) {
USERERROR("The password provided was incorrect. ".
"Please go back and retype the password.", 1);
}
$returning = 1;
}
else {
$returning = 0;
}
#
# If a user returning, then the login must be valid to continue any further.
# For a new user, the password must pass our tests.
#
if (returning) {
if (CHECKLOGIN($grp_head_uid) != 1) {
USERERROR("You are not logged in. Please log in and try again.", 1);
}
}
else {
if (strcmp($password1, $password2)) {
USERERROR("You typed different passwords in each of the two password ".
......@@ -148,7 +143,6 @@ else {
"account,\n".
"but checkpass pipe did not open (returned '$mypipe').", 1);
}
$returning = 0;
}
array_walk($HTTP_POST_VARS, 'addslashes');
......
......@@ -41,7 +41,7 @@ elseif (isset($uid)) {
#
# Check to make sure the UID is logged in (not timed out).
#
$status = CHECKLOGIN($uid, $HTTP_COOKIE_VARS[$TBAUTHCOOKIE]);
$status = CHECKLOGIN($uid);
switch ($status) {
case 0:
$login_status = "$uid Not Logged In";
......
......@@ -30,8 +30,10 @@ function GENHASH() {
# 1 if logged in okay
# -1 if login timed out
#
function CHECKLOGIN($uid, $curhash) {
global $TBDBNAME;
function CHECKLOGIN($uid) {
global $TBDBNAME, $TBAUTHCOOKIE, $HTTP_COOKIE_VARS;
$curhash = $HTTP_COOKIE_VARS[$TBAUTHCOOKIE];
$query_result = mysql_db_query($TBDBNAME,
"SELECT hashkey, timeout FROM login WHERE uid=\"$uid\"");
......@@ -72,12 +74,8 @@ function CHECKLOGIN($uid, $curhash) {
# message.
#
function LOGGEDINORDIE($uid) {
global $TBDBNAME, $TBAUTHCOOKIE, $TBAUTHDOMAIN, $TBAUTHTIMEOUT;
global $HTTP_COOKIE_VARS;
$curhash = $HTTP_COOKIE_VARS[$TBAUTHCOOKIE];
$status = CHECKLOGIN($uid, $curhash);
$status = CHECKLOGIN($uid);
switch ($status) {
case 0:
USERERROR("You do not appear to be logged in!", 1);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment