[Openfirst-cvscommit] base/config auth.php,1.9,1.10

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/openfirst/base/config
In directory sc8-pr-cvs1:/tmp/cvs-serv27891/config

Modified Files:
	auth.php 
Log Message:
Added "save password" functionality. Authenticates using cookies. This new option can be disabled during installation of openFIRST.

Index: auth.php
===================================================================
RCS file: /cvsroot/openfirst/base/config/auth.php,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -d -r1.9 -r1.10
*** auth.php	4 Nov 2003 22:52:50 -0000	1.9
--- auth.php	16 Nov 2003 23:08:34 -0000	1.10
***************
*** 77,82 ****
    <tr>
      <td>&nbsp;</td>
!     <td><input type='submit' value='Login'></td>
!   </tr>
  </table>
  </form><br><br>");
--- 77,85 ----
    <tr>
      <td>&nbsp;</td>
!     <td><input type='submit' value='Login'>");
!     if(!isset($GLOBALS["pass_save_disabled"])){
!       echo("&nbsp;<input type=checkbox name=savepass id=savepass value=1 checked><label for=savepass>Save&nbsp;Password</label>");
!     }
!   echo("</td></tr>
  </table>
  </form><br><br>");
***************
*** 87,110 ****
    // they have, set variables indicating this.  If they have not, make a
    // note of this so that components requiring them to log in are disabled.
! 
!   if(isset($_SESSION['authcode'])) {
!     $authcode = $_SESSION['authcode'];
      $query = ofirst_dbquery("SELECT * FROM ofirst_members WHERE authcode='$authcode';");
!     if(ofirst_dberrno() == 0 && ofirst_dbnum_rows($query) == 1) {
        $user = ofirst_dbfetch_object($query);
      } else {
        unset($_SESSION['authcode']);
! 
!       $query = ofirst_dbquery("SELECT * FROM ofirst_members WHERE user='" . $_POST["login"] . "';");
!       if(ofirst_dberrno() == 0) {
!         $user = ofirst_dbfetch_object($query);
!         if(ofirst_dbnum_rows($query) == 1) {
!           if(cryptpassword($_POST["password"], $encryption, $user->password) == $user->password) {
!             session_register("authcode");
!             mt_srand(microtime() * 1000000);
!             $_SESSION["authcode"] = (microtime()|mt_rand(1,mt_getrandmax())).substr($_SERVER["REMOTE_HOST"],0,40);
!             $aquery = ofirst_dbquery("UPDATE ofirst_members SET authcode='" . $_SESSION["authcode"] . "' WHERE user='" . $_POST["login"] . "';");
!           } else {
!             unset($user);
            }
          }
--- 90,126 ----
    // they have, set variables indicating this.  If they have not, make a
    // note of this so that components requiring them to log in are disabled.
!   if((isset($_SESSION['authcode']))||(isset($_COOKIE["openFIRSTlogin"])&&!isset($pass_save_disabled))) {
!     if(isset($_SESSION['authcode'])){
!       $authcode = $_SESSION['authcode'];
!     }elseif(isset($_COOKIE["openFIRSTlogin"])&&$_COOKIE["openFIRSTlogin"]!=0){
!       $authcode = $_COOKIE["openFIRSTlogin"];
!       //renew cookie
!       setcookie("openFIRSTlogin",$authcode,time()+2592000,"/");
!     }
!     else{
!       $authcode=0;
!     }
      $query = ofirst_dbquery("SELECT * FROM ofirst_members WHERE authcode='$authcode';");
!     if(ofirst_dberrno() == 0 && ofirst_dbnum_rows($query) == 1 && $authcode!=0 ) {
        $user = ofirst_dbfetch_object($query);
      } else {
        unset($_SESSION['authcode']);
!       if(!isset($pass_save_disabled)){
!         //delete cookie
!         setcookie("openFIRSTlogin"," ",time()-3600,"/");
!       }
!       if(isset($_POST["login"])){
!         $query = ofirst_dbquery("SELECT * FROM ofirst_members WHERE user='" . $_POST["login"] . "';");
!         if(ofirst_dberrno() == 0) {
!           $user = ofirst_dbfetch_object($query);
!           if(ofirst_dbnum_rows($query) == 1) {
!             if(cryptpassword($_POST["password"], $encryption, $user->password) == $user->password) {
!               session_register("authcode");
!               mt_srand(microtime() * 1000000);
!               $_SESSION["authcode"] = (microtime()|mt_rand(1,mt_getrandmax())).substr($_SERVER["REMOTE_HOST"],0,40);
!               $aquery = ofirst_dbquery("UPDATE ofirst_members SET authcode='" . $_SESSION["authcode"] . "' WHERE user='" . $_POST["login"] . "';");
!             } else {
!               unset($user);
!             }
            }
          }
***************
*** 122,125 ****
--- 138,152 ----
            $_SESSION["authcode"] = (microtime()|mt_rand(1,mt_getrandmax())).substr($_SERVER["REMOTE_HOST"],0,40);
            $aquery = ofirst_dbquery("UPDATE ofirst_members SET authcode='" . $_SESSION["authcode"] . "' WHERE user='" . $_POST["login"] . "';");
+           if(!isset($pass_save_disabled)){
+             if(isset($_POST["savepass"])&&$_POST["savepass"]="1"){
+               //save authcode in a cookie
+               setcookie("openFIRSTlogin",$_SESSION["authcode"],time()+2592000,"/");
+             }
+             else{
+               //delete cookie
+               setcookie("openFIRSTlogin"," ",time()-3600,"/");
+               unset($_COOKIE["openFIRSTlogin"]);
+             }
+           }
          } else {
            unset($user);
***************
*** 174,178 ****
      }
    }
!   if(isset($user->user)) {
      $query = "UPDATE ofirst_members SET lastseen='" . date("h:i:s M d, Y") . "' WHERE user='$user->user';";
      $q = ofirst_dbquery($query);
--- 201,205 ----
      }
    }
!   if(isset($user->user)){
      $query = "UPDATE ofirst_members SET lastseen='" . date("h:i:s M d, Y") . "' WHERE user='$user->user';";
      $q = ofirst_dbquery($query);