From cc5492d4690e0ea502b3a31e899b8a53ddef69d9 Mon Sep 17 00:00:00 2001 From: Andre Lorbach Date: Fri, 11 Jul 2008 15:35:10 +0200 Subject: [PATCH] Implemented login&logout site and function. The engine also reads configuration values from the configuration table if available. Header Menu also enhanced with Login/Logoff links --- src/include/config.sample.php | 1 + src/include/functions_common.php | 69 +++++++++++--------- src/include/functions_db.php | 37 +++++------ src/include/functions_users.php | 67 ++++++++++++------- src/lang/en/main.php | 11 ++++ src/login.php | 108 +++++++++++++++++++++++++++++++ src/templates/include_menu.html | 9 +++ src/templates/login.html | 67 +++++++++++++++++++ 8 files changed, 296 insertions(+), 73 deletions(-) create mode 100644 src/login.php create mode 100644 src/templates/login.html diff --git a/src/include/config.sample.php b/src/include/config.sample.php index 6c3bb53..3dcc336 100644 --- a/src/include/config.sample.php +++ b/src/include/config.sample.php @@ -58,6 +58,7 @@ $CFG['MiscShowDebugGridCounter'] = 0; // Only for debugging purposes, will add $CFG["MiscShowPageRenderStats"] = 1; // If enabled, you will see Pagerender Settings $CFG['MiscEnableGzipCompression'] = 1; // If enabled, phplogcon will use gzip compression for output, we recommend // to have this option enabled, it will highly reduce bandwith usage. +$CFG['DebugUserLogin'] = 0; // if enabled, you will see additional informations on failed logins // --- // --- Default Frontend Options diff --git a/src/include/functions_common.php b/src/include/functions_common.php index 0567f35..64efcff 100644 --- a/src/include/functions_common.php +++ b/src/include/functions_common.php @@ -404,8 +404,8 @@ function InitPhpDebugMode() // --- Set Global DEBUG Level! if ( $CFG['MiscShowDebugMsg'] == 1 ) ini_set( "error_reporting", E_ALL ); // ALL PHP MESSAGES! -// else -// ini_set( "error_reporting", E_ERROR ); // ONLY PHP ERROR'S! + else + ini_set( "error_reporting", E_ERROR ); // ONLY PHP ERROR'S! // --- } @@ -520,24 +520,34 @@ function InitConfigurationValues() // If Database is enabled, try to read from database! if ( $CFG['UserDBEnabled'] ) { - $result = DB_Query("SELECT * FROM " . DB_CONFIG); + // Get configuration variables + $result = DB_Query("SELECT * FROM " . DB_CONFIG . " WHERE is_global = true"); $rows = DB_GetAllRows($result, true, true); // Read results from DB and overwrite in $CFG Array! if ( isset($rows ) ) { for($i = 0; $i < count($rows); $i++) - $CFG[ $rows[$i]['name'] ] = $rows[$i]['value']; + { + $CFG[ $rows[$i]['propname'] ] = $rows[$i]['propvalue']; + $content[ $rows[$i]['propname'] ] = $rows[$i]['propvalue']; + } + } + + // Now we init the user session stuff + InitUserSession(); + + if ( isset($CFG["UserDBLoginRequired"]) && $CFG["UserDBLoginRequired"] == true && !$content['SESSION_LOGGEDIN'] ) + { + // User needs to be logged in, redirect to login page + if ( !defined("IS_LOGINPAGE") ) + RedirectToUserLogin(); } // General defaults - // --- Language Handling - if ( !isset($content['gen_lang']) ) { $content['gen_lang'] = $CFG['ViewDefaultLanguage'] /*"en"*/; } +// // --- Language Handling +// if ( !isset($content['gen_lang']) ) { $content['gen_lang'] = $CFG['ViewDefaultLanguage'] /*"en"*/; } - // --- PHP Debug Mode - if ( !isset($content['gen_phpdebug']) ) { $content['gen_phpdebug'] = "no"; } - // --- - // Database Version Checker! if ( $content['database_internalversion'] > $content['database_installedversion'] ) { @@ -545,27 +555,25 @@ function InitConfigurationValues() $content['database_forcedatabaseupdate'] = "yes"; } } - else + + // --- Language Handling + if ( isset($_SESSION['CUSTOM_LANG']) && VerifyLanguage($_SESSION['CUSTOM_LANG']) ) { - // --- Set Defaults... - // Language Handling - if ( isset($_SESSION['CUSTOM_LANG']) && VerifyLanguage($_SESSION['CUSTOM_LANG']) ) - { - $content['user_lang'] = $_SESSION['CUSTOM_LANG']; - $LANG = $content['user_lang']; - } - else if ( isset($content['gen_lang']) && VerifyLanguage($content['gen_lang'])) - { - $content['user_lang'] = $content['gen_lang']; - $LANG = $content['user_lang']; - } - else // Failsave! - { - $content['user_lang'] = $CFG['ViewDefaultLanguage'] /*"en"*/; - $LANG = $content['user_lang']; - $content['gen_lang'] = $content['user_lang']; - } + $content['user_lang'] = $_SESSION['CUSTOM_LANG']; + $LANG = $content['user_lang']; } + else if ( isset($content['gen_lang']) && VerifyLanguage($content['gen_lang'])) + { + $content['user_lang'] = $content['gen_lang']; + $LANG = $content['user_lang']; + } + else // Failsave! + { + $content['user_lang'] = $CFG['ViewDefaultLanguage'] /*"en"*/; + $LANG = $content['user_lang']; + $content['gen_lang'] = $content['user_lang']; + } + // --- // Paging Size handling! if ( !isset($_SESSION['PAGESIZE_ID']) ) @@ -590,9 +598,8 @@ function InitConfigurationValues() else $content['user_theme'] = $content['web_theme']; - //Init Theme About Info ^^ + // Init Theme About Info ^^ InitThemeAbout($content['user_theme']); - // --- // Init main langauge file now! IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/main.php' ); diff --git a/src/include/functions_db.php b/src/include/functions_db.php index 1af7a73..d7238a6 100644 --- a/src/include/functions_db.php +++ b/src/include/functions_db.php @@ -40,7 +40,7 @@ if ( !defined('IN_PHPLOGCON') ) // --- -$link_id = 0; +$userdbconn = 0; $errdesc = ""; $errno = 0; @@ -51,11 +51,11 @@ $content['database_installedversion'] = "0"; // 0 is default which means Prior V function DB_Connect() { - global $link_id, $CFG; + global $userdbconn, $CFG; //TODO: Check variables first - $link_id = mysql_connect($CFG['UserDBServer'],$CFG['UserDBUser'],$CFG['UserDBPass']); - if (!$link_id) + $userdbconn = mysql_connect($CFG['UserDBServer'],$CFG['UserDBUser'],$CFG['UserDBPass']); + if (!$userdbconn) DB_PrintError("Link-ID == false, connect to ".$CFG['UserDBServer']." failed", true); // --- Now, check Mysql DB Version! @@ -78,7 +78,7 @@ function DB_Connect() } // --- - $db_selected = mysql_select_db($CFG['UserDBName'], $link_id); + $db_selected = mysql_select_db($CFG['UserDBName'], $userdbconn); if(!$db_selected) DB_PrintError("Cannot use database '" . $CFG['UserDBName'] . "'", true); // :D Success connecting to db @@ -88,8 +88,8 @@ function DB_Connect() function DB_Disconnect() { - global $link_id; - mysql_close($link_id); + global $userdbconn; + mysql_close($userdbconn); } function DB_Query($query_string, $bProcessError = true, $bCritical = false) @@ -100,8 +100,8 @@ function DB_Query($query_string, $bProcessError = true, $bCritical = false) return; // --- - global $link_id, $querycount; - $query_id = mysql_query($query_string,$link_id); + global $userdbconn, $querycount; + $query_id = mysql_query($query_string,$userdbconn); if (!$query_id && $bProcessError) DB_PrintError("Invalid SQL: ".$query_string, $bCritical); @@ -147,15 +147,12 @@ function DB_GetSingleRow($query_id, $bClose) if ($query_id != false && $query_id != 1 ) { $row = mysql_fetch_array($query_id, MYSQL_ASSOC); - + if ( $bClose ) DB_FreeQuery ($query_id); - if ( isset($row) ) - { - // Return array + if ( isset($row) ) // Return array return $row; - } else return; } @@ -195,8 +192,8 @@ function DB_GetMysqlStats() return; // --- - global $link_id; - $status = explode(' ', mysql_stat($link_id)); + global $userdbconn; + $status = explode(' ', mysql_stat($userdbconn)); return $status; } @@ -282,7 +279,7 @@ function DB_Exec($query) return false; } -function WriteConfigValue($szValue) +function WriteConfigValue($szValue, $is_global = true) { // --- Abort in this case! global $CFG, $content; @@ -290,18 +287,18 @@ function WriteConfigValue($szValue) return; // --- - $result = DB_Query("SELECT name FROM " . STATS_CONFIG . " WHERE name = '" . $szValue . "'"); + $result = DB_Query("SELECT name FROM " . STATS_CONFIG . " WHERE name = '" . $szValue . "' AND is_global = " . $is_global); $rows = DB_GetAllRows($result, true); if ( !isset($rows) ) { // New Entry - $result = DB_Query("INSERT INTO " . STATS_CONFIG . " (name, value) VALUES ( '" . $szValue . "', '" . $CFG[$szValue] . "')"); + $result = DB_Query("INSERT INTO " . STATS_CONFIG . " (name, value, is_global) VALUES ( '" . $szValue . "', '" . $CFG[$szValue] . "', " . $is_global . ")"); DB_FreeQuery($result); } else { // Update Entry - $result = DB_Query("UPDATE " . STATS_CONFIG . " SET value = '" . $CFG[$szValue] . "' WHERE name = '" . $szValue . "'"); + $result = DB_Query("UPDATE " . STATS_CONFIG . " SET value = '" . $CFG[$szValue] . "' WHERE name = '" . $szValue . "' AND is_global = " . $is_global); DB_FreeQuery($result); } } diff --git a/src/include/functions_users.php b/src/include/functions_users.php index 3d97383..9e41182 100644 --- a/src/include/functions_users.php +++ b/src/include/functions_users.php @@ -45,39 +45,49 @@ if ( !defined('IN_PHPLOGCON') ) // --- // --- BEGIN Usermanagement Function --- -function CheckForUserLogin( $isloginpage, $isUpgradePage = false ) +function InitUserSession() { global $content; if ( isset($_SESSION['SESSION_LOGGEDIN']) ) { if ( !$_SESSION['SESSION_LOGGEDIN'] ) - RedirectToUserLogin(); + { + $content['SESSION_LOGGEDIN'] = false; + + // Not logged in + return false; + } else { - $content['SESSION_LOGGEDIN'] = "true"; + $content['SESSION_LOGGEDIN'] = true; $content['SESSION_USERNAME'] = $_SESSION['SESSION_USERNAME']; + + // Successfully logged in + return true; } - +/* // New, Check for database Version and may redirect to updatepage! if ( isset($content['database_forcedatabaseupdate']) && $content['database_forcedatabaseupdate'] == "yes" && $isUpgradePage == false ) RedirectToDatabaseUpgrade(); +*/ } else { - if ( $isloginpage == false ) - RedirectToUserLogin(); - } + $content['SESSION_LOGGEDIN'] = false; + // Not logged in ^^ + return false; + } } -function CreateUserName( $username, $password, $access_level ) +function CreateUserName( $username, $password, $is_admin ) { $md5pass = md5($password); - $result = DB_Query("SELECT username FROM " . STATS_USERS . " WHERE username = '" . $username . "'"); + $result = DB_Query("SELECT username FROM " . DB_USERS . " WHERE username = '" . $username . "'"); $rows = DB_GetAllRows($result, true); if ( isset($rows) ) { @@ -89,7 +99,7 @@ function CreateUserName( $username, $password, $access_level ) else { // Create User - $result = DB_Query("INSERT INTO " . STATS_USERS . " (username, password, access_level) VALUES ('$username', '$md5pass', $access_level)"); + $result = DB_Query("INSERT INTO " . DB_USERS . " (username, password, is_admin) VALUES ('$username', '$md5pass', $is_admin)"); DB_FreeQuery($result); // Success @@ -104,24 +114,29 @@ function CheckUserLogin( $username, $password ) // TODO: SessionTime and AccessLevel check $md5pass = md5($password); - $sqlselect = "SELECT access_level FROM " . STATS_USERS . " WHERE username = '" . $username . "' and password = '" . $md5pass . "'"; + $sqlselect = "SELECT * FROM " . DB_USERS . " WHERE username = '" . $username . "' and password = '" . $md5pass . "'"; $result = DB_Query($sqlselect); - $rows = DB_GetAllRows($result, true); - if ( isset($rows) ) + $myrow = DB_GetSingleRow($result, true); + + + if ( isset($myrow['is_admin']) ) { $_SESSION['SESSION_LOGGEDIN'] = true; $_SESSION['SESSION_USERNAME'] = $username; - $_SESSION['SESSION_ACCESSLEVEL'] = $rows[0]['access_level']; - - $content['SESSION_LOGGEDIN'] = "true"; - $content['SESSION_USERNAME'] = $username; + $_SESSION['SESSION_ISADMIN'] = $myrow['is_admin']; + + $content['SESSION_LOGGEDIN'] = $_SESSION['SESSION_LOGGEDIN']; + $content['SESSION_USERNAME'] = $_SESSION['SESSION_USERNAME']; + $content['SESSION_ISADMIN'] = $_SESSION['SESSION_ISADMIN']; + + // TODO SET LAST LOGIN TIME! // Success ! return true; } else { - if ( $CFG['MiscShowDebugMsg'] == 1 ) + if ( $CFG['DebugUserLogin'] == 1 ) DieWithFriendlyErrorMsg( "Debug Error: Could not login user '" . $username . "'

Sessionarray 
" . var_export($_SESSION, true) . "

SQL Statement: " . $sqlselect ); // Default return false @@ -143,15 +158,23 @@ function DoLogOff() function RedirectToUserLogin() { - // TODO Referer - header("Location: login.php?referer=" . $_SERVER['PHP_SELF']); + // build referer + $referer = $_SERVER['PHP_SELF']; + if ( isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0 ) + $referer .= "?" . $_SERVER['QUERY_STRING']; + + header("Location: login.php?referer=" . urlencode($referer) ); exit; } function RedirectToDatabaseUpgrade() { - // TODO Referer - header("Location: upgrade.php"); // ?referer=" . $_SERVER['PHP_SELF']); + // build referer + $referer = $_SERVER['PHP_SELF']; + if ( isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0 ) + $referer .= "?" . $_SERVER['QUERY_STRING']; + + header("Location: upgrade.php?referer=" . urlencode($referer) ); exit; } // --- END Usermanagement Function --- diff --git a/src/lang/en/main.php b/src/lang/en/main.php index 8c67bb0..00763d3 100644 --- a/src/lang/en/main.php +++ b/src/lang/en/main.php @@ -155,4 +155,15 @@ $content['LN_DETAILS_FORSYSLOGMSG'] = "Details for the syslog messages with id"; $content['LN_DETAILS_DETAILSFORMSG'] = "Details for message id"; $content['LN_DETAIL_BACKTOLIST'] = "Back to Listview"; +// Login Site +$content['LN_LOGIN_DESCRIPTION'] = "Use this form to login into phpLogCon. "; +$content['LN_LOGIN_TITLE'] = "Login"; +$content['LN_LOGIN_USERNAME'] = "Username"; +$content['LN_LOGIN_PASSWORD'] = "Password"; +$content['LN_LOGIN_SAVEASCOOKIE'] = "Stay logged on"; + +$content['LN_LOGIN_ERRWRONGPASSWORD'] = "Wrong username or password!"; +$content['LN_LOGIN_USERPASSMISSING'] = "Username or password not given"; + + ?> \ No newline at end of file diff --git a/src/login.php b/src/login.php new file mode 100644 index 0000000..3a33566 --- /dev/null +++ b/src/login.php @@ -0,0 +1,108 @@ + File to login users in PhpLogCon + * + * All directives are explained within this file + * + * Copyright (C) 2008 Adiscon GmbH. + * + * This file is part of phpLogCon. + * + * PhpLogCon is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * PhpLogCon is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with phpLogCon. If not, see . + * + * A copy of the GPL can be found in the file "COPYING" in this + * distribution + ********************************************************************* +*/ + +// *** Default includes and procedures *** // +define('IN_PHPLOGCON', true); +$gl_root_path = './'; + +// Now include necessary include files! +include($gl_root_path . 'include/functions_common.php'); +include($gl_root_path . 'include/functions_frontendhelpers.php'); +//include($gl_root_path . 'include/functions_filters.php'); + +// To avoid infinite redirects! +define('IS_LOGINPAGE', true); +InitPhpLogCon(); +// --- // + +// --- BEGIN Custom Code + +// Set Defaults +$content['uname'] = ""; +$content['pass'] = ""; + +// Set Referer +if ( isset($_GET['referer']) ) + $szRedir = urldecode($_GET['referer']); +else + $szRedir = "index.php"; // Default + +if ( isset($_POST['op']) && $_POST['op'] == "login" ) +{ + // Perform login! + if ( $_POST['op'] == "login" ) + { + if ( + (isset($_POST['uname']) && strlen($_POST['uname']) > 0) + && + (isset($_POST['pass']) && strlen($_POST['pass']) > 0) + ) + { + // Set Username and password + $content['uname'] = DB_RemoveBadChars($_POST['uname']); + $content['pass'] = DB_RemoveBadChars($_POST['pass']); + + if ( !CheckUserLogin( $content['uname'], $content['pass']) ) + { + $content['ISERROR'] = "true"; + $content['ERROR_MSG'] = $content['LN_LOGIN_ERRWRONGPASSWORD']; + } + else + RedirectPage( $szRedir ); + } + else + { + $content['ISERROR'] = "true"; + $content['ERROR_MSG'] = $content['LN_LOGIN_USERPASSMISSING']; + } + } +} +else if ( isset($_GET['op']) && $_GET['op'] == "logoff" ) +{ + // logoff in this case + DoLogOff(); +} +// --- END Custom Code + +// --- CONTENT Vars +$content['REDIR_LOGIN'] = $szRedir; +$content['TITLE'] = "phpLogCon - User Login"; // Title of the Page +// --- + +// --- Parsen and Output +InitTemplateParser(); +$page -> parser($content, "login.html"); +$page -> output(); +// --- + +?> \ No newline at end of file diff --git a/src/templates/include_menu.html b/src/templates/include_menu.html index cc7f009..9d9e717 100644 --- a/src/templates/include_menu.html +++ b/src/templates/include_menu.html @@ -8,6 +8,15 @@ Help Search in Knowledge Base + + + Login + + + Admin Center + Logoff + +   diff --git a/src/templates/login.html b/src/templates/login.html new file mode 100644 index 0000000..db75825 --- /dev/null +++ b/src/templates/login.html @@ -0,0 +1,67 @@ + + + + + + + + + + + + +
+
+

{ERROR_MSG}

 +
+
+
+ {LN_LOGIN_DESCRIPTION} +

+ + + + + + + + +
+ {LN_LOGIN_TITLE}
+
+ + + + + + + + + + + + + + + + + +
{LN_LOGIN_USERNAME}
+
{LN_LOGIN_PASSWORD}
+
+ + + +
+
+
+ +

+
+ + \ No newline at end of file