Implemented login&logout site and function.

The engine also reads configuration values from the configuration table if available. Header Menu also enhanced with Login/Logoff links
2025-09-26 03:09:21 +02:00 · 2008-07-11 15:35:10 +02:00 · 2008-07-11 15:35:10 +02:00 · cc5492d469
commit cc5492d469
parent 07f9244647
8 changed files with 296 additions and 73 deletions
--- a/src/include/config.sample.php
+++ b/src/include/config.sample.php
@ -58,6 +58,7 @@ $CFG['MiscShowDebugGridCounter'] = 0;		// Only for debugging purposes, will add
 $CFG["MiscShowPageRenderStats"] = 1;		// If enabled, you will see Pagerender Settings
 $CFG['MiscEnableGzipCompression'] = 1;		// If enabled, phplogcon will use gzip compression for output, we recommend
 											// to have this option enabled, it will highly reduce bandwith usage. 
 $CFG['DebugUserLogin'] = 0;					// if enabled, you will see additional informations on failed logins
 // --- 
 // --- Default Frontend Options 
--- a/src/include/functions_common.php
+++ b/src/include/functions_common.php
@ -404,8 +404,8 @@ function InitPhpDebugMode()
 	// --- Set Global DEBUG Level!
 	if ( $CFG['MiscShowDebugMsg'] == 1 )
 		ini_set( "error_reporting", E_ALL ); // ALL PHP MESSAGES!
-//	else
+	else
-//		ini_set( "error_reporting", E_ERROR ); // ONLY PHP ERROR'S!
+		ini_set( "error_reporting", E_ERROR ); // ONLY PHP ERROR'S!
 	// --- 
 }
@ -520,24 +520,34 @@ function InitConfigurationValues()
 	// If Database is enabled, try to read from database!
 	if ( $CFG['UserDBEnabled'] )
 	{
-		$result = DB_Query("SELECT * FROM " . DB_CONFIG);
+		// Get configuration variables 
 		$result = DB_Query("SELECT * FROM " . DB_CONFIG . " WHERE is_global = true");
 		$rows = DB_GetAllRows($result, true, true);
 		// Read results from DB and overwrite in $CFG Array!
 		if ( isset($rows ) )
 		{
 			for($i = 0; $i < count($rows); $i++)
-				$CFG[ $rows[$i]['name'] ] = $rows[$i]['value'];
+			{
 				$CFG[ $rows[$i]['propname'] ] = $rows[$i]['propvalue'];
 				$content[ $rows[$i]['propname'] ] = $rows[$i]['propvalue'];
 			}
 		}
 		// Now we init the user session stuff
 		InitUserSession();
 		if ( isset($CFG["UserDBLoginRequired"]) && $CFG["UserDBLoginRequired"] == true && !$content['SESSION_LOGGEDIN'] )
 		{
 			// User needs to be logged in, redirect to login page
 			if ( !defined("IS_LOGINPAGE") )
 				RedirectToUserLogin();
 		}
 		// General defaults 
-		// --- Language Handling
+//		// --- Language Handling
-		if ( !isset($content['gen_lang']) ) { $content['gen_lang'] = $CFG['ViewDefaultLanguage'] /*"en"*/; }
+//		if ( !isset($content['gen_lang']) ) { $content['gen_lang'] = $CFG['ViewDefaultLanguage'] /*"en"*/; }
 		// --- PHP Debug Mode
 		if ( !isset($content['gen_phpdebug']) ) { $content['gen_phpdebug'] = "no"; }
 		// --- 
 		// Database Version Checker! 
 		if ( $content['database_internalversion'] > $content['database_installedversion'] )
 		{	
@ -545,27 +555,25 @@ function InitConfigurationValues()
 			$content['database_forcedatabaseupdate'] = "yes"; 
 		}
 	}
-	else
+
 	// --- Language Handling
 	if ( isset($_SESSION['CUSTOM_LANG']) && VerifyLanguage($_SESSION['CUSTOM_LANG']) )
 	{
-		// --- Set Defaults...
+		$content['user_lang'] = $_SESSION['CUSTOM_LANG'];
-		// Language Handling
+		$LANG = $content['user_lang'];
 		if ( isset($_SESSION['CUSTOM_LANG']) && VerifyLanguage($_SESSION['CUSTOM_LANG']) )
 		{
 			$content['user_lang'] = $_SESSION['CUSTOM_LANG'];
 			$LANG = $content['user_lang'];
 		}
 		else if ( isset($content['gen_lang']) && VerifyLanguage($content['gen_lang']))
 		{
 			$content['user_lang'] = $content['gen_lang'];
 			$LANG = $content['user_lang'];
 		}
 		else	// Failsave!
 		{
 			$content['user_lang'] = $CFG['ViewDefaultLanguage'] /*"en"*/;
 			$LANG = $content['user_lang'];
 			$content['gen_lang'] = $content['user_lang'];
 		}
 	}
 	else if ( isset($content['gen_lang']) && VerifyLanguage($content['gen_lang']))
 	{
 		$content['user_lang'] = $content['gen_lang'];
 		$LANG = $content['user_lang'];
 	}
 	else	// Failsave!
 	{
 		$content['user_lang'] = $CFG['ViewDefaultLanguage'] /*"en"*/;
 		$LANG = $content['user_lang'];
 		$content['gen_lang'] = $content['user_lang'];
 	}
 	// --- 
 	// Paging Size handling!
 	if ( !isset($_SESSION['PAGESIZE_ID']) )
@ -590,9 +598,8 @@ function InitConfigurationValues()
 	else
 		$content['user_theme'] = $content['web_theme'];
-	//Init Theme About Info ^^
+	// Init Theme About Info ^^
 	InitThemeAbout($content['user_theme']);
 	// ---
 	// Init main langauge file now!
 	IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/main.php' );
--- a/src/include/functions_db.php
+++ b/src/include/functions_db.php
@ -40,7 +40,7 @@ if ( !defined('IN_PHPLOGCON') )
 // --- 
-$link_id  = 0;
+$userdbconn  = 0;
 $errdesc = "";
 $errno = 0;
@ -51,11 +51,11 @@ $content['database_installedversion'] = "0";	// 0 is default which means Prior V
 function DB_Connect() 
 {
-	global $link_id, $CFG;
+	global $userdbconn, $CFG;
 	//TODO: Check variables first
-	$link_id = mysql_connect($CFG['UserDBServer'],$CFG['UserDBUser'],$CFG['UserDBPass']);
+	$userdbconn = mysql_connect($CFG['UserDBServer'],$CFG['UserDBUser'],$CFG['UserDBPass']);
-	if (!$link_id) 
+	if (!$userdbconn) 
 		DB_PrintError("Link-ID == false, connect to ".$CFG['UserDBServer']." failed", true);
 	// --- Now, check Mysql DB Version!
@ -78,7 +78,7 @@ function DB_Connect()
 	}
 	// ---
-	$db_selected = mysql_select_db($CFG['UserDBName'], $link_id);
+	$db_selected = mysql_select_db($CFG['UserDBName'], $userdbconn);
 	if(!$db_selected) 
 		DB_PrintError("Cannot use database '" . $CFG['UserDBName'] . "'", true);
 	// :D Success connecting to db
@ -88,8 +88,8 @@ function DB_Connect()
 function DB_Disconnect()
 {
-	global $link_id;
+	global $userdbconn;
-	mysql_close($link_id);
+	mysql_close($userdbconn);
 }
 function DB_Query($query_string, $bProcessError = true, $bCritical = false)
@ -100,8 +100,8 @@ function DB_Query($query_string, $bProcessError = true, $bCritical = false)
 		return;
 	// ---
-	global $link_id, $querycount;
+	global $userdbconn, $querycount;
-	$query_id = mysql_query($query_string,$link_id);
+	$query_id = mysql_query($query_string,$userdbconn);
 	if (!$query_id && $bProcessError) 
 		DB_PrintError("Invalid SQL: ".$query_string, $bCritical);
@ -147,15 +147,12 @@ function DB_GetSingleRow($query_id, $bClose)
 	if ($query_id != false && $query_id != 1 )
 	{
 		$row = mysql_fetch_array($query_id,  MYSQL_ASSOC);
-		
+
 		if ( $bClose )
 			DB_FreeQuery ($query_id); 
-		if ( isset($row) )
+		if ( isset($row) ) // Return array
 		{
 			// Return array
 			return $row;
 		}
 		else
 			return;
 	}
@ -195,8 +192,8 @@ function DB_GetMysqlStats()
 		return;
 	// ---
-	global $link_id;
+	global $userdbconn;
-	$status = explode('  ', mysql_stat($link_id));
+	$status = explode('  ', mysql_stat($userdbconn));
 	return $status;
 }
@ -282,7 +279,7 @@ function DB_Exec($query)
 		return false; 
 } 
-function WriteConfigValue($szValue)
+function WriteConfigValue($szValue, $is_global = true)
 {
 	// --- Abort in this case!
 	global $CFG, $content;
@ -290,18 +287,18 @@ function WriteConfigValue($szValue)
 		return;
 	// ---
-	$result = DB_Query("SELECT name FROM " . STATS_CONFIG . " WHERE name = '" . $szValue . "'");
+	$result = DB_Query("SELECT name FROM " . STATS_CONFIG . " WHERE name = '" . $szValue . "' AND is_global = " . $is_global);
 	$rows = DB_GetAllRows($result, true);
 	if ( !isset($rows) )
 	{
 		// New Entry
-		$result = DB_Query("INSERT INTO  " . STATS_CONFIG . " (name, value) VALUES ( '" . $szValue . "', '" . $CFG[$szValue] . "')");
+		$result = DB_Query("INSERT INTO  " . STATS_CONFIG . " (name, value, is_global) VALUES ( '" . $szValue . "', '" . $CFG[$szValue] . "', " . $is_global . ")");
 		DB_FreeQuery($result);
 	}
 	else
 	{
 		// Update Entry
-		$result = DB_Query("UPDATE " . STATS_CONFIG . " SET value = '" . $CFG[$szValue] . "' WHERE name = '" . $szValue . "'");
+		$result = DB_Query("UPDATE " . STATS_CONFIG . " SET value = '" . $CFG[$szValue] . "' WHERE name = '" . $szValue . "' AND is_global = " . $is_global);
 		DB_FreeQuery($result);
 	}
 } 
--- a/src/include/functions_users.php
+++ b/src/include/functions_users.php
@ -45,39 +45,49 @@ if ( !defined('IN_PHPLOGCON') )
 // --- 
 // --- BEGIN Usermanagement Function --- 
-function CheckForUserLogin( $isloginpage, $isUpgradePage = false )
+function InitUserSession()
 {
 	global $content; 
 	if ( isset($_SESSION['SESSION_LOGGEDIN']) )
 	{
 		if ( !$_SESSION['SESSION_LOGGEDIN'] ) 
-			RedirectToUserLogin();
+		{
 			$content['SESSION_LOGGEDIN'] = false;
 			// Not logged in
 			return false;
 		}
 		else
 		{
-			$content['SESSION_LOGGEDIN'] = "true";
+			$content['SESSION_LOGGEDIN'] = true;
 			$content['SESSION_USERNAME'] = $_SESSION['SESSION_USERNAME'];
 			// Successfully logged in
 			return true;
 		}
-
+/*
 		// New, Check for database Version and may redirect to updatepage!
 		if (	isset($content['database_forcedatabaseupdate']) && 
 				$content['database_forcedatabaseupdate'] == "yes" && 
 				$isUpgradePage == false 
 			)
 				RedirectToDatabaseUpgrade();
 */
 	}
 	else
 	{
-		if ( $isloginpage == false )
+		$content['SESSION_LOGGEDIN'] = false;
 			RedirectToUserLogin();
 	}
 		// Not logged in ^^
 		return false;
 	}
 }
-function CreateUserName( $username, $password, $access_level )
+function CreateUserName( $username, $password, $is_admin )
 {
 	$md5pass = md5($password);
-	$result = DB_Query("SELECT username FROM " . STATS_USERS . " WHERE username = '" . $username . "'");
+	$result = DB_Query("SELECT username FROM " . DB_USERS . " WHERE username = '" . $username . "'");
 	$rows = DB_GetAllRows($result, true);
 	if ( isset($rows) )
 	{
@ -89,7 +99,7 @@ function CreateUserName( $username, $password, $access_level )
 	else
 	{
 		// Create User
-		$result = DB_Query("INSERT INTO " . STATS_USERS . " (username, password, access_level) VALUES ('$username', '$md5pass', $access_level)");
+		$result = DB_Query("INSERT INTO " . DB_USERS . " (username, password, is_admin) VALUES ('$username', '$md5pass', $is_admin)");
 		DB_FreeQuery($result);
 		// Success
@ -104,24 +114,29 @@ function CheckUserLogin( $username, $password )
 	// TODO: SessionTime and AccessLevel check
 	$md5pass = md5($password);
-	$sqlselect = "SELECT access_level FROM " . STATS_USERS . " WHERE username = '" . $username . "' and password = '" . $md5pass . "'";
+	$sqlselect = "SELECT * FROM " . DB_USERS . " WHERE username = '" . $username . "' and password = '" . $md5pass . "'";
 	$result = DB_Query($sqlselect);
-	$rows = DB_GetAllRows($result, true);
+	$myrow = DB_GetSingleRow($result, true);
-	if ( isset($rows) )
+
 	if ( isset($myrow['is_admin']) )
 	{
 		$_SESSION['SESSION_LOGGEDIN'] = true;
 		$_SESSION['SESSION_USERNAME'] = $username;
-		$_SESSION['SESSION_ACCESSLEVEL'] = $rows[0]['access_level'];
+		$_SESSION['SESSION_ISADMIN'] = $myrow['is_admin'];
-		
+
-		$content['SESSION_LOGGEDIN'] = "true";
+		$content['SESSION_LOGGEDIN'] = $_SESSION['SESSION_LOGGEDIN'];
-		$content['SESSION_USERNAME'] = $username;
+		$content['SESSION_USERNAME'] = $_SESSION['SESSION_USERNAME'];
 		$content['SESSION_ISADMIN'] = $_SESSION['SESSION_ISADMIN'];
 		// TODO SET LAST LOGIN TIME!
 		// Success !
 		return true;
 	}
 	else
 	{
-		if ( $CFG['MiscShowDebugMsg'] == 1 )
+		if ( $CFG['DebugUserLogin'] == 1 )
 			DieWithFriendlyErrorMsg( "Debug Error: Could not login user '" . $username . "' <br><br><B>Sessionarray</B> <pre>" . var_export($_SESSION, true) . "</pre><br><B>SQL Statement</B>: " . $sqlselect );
 		// Default return false
@ -143,15 +158,23 @@ function DoLogOff()
 function RedirectToUserLogin()
 {
-	// TODO Referer
+	// build referer
-	header("Location: login.php?referer=" . $_SERVER['PHP_SELF']);
+	$referer = $_SERVER['PHP_SELF'];
 	if ( isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0 )
 		$referer .= "?" . $_SERVER['QUERY_STRING'];
 	header("Location: login.php?referer=" . urlencode($referer) );
 	exit;
 }
 function RedirectToDatabaseUpgrade()
 {
-	// TODO Referer
+	// build referer
-	header("Location: upgrade.php"); // ?referer=" . $_SERVER['PHP_SELF']);
+	$referer = $_SERVER['PHP_SELF'];
 	if ( isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0 )
 		$referer .= "?" . $_SERVER['QUERY_STRING'];
 	header("Location: upgrade.php?referer=" . urlencode($referer) );
 	exit;
 }
 // --- END Usermanagement Function --- 
--- a/src/lang/en/main.php
+++ b/src/lang/en/main.php
@ -155,4 +155,15 @@ $content['LN_DETAILS_FORSYSLOGMSG'] = "Details for the syslog messages with id";
 $content['LN_DETAILS_DETAILSFORMSG'] = "Details for message id";
 $content['LN_DETAIL_BACKTOLIST'] = "Back to Listview";
 // Login Site
 $content['LN_LOGIN_DESCRIPTION'] = "Use this form to login into phpLogCon. ";
 $content['LN_LOGIN_TITLE'] = "Login";
 $content['LN_LOGIN_USERNAME'] = "Username";
 $content['LN_LOGIN_PASSWORD'] = "Password";
 $content['LN_LOGIN_SAVEASCOOKIE'] = "Stay logged on";
 $content['LN_LOGIN_ERRWRONGPASSWORD'] = "Wrong username or password!";
 $content['LN_LOGIN_USERPASSMISSING'] = "Username or password not given";
 ?>
--- a/src/login.php
+++ b/src/login.php
@ -0,0 +1,108 @@
 <?php
 /*
 	*********************************************************************
 	* phpLogCon - http://www.phplogcon.org
 	* -----------------------------------------------------------------
 	* Main Index File											
 	*																	
 	* -> File to login users in PhpLogCon
 	*																	
 	* All directives are explained within this file
 	*
 	* Copyright (C) 2008 Adiscon GmbH.
 	*
 	* This file is part of phpLogCon.
 	*
 	* PhpLogCon is free software: you can redistribute it and/or modify
 	* it under the terms of the GNU General Public License as published by
 	* the Free Software Foundation, either version 3 of the License, or
 	* (at your option) any later version.
 	*
 	* PhpLogCon is distributed in the hope that it will be useful,
 	* but WITHOUT ANY WARRANTY; without even the implied warranty of
 	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 	* GNU General Public License for more details.
 	*
 	* You should have received a copy of the GNU General Public License
 	* along with phpLogCon. If not, see <http://www.gnu.org/licenses/>.
 	*
 	* A copy of the GPL can be found in the file "COPYING" in this
 	* distribution				
 	*********************************************************************
 */
 // *** Default includes	and procedures *** //
 define('IN_PHPLOGCON', true);
 $gl_root_path = './';
 // Now include necessary include files!
 include($gl_root_path . 'include/functions_common.php');
 include($gl_root_path . 'include/functions_frontendhelpers.php');
 //include($gl_root_path . 'include/functions_filters.php');
 // To avoid infinite redirects!
 define('IS_LOGINPAGE', true);
 InitPhpLogCon();
 // --- //
 // --- BEGIN Custom Code
 // Set Defaults
 $content['uname'] = "";
 $content['pass'] = "";
 // Set Referer
 if ( isset($_GET['referer']) )
 	$szRedir = urldecode($_GET['referer']);
 else
 	$szRedir = "index.php"; // Default
 if ( isset($_POST['op']) && $_POST['op'] == "login" )
 {
 	// Perform login!
 	if ( $_POST['op'] == "login" )
 	{
 		if ( 
 			 (isset($_POST['uname']) && strlen($_POST['uname']) > 0) 
 				&& 
 			 (isset($_POST['pass']) && strlen($_POST['pass']) > 0)
 			)
 		{
 			// Set Username and password
 			$content['uname'] = DB_RemoveBadChars($_POST['uname']);
 			$content['pass'] = DB_RemoveBadChars($_POST['pass']);
 			if ( !CheckUserLogin( $content['uname'], $content['pass']) )
 			{
 				$content['ISERROR'] = "true";
 				$content['ERROR_MSG'] = $content['LN_LOGIN_ERRWRONGPASSWORD'];
 			}
 			else
 				RedirectPage( $szRedir );
 		}
 		else
 		{
 			$content['ISERROR'] = "true";
 			$content['ERROR_MSG'] = $content['LN_LOGIN_USERPASSMISSING'];
 		}
 	}
 }
 else if ( isset($_GET['op']) && $_GET['op'] == "logoff" )
 {
 	// logoff in this case
 	DoLogOff();
 }
 // --- END Custom Code
 // --- CONTENT Vars
 $content['REDIR_LOGIN'] = $szRedir;
 $content['TITLE'] = "phpLogCon - User Login";	// Title of the Page 
 // --- 
 // --- Parsen and Output
 InitTemplateParser();
 $page -> parser($content, "login.html");
 $page -> output(); 
 // --- 
 ?>
--- a/src/templates/include_menu.html
+++ b/src/templates/include_menu.html
@ -8,6 +8,15 @@
 <!--	<td class="topmenu1" nowrap align="center" width="100"><a class="topmenu1_link" href="?" target="_top">Refresh</a></td>-->
 	<td class="topmenu1" nowrap align="center" width="100"><a class="topmenu1_link" href="http://wiki.rsyslog.com/index.php/PhpLogCon" target="phplogcon_help">Help</a></td>
 	<td class="topmenu1" nowrap align="center" width="200"><a class="topmenu1_link" href="http://kb.monitorware.com/search.php" target="_blank">Search in Knowledge Base</a></td>
 <!-- IF UserDBEnabled="true" -->
 	<!-- IF SESSION_LOGGEDIN!="true" -->
 	<td class="topmenu1" nowrap align="center" width="100"><a class="topmenu1_link" href="login.php" target="_blank">Login</a></td>
 	<!-- ENDIF SESSION_LOGGEDIN!="true" -->
 	<!-- IF SESSION_LOGGEDIN="true" -->
 	<td class="topmenu1" nowrap align="center" width="100"><a class="topmenu1_link" href="admin/index.php" target="_blank">Admin Center</a></td>
 	<td class="topmenu1" nowrap align="center" width="100"><a class="topmenu1_link" href="login.php?op=logoff" target="_blank">Logoff</a></td>
 	<!-- ENDIF SESSION_LOGGEDIN="true" -->
 <!-- ENDIF UserDBEnabled="true" -->
 	<td class="topmenuend" nowrap align="center" width="max">&nbsp;</td>
 </tr>
 </table>
--- a/src/templates/login.html
+++ b/src/templates/login.html
@ -0,0 +1,67 @@
 <!-- INCLUDE include_header.html --> 
 <table width="100%" align="center" border="0" cellpadding="1" cellspacing="1" class="with_border">
 <!-- IF ISERROR="true" -->
 <tr>
 	<td width="100%" class="line1" align="center">
 	<br>
 		<font color="red"><h3>{ERROR_MSG}</h3></font>
 	<br>
 	</td>
 </tr>
 <!-- ENDIF ISERROR="true" -->
 <tr>
 	<td width="100%" class="line2" align="center">
 	<br>
 	<strong>{LN_LOGIN_DESCRIPTION}</strong>
 	<br><br>
 	<table width="250" cellpadding="0" cellspacing="0" border="0" align="center" class="with_border">
 	<tr>
 		<td colspan="10" align="center" valign="top" class="title">
 		<strong>{LN_LOGIN_TITLE}</strong></td>
 	</tr>
 	<tr>
 		<td align="center" class="line1">
 		<form action="login.php" method="post">
 			<table border="0" cellpadding="2" cellspacing="1">
 			<tr>
 				<td align="center"><b>{LN_LOGIN_USERNAME}</b></td>
 			</tr>
 			<tr>
 				<td align="center">
 				<input type="text" name="uname" size="14" maxlength="25" value="{uname}"></td>
 			</tr>
 			<tr>
 				<td align="center"><b>{LN_LOGIN_PASSWORD}</b></td>
 			</tr>
 			<tr>
 				<td align="center">
 				<input type="password" name="pass" size="14" maxlength="20" value="{pass}"></td>
 			</tr>
 <!--
 			<tr>
 				<td align="center">
 				<input type="checkbox" disabled value="1" name="rememberme" />{LN_LOGIN_SAVEASCOOKIE}</td>
 			</tr>
 -->
 			<tr>
 				<td align="center">
 					<input type="submit" value="Anmelden">
 					<input type="hidden" name="op" value="login">
 					<input type="hidden" name="url" value="{REDIR_LOGIN}">
 				</td>
 			</tr>
 			</table>
 		</form>
 		</td>
 	</tr>
 	</table>
 	<br><br>
 	</td>
 </tr>
 </table>
 <!-- INCLUDE include_footer.html -->