Implemented login&logout site and function.

The engine also reads configuration values from the configuration table if available. Header Menu also enhanced with Login/Logoff links
2025-09-26 03:09:21 +02:00 · 2008-07-11 15:35:10 +02:00 · 2008-07-11 15:35:10 +02:00 · cc5492d469
commit cc5492d469
parent 07f9244647
8 changed files with 296 additions and 73 deletions
--- a/src/include/config.sample.php
+++ b/src/include/config.sample.php
@ -58,6 +58,7 @@ $CFG['MiscShowDebugGridCounter'] = 0;		// Only for debugging purposes, will add
 $CFG["MiscShowPageRenderStats"] = 1;		// If enabled, you will see Pagerender Settings
 $CFG['MiscEnableGzipCompression'] = 1;		// If enabled, phplogcon will use gzip compression for output, we recommend
 											// to have this option enabled, it will highly reduce bandwith usage. 
+$CFG['DebugUserLogin'] = 0;					// if enabled, you will see additional informations on failed logins
 // --- 

 // --- Default Frontend Options 
--- a/src/include/functions_common.php
+++ b/src/include/functions_common.php
@ -404,8 +404,8 @@ function InitPhpDebugMode()
 	// --- Set Global DEBUG Level!
 	if ( $CFG['MiscShowDebugMsg'] == 1 )
 		ini_set( "error_reporting", E_ALL ); // ALL PHP MESSAGES!
-//	else
-//		ini_set( "error_reporting", E_ERROR ); // ONLY PHP ERROR'S!
+	else
+		ini_set( "error_reporting", E_ERROR ); // ONLY PHP ERROR'S!
 	// --- 
 }

@ -520,23 +520,33 @@ function InitConfigurationValues()
 	// If Database is enabled, try to read from database!
 	if ( $CFG['UserDBEnabled'] )
 	{
-		$result = DB_Query("SELECT * FROM " . DB_CONFIG);
+		// Get configuration variables 
+		$result = DB_Query("SELECT * FROM " . DB_CONFIG . " WHERE is_global = true");
 		$rows = DB_GetAllRows($result, true, true);

 		// Read results from DB and overwrite in $CFG Array!
 		if ( isset($rows ) )
 		{
 			for($i = 0; $i < count($rows); $i++)
-				$CFG[ $rows[$i]['name'] ] = $rows[$i]['value'];
+			{
+				$CFG[ $rows[$i]['propname'] ] = $rows[$i]['propvalue'];
+				$content[ $rows[$i]['propname'] ] = $rows[$i]['propvalue'];
+			}
+		}
+
+		// Now we init the user session stuff
+		InitUserSession();
+
+		if ( isset($CFG["UserDBLoginRequired"]) && $CFG["UserDBLoginRequired"] == true && !$content['SESSION_LOGGEDIN'] )
+		{
+			// User needs to be logged in, redirect to login page
+			if ( !defined("IS_LOGINPAGE") )
+				RedirectToUserLogin();
 		}

 		// General defaults 
-		// --- Language Handling
-		if ( !isset($content['gen_lang']) ) { $content['gen_lang'] = $CFG['ViewDefaultLanguage'] /*"en"*/; }
-		
-		// --- PHP Debug Mode
-		if ( !isset($content['gen_phpdebug']) ) { $content['gen_phpdebug'] = "no"; }
-		// --- 
+//		// --- Language Handling
+//		if ( !isset($content['gen_lang']) ) { $content['gen_lang'] = $CFG['ViewDefaultLanguage'] /*"en"*/; }
 		
 		// Database Version Checker! 
 		if ( $content['database_internalversion'] > $content['database_installedversion'] )
@ -545,10 +555,8 @@ function InitConfigurationValues()
 			$content['database_forcedatabaseupdate'] = "yes"; 
 		}
 	}
-	else
-	{
-		// --- Set Defaults...
-		// Language Handling
+
+	// --- Language Handling
 	if ( isset($_SESSION['CUSTOM_LANG']) && VerifyLanguage($_SESSION['CUSTOM_LANG']) )
 	{
 		$content['user_lang'] = $_SESSION['CUSTOM_LANG'];
@ -565,7 +573,7 @@ function InitConfigurationValues()
 		$LANG = $content['user_lang'];
 		$content['gen_lang'] = $content['user_lang'];
 	}
-	}
+	// --- 

 	// Paging Size handling!
 	if ( !isset($_SESSION['PAGESIZE_ID']) )
@ -592,7 +600,6 @@ function InitConfigurationValues()

 	// Init Theme About Info ^^
 	InitThemeAbout($content['user_theme']);
-	// ---

 	// Init main langauge file now!
 	IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/main.php' );
--- a/src/include/functions_db.php
+++ b/src/include/functions_db.php
@ -40,7 +40,7 @@ if ( !defined('IN_PHPLOGCON') )
 // --- 


-$link_id  = 0;
+$userdbconn  = 0;
 $errdesc = "";
 $errno = 0;

@ -51,11 +51,11 @@ $content['database_installedversion'] = "0";	// 0 is default which means Prior V

 function DB_Connect() 
 {
-	global $link_id, $CFG;
+	global $userdbconn, $CFG;

 	//TODO: Check variables first
-	$link_id = mysql_connect($CFG['UserDBServer'],$CFG['UserDBUser'],$CFG['UserDBPass']);
-	if (!$link_id) 
+	$userdbconn = mysql_connect($CFG['UserDBServer'],$CFG['UserDBUser'],$CFG['UserDBPass']);
+	if (!$userdbconn) 
 		DB_PrintError("Link-ID == false, connect to ".$CFG['UserDBServer']." failed", true);
 	
 	// --- Now, check Mysql DB Version!
@ -78,7 +78,7 @@ function DB_Connect()
 	}
 	// ---

-	$db_selected = mysql_select_db($CFG['UserDBName'], $link_id);
+	$db_selected = mysql_select_db($CFG['UserDBName'], $userdbconn);
 	if(!$db_selected) 
 		DB_PrintError("Cannot use database '" . $CFG['UserDBName'] . "'", true);
 	// :D Success connecting to db
@ -88,8 +88,8 @@ function DB_Connect()

 function DB_Disconnect()
 {
-	global $link_id;
-	mysql_close($link_id);
+	global $userdbconn;
+	mysql_close($userdbconn);
 }

 function DB_Query($query_string, $bProcessError = true, $bCritical = false)
@ -100,8 +100,8 @@ function DB_Query($query_string, $bProcessError = true, $bCritical = false)
 		return;
 	// ---

-	global $link_id, $querycount;
-	$query_id = mysql_query($query_string,$link_id);
+	global $userdbconn, $querycount;
+	$query_id = mysql_query($query_string,$userdbconn);
 	if (!$query_id && $bProcessError) 
 		DB_PrintError("Invalid SQL: ".$query_string, $bCritical);

@ -151,11 +151,8 @@ function DB_GetSingleRow($query_id, $bClose)
 		if ( $bClose )
 			DB_FreeQuery ($query_id); 

-		if ( isset($row) )
-		{
-			// Return array
+		if ( isset($row) ) // Return array
 			return $row;
-		}
 		else
 			return;
 	}
@ -195,8 +192,8 @@ function DB_GetMysqlStats()
 		return;
 	// ---

-	global $link_id;
-	$status = explode('  ', mysql_stat($link_id));
+	global $userdbconn;
+	$status = explode('  ', mysql_stat($userdbconn));
 	return $status;
 }

@ -282,7 +279,7 @@ function DB_Exec($query)
 		return false; 
 } 

-function WriteConfigValue($szValue)
+function WriteConfigValue($szValue, $is_global = true)
 {
 	// --- Abort in this case!
 	global $CFG, $content;
@ -290,18 +287,18 @@ function WriteConfigValue($szValue)
 		return;
 	// ---

-	$result = DB_Query("SELECT name FROM " . STATS_CONFIG . " WHERE name = '" . $szValue . "'");
+	$result = DB_Query("SELECT name FROM " . STATS_CONFIG . " WHERE name = '" . $szValue . "' AND is_global = " . $is_global);
 	$rows = DB_GetAllRows($result, true);
 	if ( !isset($rows) )
 	{
 		// New Entry
-		$result = DB_Query("INSERT INTO  " . STATS_CONFIG . " (name, value) VALUES ( '" . $szValue . "', '" . $CFG[$szValue] . "')");
+		$result = DB_Query("INSERT INTO  " . STATS_CONFIG . " (name, value, is_global) VALUES ( '" . $szValue . "', '" . $CFG[$szValue] . "', " . $is_global . ")");
 		DB_FreeQuery($result);
 	}
 	else
 	{
 		// Update Entry
-		$result = DB_Query("UPDATE " . STATS_CONFIG . " SET value = '" . $CFG[$szValue] . "' WHERE name = '" . $szValue . "'");
+		$result = DB_Query("UPDATE " . STATS_CONFIG . " SET value = '" . $CFG[$szValue] . "' WHERE name = '" . $szValue . "' AND is_global = " . $is_global);
 		DB_FreeQuery($result);
 	}
 } 
--- a/src/include/functions_users.php
+++ b/src/include/functions_users.php
@ -45,39 +45,49 @@ if ( !defined('IN_PHPLOGCON') )
 // --- 

 // --- BEGIN Usermanagement Function --- 
-function CheckForUserLogin( $isloginpage, $isUpgradePage = false )
+function InitUserSession()
 {
 	global $content; 

 	if ( isset($_SESSION['SESSION_LOGGEDIN']) )
 	{
 		if ( !$_SESSION['SESSION_LOGGEDIN'] ) 
-			RedirectToUserLogin();
+		{
+			$content['SESSION_LOGGEDIN'] = false;
+			
+			// Not logged in
+			return false;
+		}
 		else
 		{
-			$content['SESSION_LOGGEDIN'] = "true";
+			$content['SESSION_LOGGEDIN'] = true;
 			$content['SESSION_USERNAME'] = $_SESSION['SESSION_USERNAME'];
-		}
 			
+			// Successfully logged in
+			return true;
+		}
+/*
 		// New, Check for database Version and may redirect to updatepage!
 		if (	isset($content['database_forcedatabaseupdate']) && 
 				$content['database_forcedatabaseupdate'] == "yes" && 
 				$isUpgradePage == false 
 			)
 				RedirectToDatabaseUpgrade();
+*/
 	}
 	else
 	{
-		if ( $isloginpage == false )
-			RedirectToUserLogin();
+		$content['SESSION_LOGGEDIN'] = false;
+
+		// Not logged in ^^
+		return false;
+	}
 }

-}
-
-function CreateUserName( $username, $password, $access_level )
+function CreateUserName( $username, $password, $is_admin )
 {
 	$md5pass = md5($password);
-	$result = DB_Query("SELECT username FROM " . STATS_USERS . " WHERE username = '" . $username . "'");
+	$result = DB_Query("SELECT username FROM " . DB_USERS . " WHERE username = '" . $username . "'");
 	$rows = DB_GetAllRows($result, true);
 	if ( isset($rows) )
 	{
@ -89,7 +99,7 @@ function CreateUserName( $username, $password, $access_level )
 	else
 	{
 		// Create User
-		$result = DB_Query("INSERT INTO " . STATS_USERS . " (username, password, access_level) VALUES ('$username', '$md5pass', $access_level)");
+		$result = DB_Query("INSERT INTO " . DB_USERS . " (username, password, is_admin) VALUES ('$username', '$md5pass', $is_admin)");
 		DB_FreeQuery($result);

 		// Success
@ -104,24 +114,29 @@ function CheckUserLogin( $username, $password )
 	// TODO: SessionTime and AccessLevel check

 	$md5pass = md5($password);
-	$sqlselect = "SELECT access_level FROM " . STATS_USERS . " WHERE username = '" . $username . "' and password = '" . $md5pass . "'";
+	$sqlselect = "SELECT * FROM " . DB_USERS . " WHERE username = '" . $username . "' and password = '" . $md5pass . "'";
 	$result = DB_Query($sqlselect);
-	$rows = DB_GetAllRows($result, true);
-	if ( isset($rows) )
+	$myrow = DB_GetSingleRow($result, true);
+
+
+	if ( isset($myrow['is_admin']) )
 	{
 		$_SESSION['SESSION_LOGGEDIN'] = true;
 		$_SESSION['SESSION_USERNAME'] = $username;
-		$_SESSION['SESSION_ACCESSLEVEL'] = $rows[0]['access_level'];
+		$_SESSION['SESSION_ISADMIN'] = $myrow['is_admin'];

-		$content['SESSION_LOGGEDIN'] = "true";
-		$content['SESSION_USERNAME'] = $username;
+		$content['SESSION_LOGGEDIN'] = $_SESSION['SESSION_LOGGEDIN'];
+		$content['SESSION_USERNAME'] = $_SESSION['SESSION_USERNAME'];
+		$content['SESSION_ISADMIN'] = $_SESSION['SESSION_ISADMIN'];
+
+		// TODO SET LAST LOGIN TIME!

 		// Success !
 		return true;
 	}
 	else
 	{
-		if ( $CFG['MiscShowDebugMsg'] == 1 )
+		if ( $CFG['DebugUserLogin'] == 1 )
 			DieWithFriendlyErrorMsg( "Debug Error: Could not login user '" . $username . "' <br><br><B>Sessionarray</B> <pre>" . var_export($_SESSION, true) . "</pre><br><B>SQL Statement</B>: " . $sqlselect );
 		
 		// Default return false
@ -143,15 +158,23 @@ function DoLogOff()

 function RedirectToUserLogin()
 {
-	// TODO Referer
-	header("Location: login.php?referer=" . $_SERVER['PHP_SELF']);
+	// build referer
+	$referer = $_SERVER['PHP_SELF'];
+	if ( isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0 )
+		$referer .= "?" . $_SERVER['QUERY_STRING'];
+
+	header("Location: login.php?referer=" . urlencode($referer) );
 	exit;
 }

 function RedirectToDatabaseUpgrade()
 {
-	// TODO Referer
-	header("Location: upgrade.php"); // ?referer=" . $_SERVER['PHP_SELF']);
+	// build referer
+	$referer = $_SERVER['PHP_SELF'];
+	if ( isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0 )
+		$referer .= "?" . $_SERVER['QUERY_STRING'];
+
+	header("Location: upgrade.php?referer=" . urlencode($referer) );
 	exit;
 }
 // --- END Usermanagement Function --- 
--- a/src/lang/en/main.php
+++ b/src/lang/en/main.php
@ -155,4 +155,15 @@ $content['LN_DETAILS_FORSYSLOGMSG'] = "Details for the syslog messages with id";
 $content['LN_DETAILS_DETAILSFORMSG'] = "Details for message id";
 $content['LN_DETAIL_BACKTOLIST'] = "Back to Listview";

+// Login Site
+$content['LN_LOGIN_DESCRIPTION'] = "Use this form to login into phpLogCon. ";
+$content['LN_LOGIN_TITLE'] = "Login";
+$content['LN_LOGIN_USERNAME'] = "Username";
+$content['LN_LOGIN_PASSWORD'] = "Password";
+$content['LN_LOGIN_SAVEASCOOKIE'] = "Stay logged on";
+
+$content['LN_LOGIN_ERRWRONGPASSWORD'] = "Wrong username or password!";
+$content['LN_LOGIN_USERPASSMISSING'] = "Username or password not given";
+
+
 ?>
--- a/src/login.php
+++ b/src/login.php
@ -0,0 +1,108 @@
+<?php
+/*
+	*********************************************************************
+	* phpLogCon - http://www.phplogcon.org
+	* -----------------------------------------------------------------
+	* Main Index File											
+	*																	
+	* -> File to login users in PhpLogCon
+	*																	
+	* All directives are explained within this file
+	*
+	* Copyright (C) 2008 Adiscon GmbH.
+	*
+	* This file is part of phpLogCon.
+	*
+	* PhpLogCon is free software: you can redistribute it and/or modify
+	* it under the terms of the GNU General Public License as published by
+	* the Free Software Foundation, either version 3 of the License, or
+	* (at your option) any later version.
+	*
+	* PhpLogCon is distributed in the hope that it will be useful,
+	* but WITHOUT ANY WARRANTY; without even the implied warranty of
+	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	* GNU General Public License for more details.
+	*
+	* You should have received a copy of the GNU General Public License
+	* along with phpLogCon. If not, see <http://www.gnu.org/licenses/>.
+	*
+	* A copy of the GPL can be found in the file "COPYING" in this
+	* distribution				
+	*********************************************************************
+*/
+
+// *** Default includes	and procedures *** //
+define('IN_PHPLOGCON', true);
+$gl_root_path = './';
+
+// Now include necessary include files!
+include($gl_root_path . 'include/functions_common.php');
+include($gl_root_path . 'include/functions_frontendhelpers.php');
+//include($gl_root_path . 'include/functions_filters.php');
+
+// To avoid infinite redirects!
+define('IS_LOGINPAGE', true);
+InitPhpLogCon();
+// --- //
+
+// --- BEGIN Custom Code
+
+// Set Defaults
+$content['uname'] = "";
+$content['pass'] = "";
+
+// Set Referer
+if ( isset($_GET['referer']) )
+	$szRedir = urldecode($_GET['referer']);
+else
+	$szRedir = "index.php"; // Default
+
+if ( isset($_POST['op']) && $_POST['op'] == "login" )
+{
+	// Perform login!
+	if ( $_POST['op'] == "login" )
+	{
+		if ( 
+			 (isset($_POST['uname']) && strlen($_POST['uname']) > 0) 
+				&& 
+			 (isset($_POST['pass']) && strlen($_POST['pass']) > 0)
+			)
+		{
+			// Set Username and password
+			$content['uname'] = DB_RemoveBadChars($_POST['uname']);
+			$content['pass'] = DB_RemoveBadChars($_POST['pass']);
+
+			if ( !CheckUserLogin( $content['uname'], $content['pass']) )
+			{
+				$content['ISERROR'] = "true";
+				$content['ERROR_MSG'] = $content['LN_LOGIN_ERRWRONGPASSWORD'];
+			}
+			else
+				RedirectPage( $szRedir );
+		}
+		else
+		{
+			$content['ISERROR'] = "true";
+			$content['ERROR_MSG'] = $content['LN_LOGIN_USERPASSMISSING'];
+		}
+	}
+}
+else if ( isset($_GET['op']) && $_GET['op'] == "logoff" )
+{
+	// logoff in this case
+	DoLogOff();
+}
+// --- END Custom Code
+
+// --- CONTENT Vars
+$content['REDIR_LOGIN'] = $szRedir;
+$content['TITLE'] = "phpLogCon - User Login";	// Title of the Page 
+// --- 
+
+// --- Parsen and Output
+InitTemplateParser();
+$page -> parser($content, "login.html");
+$page -> output(); 
+// --- 
+
+?>
--- a/src/templates/include_menu.html
+++ b/src/templates/include_menu.html
@ -8,6 +8,15 @@
 <!--	<td class="topmenu1" nowrap align="center" width="100"><a class="topmenu1_link" href="?" target="_top">Refresh</a></td>-->
 	<td class="topmenu1" nowrap align="center" width="100"><a class="topmenu1_link" href="http://wiki.rsyslog.com/index.php/PhpLogCon" target="phplogcon_help">Help</a></td>
 	<td class="topmenu1" nowrap align="center" width="200"><a class="topmenu1_link" href="http://kb.monitorware.com/search.php" target="_blank">Search in Knowledge Base</a></td>
+<!-- IF UserDBEnabled="true" -->
+	<!-- IF SESSION_LOGGEDIN!="true" -->
+	<td class="topmenu1" nowrap align="center" width="100"><a class="topmenu1_link" href="login.php" target="_blank">Login</a></td>
+	<!-- ENDIF SESSION_LOGGEDIN!="true" -->
+	<!-- IF SESSION_LOGGEDIN="true" -->
+	<td class="topmenu1" nowrap align="center" width="100"><a class="topmenu1_link" href="admin/index.php" target="_blank">Admin Center</a></td>
+	<td class="topmenu1" nowrap align="center" width="100"><a class="topmenu1_link" href="login.php?op=logoff" target="_blank">Logoff</a></td>
+	<!-- ENDIF SESSION_LOGGEDIN="true" -->
+<!-- ENDIF UserDBEnabled="true" -->
 	<td class="topmenuend" nowrap align="center" width="max">&nbsp;</td>
 </tr>
 </table>
--- a/src/templates/login.html
+++ b/src/templates/login.html
@ -0,0 +1,67 @@
+<!-- INCLUDE include_header.html --> 
+
+
+<table width="100%" align="center" border="0" cellpadding="1" cellspacing="1" class="with_border">
+<!-- IF ISERROR="true" -->
+<tr>
+	<td width="100%" class="line1" align="center">
+	<br>
+		<font color="red"><h3>{ERROR_MSG}</h3></font>
+	<br>
+	</td>
+</tr>
+<!-- ENDIF ISERROR="true" -->
+<tr>
+	<td width="100%" class="line2" align="center">
+	<br>
+	<strong>{LN_LOGIN_DESCRIPTION}</strong>
+	<br><br>
+
+	<table width="250" cellpadding="0" cellspacing="0" border="0" align="center" class="with_border">
+	<tr>
+		<td colspan="10" align="center" valign="top" class="title">
+		<strong>{LN_LOGIN_TITLE}</strong></td>
+	</tr>
+	<tr>
+		<td align="center" class="line1">
+		<form action="login.php" method="post">
+			<table border="0" cellpadding="2" cellspacing="1">
+			<tr>
+				<td align="center"><b>{LN_LOGIN_USERNAME}</b></td>
+			</tr>
+			<tr>
+				<td align="center">
+				<input type="text" name="uname" size="14" maxlength="25" value="{uname}"></td>
+			</tr>
+			<tr>
+				<td align="center"><b>{LN_LOGIN_PASSWORD}</b></td>
+			</tr>
+			<tr>
+				<td align="center">
+				<input type="password" name="pass" size="14" maxlength="20" value="{pass}"></td>
+			</tr>
+<!--
+			<tr>
+				<td align="center">
+				<input type="checkbox" disabled value="1" name="rememberme" />{LN_LOGIN_SAVEASCOOKIE}</td>
+			</tr>
+-->
+			<tr>
+				<td align="center">
+					<input type="submit" value="Anmelden">
+					<input type="hidden" name="op" value="login">
+					<input type="hidden" name="url" value="{REDIR_LOGIN}">
+				</td>
+			</tr>
+			</table>
+		</form>
+		</td>
+	</tr>
+	</table>
+
+	<br><br>
+	</td>
+</tr>
+</table>
+
+<!-- INCLUDE include_footer.html -->