imacat/selima-perl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
78739bf7250761bea2c93e743020d2b5e7424d4f
selima-perl/lib/php/monica/login.inc.php
依瑪貓 78739bf725 Initial commit.
2026-03-10 21:31:43 +08:00

210 lines
6.2 KiB
PHP
Raw Blame History

<?php
// File name: login.inc.php
// Description: PHP subroutines to handle user logins
// Date: 2002-11-13
// Author: imacat <imacat@pristine.com.tw>
// Copyright: Copyright (C) 2002-2007 Pristine Communications
// Set the include path
if (!defined("INCPATH_SET")) {
require_once dirname(__FILE__) . "/incpath.inc.php";
}
// Referenced subroutines
require_once "monica/cgiemu.inc.php";
require_once "monica/chkpriv.inc.php";
require_once "monica/encrypt.inc.php";
require_once "monica/getlang.inc.php";
require_once "monica/guest.inc.php";
require_once "monica/http.inc.php";
require_once "monica/lninfo.inc.php";
require_once "monica/logout.inc.php";
require_once "monica/scptpriv.inc.php";
require_once "monica/sql.inc.php";
require_once "monica/userhome.inc.php";
require_once "monica/usrconst.inc.php";
if (!defined("REMEMBER_COOKIE")) {
define("REMEMBER_COOKIE", "qySxnXvjNxv0aDAs");
}
if (!defined("FAILURE_DELAY")) {
define("FAILURE_DELAY", 5);
}
// use_users: Use user/membership system
function use_users()
{
// Cache the result
static $cache;
// Return the cache
if (isset($cache)) {
return $cache;
}
// Find in the available tables
$cache = in_array("users", sql_tables());
return $cache;
}
// userinfo_url: The URL to update the user information
function userinfo_url()
{
// Cache the result
static $cache;
// Return the cache
if (isset($cache)) {
return $cache;
}
$is_admin = is_guest()? is_admin_script(): is_admin();
if ($is_admin) {
$args = array();
$args[] = "form=cur";
$args[] = "sn=" . urlencode(get_login_sn());
$cache = userhome() . "users.php?" . implode("&", $args);
} else {
$cache = userhome() . "myinfo.php";
}
return $cache;
}
// get_login_sn: Obtain the user serial number or the current logged-in user
function get_login_sn()
{
return isset($_SESSION) && array_key_exists("usersn", $_SESSION)?
$_SESSION["usersn"]: null;
}
// get_login_id: Obtain the user ID. of the current logged-in user
function get_login_id()
{
return isset($_SESSION) && array_key_exists("userid", $_SESSION)?
$_SESSION["userid"]: null;
}
// get_login_name: Obtain the full name of the current logged-in user
function get_login_name()
{
return isset($_SESSION) && array_key_exists("username", $_SESSION)?
$_SESSION["username"]: null;
}
// get_login_groups: Obtain the groups of the current logged-in user
function get_login_groups()
{
return isset($_SESSION) && array_key_exists("groups", $_SESSION)?
$_SESSION["groups"]: array();
}
// upd_login_info: Update the logged-in infomation
function upd_login_info()
{
// Return if not logged-in from the web yet
if (IS_CGI && is_null(get_login_sn())) {
return;
}
// Lock the necessary tables
$locks = array("users" => LOCK_EX, "groups" => LOCK_SH, "usermem" => LOCK_SH, "groupmem" => LOCK_SH);
sql_lock($locks);
// Begin the SQL transaction
sql_begin();
// Lock the necessary tables
$locks = array("users" => LOCK_EX, "groups" => LOCK_SH, "usermem" => LOCK_SH, "groupmem" => LOCK_SH);
sql_lock($locks);
// Web applications save the login information in session as user S/N
if (IS_CGI) {
// Fetch the user infomation
$found = false;
if (!preg_match("/^[1-9]\d{8}$/", get_login_sn())) {
$found = false;
} else {
$select = "SELECT * FROM users"
. " WHERE sn=" . get_login_sn() . ";\n";
$result = sql_query($select);
$found = (sql_num_rows($result) == 1);
}
// User does not exist anymore
if (!$found) {
logout();
if ($_SERVER["REQUEST_METHOD"] == "POST") {
http_303("/" . getlang(LN_FILENAME) . "/misc/loginchanged.html");
} else {
http_307("/" . getlang(LN_FILENAME) . "/misc/loginchanged.html");
}
// No need to return
exit;
}
// Act as the current user on the console
} else {
$pwent = posix_getpwuid(posix_geteuid());
// Password entry is gone for this user
if ($pwent === false) {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
http_303("/" . getlang(LN_FILENAME) . "/misc/loginchanged.html");
} else {
http_307("/" . getlang(LN_FILENAME) . "/misc/loginchanged.html");
}
}
$userid = $pwent["name"];
// Fetch the user infomation
$select = "SELECT * FROM users"
. " WHERE id='" . sql_esctext($userid) . "';\n";
$result = sql_query($select);
// This user is not in the list of the users for the current package
if (sql_num_rows($result) != 1) {
http_403();
}
}
$row = sql_fetch_assoc($result);
// Remember the user
if (array_key_exists("remember", $_SESSION)) {
// Remember me
if ($_SESSION["remember"]) {
setcookie(REMEMBER_COOKIE, encrypt($row["id"]), time() + 86400 * 365, "/");
// Forget me
} else {
setcookie(REMEMBER_COOKIE, "", time() - 1, "/");
}
unset($_SESSION["remember"]);
// Update the remembered user ID
} elseif (array_key_exists(REMEMBER_COOKIE, $_COOKIE)
&& decrypt($_COOKIE[REMEMBER_COOKIE]) !== $row["id"]) {
setcookie(REMEMBER_COOKIE, encrypt($row["id"]), time() + 86400 * 365, "/");
}
// Update the user ID and full name
$_SESSION["usersn"] = $row["sn"];
$_SESSION["userid"] = $row["id"];
$_SESSION["username"] = $row["name"];
// Update the preferred language
$lang = getlang();
if ($row["lang"] != $lang) {
$update = "UPDATE users SET lang='" . sql_esctext($lang) . "'"
. " WHERE sn=" . get_login_sn() . ";\n";
sql_query($update);
}
// Update the groups
$_SESSION["groups"] = user_parent_groups(get_login_sn());
$_SESSION["guest"] = in_array(GUEST_GROUP, $_SESSION["groups"]);
$_SESSION["admin"] = in_array(ADMIN_GROUP, $_SESSION["groups"]);
// Commit the SQL transaction
sql_commit();
// Unlock the previously locked SQL tables
sql_lock();
return;
}
?>
Reference in New Issue View Git Blame Copy Permalink