NuFW: scripts/auth_mysql/auth_mysql.php Source File

00001 <?php
00002 # Copyright 2007, INL
00003 # Written by Eric Leblond <eric@inl.fr>
00004 # $Id: auth_mysql.php 3751 2007-09-17 13:51:12Z regit $
00005 #
00006 # This program is free software; you can redistribute it and/or modify
00007 # it under the terms of the GNU General Public License as published by
00008 # the Free Software Foundation, version 3 of the License.
00009 #
00010 #  This program is distributed in the hope that it will be useful,
00011 # but WITHOUT ANY WARRANTY; without even the implied warranty of
00012 #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00013 # GNU General Public License for more details.
00014 #
00015 # You should have received a copy of the GNU General Public License
00016 # along with this program; if not, see <http://www.gnu.org/licenses/>.
00017 ?>
00018 <html>
00019 <head>
00020 <title>NuFW IP auth page</title>
00021 </head>
00022 <body>
00023 
00024 <H1>NuFW IP auth page</H1>
00025 <?php
00026 
00027 $link = mysql_connect("localhost","root","");
00028 if ($link != 0) {
00029         if (mysql_select_db("nulog", $link) == 0) {
00030                 die("Can't select database");
00031         }
00032 } else {
00033         die("Can't connect to db");
00034 }
00035 
00036 $straddr = $_SERVER['REMOTE_ADDR'];
00037 $ipaddr = pack("N4",0,0,0xffff,ip2long($straddr));
00038 
00039 $query = "SELECT username FROM ipauth_sessions WHERE ip_saddr='".$ipaddr."'";
00040 $result = mysql_query($query) or die("Query missed");
00041 if (mysql_num_rows($result) > 0) {
00042         $button_label = "Disconnect";
00043         $button_value = 1;
00044 } else {
00045         $button_label = "Connect";
00046         $button_value = 0;
00047 }
00048 
00049 $action_ok = FALSE;
00050 $username = "";
00051 
00052 if (array_key_exists("user",$_POST)) {
00053         /* do select to check password */
00054         if (! array_key_exists("password",$_POST)) {
00055                 die("No password provided");
00056         }
00057         $username = mysql_real_escape_string($_POST['user']);
00058         $password = mysql_real_escape_string($_POST['password']);
00059 
00060         $query = "SELECT username FROM userinfo WHERE username='$username' AND password=PASSWORD('$password')";
00061         $result = mysql_query($query) or die("Query missed");
00062         if (mysql_num_rows($result) == 1) {
00063                 $action_ok = TRUE;
00064         } else {
00065                 die("Bad guy, get out");
00066         }
00067 }
00068 
00069 if ($action_ok == TRUE and array_key_exists("sub", $_POST)) {
00070         echo "Operation in progress<br>";
00071         if ($_POST["sub"] == 1) {
00072                 echo "Deleting information from Database<br>";
00073                 $query = "DELETE FROM ipauth_sessions WHERE username='$username' AND ip_saddr='$ipaddr'";
00074                 $result = mysql_query($query) or die("Diconnect Query missed");
00075                 $button_label = "Connect";
00076                 $button_value = 0;
00077         } else {
00078                 echo "Inserting information to Database<br>";
00079                 $query = "INSERT INTO ipauth_sessions (ip_saddr, username) VALUES ('".$ipaddr."', '".$username."')";
00080                 $result = mysql_query($query) or die("Connect Query missed");
00081                 $button_label = "Disconnect";
00082                 $button_value = 1;
00083         }
00084 } 
00085 ?>
00086 
00087 <form target=self method=post>
00088 <p>
00089 Username: <input type=text name="user" >
00090 </p>
00091 <p>
00092 Password: <input type=password name="password">
00093 </p>
00094 <button type=submit name="sub" value="<?php echo $button_value; ?>" ><?php echo $button_label; ?></button>
00095 
00096 </form>
00097 
00098 </body>
00099 </html>