NuFW: scripts/auth_mysql/authmysql/index.php Source File

00001 <?php
00002 
00003 // Configuration
00004 
00005 $ipv6_schema=1;
00006 
00007 $address='localhost';
00008 $user='nufwuser';
00009 $password='nufwpasswd';
00010 $database='nufwdb';
00011 $ssl=0;
00012 $cacert=NULL;
00013 
00014 $netmask_check=1;       /* WARNING: if you set this and ipv6_schema is 1 then
00015                                          * you must have declared 'check_net' function. */
00016 
00017 // Assertions
00018 
00019 require_once('pages/authentication.php');
00020 require_once('pages/authentication_error.php');
00021 require_once('pages/authentication_success.php');
00022 
00023 // Utility Functions
00024 
00025 function MySQL_is_ipv4($ip)
00026 {
00027         if ( $ip==long2ip(ip2long($ip)))
00028                 return 1;
00029         else
00030                 return 0;
00031 }
00032 
00033 function MySQL_ip2sql($ip)
00034 {
00035         global $ipv6_schema;
00036         if ( $ipv6_schema ) {
00037                 if ( MySQL_is_ipv4($ip) )
00038                         $ip= "::ffff:".$ip;
00039                 $ip=unpack("H32", inet_pton($ip));
00040                 $ip = "0x".$ip[1];
00041         } else {
00042                 $ip = sprintf("%u",ip2long(preg_replace("/\s+/","",$ip)));
00043         }
00044         return $ip;
00045 }
00046 
00047 // Main
00048 
00049 
00050 // Connect to MySQL database
00051 if(!extension_loaded('mysqli')) 
00052 {
00053         if (preg_match('/windows/i', getenv('OS'))) 
00054         {
00055                 if(FALSE==dl('php_mysqli.dll'))
00056                         return -1;
00057         }
00058         else 
00059         {
00060                 if(FALSE==dl('mysqli.so'))
00061                         return -1;
00062         }
00063 }
00064 
00065 $MySQL_fd = mysqli_init();
00066 
00067 if ($ssl && !$MySQL_fd->ssl_set(NULL,NULL,$cacert,NULL,NULL))
00068         return -1;
00069 if ( !$MySQL_fd->real_connect($address,$user,$password,$database) )
00070         return -1;
00071 
00072 // is user connected?
00073 if ($netmask_check) { // with netmask check
00074         if ($ipv6_schema)
00075                 $query="SELECT user_id,username,no_logout FROM ipauth_sessions WHERE check_net(ip_saddr, ".MySQL_ip2sql($_SERVER['REMOTE_ADDR']).", netmask) AND (end_time is NULL OR end_time > NOW()) LIMIT 1;";
00076         else
00077                 $query="SELECT user_id,username,no_logout FROM ipauth_sessions WHERE ip_saddr = (".MySQL_ip2sql($_SERVER['REMOTE_ADDR'])." & netmask) AND (end_time is NULL OR end_time > NOW()) LIMIT 1;";
00078 } else // without netmask check
00079         $query="SELECT user_id,username,no_logout FROM ipauth_sessions WHERE ip_saddr=".MySQL_ip2sql($_SERVER['REMOTE_ADDR'])." LIMIT 1;";
00080         
00081 $res=$MySQL_fd->query($query);
00082         
00083 $userinfo=$res->fetch_row();
00084 if($userinfo!=NULL)
00085 {
00086         // Connected User
00087         if (isset($_GET['logout']) && $userinfo[2]=="n")
00088         {
00089                 // User wants to log out
00090                 // Disconnect user
00091                 $res=$MySQL_fd->query("DELETE FROM ipauth_sessions WHERE user_id=".$userinfo[0]." and ip_saddr=".MySQL_ip2sql($_SERVER['REMOTE_ADDR']).";");
00092                 $res=$MySQL_fd->query("UPDATE users SET end_time=NOW() WHERE user_id=".$userinfo[0]." and ip_saddr=".MySQL_ip2sql($_SERVER['REMOTE_ADDR']).";");
00093                 Util_PrintAuthentication();
00094         }
00095         else
00096         {
00097                 // User in connected mode
00098                 Util_PrintAuthenticationSuccess($userinfo[1],$userinfo[2]=="n" ? 1 : 0);
00099         }
00100 }
00101 else
00102 {
00103         // Anonymous User
00104         if (isset($_POST['login']))
00105         {
00106                 // User want to log in
00107                 // Authenticate user
00108                 $res=$MySQL_fd->query("SELECT uid FROM userinfo WHERE username='".$MySQL_fd->real_escape_string($_POST['username'])."' AND password=PASSWORD('".$MySQL_fd->real_escape_string($_POST['password'])."') LIMIT 1;");
00109                 $row=$res->fetch_row();
00110                 if($row!=NULL)
00111                 {
00112                         // User Login
00113                         // Account user
00114                         $res=$MySQL_fd->query("INSERT INTO ipauth_sessions(user_id,username,ip_saddr,start_time,end_time) VALUES(".$row[0].",'".$MySQL_fd->real_escape_string($_POST['username'])."',".MySQL_ip2sql($_SERVER['REMOTE_ADDR']).",NOW(),NULL);");
00115                         $res=$MySQL_fd->query("INSERT INTO users(user_id,username,ip_saddr,start_time,end_time) VALUES(".$row[0].",'".$MySQL_fd->real_escape_string($_POST['username'])."',".MySQL_ip2sql($_SERVER['REMOTE_ADDR']).",NOW(),NULL);");
00116                         Util_PrintAuthenticationSuccess($_POST['username'],0);
00117                 }
00118                 else
00119                 {
00120                         // Login Error
00121                         Util_PrintAuthenticationError();
00122                 }
00123         }
00124         else
00125         {
00126                 // Anonymous
00127                 Util_PrintAuthentication();
00128         }
00129 }
00130 $MySQL_fd->close();
00131 ?>