Context Navigation

Security.php @ 392

Visit:

Revision 392, 3.4 KB (checked in by plec_, 8 years ago)
Added Rikhardur Egillson patch for mysql and completed requireOwner
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`

Line
1	<?php
2	/********************************************************************\
3	* This program is free software; you can redistribute it and/or *
4	* modify it under the terms of the GNU General Public License as *
5	* published by the Free Software Foundation; either version 2 of *
6	* the License, or (at your option) any later version. *
7	* *
8	* This program is distributed in the hope that it will be useful, *
9	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
10	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
11	* GNU General Public License for more details. *
12	* *
13	* You should have received a copy of the GNU General Public License*
14	* along with this program; if not, contact: *
15	* *
16	* Free Software Foundation Voice: +1-617-542-5942 *
17	* 59 Temple Place - Suite 330 Fax: +1-617-542-2652 *
18	* Boston, MA 02111-1307, USA gnu@gnu.org *
19	* *
20	\********************************************************************/
21	/**@file Security.php
22	* @author Copyright (C) 2004 Technologies Coeus inc.
23	*/
24	require_once BASEPATH.'include/common.php';
25	require_once BASEPATH.'classes/Session.php';
26
27	/**
28	*/
29	class Security {
30	var $session;
31
32	function Security() {
33	$this->session = new Session();
34	}
35
36	/**
37	*/
38	function login($username, $hash) {
39	global $db;
40	$username = $db->EscapeString($username);
41	$hash = $db->EscapeString($hash);
42	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE (user_id='$username' OR email='$username') AND pass='$hash'", $user_info, false);
43	if (empty($user_info)) {
44	echo '<p class=error>'._("Your username and password do not match")."</p>\n";
45	exit;
46	} else {
47	/* Access granted */
48	$this->session->set(SESS_USERNAME_VAR, $username);
49	$this->session->set(SESS_PASSWORD_HASH_VAR, $hash);
50	}
51	}
52
53	function requireAdmin() {
54	global $db;
55	//$this->session->dump();
56	$user = $this->session->get(SESS_USERNAME_VAR);
57	$password_hash = $this->session->get(SESS_PASSWORD_HASH_VAR);
58
59	$db->ExecSqlUniqueRes("SELECT * FROM users NATURAL JOIN administrators WHERE (users.user_id='$user' OR email='$user') AND pass='$password_hash'", $user_info, false);
60	if (empty($user_info)) {
61	echo '<p class=error>'._("You do not have administrator privileges")."</p>\n";
62	exit;
63	} else {
64	/* Access granted */
65	//echo '<p class=error>'._("Access granted")."</p>\n";
66	}
67
68	}
69
70	function requireOwner($node_id) {
71	global $db;
72	//$this->session->dump();
73	$user = $this->session->get(SESS_USERNAME_VAR);
74	$password_hash = $this->session->get(SESS_PASSWORD_HASH_VAR);
75
76	$db->ExecSqlUniqueRes("SELECT * FROM users NATURAL JOIN node_owners WHERE (users.user_id='$user' OR email='$user') AND pass='$password_hash' AND node_owners.node_id='$node_id'", $user_info, false);
77	if(empty($user_info)) {
78	echo '<p class=error>'._("You do not have owner privileges")."</p>\n";
79	exit;
80	} else {
81	/* Access granted */
82	//echo '<p class=error>'._("Access granted")."</p>\n";
83	}
84	}
85
86	} /* end class Security */
87	?>

Note: See TracBrowser for help on using the browser.

Context Navigation

root/trunk/wifidog-auth/wifidog/classes/Security.php @ 392

Download in other formats: