Navigation

← Previous Changeset
Next Changeset →

Changeset 512

Timestamp:

03/28/05 14:49:53 (4 years ago)

Author:

benoitg

Message:

2005-03-28 Benoit Gr�goire <bock@step.polymtl.ca>

common.php: Add get_guid() function
validate_schema.php: New auto-upgrade script to allow autaumatic schema upgrade. Note that you must still update dump_initial_data_postgres.sh and use sync_sql_for_cvs.sh so new users aren't left in the cold.
New class Authenticator (and subclasses): Begin virtualizing the login process.

Files:

trunk/wifidog-auth/ChangeLog (modified) (1 diff)
trunk/wifidog-auth/sql/dump_initial_data_postgres.sh (modified) (1 diff)
trunk/wifidog-auth/wifidog/admin/hotspot.php (modified) (1 diff)
trunk/wifidog-auth/wifidog/admin/hotspot_owner.php (modified) (1 diff)
trunk/wifidog-auth/wifidog/admin/import_user_database.php (modified) (2 diffs)
trunk/wifidog-auth/wifidog/admin/owner_sendfiles.php (modified) (1 diff)
trunk/wifidog-auth/wifidog/admin/user_log.php (modified) (2 diffs)
trunk/wifidog-auth/wifidog/classes/Security.php (modified) (3 diffs)
trunk/wifidog-auth/wifidog/classes/Statistics.php (modified) (3 diffs)
trunk/wifidog-auth/wifidog/classes/User.php (modified) (10 diffs)
trunk/wifidog-auth/wifidog/config.php (modified) (2 diffs)
trunk/wifidog-auth/wifidog/include/common.php (modified) (3 diffs)
trunk/wifidog-auth/wifidog/include/common_interface.php (modified) (2 diffs)
trunk/wifidog-auth/wifidog/index.php (modified) (1 diff)
trunk/wifidog-auth/wifidog/login/index.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/wifidog-auth/ChangeLog

r510	r512
1	1	# $Header$
	2	2005-03-28 Benoit Gr�ire <bock@step.polymtl.ca>
	3	* common.php: Add get_guid() function
	4	* validate_schema.php: New auto-upgrade script to allow autaumatic schema upgrade. Note that you must still update dump_initial_data_postgres.sh and use sync_sql_for_cvs.sh so new users aren't left in the cold.
	5	* New class Authenticator (and subclasses): Begin virtualizing the login process.
	6
2	7	2005-03-24 Benoit Gr�ire <bock@step.polymtl.ca>
3	8	* Statistics.php: Fix getMostGreedyUsers returning bad values when incoming and outgoing for all connections from a user have null values.

trunk/wifidog-auth/sql/dump_initial_data_postgres.sh

r510	r512
3	3
4	4	echo "--- The default admin user, delete or change password as soon as possible. The password is admin "
5		echo "INSERT INTO users (user_id, ~~pass, email, account_status) VALUES (~~'admin', 'ISMvKXpXpadDiUoOSoAfww==', 'test_user_please@delete.me', 1, 'df16cc4b1d0975e267f3425eaac31950');";
	5	echo "INSERT INTO users (user_id, username, pass, email, account_status) VALUES ('admin_original_user_delete_me', 'admin', 'ISMvKXpXpadDiUoOSoAfww==', 'test_user_please@delete.me', 1, 'df16cc4b1d0975e267f3425eaac31950');";
6	6
7		echo "INSERT INTO administrators (user_id) VALUES ('admin');"
	7	echo "INSERT INTO administrators (user_id) VALUES ('admin_original_user_delete_me');"
8	8
9	9	pg_dump -a -D -t token_status

trunk/wifidog-auth/wifidog/admin/hotspot.php

r474	r512
28	28	require_once BASEPATH.'classes/User.php';
29	29
30		$user_id = $session->get(SESS_USER~~NAME~~_VAR);
	30	$user_id = $session->get(SESS_USER_ID_VAR);
31	31	$smarty->assign("user_id", $user_id); // DEBUG
32	32

trunk/wifidog-auth/wifidog/admin/hotspot_owner.php

r406	r512
30	30	require_once BASEPATH.'classes/User.php';
31	31
32		$user_id = $session->get(SESS_USER~~NAME~~_VAR);
	32	$user_id = $session->get(SESS_USER_ID_VAR);
33	33	$smarty->assign("user_id", $user_id); // DEBUG
34	34

trunk/wifidog-auth/wifidog/admin/import_user_database.php

r402	r512
158	158	{
159	159	$username_str = $db->EscapeString($username);
160		$db->ExecSqlUniqueRes("SELECT user~~_id FROM users WHERE user_id~~='$username_str'", $user_info_username, false);
	160	$db->ExecSqlUniqueRes("SELECT username FROM users WHERE username='$username_str'", $user_info_username, false);
161	161	if($user_info_username!=null)
162	162	{
…	…
174	174	$username = $db->EscapeString($username);
175	175	$email = $db->EscapeString($user['email']);
176		$sql = "INSERT INTO users (user_id,~~email,pass,account_status,validation_token,reg_date) VALUES (~~'$username','$email','$password_hash','{$status}','{$token}','{$reg_date}')";
	176	$sql = "INSERT INTO users (user_id, username,email,pass,account_status,validation_token,reg_date) VALUES ('".get_guid()."','$username','$email','$password_hash','{$status}','{$token}','{$reg_date}')";
177	177	$update_successful = $db->ExecSqlUpdate($sql);
178	178	if ($update_successful)

trunk/wifidog-auth/wifidog/admin/owner_sendfiles.php

r406	r512
38	38	require_once BASEPATH.'classes/User.php';
39	39
40		$user_id = $session->get(SESS_USER~~NAME~~_VAR);
	40	$user_id = $session->get(SESS_USER_ID_VAR);
41	41	$smarty->assign("user_id", $user_id); // DEBUG
42	42

trunk/wifidog-auth/wifidog/admin/user_log.php

r408	r512
52	52	$smarty->display("admin/templates/user_log_detailed.html");
53	53	} else {
54		$smarty->assign('sort_ids', array('user~~_id','email~~','reg_date'));
	54	$smarty->assign('sort_ids', array('username','reg_date'));
55	55	$smarty->assign('direction_ids', array('asc','desc'));
56	56
…	…
78	78	}
79	79
80		$db->ExecSql("SELECT user_id,~~email~~,reg_date,account_status FROM users ORDER BY $sort $direction LIMIT $per_page OFFSET $offset", $users_res);
	80	$db->ExecSql("SELECT user_id,username,reg_date,account_status FROM users ORDER BY $sort $direction LIMIT $per_page OFFSET $offset", $users_res);
81	81	if ($users_res) {
82	82	$smarty->assign("users_array", $users_res);

trunk/wifidog-auth/wifidog/classes/Security.php

r392	r512
36	36	/**
37	37	*/
38		function login($user~~name~~, $hash) {
	38	function login($user_id, $hash) {
39	39	global $db;
40		$user~~name = $db->EscapeString($username~~);
	40	$user_id = $db->EscapeString($user_id);
41	41	$hash = $db->EscapeString($hash);
42		$db->ExecSqlUniqueRes("SELECT * FROM users WHERE ~~(user_id='$username' OR email='$username') AND pass='$hash'", $user_info, fals~~e);
	42	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE user_id='$user_id' AND pass='$hash'", $user_info, true);
43	43	if (empty($user_info)) {
44		echo '<p class=error>'._("Your user~~name~~ and password do not match")."</p>\n";
	44	echo '<p class=error>'._("Your user_id and password do not match")."</p>\n";
45	45	exit;
46	46	} else {
47	47	/* Access granted */
48		$this->session->set(SESS_USER~~NAME_VAR, $username~~);
	48	$this->session->set(SESS_USER_ID_VAR, $user_id);
49	49	$this->session->set(SESS_PASSWORD_HASH_VAR, $hash);
50	50	}
…	…
54	54	global $db;
55	55	//$this->session->dump();
56		$user ~~= $this->session->get(SESS_USERNAME~~_VAR);
	56	$user_id = $this->session->get(SESS_USER_ID_VAR);
57	57	$password_hash = $this->session->get(SESS_PASSWORD_HASH_VAR);
58	58
59		$db->ExecSqlUniqueRes("SELECT * FROM users NATURAL JOIN administrators WHERE (users.user_id='$user~~' OR email='$user~~') AND pass='$password_hash'", $user_info, false);
	59	$db->ExecSqlUniqueRes("SELECT * FROM users NATURAL JOIN administrators WHERE (users.user_id='$user_id') AND pass='$password_hash'", $user_info, false);
60	60	if (empty($user_info)) {
61	61	echo '<p class=error>'._("You do not have administrator privileges")."</p>\n";
…	…
71	71	global $db;
72	72	//$this->session->dump();
73		$user = $this->session->get(SESS_USER~~NAME~~_VAR);
	73	$user = $this->session->get(SESS_USER_ID_VAR);
74	74	$password_hash = $this->session->get(SESS_PASSWORD_HASH_VAR);
75	75
76		$db->ExecSqlUniqueRes("SELECT * FROM users NATURAL JOIN node_owners WHERE (users.user_id='$user' ~~OR email='$user'~~) AND pass='$password_hash' AND node_owners.node_id='$node_id'", $user_info, false);
	76	$db->ExecSqlUniqueRes("SELECT * FROM users NATURAL JOIN node_owners WHERE (users.user_id='$user') AND pass='$password_hash' AND node_owners.node_id='$node_id'", $user_info, false);
77	77	if(empty($user_info)) {
78	78	echo '<p class=error>'._("You do not have owner privileges")."</p>\n";

trunk/wifidog-auth/wifidog/classes/Statistics.php

r510	r512
99	99	public static function getMostMobileUsers($limit) {
100	100	global $db;
101		$db->ExecSql("SELECT COUNT(DISTINCT node_id) AS num_hotspots_visited, user_id FROM users NATURAL JOIN connections WHERE (incoming!=0 OR outgoing!=0) GROUP BY user_id ORDER BY num_hotspots_visited DESC LIMIT $limit", $results, false);
	101	$db->ExecSql("SELECT COUNT(DISTINCT node_id) AS num_hotspots_visited, user_id, username, account_origin FROM users NATURAL JOIN connections WHERE (incoming!=0 OR outgoing!=0) GROUP BY user_id ORDER BY num_hotspots_visited DESC LIMIT $limit", $results, false);
102	102	return $results;
103	103	}
…	…
105	105	public static function getMostFrequentUsers($limit) {
106	106	global $db;
107		$db->ExecSql("SELECT COUNT(user_id) AS active_days, user_id ~~FROM (SELECT DISTINCT user_id, date_trunc('day', timestamp_in) AS date~~ FROM connections WHERE (incoming!=0 OR outgoing!=0) GROUP BY date,user_id) as user_active_days GROUP BY user_id ORDER BY active_days DESC LIMIT $limit",$results, false);
	107	$db->ExecSql("SELECT COUNT(user_id) AS active_days, user_id, username, account_origin FROM (SELECT DISTINCT user_id, date_trunc('day', timestamp_in) AS date, username, account_origin FROM connections WHERE (incoming!=0 OR outgoing!=0) GROUP BY date,user_id) as user_active_days GROUP BY user_id ORDER BY active_days DESC LIMIT $limit",$results, false);
108	108	return $results;
109	109	}
…	…
111	111	public static function getMostGreedyUsers($limit) {
112	112	global $db;
113		$db->ExecSql("SELECT DISTINCT user_id, SUM((incoming+outgoing)/1048576) AS total, SUM((incoming/1048576)) AS total_incoming, SUM((outgoing/1048576)) AS total_outgoing FROM connections WHERE incoming IS NOT NULL AND outgoing IS NOT NULL GROUP BY user_id ORDER BY total DESC limit $limit", $results, false);
	113	$db->ExecSql("SELECT DISTINCT user_id, SUM((incoming+outgoing)/1048576) AS total, SUM((incoming/1048576)) AS total_incoming, SUM((outgoing/1048576)) AS total_outgoing, username, account_origin FROM connections WHERE incoming IS NOT NULL AND outgoing IS NOT NULL GROUP BY user_id ORDER BY total DESC limit $limit", $results, false);
114	114	return $results;
115	115	}

trunk/wifidog-auth/wifidog/classes/User.php

r408	r512
25	25	require_once BASEPATH.'include/common.php';
26	26
27		/** Abstract a User. ~~A User is an actual physical transmitter.~~ */
	27	/** Abstract a User. */
28	28	class User {
29	29	private $mRow;
…	…
39	39	return $object;
40	40	}
41
42		~~/** Instantiate a user object~~
43		* @param $id The id of the requested user
44		* @return a User object, or null if there was an error
45		*/
46		~~static function getUserByEmail($id) {~~
47		~~$object = null;~~
48		~~$object = new self("email", $id);~~
49		~~return $object;~~
50		}
51	41
52	42	/** Create a new User in the database
…	…
54	44	* @return the newly created User object, or null if there was an error
55	45	*/
56		static function createUser($id, $email, $password) {
	46	static function createUser($id, $username, $account_origin, $email, $password) {
57	47	global $db;
58	48
59	49	$object = null;
60	50	$id_str = $db->EscapeString($id);
	51	$username_str = $db->EscapeString($username);
	52	$account_origin_str= $db->EscapeString($account);
61	53	$email_str = $db->EscapeString($email);
62	54	$password_hash = $db->EscapeString(User::passwordHash($password));
63	55	$status = ACCOUNT_STATUS_VALIDATION;
64	56	$token = User::generateToken();
65
66		$db->ExecSqlUpdate("INSERT INTO users (user_id,~~email,pass,account_status,validation_token,reg_date) VALUES ('$id~~_str','$email_str','$password_hash','$status','$token',NOW())");
67
	57
	58	$db->ExecSqlUpdate("INSERT INTO users (user_id,username, account_origin,email,pass,account_status,validation_token,reg_date) VALUES ('$id_str','$username_str','$account_origin_str','$email_str','$password_hash','$status','$token',NOW())");
	59
68	60	$object = new self('user_id', $id_str);
69	61	return $object;
70		}
71
72		/** @param $object_id The id of the user */
73		function __construct($~~field_id, $~~object_id) {
	62	}
	63
	64	/** @param $object_id The id of the user */
	65	function __construct($object_id) {
74	66	global $db;
75	67	$object_id_str = $db->EscapeString($object_id);
76		$sql = "SELECT * FROM users WHERE ~~{$field_id}~~='{$object_id_str}'";
	68	$sql = "SELECT * FROM users WHERE user_id='{$object_id_str}'";
77	69	$db->ExecSqlUniqueRes($sql, $row, false);
78	70	if ($row == null) {
79		~~throw new Exception(_("{$field_id}~~ '{$object_id_str}' could not be found in the database"));
	71	throw new Exception(_("user_id '{$object_id_str}' could not be found in the database"));
80	72	}
81	73	$this->mRow = $row;
…	…
83	75	}//End class
84	76
85		function get~~Name~~() {
	77	function getId() {
86	78	return $this->mId;
87	79	}
88
89		function getEmail() {
	80
	81	function getUsername() {
	82	return $this->mRow['username'];
	83	}
	84
	85	private function getEmail() {
90	86	return $this->mRow['email'];
91	87	}
92
93		function getPasswordHash() {
	88
	89	private function getPasswordHash() {
94	90	return $this->mRow['pass'];
95	91	}
96
	92
	93	/** Get the account status.
	94	* @return Possible values are listed in common.php
	95	*/
97	96	function getAccountStatus() {
98	97	return $this->mRow['account_status'];
99	98	}
100	99
	100	function setAccountStatus($status) {
	101	global $db;
	102
	103	$status_str = $db->EscapeString($status);
	104	if (!($update = $db->ExecSqlUpdate("UPDATE users SET account_status='{$status_str}' WHERE user_id='{$this->mId}'"))) {
	105	throw new Exception(_("Could not update status."));
	106	}
	107	$this->mRow['account_status'] = $status;
	108	}
	109
	110	/** Is the user valid? Valid means that the account is validated or hasn't exhausted it's validation period.
	111	$errmsg: Returs the reason why the account is or isn't valid */
	112	function isUserValid(&$errmsg=null)
	113	{
	114	$retval = false;
	115	$account_status=$this->getAccountStatus();
	116	if($account_status==ACCOUNT_STATUS_ALLOWED)
	117	{
	118	$retval=true;
	119	}
	120	else if($account_status==ACCOUNT_STATUS_VALIDATION)
	121	{
	122	$sql = "SELECT CASE WHEN ((NOW() - reg_date) > interval '".VALIDATION_GRACE_TIME." minutes') THEN true ELSE false END AS validation_grace_time_expired FROM users WHERE (user_id='{$this->mId}'";
	123	$db->ExecSqlUniqueRes($sql, $user_info, false);
	124
	125	if ($user_info['validation_grace_time_expired']=='t')
	126	{
	127	$errmsg = _("Sorry, your ").$validation_grace_time._(" minutes grace period to retrieve your email and validate your account has now expired. You will have to connect to the internet and validate your account from another location or create a new account. For help, please ") . '<a href="'.BASEPATH.'faq.php'.'">'. _("click here.") .'</a>';
	128	$retval=false;
	129	}
	130	else
	131	{
	132	$errmsg = _("Your account is currently valid.");
	133	$retval=true;
	134	}
	135	}
	136	else
	137	{
	138	$errmsg = _("Sorry, your account is not valid: ").$account_status_to_text[$account_status];
	139	$retval=false;
	140	}
	141	return $retval;
	142	}
	143
101	144	function getValidationToken() {
102	145	return $this->mRow['validation_token'];
103	146	}
104
	147
105	148	function getInfoArray() {
106	149	return $this->mRow;
107	150	}
108
	151
	152	/** Generate a token in the connection table so the user can actually use the internet
	153	@return true on success, false on failure
	154	*/
	155	function generateConnectionToken()
	156	{
	157	if($this->isUserValid())
	158	{
	159	global $db;
	160	$token=self::generateToken();
	161	if ($_SERVER['REMOTE_ADDR'])
	162	{
	163	$node_ip = $db->EscapeString($_SERVER['REMOTE_ADDR']);
	164	}
	165	if (isset($_REQUEST['gw_id']) && $_REQUEST['gw_id'])
	166	{
	167	$node_id = $db->EscapeString($_REQUEST['gw_id']);
	168	$db->ExecSqlUpdate("INSERT INTO connections (user_id, token, token_status, timestamp_in, node_id, node_ip, last_updated) VALUES ('".$this->getId()."', '$token', '" . TOKEN_UNUSED . "', NOW(), '$node_id', '$node_ip', NOW())",true);
	169	}
	170	$retval=true;
	171	}
	172	else
	173	{
	174	$retval=false;
	175	}
	176	return $retval;
	177	}
	178
109	179	function setPassword($password) {
110	180	global $db;
111
	181
112	182	$new_password_hash = $this->passwordHash($password);
113		if (!($update = $db->ExecSqlUpdate("UPDATE users SET pass='$new_password_hash' WHERE user_id='{$this->mId}'"))) {
114		throw new Exception(_("Could not change user's password."));
	183	if (!($update = $db->ExecSqlUpdate("UPDATE users SET pass='$new_password_hash' WHERE user_id='{$this->mId}'"))) {
	184	throw new Exception(_("Could not change user's password."));
115	185	}
116	186	$this->mRow['pass'] = $password;
117	187	}
118
	188
119	189	function getConnections() {
120	190	global $db;
121		$db->ExecSql("SELECT * FROM connections,nodes WHERE user_id='{$this->mId}' AND nodes.node_id=connections.node_id ORDER BY timestamp_in", $connections, false);
	191	$db->ExecSql("SELECT * FROM connections,nodes WHERE user_id='{$this->mId}' AND nodes.node_id=connections.node_id ORDER BY timestamp_in", $connections, false);
122	192	return $connections;
123	193	}
124
125		function setAccountStatus($status) {
126		global $db;
127
128		$status_str = $db->EscapeString($status);
129		if (!($update = $db->ExecSqlUpdate("UPDATE users SET account_status='{$status_str}' WHERE user_id='{$this->mId}'"))) {
130		throw new Exception(_("Could not update status."));
131		}
132		$this->mRow['account_status'] = $status;
133		}
	194
134	195
135	196	/** Return all the users
…	…
146	207
147	208	function sendLostUsername() {
148		$user~~_id = $this->getN~~ame();
	209	$username = $this->getUsername();
149	210	$subject = LOST_USERNAME_EMAIL_SUBJECT;
150	211	$from = "From: " . VALIDATION_EMAIL_FROM_ADDRESS;
…	…
153	214	You have requested that the authentication server send you your username:
154	215
155		Username: $user~~_id~~
	216	Username: $username
156	217
157	218	Have a nice day,
…	…
196	257	$this->setPassword($new_password);
197	258
198		$user~~_id = $this->getN~~ame();
	259	$username = $this->getUsername();
199	260
200	261	$subject = LOST_PASSWORD_EMAIL_SUBJECT;
…	…
203	264	You have requested that the authentication server send you a new password:
204	265
205		Username: $user~~_id~~
	266	Username: $username
206	267	Password: $new_password
207	268
…	…
214	275	}
215	276
216		function userExists($id) {
	277	static function userExists($id) {
217	278	global $db;
218	279	$id_str = $db->EscapeString($id);
…	…
258	319	}
259	320
260		~~/** Returns the hash of the password suitable for storing or comparing in the database.~~
261		* @return The 32 character hash.
262		*/
263		~~public static function passwordHash($password) {~~
264		~~return base64_encode(pack("H*", md5($password)));~~
265		}
266
267	321	}// End class
268	322	?>

trunk/wifidog-auth/wifidog/config.php

r505	r512
7	7	*
8	8	* $Log$
	9	* Revision 1.22 2005/03/28 19:49:52 benoitg
	10	* 2005-03-28 Benoit Gr�ire <bock@step.polymtl.ca>
	11	* * common.php: Add get_guid() function
	12	* * validate_schema.php: New auto-upgrade script to allow autaumatic schema upgrade. Note that you must still update dump_initial_data_postgres.sh and use sync_sql_for_cvs.sh so new users aren't left in the cold.
	13	* * New class Authenticator (and subclasses): Begin virtualizing the login process.
	14	*
9	15	* Revision 1.21 2005/03/17 03:57:39 masham
10	16	* * use __FILE__ to resolve location of local.config
…	…
123	129	define('LOCAL_CONTENT_REL_PATH', 'local_content/');//Path to the directory containing the different node specific directories. Relative to BASE_URL_PATH
124	130
	131	/* Authentication sources section */
	132	define('LOCAL_USER_ACCOUNT_ORIGIN', 'LOCAL_USER');
	133	require_once BASEPATH.'classes/AuthenticatorLocalUser.php';
	134
	135	/* The array index for the source must match the account_origin in the user table */
	136	$AUTH_SOURCE_ARRAY[LOCAL_USER_ACCOUNT_ORIGIN]=array(
	137	'name'=>HOTSPOT_NETWORK_NAME,
	138	'authenticator'=>new AuthenticatorLocalUser(LOCAL_USER_ACCOUNT_ORIGIN));
	139
	140
	141
125	142	/These are the file names of the different templates that can be put in the CONTENT_PATH/(node_id)/ folders /
126	143	define('STYLESHEET_NAME', 'stylesheet.css');

trunk/wifidog-auth/wifidog/include/common.php

r497	r512
4	4	require_once BASEPATH.'classes/AbstractDb.php';
5	5	require_once BASEPATH.'classes/Session.php';
6
	6	require_once BASEPATH.'include/schema_validate.php';
7	7	global $db;
8	8	$db = new AbstractDb();
9
	9	validate_schema();
10	10	/* Gettext support */
11	11	if(!function_exists ('gettext'))
…	…
60	60
61	61	define('SESS_USERNAME_VAR', 'SESS_USERNAME');
	62	define('SESS_USER_ID_VAR', 'SESS_USER_ID');
62	63	define('SESS_PASSWORD_HASH_VAR', 'SESS_PASSWORD_HASH');
63	64	define('SESS_ORIGINAL_URL_VAR', 'SESS_ORIGINAL_URL');
…	…
159	160	return $retval;
160	161	}
	162
	163	/** Return a 32 byte guid valid for database use */
	164	function get_guid()
	165	{
	166	return md5(uniqid(rand(), true));
	167	}
	168
161	169	?>

trunk/wifidog-auth/wifidog/include/common_interface.php

r399	r512
32	32	require_once BASEPATH.'classes/Statistics.php';
33	33	require_once BASEPATH.'classes/SmartyWifidog.php';
	34	require_once BASEPATH.'classes/User.php';
34	35
35	36	$smarty = new SmartyWifidog;
…	…
39	40	require_once BASEPATH.'include/language.php';
40	41
41		$smarty->assign("auth_user", $session->get(SESS_USERNAME_VAR));
	42	try
	43	{
	44	$current_user = new User($session->get(SESS_USER_ID_VAR));
	45	$smarty->assign("auth_user", $current_user->getUsername());
	46	}
	47	catch (Exception $e)
	48	{
	49	;
	50	}
	51
42	52	?>

trunk/wifidog-auth/wifidog/index.php

r402	r512
28	28
29	29	require_once BASEPATH.'classes/Node.php';
30
	30	//print_r($_SESSION);
31	31	$smarty->assign("num_valid_users", $stats->getNumValidUsers());
32	32	$smarty->assign("num_online_users", $stats->getNumOnlineUsers($node_id = null));

trunk/wifidog-auth/wifidog/login/index.php

r496	r512
32	32
33	33	if (!empty($_REQUEST['url'])) {
34		$session->set(SESS_ORIGINAL_URL_VAR, $_REQUEST['url']);
35		}
	34	$session->set(SESS_ORIGINAL_URL_VAR, $_REQUEST['url']);
	35	}
36	36
37		if (!empty($_REQUEST['username']) && !empty($_REQUEST['password'])) {
38		$security = new Security();
	37	if (!empty($_REQUEST['username']) && !empty($_REQUEST['password']))
	38	{
	39	$errmsg='';
39	40	$username = $db->EscapeString($_REQUEST['username']);
40		$password_hash = User::passwordHash($_REQUEST['password']);
41		$db->ExecSqlUniqueRes("SELECT *, CASE WHEN ((NOW() - reg_date) > interval '".VALIDATION_GRACE_TIME." minutes') THEN true ELSE false END AS validation_grace_time_expired FROM users WHERE (user_id='$username' OR email='$username') AND pass='$password_hash'", $user_info, false);
42
43		if ($user_info != null) {
44		if (($user_info['account_status'] == ACCOUNT_STATUS_VALIDATION) && ($user_info['validation_grace_time_expired']=='t')) {
45		$validation_grace_time = VALIDATION_GRACE_TIME;
46		$smarty->assign("error", _("Sorry, your ").$validation_grace_time._(" minutes grace period to retrieve your email and validate your account has now expired. You will have to connect to the internet and validate your account from another location or create a new account. For help, please ") . '<a href="'.BASEPATH.'faq.php'.'">'. _("click here.") .'</a>');
47		} else {
48		$token = User::generateToken();
49		if ($_SERVER['REMOTE_ADDR']) {
50		$node_ip = $db->EscapeString($_SERVER['REMOTE_ADDR']);
51		}
52		if (isset($_REQUEST['gw_id']) && $_REQUEST['gw_id']) {
53		$node_id = $db->EscapeString($_REQUEST['gw_id']);
54		$db->ExecSqlUpdate("INSERT INTO connections (user_id, token, token_status, timestamp_in, node_id, node_ip, last_updated) VALUES ('{$user_info['user_id']}', '$token', '" . TOKEN_UNUSED . "', NOW(), '$node_id', '$node_ip', NOW())");
55		}
56
57		$security->login($username, $password_hash);
58		if (isset($_REQUEST['gw_address']) && isset($_REQUEST['gw_port'])) {
59		header("Location: http://" . $_REQUEST['gw_address'] . ":" . $_REQUEST['gw_port'] . "/wifidog/auth?token=$token");
60		} else {
61		/* Virtual login */
62		header("Location: ".BASE_NON_SSL_PATH);
63		}
64		exit;
65		}
66		} else {
67		$user_info = null;
68		/* This is only used to discriminate if the problem was a non-existent user of a wrong password. */
69		$db->ExecSqlUniqueRes("SELECT * FROM users WHERE user_id='$username' OR email='$username'", $user_info, false);
70		if ($user_info == null) {
71		$smarty->assign("error", _('Unknown username or email'));
72		} else {
73		$smarty->assign("error", _('Incorrect password (Maybe you have CAPS LOCK on?)'));
74		}
75		}
76		}
	41	//print_r($AUTH_SOURCE_ARRAY);
	42	$user=$AUTH_SOURCE_ARRAY[0]['authenticator']->login($_REQUEST['username'], $_REQUEST['password'],$errmsg);
	43	if ($user != null)
	44	{
	45	if (isset($_REQUEST['gw_address']) && isset($_REQUEST['gw_port']))
	46	{
	47	$token = $user->generateConnectionToken();
	48	header("Location: http://" . $_REQUEST['gw_address'] . ":" . $_REQUEST['gw_port'] . "/wifidog/auth?token=$token");
	49	}
	50	else
	51	{
	52	/* Virtual login */
	53	header("Location: ".BASE_NON_SSL_PATH);
	54	}
	55	exit;
	56	}
	57	else
	58	{
	59	$smarty->assign("error", $errmsg);
	60	}
	61	}
	62	else
	63	{
	64
	65	$smarty->assign("error", _('Your must specify your username and password'));
	66	}
77	67
78	68	if (isset($_REQUEST['gw_id'])) {
79		$smarty->assign("gw_id", $_REQUEST['gw_id']);
	69	$smarty->assign("gw_id", $_REQUEST['gw_id']);
80	70
81		try {
82		$node = Node::getNode($db->EscapeString(CURRENT_NODE_ID));
83		$smarty->assign('hotspot_name', $node->getName());
84		} catch (Exception $e) {
85		$smarty->assign("error", $e->getMessage());
86		$smarty->display("templates/generic_error.html");
87		exit;
88		}
89		} else {
90		/* Gateway ID is not set... Virtual login */
91		$smarty->display("templates/login_virtual.html");
	71	try {
	72	$node = Node::getNode($db->EscapeString(CURRENT_NODE_ID));
	73	$smarty->assign('hotspot_name', $node->getName());
	74	} catch (Exception $e) {
	75	$smarty->assign("error", $e->getMessage());
	76	$smarty->display("templates/generic_error.html");
92	77	exit;
93		}
	78	}
	79	} else {
	80	/* Gateway ID is not set... Virtual login */
	81	$smarty->display("templates/login_virtual.html");
	82	exit;
	83	}
94	84
95	85	isset($_REQUEST["username"]) && $smarty->assign('username', $_REQUEST["username"]);

Navigation

Changeset 512

Legend:

Download in other formats: