From a3a5525150547777dc707e60d13d90b60342b7d8 Mon Sep 17 00:00:00 2001
From: Denis Walker <dez@sucs.org>
Date: Tue, 27 Nov 2007 17:08:07 +0000
Subject: [PATCH] Adds support for database authentication
---
components/front.php | 4 +-
database.sql | 192 +++++++++++++++++++++++++++++++------------
htdocs/index.php | 22 ++++-
lib/session.php | 140 ++++++++++++++++++-------------
settingstemplate | 15 ++++
5 files changed, 257 insertions(+), 116 deletions(-)
diff --git a/components/front.php b/components/front.php
index e11783f..469d730 100644
--- a/components/front.php
+++ b/components/front.php
@@ -11,9 +11,9 @@ if (!$session->loggedin) {
$output = "<div class=\"cbb\"><h3>You are logged in</h3><p>If you would like to contribute to the site or report a bug, please contact chckens or dez.</p></div>";
//include('users.php');
//$output .= $result;
-include('planetposts.php');
+//include('planetposts.php');
$output .= $result;
-include('forumposts.php');
+//include('forumposts.php');
$output .= $result;
}
diff --git a/database.sql b/database.sql
index 66f5f99..b8952fb 100644
--- a/database.sql
+++ b/database.sql
@@ -37,7 +37,7 @@ SELECT pg_catalog.setval(pg_catalog.pg_get_serial_sequence('acctype', 'id'), 5,
--
--- Name: awards; Type: TABLE; Schema: public; Owner: chckens; Tablespace:
+-- Name: awards; Type: TABLE; Schema: public; Owner: dez; Tablespace:
--
CREATE TABLE awards (
@@ -51,14 +51,14 @@ CREATE TABLE awards (
--
--- Name: awards_id_seq; Type: SEQUENCE SET; Schema: public; Owner: chckens
+-- Name: awards_id_seq; Type: SEQUENCE SET; Schema: public; Owner: dez
--
SELECT pg_catalog.setval(pg_catalog.pg_get_serial_sequence('awards', 'id'), 25, true);
--
--- Name: bookcategories; Type: TABLE; Schema: public; Owner: chckens; Tablespace:
+-- Name: bookcategories; Type: TABLE; Schema: public; Owner: dez; Tablespace:
--
CREATE TABLE bookcategories (
@@ -68,14 +68,14 @@ CREATE TABLE bookcategories (
--
--- Name: bookcategories_id_seq; Type: SEQUENCE SET; Schema: public; Owner: chckens
+-- Name: bookcategories_id_seq; Type: SEQUENCE SET; Schema: public; Owner: dez
--
SELECT pg_catalog.setval(pg_catalog.pg_get_serial_sequence('bookcategories', 'id'), 7, true);
--
--- Name: books; Type: TABLE; Schema: public; Owner: arthur; Tablespace:
+-- Name: books; Type: TABLE; Schema: public; Owner: dez; Tablespace:
--
CREATE TABLE books (
@@ -96,7 +96,7 @@ CREATE TABLE books (
--
--- Name: books_id_seq; Type: SEQUENCE; Schema: public; Owner: arthur
+-- Name: books_id_seq; Type: SEQUENCE; Schema: public; Owner: dez
--
CREATE SEQUENCE books_id_seq
@@ -105,15 +105,16 @@ CREATE SEQUENCE books_id_seq
NO MINVALUE
CACHE 1;
+
--
--- Name: books_id_seq; Type: SEQUENCE SET; Schema: public; Owner: arthur
+-- Name: books_id_seq; Type: SEQUENCE SET; Schema: public; Owner: dez
--
SELECT pg_catalog.setval('books_id_seq', 148, true);
--
--- Name: booktags; Type: TABLE; Schema: public; Owner: chckens; Tablespace:
+-- Name: booktags; Type: TABLE; Schema: public; Owner: dez; Tablespace:
--
CREATE TABLE booktags (
@@ -123,7 +124,7 @@ CREATE TABLE booktags (
--
--- Name: events; Type: TABLE; Schema: public; Owner: chckens; Tablespace:
+-- Name: events; Type: TABLE; Schema: public; Owner: dez; Tablespace:
--
CREATE TABLE events (
@@ -135,14 +136,14 @@ CREATE TABLE events (
--
--- Name: events_id_seq; Type: SEQUENCE SET; Schema: public; Owner: chckens
+-- Name: events_id_seq; Type: SEQUENCE SET; Schema: public; Owner: dez
--
SELECT pg_catalog.setval(pg_catalog.pg_get_serial_sequence('events', 'id'), 1, false);
--
--- Name: games; Type: TABLE; Schema: public; Owner: chckens; Tablespace:
+-- Name: games; Type: TABLE; Schema: public; Owner: dez; Tablespace:
--
CREATE TABLE games (
@@ -153,7 +154,7 @@ CREATE TABLE games (
--
--- Name: games_id_seq; Type: SEQUENCE SET; Schema: public; Owner: chckens
+-- Name: games_id_seq; Type: SEQUENCE SET; Schema: public; Owner: dez
--
SELECT pg_catalog.setval(pg_catalog.pg_get_serial_sequence('games', 'id'), 5, true);
@@ -182,7 +183,7 @@ SELECT pg_catalog.setval(pg_catalog.pg_get_serial_sequence('menu', 'id'), 37, tr
--
--- Name: news; Type: TABLE; Schema: public; Owner: chckens; Tablespace:
+-- Name: news; Type: TABLE; Schema: public; Owner: dez; Tablespace:
--
CREATE TABLE news (
@@ -198,14 +199,14 @@ CREATE TABLE news (
--
--- Name: news_id_seq; Type: SEQUENCE SET; Schema: public; Owner: chckens
+-- Name: news_id_seq; Type: SEQUENCE SET; Schema: public; Owner: dez
--
SELECT pg_catalog.setval(pg_catalog.pg_get_serial_sequence('news', 'id'), 13, true);
--
--- Name: pagemap; Type: TABLE; Schema: public; Owner: arthur; Tablespace:
+-- Name: pagemap; Type: TABLE; Schema: public; Owner: dez; Tablespace:
--
CREATE TABLE pagemap (
@@ -217,7 +218,7 @@ CREATE TABLE pagemap (
--
--- Name: pagemap_id_seq; Type: SEQUENCE SET; Schema: public; Owner: arthur
+-- Name: pagemap_id_seq; Type: SEQUENCE SET; Schema: public; Owner: dez
--
SELECT pg_catalog.setval(pg_catalog.pg_get_serial_sequence('pagemap', 'id'), 34, true);
@@ -239,7 +240,7 @@ CREATE TABLE pastebin (
--
--- Name: pastebin_comment; Type: TABLE; Schema: public; Owner: arthur; Tablespace:
+-- Name: pastebin_comment; Type: TABLE; Schema: public; Owner: dez; Tablespace:
--
CREATE TABLE pastebin_comment (
@@ -277,7 +278,7 @@ SELECT pg_catalog.setval(pg_catalog.pg_get_serial_sequence('redirect', 'id'), 18
--
--- Name: session; Type: TABLE; Schema: public; Owner: arthur; Tablespace:
+-- Name: session; Type: TABLE; Schema: public; Owner: dez; Tablespace:
--
CREATE TABLE "session" (
@@ -328,6 +329,17 @@ CREATE TABLE static (
SELECT pg_catalog.setval(pg_catalog.pg_get_serial_sequence('static', 'id'), 55, true);
+--
+-- Name: users; Type: TABLE; Schema: public; Owner: dez; Tablespace:
+--
+
+CREATE TABLE users (
+ username text NOT NULL,
+ realname text,
+ "password" text
+);
+
+
--
-- Data for Name: acctype; Type: TABLE DATA; Schema: public; Owner: dez
--
@@ -342,7 +354,7 @@ COPY acctype (id, description) FROM stdin;
--
--- Data for Name: awards; Type: TABLE DATA; Schema: public; Owner: chckens
+-- Data for Name: awards; Type: TABLE DATA; Schema: public; Owner: dez
--
COPY awards (id, username, score, whn, who, why) FROM stdin;
@@ -350,22 +362,15 @@ COPY awards (id, username, score, whn, who, why) FROM stdin;
--
--- Data for Name: bookcategories; Type: TABLE DATA; Schema: public; Owner: chckens
+-- Data for Name: bookcategories; Type: TABLE DATA; Schema: public; Owner: dez
--
COPY bookcategories (id, name) FROM stdin;
-1 Programming
-2 World Wide Web
-3 Unix and Linux
-4 Maths
-5 Prolog
-6 Java
-7 Databases
\.
--
--- Data for Name: books; Type: TABLE DATA; Schema: public; Owner: arthur
+-- Data for Name: books; Type: TABLE DATA; Schema: public; Owner: dez
--
COPY books (id, title, author, keywords, comments, onloan, loandate, publisher, loanwho, got, isbn, amazon_data, image_url) FROM stdin;
@@ -373,7 +378,7 @@ COPY books (id, title, author, keywords, comments, onloan, loandate, publisher,
--
--- Data for Name: booktags; Type: TABLE DATA; Schema: public; Owner: chckens
+-- Data for Name: booktags; Type: TABLE DATA; Schema: public; Owner: dez
--
COPY booktags (bookid, tag) FROM stdin;
@@ -381,7 +386,7 @@ COPY booktags (bookid, tag) FROM stdin;
--
--- Data for Name: events; Type: TABLE DATA; Schema: public; Owner: chckens
+-- Data for Name: events; Type: TABLE DATA; Schema: public; Owner: dez
--
COPY events (id, name, "location", whn) FROM stdin;
@@ -389,7 +394,7 @@ COPY events (id, name, "location", whn) FROM stdin;
--
--- Data for Name: games; Type: TABLE DATA; Schema: public; Owner: chckens
+-- Data for Name: games; Type: TABLE DATA; Schema: public; Owner: dez
--
COPY games (id, name, connect) FROM stdin;
@@ -436,7 +441,7 @@ COPY menu (id, title, parent, menuorder, target, title_cy, permission) FROM stdi
--
--- Data for Name: news; Type: TABLE DATA; Schema: public; Owner: chckens
+-- Data for Name: news; Type: TABLE DATA; Schema: public; Owner: dez
--
COPY news (id, title, body, date, category, sticky, author, expiry) FROM stdin;
@@ -444,7 +449,7 @@ COPY news (id, title, body, date, category, sticky, author, expiry) FROM stdin;
--
--- Data for Name: pagemap; Type: TABLE DATA; Schema: public; Owner: arthur
+-- Data for Name: pagemap; Type: TABLE DATA; Schema: public; Owner: dez
--
COPY pagemap (id, path, depth, component) FROM stdin;
@@ -492,7 +497,7 @@ COPY pastebin (id, created, username, code, highlighted_code, "language", retain
--
--- Data for Name: pastebin_comment; Type: TABLE DATA; Schema: public; Owner: arthur
+-- Data for Name: pastebin_comment; Type: TABLE DATA; Schema: public; Owner: dez
--
COPY pastebin_comment (id, line, username, created, "comment") FROM stdin;
@@ -526,10 +531,11 @@ COPY redirect (id, from_uri, to_uri) FROM stdin;
--
--- Data for Name: session; Type: TABLE DATA; Schema: public; Owner: arthur
+-- Data for Name: session; Type: TABLE DATA; Schema: public; Owner: dez
--
COPY "session" (hash, username, "time", data, ip) FROM stdin;
+f0c1ec724757a75c5b4b8c90e78d0eca dez 2007-11-27 16:59:39 s:0:""; 192.168.1.20
\.
@@ -549,6 +555,14 @@ COPY static (id, path, summary, editor, pageorder) FROM stdin;
\.
+--
+-- Data for Name: users; Type: TABLE DATA; Schema: public; Owner: dez
+--
+
+COPY users (username, realname, "password") FROM stdin;
+\.
+
+
--
-- Name: acctype_pkey; Type: CONSTRAINT; Schema: public; Owner: dez; Tablespace:
--
@@ -558,7 +572,7 @@ ALTER TABLE ONLY acctype
--
--- Name: awards_pkey; Type: CONSTRAINT; Schema: public; Owner: chckens; Tablespace:
+-- Name: awards_pkey; Type: CONSTRAINT; Schema: public; Owner: dez; Tablespace:
--
ALTER TABLE ONLY awards
@@ -566,7 +580,7 @@ ALTER TABLE ONLY awards
--
--- Name: bookcategories_pkey; Type: CONSTRAINT; Schema: public; Owner: chckens; Tablespace:
+-- Name: bookcategories_pkey; Type: CONSTRAINT; Schema: public; Owner: dez; Tablespace:
--
ALTER TABLE ONLY bookcategories
@@ -574,7 +588,7 @@ ALTER TABLE ONLY bookcategories
--
--- Name: books_pkey; Type: CONSTRAINT; Schema: public; Owner: arthur; Tablespace:
+-- Name: books_pkey; Type: CONSTRAINT; Schema: public; Owner: dez; Tablespace:
--
ALTER TABLE ONLY books
@@ -598,7 +612,15 @@ ALTER TABLE ONLY pastebin
--
--- Name: booktags_bookid_fkey; Type: FK CONSTRAINT; Schema: public; Owner: chckens
+-- Name: users_pkey; Type: CONSTRAINT; Schema: public; Owner: dez; Tablespace:
+--
+
+ALTER TABLE ONLY users
+ ADD CONSTRAINT users_pkey PRIMARY KEY (username);
+
+
+--
+-- Name: booktags_bookid_fkey; Type: FK CONSTRAINT; Schema: public; Owner: dez
--
ALTER TABLE ONLY booktags
@@ -606,7 +628,7 @@ ALTER TABLE ONLY booktags
--
--- Name: booktags_tag_fkey; Type: FK CONSTRAINT; Schema: public; Owner: chckens
+-- Name: booktags_tag_fkey; Type: FK CONSTRAINT; Schema: public; Owner: dez
--
ALTER TABLE ONLY booktags
@@ -636,6 +658,8 @@ GRANT ALL ON SCHEMA public TO PUBLIC;
--
REVOKE ALL ON TABLE acctype FROM PUBLIC;
+REVOKE ALL ON TABLE acctype FROM dez;
+GRANT ALL ON TABLE acctype TO dez;
GRANT ALL ON TABLE acctype TO apache;
GRANT SELECT ON TABLE acctype TO PUBLIC;
@@ -645,75 +669,93 @@ GRANT SELECT ON TABLE acctype TO PUBLIC;
--
REVOKE ALL ON TABLE acctype_id_seq FROM PUBLIC;
+REVOKE ALL ON TABLE acctype_id_seq FROM dez;
+GRANT ALL ON TABLE acctype_id_seq TO dez;
GRANT ALL ON TABLE acctype_id_seq TO apache;
--
--- Name: awards; Type: ACL; Schema: public; Owner: chckens
+-- Name: awards; Type: ACL; Schema: public; Owner: dez
--
REVOKE ALL ON TABLE awards FROM PUBLIC;
+REVOKE ALL ON TABLE awards FROM dez;
+GRANT ALL ON TABLE awards TO dez;
GRANT ALL ON TABLE awards TO apache;
GRANT SELECT ON TABLE awards TO PUBLIC;
--
--- Name: awards_id_seq; Type: ACL; Schema: public; Owner: chckens
+-- Name: awards_id_seq; Type: ACL; Schema: public; Owner: dez
--
REVOKE ALL ON TABLE awards_id_seq FROM PUBLIC;
+REVOKE ALL ON TABLE awards_id_seq FROM dez;
+GRANT ALL ON TABLE awards_id_seq TO dez;
GRANT ALL ON TABLE awards_id_seq TO apache;
--
--- Name: bookcategories; Type: ACL; Schema: public; Owner: chckens
+-- Name: bookcategories; Type: ACL; Schema: public; Owner: dez
--
REVOKE ALL ON TABLE bookcategories FROM PUBLIC;
+REVOKE ALL ON TABLE bookcategories FROM dez;
+GRANT ALL ON TABLE bookcategories TO dez;
GRANT ALL ON TABLE bookcategories TO apache;
GRANT SELECT ON TABLE bookcategories TO PUBLIC;
--
--- Name: books; Type: ACL; Schema: public; Owner: arthur
+-- Name: books; Type: ACL; Schema: public; Owner: dez
--
REVOKE ALL ON TABLE books FROM PUBLIC;
+REVOKE ALL ON TABLE books FROM dez;
+GRANT ALL ON TABLE books TO dez;
GRANT ALL ON TABLE books TO apache;
GRANT SELECT ON TABLE books TO PUBLIC;
--
--- Name: books_id_seq; Type: ACL; Schema: public; Owner: arthur
+-- Name: books_id_seq; Type: ACL; Schema: public; Owner: dez
--
REVOKE ALL ON TABLE books_id_seq FROM PUBLIC;
+REVOKE ALL ON TABLE books_id_seq FROM dez;
+GRANT ALL ON TABLE books_id_seq TO dez;
GRANT ALL ON TABLE books_id_seq TO apache;
--
--- Name: booktags; Type: ACL; Schema: public; Owner: chckens
+-- Name: booktags; Type: ACL; Schema: public; Owner: dez
--
REVOKE ALL ON TABLE booktags FROM PUBLIC;
+REVOKE ALL ON TABLE booktags FROM dez;
+GRANT ALL ON TABLE booktags TO dez;
GRANT ALL ON TABLE booktags TO apache;
GRANT SELECT ON TABLE booktags TO PUBLIC;
--
--- Name: games; Type: ACL; Schema: public; Owner: chckens
+-- Name: games; Type: ACL; Schema: public; Owner: dez
--
REVOKE ALL ON TABLE games FROM PUBLIC;
+REVOKE ALL ON TABLE games FROM dez;
+GRANT ALL ON TABLE games TO dez;
GRANT ALL ON TABLE games TO apache;
GRANT SELECT ON TABLE games TO PUBLIC;
--
--- Name: games_id_seq; Type: ACL; Schema: public; Owner: chckens
+-- Name: games_id_seq; Type: ACL; Schema: public; Owner: dez
--
REVOKE ALL ON TABLE games_id_seq FROM PUBLIC;
+REVOKE ALL ON TABLE games_id_seq FROM dez;
+GRANT ALL ON TABLE games_id_seq TO dez;
GRANT ALL ON TABLE games_id_seq TO apache;
@@ -722,6 +764,8 @@ GRANT ALL ON TABLE games_id_seq TO apache;
--
REVOKE ALL ON TABLE menu FROM PUBLIC;
+REVOKE ALL ON TABLE menu FROM dez;
+GRANT ALL ON TABLE menu TO dez;
GRANT ALL ON TABLE menu TO apache;
GRANT SELECT ON TABLE menu TO PUBLIC;
@@ -731,40 +775,50 @@ GRANT SELECT ON TABLE menu TO PUBLIC;
--
REVOKE ALL ON TABLE menu_id_seq FROM PUBLIC;
+REVOKE ALL ON TABLE menu_id_seq FROM dez;
+GRANT ALL ON TABLE menu_id_seq TO dez;
GRANT ALL ON TABLE menu_id_seq TO apache;
--
--- Name: news; Type: ACL; Schema: public; Owner: chckens
+-- Name: news; Type: ACL; Schema: public; Owner: dez
--
REVOKE ALL ON TABLE news FROM PUBLIC;
+REVOKE ALL ON TABLE news FROM dez;
+GRANT ALL ON TABLE news TO dez;
GRANT ALL ON TABLE news TO apache;
GRANT SELECT ON TABLE news TO PUBLIC;
--
--- Name: news_id_seq; Type: ACL; Schema: public; Owner: chckens
+-- Name: news_id_seq; Type: ACL; Schema: public; Owner: dez
--
REVOKE ALL ON TABLE news_id_seq FROM PUBLIC;
+REVOKE ALL ON TABLE news_id_seq FROM dez;
+GRANT ALL ON TABLE news_id_seq TO dez;
GRANT ALL ON TABLE news_id_seq TO apache;
--
--- Name: pagemap; Type: ACL; Schema: public; Owner: arthur
+-- Name: pagemap; Type: ACL; Schema: public; Owner: dez
--
REVOKE ALL ON TABLE pagemap FROM PUBLIC;
+REVOKE ALL ON TABLE pagemap FROM dez;
+GRANT ALL ON TABLE pagemap TO dez;
GRANT ALL ON TABLE pagemap TO apache;
GRANT SELECT ON TABLE pagemap TO PUBLIC;
--
--- Name: pagemap_id_seq; Type: ACL; Schema: public; Owner: arthur
+-- Name: pagemap_id_seq; Type: ACL; Schema: public; Owner: dez
--
REVOKE ALL ON TABLE pagemap_id_seq FROM PUBLIC;
+REVOKE ALL ON TABLE pagemap_id_seq FROM dez;
+GRANT ALL ON TABLE pagemap_id_seq TO dez;
GRANT ALL ON TABLE pagemap_id_seq TO apache;
@@ -773,15 +827,19 @@ GRANT ALL ON TABLE pagemap_id_seq TO apache;
--
REVOKE ALL ON TABLE pastebin FROM PUBLIC;
+REVOKE ALL ON TABLE pastebin FROM dez;
+GRANT ALL ON TABLE pastebin TO dez;
GRANT ALL ON TABLE pastebin TO apache;
GRANT SELECT ON TABLE pastebin TO PUBLIC;
--
--- Name: pastebin_comment; Type: ACL; Schema: public; Owner: arthur
+-- Name: pastebin_comment; Type: ACL; Schema: public; Owner: dez
--
REVOKE ALL ON TABLE pastebin_comment FROM PUBLIC;
+REVOKE ALL ON TABLE pastebin_comment FROM dez;
+GRANT ALL ON TABLE pastebin_comment TO dez;
GRANT SELECT ON TABLE pastebin_comment TO PUBLIC;
@@ -790,6 +848,8 @@ GRANT SELECT ON TABLE pastebin_comment TO PUBLIC;
--
REVOKE ALL ON TABLE pastebin_id_seq FROM PUBLIC;
+REVOKE ALL ON TABLE pastebin_id_seq FROM dez;
+GRANT ALL ON TABLE pastebin_id_seq TO dez;
GRANT ALL ON TABLE pastebin_id_seq TO apache;
@@ -798,6 +858,8 @@ GRANT ALL ON TABLE pastebin_id_seq TO apache;
--
REVOKE ALL ON TABLE redirect FROM PUBLIC;
+REVOKE ALL ON TABLE redirect FROM dez;
+GRANT ALL ON TABLE redirect TO dez;
GRANT ALL ON TABLE redirect TO apache;
GRANT SELECT ON TABLE redirect TO PUBLIC;
@@ -807,14 +869,18 @@ GRANT SELECT ON TABLE redirect TO PUBLIC;
--
REVOKE ALL ON TABLE redirect_id_seq FROM PUBLIC;
+REVOKE ALL ON TABLE redirect_id_seq FROM dez;
+GRANT ALL ON TABLE redirect_id_seq TO dez;
GRANT ALL ON TABLE redirect_id_seq TO apache;
--
--- Name: session; Type: ACL; Schema: public; Owner: arthur
+-- Name: session; Type: ACL; Schema: public; Owner: dez
--
REVOKE ALL ON TABLE "session" FROM PUBLIC;
+REVOKE ALL ON TABLE "session" FROM dez;
+GRANT ALL ON TABLE "session" TO dez;
GRANT ALL ON TABLE "session" TO apache;
GRANT INSERT ON TABLE "session" TO PUBLIC;
@@ -824,6 +890,8 @@ GRANT INSERT ON TABLE "session" TO PUBLIC;
--
REVOKE ALL ON TABLE shorturi FROM PUBLIC;
+REVOKE ALL ON TABLE shorturi FROM dez;
+GRANT ALL ON TABLE shorturi TO dez;
GRANT ALL ON TABLE shorturi TO apache;
GRANT SELECT ON TABLE shorturi TO PUBLIC;
@@ -833,6 +901,8 @@ GRANT SELECT ON TABLE shorturi TO PUBLIC;
--
REVOKE ALL ON TABLE shorturi_id_seq FROM PUBLIC;
+REVOKE ALL ON TABLE shorturi_id_seq FROM dez;
+GRANT ALL ON TABLE shorturi_id_seq TO dez;
GRANT ALL ON TABLE shorturi_id_seq TO apache;
@@ -841,6 +911,8 @@ GRANT ALL ON TABLE shorturi_id_seq TO apache;
--
REVOKE ALL ON TABLE static FROM PUBLIC;
+REVOKE ALL ON TABLE static FROM dez;
+GRANT ALL ON TABLE static TO dez;
GRANT ALL ON TABLE static TO apache;
GRANT SELECT ON TABLE static TO PUBLIC;
@@ -850,9 +922,21 @@ GRANT SELECT ON TABLE static TO PUBLIC;
--
REVOKE ALL ON TABLE static_id_seq FROM PUBLIC;
+REVOKE ALL ON TABLE static_id_seq FROM dez;
+GRANT ALL ON TABLE static_id_seq TO dez;
GRANT ALL ON TABLE static_id_seq TO apache;
+--
+-- Name: users; Type: ACL; Schema: public; Owner: dez
+--
+
+REVOKE ALL ON TABLE users FROM PUBLIC;
+REVOKE ALL ON TABLE users FROM dez;
+GRANT ALL ON TABLE users TO dez;
+GRANT ALL ON TABLE users TO apache;
+
+
--
-- PostgreSQL database dump complete
--
diff --git a/htdocs/index.php b/htdocs/index.php
index 87e441a..27b2f1e 100644
--- a/htdocs/index.php
+++ b/htdocs/index.php
@@ -42,7 +42,16 @@ $DB->SetFetchMode(ADODB_FETCH_ASSOC);
// Include the session library
require(SUCS_BASEDIR."lib/session.php");
-$session = new Session;
+
+switch (SUCS_AUTH_METHOD) {
+ case "LDAP":
+ $session = new SessionLDAP;
+ break;
+ case "DB":
+ default:
+ $session = new Session;
+}
+
$smarty->assign_by_ref("session", $session);
/* --------------------------------------------------------
@@ -85,12 +94,17 @@ $smarty->assign("language", $language);
// SSL?
-$ssl_path = @$_SERVER['REQUEST_URI'];
-if (($n=strpos($ssl_path,"?"))!==FALSE) $ssl_path=substr($ssl_path,0,$n);
-$ssl_url = "https://".SUCS_PREFERRED_HOSTNAME.$ssl_path;
+ $ssl_path = @$_SERVER['REQUEST_URI'];
+ if (($n=strpos($ssl_path,"?"))!==FALSE) $ssl_path=substr($ssl_path,0,$n);
+if (SUCS_USE_HTTPS) {
+ $ssl_url = "https://".SUCS_PREFERRED_HOSTNAME.$ssl_path;
+} else {
+ $ssl_url = "http://".SUCS_PREFERRED_HOSTNAME.$ssl_path;
+}
$smarty->assign("ssl_url", $ssl_url);
+
// Determine which component to run
$pathlist = explode('/', parse_url(@$_SERVER['PATH_INFO'],PHP_URL_PATH));
while (end($pathlist) === "") array_pop($pathlist);
diff --git a/lib/session.php b/lib/session.php
index 5e98f6a..0974d51 100644
--- a/lib/session.php
+++ b/lib/session.php
@@ -1,4 +1,4 @@
-<?
+<?php
// To use:
// include_once "session.php"
// $mysession = new Session;
@@ -23,12 +23,11 @@ public $groups =array(); // users groups
public $data=''; // Var/array for session persistant data
public $token=''; // session identifier
public $last=''; // Time of last page request
-private $timeout = 300; // Idle timeout limit in minutes
-private $table = "session"; // session storage table (const)
-private $datahash=''; // hash of data field
+protected $table = "session"; // session storage table (const)
+protected $datahash=''; // hash of data field
// Create a new session id
- private function newsession()
+ protected function newsession()
{
global $DB;
$try = 0;
@@ -61,7 +60,7 @@ private $datahash=''; // hash of data field
$this->loggedin = FALSE;
// Time out any old sessions
- $DB->Execute("delete from {$this->table} where time < NOW() - '{$this->timeout} minutes'::reltime");
+ $DB->Execute("delete from {$this->table} where time < NOW() - '{SUCS_SESSION_TIMEOUT} minutes'::reltime");
// Log them out if they ask
if ($logout=="Logout") {
@@ -112,7 +111,7 @@ private $datahash=''; // hash of data field
// are we actually logged in, fill in more
if ($detail['username']) {
// Are we using HTTPS?
- if (!isset($_SERVER['HTTPS'])) {
+ if (SUCS_USE_HTTPS && !isset($_SERVER['HTTPS'])) {
$this->errormsg = "Insecure Connection";
$this->loggedin = FALSE;
return;
@@ -155,10 +154,80 @@ private $datahash=''; // hash of data field
$this->loggedin = FALSE;
}
+ // Private function: process login form
+ protected function session_init($user, $pass)
+ {
+ global $DB;
+ // Check that this is a valid session start
+ // This prevents replay attacks
+ $sess = $DB->GetAll("select * from {$this->table} where hash=? and username is NULL", array($this->token));
+ if (!$sess || count($sess)<1) {
+ $this->errormsg = "Invalid session, login again.";
+ return;
+ }
+
+ if (!$this->check_pass($user, $pass)) return;
+ $this->username = $user;
+
+ // Update the session, filling in the blanks
+ $DB->Execute("update {$this->table} set username=?, time='NOW()', ip=? where hash=?", array($this->username, $_SERVER['REMOTE_ADDR'], $this->token));
+
+ // Return back to normal session retrieval
+ }
+
+ // Fill out any extra details we know about the user
+ protected function fetch_detail( $user )
+ {
+ global $DB;
+
+ $info = $DB->GetArray("select * from users where username=?", $user);
+ if (empty($info))
+ {
+ $this->errormsg="Username or password Incorrect";
+ return FALSE;
+ }
+
+ $this->fullname = $info[0]['realname'];
+// $this->groups = $info['grouplist'];
+ }
+
+ protected function check_pass($user, $pass)
+ {
+ global $DB;
+
+ $dbpass = $DB->GetOne("select password from users where username=?", $user);
+ if (empty($dbpass))
+ {
+ $this->errormsg="Username or password Incorrect";
+ return FALSE;
+ }
+
+ // Determine the salt of the encrypted password
+ if (substr($dbpass, 0, 1) == '$') {
+ $i = strpos($dbpass, '$', 3);
+ $salt = substr($dbpass, 0, $i+1);
+ }else
+ $salt = substr($dbpass, 0, 2);
+
+ // Check against encrypted password
+ if ( !isset($pass) || crypt($pass, $salt) != $dbpass )
+ {
+ $this->errormsg="Username or password Incorrect";
+ unset($info);
+ return FALSE;
+ }
+
+ return TRUE;
+ }
+
+} // end of Class
+
+
+class SessionLDAP extends Session {
// Fill out any extra details we know about the user
- private function fetch_detail( $user )
+ protected function fetch_detail( $user )
{
- if (!($ldap = @ldap_connect("ldap://localhost"))) {
+ if (!($ldap = @ldap_connect(SUCS_LDAP_SERVER))) {
$this->errormsg="LDAP connect failed";
return FALSE;
}
@@ -184,26 +253,6 @@ private $datahash=''; // hash of data field
}
- /* check using mod_auth_externals helper
- private function check_pass($user, $pass)
- {
-
- if ($fd === FALSE) {
- $this->errormsg = "Auth system error";
- return FALSE;
- }
-
- fwrite($fd, "$user\n");
- fwrite($fd, "$pass\n");
- $ret = pclose($fd);
- if ($ret == 0) return TRUE;
-
- $this->autherror = "u='$user' p='$pass' ret=$ret";
- $this->errormsg = "Invalid Username or Password";
- return FALSE;
- }
- */
-
// Get a users full record from ldap
private function ldap_getuser($ldap, $user)
{
@@ -213,7 +262,7 @@ private $datahash=''; // hash of data field
return NULL;
}
// find the user
- if (!($search=@ldap_search($ldap, "dc=sucs,dc=org", "(&(uid=$user))"))) {
+ if (!($search=@ldap_search($ldap, SUCS_LDAP_SEARCH, "(&(uid=$user))"))) {
$this->errormsg="LDAP search fail";
return NULL;
}
@@ -224,7 +273,7 @@ private $datahash=''; // hash of data field
}
$info = ldap_get_entries($ldap, $search);
- if (($grpsearch=@ldap_search($ldap, "ou=Group,dc=sucs,dc=org", "memberuid=$user"))) {
+ if (($grpsearch=@ldap_search($ldap, "ou=Group,".SUCS_LDAP_SEARCH, "memberuid=$user"))) {
$gn = ldap_count_entries($ldap,$grpsearch);
$gpile = ldap_get_entries($ldap, $grpsearch);
$glist=array();
@@ -237,10 +286,10 @@ private $datahash=''; // hash of data field
}
/* check using ldap directly */
- private function check_pass($user, $pass)
+ protected function check_pass($user, $pass)
{
// Open connection
- if (!($ldap = @ldap_connect("ldap://localhost"))) {
+ if (!($ldap = @ldap_connect(SUCS_LDAP_SERVER))) {
$this->errormsg="LDAP connect failed";
return FALSE;
}
@@ -255,26 +304,5 @@ private $datahash=''; // hash of data field
return FALSE;
}
-
- // Private function: process login form
- private function session_init($user, $pass)
- {
- global $DB;
- // Check that this is a valid session start
- // This prevents replay attacks
- $sess = $DB->GetAll("select * from {$this->table} where hash=? and username is NULL", array($this->token));
- if (!$sess || count($sess)<1) {
- $this->errormsg = "Invalid session, login again.";
- return;
- }
-
- if (!$this->check_pass($user, $pass)) return;
- $this->username = $user;
-
- // Update the session, filling in the blanks
- $DB->Execute("update {$this->table} set username=?, time='NOW()', ip=? where hash=?", array($this->username, $_SERVER['REMOTE_ADDR'], $this->token));
-
- // Return back to normal session retrieval
- }
-
-} // end of Class
+}
+?>
\ No newline at end of file
diff --git a/settingstemplate b/settingstemplate
index 8764ac8..1dafffa 100644
--- a/settingstemplate
+++ b/settingstemplate
@@ -22,9 +22,24 @@ define('ADODB_DIR', '/usr/share/adodb/');
// Path of Smarty
define('SMARTY_DIR', '/usr/share/Smarty/');
+// Session timeout in minutes
+define('SUCS_SESSION_TIMEOUT', '300');
+
+// Use HTTPS?
+define('SUCS_USE_HTTPS', TRUE);
+
// Database type
define('SUCS_DBTYPE', 'postgres8');
// Name of the database
define('SUCS_DBNAME', 'beta');
+
+// Authentication method - valid options are currently "LDAP" and "DB"
+define('SUCS_AUTH_METHOD', 'LDAP');
+
+// LDAP Server
+define('SUCS_LDAP_SERVER', 'ldap://localhost');
+
+// LDAP Search Base
+define('SUCS_LDAP_SEARCH', 'dc=sucs,dc=org');
?>
--
GitLab