146 lines
5.1 KiB
PHP
Executable File
146 lines
5.1 KiB
PHP
Executable File
<?php
|
|
/* μlogger
|
|
*
|
|
* Copyright(C) 2017 Bartek Fabiszewski (www.fabiszewski.net)
|
|
*
|
|
* This is free software; you can redistribute it and/or modify it under
|
|
* the terms of the GNU Library General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Library General Public
|
|
* License along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
*/
|
|
require_once("config.php");
|
|
// if is set cookie overwrite config value
|
|
if (isset($_COOKIE["ulogger_api"])) { $mapapi = $_COOKIE["ulogger_api"]; }
|
|
if (isset($_COOKIE["ulogger_lang"])) { $lang = $_COOKIE["ulogger_lang"]; }
|
|
if (isset($_COOKIE["ulogger_units"])) { $units = $_COOKIE["ulogger_units"]; }
|
|
if (isset($_COOKIE["ulogger_interval"])) { $interval = $_COOKIE["ulogger_interval"]; }
|
|
require_once("lang.php");
|
|
$mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
|
|
if ($mysqli->connect_errno) {
|
|
if (defined('headless')) {
|
|
header('HTTP/1.1 503 Service Unavailable', true, 503);
|
|
} else {
|
|
printf("Connect failed: %s\n", $mysqli->connect_error);
|
|
}
|
|
exit();
|
|
}
|
|
$mysqli->set_charset("utf8");
|
|
|
|
session_name('ulogger');
|
|
session_start();
|
|
$sid = session_id();
|
|
|
|
// check for forced login to authorize admin in case of public access
|
|
$force_login = (isset($_REQUEST['force_login']) ? $_REQUEST['force_login'] : 0);
|
|
if ($force_login) {
|
|
$require_authentication = 1;
|
|
}
|
|
|
|
$auth = (isset($_SESSION['auth']) ? $_SESSION['auth'] : NULL);
|
|
$admin = (isset($_SESSION['admin']) ? $_SESSION['admin'] : NULL);
|
|
if ($auth || $require_authentication || defined('headless')) {
|
|
/* authentication */
|
|
$user = (isset($_REQUEST['user']) ? $_REQUEST['user'] : "");
|
|
$pass = (isset($_REQUEST['pass']) ? $_REQUEST['pass'] : "");
|
|
$ssl = ((!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "" || $_SERVER['HTTPS'] == "off") ? "http" : "https");
|
|
$auth_error = (isset($_REQUEST['auth_error']) ? $_REQUEST['auth_error'] : 0);
|
|
|
|
// not authenticated and username not submited
|
|
// load form
|
|
if ((!$auth) && (!$user)){
|
|
if (defined('headless')) {
|
|
header('HTTP/1.1 401 Unauthorized', true, 401);
|
|
} else {
|
|
print
|
|
'<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<title>'.$lang_title.'</title>
|
|
<meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
|
|
<meta name="viewport" content="initial-scale=1.0, user-scalable=no" />
|
|
<link rel="stylesheet" type="text/css" href="main.css">
|
|
<script type="text/javascript">
|
|
function focus() {
|
|
document.forms[0].elements[0].focus();
|
|
}
|
|
</script>
|
|
</head>
|
|
<body onload="focus()">
|
|
<div id="login">
|
|
<div id="title">'.$lang_title.'</div>
|
|
<div id="subtitle">'.$lang_private.'</div>
|
|
<form action="index.php" method="post">
|
|
'.$lang_username.':<br />
|
|
<input type="text" name="user"><br />
|
|
'.$lang_password.':<br />
|
|
<input type="password" name="pass"><br />
|
|
<br />
|
|
<input type="submit" value="'.$lang_login.'">
|
|
'.(($force_login==1) ? "<input type=\"hidden\" name=\"force_login\" value=\"1\">" : "").'
|
|
</form>
|
|
<div id="error">'.(($auth_error==1) ? $lang_authfail : "").'</div>
|
|
</div>
|
|
</body>
|
|
</html>';
|
|
}
|
|
$mysqli->close();
|
|
exit();
|
|
}
|
|
|
|
// username submited
|
|
if ((!$auth) && ($user)){
|
|
$query = $mysqli->prepare("SELECT id, login, password FROM users WHERE login=? LIMIT 1");
|
|
$query->bind_param('s', $user);
|
|
$query->execute();
|
|
$query->bind_result($rec_id, $rec_user, $rec_pass);
|
|
$query->fetch();
|
|
$query->free_result();
|
|
//correct pass
|
|
|
|
if (($user == $rec_user) && password_verify($pass, $rec_pass)) {
|
|
// login successful
|
|
//delete old session
|
|
$_SESSION = NULL;
|
|
session_destroy();
|
|
// start new session
|
|
session_name('ulogger');
|
|
session_start();
|
|
if (($user == $admin_user) && !empty($admin_user)) {
|
|
$_SESSION['admin'] = $admin_user;
|
|
}
|
|
$_SESSION['auth'] = $rec_id;
|
|
$url = str_replace("//", "/", $_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php");
|
|
header("Location: $ssl://$url");
|
|
exit();
|
|
} else {
|
|
// unsuccessful
|
|
$error = "?auth_error=1";
|
|
// destroy session
|
|
$_SESSION = NULL;
|
|
if (isset($_COOKIE[session_name('ulogger')])) {
|
|
setcookie(session_name('ulogger'),'',time()-42000,'/');
|
|
}
|
|
session_destroy();
|
|
$mysqli->close();
|
|
if (defined('headless')) {
|
|
header('HTTP/1.1 401 Unauthorized', true, 401);
|
|
} else {
|
|
$url = str_replace("//", "/", $_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php");
|
|
header("Location: $ssl://$url$error");
|
|
}
|
|
exit();
|
|
}
|
|
}
|
|
/* end of authentication */
|
|
}
|
|
?>
|