Revision 623233666531 () - Diff

Link to this snippet: https://friendpaste.com/59JoSblxHX5yadkg5jVKTd
Embed:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
--- the signin php main page --

<?php $pathToRoot=dirname($_SERVER['SCRIPT_FILENAME'])."/"; ?>
<?php include($pathToRoot."includes/phpheader.php"); ?>
<?php include($pathToRoot."includes/httpheader.php"); ?>
<?php include($pathToRoot."includes/signin.php"); ?>
<?php

// Check if we have established a session
if (isUserSignedIn())
{
  // There is a user logged on
  outputSignedOnPage($_SESSION["authenticatedUser"]);
}
else
{
  // No session established, no POST variables 
  // display the sign-in form + any message
  outputSignInPage($_SESSION["sessionMessage"]);

  session_destroy();
}

?>


--- the signin.php include is listed below ---

<?php
// include guards
if (!$INCLUDED_SIGN_IN_PHP):
$INCLUDED_SIGN_IN_PHP = 1;

//
// Function that returns the HTML FORM that is 
// used to collect the username and password
//
function outputSignInPage($sessionMessage)
{
	global $pathToRoot;
	global $URLToRoot;
	global $queryVars;
	
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<?php include($pathToRoot."includes/htmlheader.php"); ?>
<title>Sign In</title>
</head>
<body>
<?php include($pathToRoot."includes/banner.php"); ?>
	<table width=<?php echo "\"".getPageWidth()."\"" ?>  border="0">
	  <tr>
		<?php if (!(int)$queryVars['isPrintable']) include($pathToRoot."includes/navigation.php"); ?>
		<td valign="top"><div class="headerImageText">Sign In</div>
<?php
		  // Include the formatted sign in message
		  if (isset($sessionMessage))
			echo "<p class=\"sessionMessage\">".$sessionMessage."</p>";
			
		  // Deduce the URL to go to after authentication. If we aren't told,
		  // just go to the main page
		  if (!array_key_exists('fromURL', $queryVars))
		    $queryVars['fromURL'] = $URLToRoot;
?>
			<form method="POST" action=<?php echo "\"".$URLToRoot."authentication.php?fromURL=".urlencode($queryVars['fromURL'])."\""?>>
			<table align="center">
			<tr>
				<td colspan="2"><h3>Sign In</h3></td>
			</tr>
		  <tr><td colspan="2">&nbsp;</td></tr>
		  <tr><td>Username:</td>
			  <td><input type="text" size=15 
					   maxlength=25 
					   name="formUsername"></td></tr>     
		  <tr><td>Password:</td>
			  <td><input type="password" size=15 
					   maxlength=25
					   name="formPassword"></td></tr>
		  <tr><td colspan="2">&nbsp;</td></tr>
		<tr><td colspan="2" align="right"><input type="submit" value="Sign in"></td></tr>
		</table>
		</form>
		  </td>
	  </tr>
	</table>
<?php include($pathToRoot."includes/info.php"); ?>
</body>
</html>
<?php
}  

//
// Function that returns HTML page showing that 
// the user with the $currentSignInName is signed on
//
function outputSignedOnPage($currentSignInName)
{
	global $pathToRoot;
	global $URLToRoot;
	global $queryVars;
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<?php include($pathToRoot."includes/htmlheader.php"); ?>
<title>Sign In</title>
</head>
<body>
<?php include($pathToRoot."includes/banner.php"); ?>
	<table width=<?php echo "\"".getPageWidth()."\"" ?>  border="0">
	  <tr>
		<?php if (!(int)$queryVars['isPrintable']) include($pathToRoot."includes/navigation.php"); ?>
		<td valign="top"><div class="headerImageText">Sign In</div>
			<p class="sessionMessage">You are currently signed in as <?php echo "\"".$currentSignInName."\".</p>"; ?>
  		    <p align="center"><a href=<?php echo "\"".$URLToRoot."signout.php\""?>>Sign Out</a></p>
		  </td>
	  </tr>
	</table>
<?php include($pathToRoot."includes/info.php"); ?>
</body>
</html>
<?php
}  

endif; // $INCLUDED_SIGN_IN_PHP
?>


------- authentication page ---
<?php

$pathToRoot=dirname($_SERVER['SCRIPT_FILENAME'])."/";
include($pathToRoot."includes/phpheader.php");
include($pathToRoot."includes/httpheader.php");
include($pathToRoot."includes/database.php");

  // Clean the data collected from the user
  $appUsername = 
    EscapeShellCmd(substr($HTTP_POST_VARS["formUsername"], 0, 25));
  $appPassword = 
    EscapeShellCmd(substr($HTTP_POST_VARS["formPassword"], 0, 25));

  $authenticated = authenticateDatabaseUser($appUsername, $appPassword);
  if ($authenticated) 
  {
    // Register the username
    $_SESSION["authenticatedUser"] = $appUsername;

    // Register access priviledges
    if (!empty($accessPriviledges))
        $_SESSION["accessPrivs"] = implode(",", $accessPriviledges);
	
	  $newURL = "";
	  
      // Deduce the URL to go to after authentication. If we aren't told,
      // just go to the main page
      if (array_key_exists('fromURL', $queryVars))
        $newURL = $queryVars['fromURL'];
      else
        $newURL = $URLToRoot;

	  // Relocate back to the desired page
	  header("Location: ".$newURL);      
  }
  else
  {
    // The authentication failed
    $_SESSION["sessionMessage"] = "Could not sign in as \"$appUsername\".<br />Please check the username and password and try again.";

	  // Relocate back to the sign-in page
	  header("Location: ".$URLToRoot."signin.php");      
  }
?>