59JoSblxHX5yadkg5jVKTd changeset

Changeset623233666531 (b)
Parent353839396430 (a)
ab
127127
128128endif; // $INCLUDED_SIGN_IN_PHP
129129?>
...
130+
130+
130+------- authentication page ---
130+<?php
130+
130+$pathToRoot=dirname($_SERVER['SCRIPT_FILENAME'])."/";
130+include($pathToRoot."includes/phpheader.php");
130+include($pathToRoot."includes/httpheader.php");
130+include($pathToRoot."includes/database.php");
130+
130+  // Clean the data collected from the user
130+  $appUsername =
130+    EscapeShellCmd(substr($HTTP_POST_VARS["formUsername"], 0, 25));
130+  $appPassword =
130+    EscapeShellCmd(substr($HTTP_POST_VARS["formPassword"], 0, 25));
130+
130+  $authenticated = authenticateDatabaseUser($appUsername, $appPassword);
130+  if ($authenticated)
130+  {
130+    // Register the username
130+    $_SESSION["authenticatedUser"] = $appUsername;
130+
130+    // Register access priviledges
130+    if (!empty($accessPriviledges))
130+        $_SESSION["accessPrivs"] = implode(",", $accessPriviledges);
130+       
130+          $newURL = "";
130+         
130+      // Deduce the URL to go to after authentication. If we aren't told,
130+      // just go to the main page
130+      if (array_key_exists('fromURL', $queryVars))
130+        $newURL = $queryVars['fromURL'];
130+      else
130+        $newURL = $URLToRoot;
130+
130+          // Relocate back to the desired page
130+          header("Location: ".$newURL);     
130+  }
130+  else
130+  {
130+    // The authentication failed
130+    $_SESSION["sessionMessage"] = "Could not sign in as \"$appUsername\".<br />Please check the username and password and try again.";
130+
130+          // Relocate back to the sign-in page
130+          header("Location: ".$URLToRoot."signin.php");     
130+  }
130+?>
...
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
--- Revision 353839396430
+++ Revision 623233666531
@@ -128,3 +128,50 @@
 
 endif; // $INCLUDED_SIGN_IN_PHP
 ?>
+
+
+------- authentication page ---
+<?php
+
+$pathToRoot=dirname($_SERVER['SCRIPT_FILENAME'])."/";
+include($pathToRoot."includes/phpheader.php");
+include($pathToRoot."includes/httpheader.php");
+include($pathToRoot."includes/database.php");
+
+  // Clean the data collected from the user
+  $appUsername = 
+    EscapeShellCmd(substr($HTTP_POST_VARS["formUsername"], 0, 25));
+  $appPassword = 
+    EscapeShellCmd(substr($HTTP_POST_VARS["formPassword"], 0, 25));
+
+  $authenticated = authenticateDatabaseUser($appUsername, $appPassword);
+  if ($authenticated) 
+  {
+    // Register the username
+    $_SESSION["authenticatedUser"] = $appUsername;
+
+    // Register access priviledges
+    if (!empty($accessPriviledges))
+        $_SESSION["accessPrivs"] = implode(",", $accessPriviledges);
+	
+	  $newURL = "";
+	  
+      // Deduce the URL to go to after authentication. If we aren't told,
+      // just go to the main page
+      if (array_key_exists('fromURL', $queryVars))
+        $newURL = $queryVars['fromURL'];
+      else
+        $newURL = $URLToRoot;
+
+	  // Relocate back to the desired page
+	  header("Location: ".$newURL);      
+  }
+  else
+  {
+    // The authentication failed
+    $_SESSION["sessionMessage"] = "Could not sign in as \"$appUsername\".<br />Please check the username and password and try again.";
+
+	  // Relocate back to the sign-in page
+	  header("Location: ".$URLToRoot."signin.php");      
+  }
+?>