<?php
/****** Installation ******/
$noDetailedMessages = false;
// https support
if (getenv("HTTPS") == 'on') {
$cfgUrl = 'https://';
} else {
$cfgUrl = 'http://';
}
$message = "";
// Create a constant that can be checked inside the files to be included.
// This gives an indication if secure.php has been loaded correctly.
define("LOADED_PROPERLY", true);
/*** STRINGS ***/
// Login and Password errors
$strNoAccess = "Access denied";
$strNoPassword = "No password entered";
$strPwFalse = "Wrong password";
$strPwNotFound = "No password was found in the database";
$strUserNotAllowed = "You are not allowed to access this page";
$strUserNotExist = "No such user";
// Installation and Database errors
$strNoConnection = "Warning: your browser was not able to connect to the database-server. Please try to reload the page by clicking on <a href='javascript:location.reload()' target='_self'>reload</a>. If this problem is still there, contact the administrator.";
$strNoDatabase = "Warning: the database-server was not able to find the desired database and table. Please try to reload the page by clicking on <a href='javascript:location.reload()' target='_self'>reload</a>. If this problem is still there, contact the administrator.";
$strNoDataMethod = "Error in the configuration file.<BR>Neither of the two data inputs was chosen.<BR>Contact the administrator.";
$strNoUserLevelColumn = "Error in the configuration file.<BR>Can't find the database column with user levels.<BR>Contact the administrator.";
// choose between login or logout
if (isset($logout)) {
// logout
session_start();
session_unregister("login");
session_unregister("password");
session_destroy();
$sessionPath = session_get_cookie_params();
setcookie(session_name(), "", 0, $sessionPath["path"], $sessionPath["domain"]);
} else {
// loading functions and libraries
if ($noDetailedMessages == true) {
$strUserNotExist = $strUserNotAllowed = $strPwNotFound = $strPwFalse = $strNoPassword = $strNoAccess;
}
// Check if secure.php has been loaded correctly
if ( !defined("LOADED_PROPERLY") || isset($_GET["cfgProgDir"]) || isset($_POST["cfgProgDir"])) {
echo "Script executing has been stopped!";
exit();
}
// check if login is necesary
if (empty($wps_username) && empty($wps_password)) {
// use data from session
session_start();
} else {
// use entered data
session_start();
session_unregister("login");
session_unregister("password");
$login = $wps_username;
$password = $wps_password;
session_register("login");
session_register("password");
}
if (empty($login) || $login=="") {
// no login available
include("interface.php");
exit;
}
if (empty($password) || $password=="") {
// no password available
$message = $strNoPassword;
include("interface.php");
exit;
}
// contact database
$link = mysql_connect($db_host, $db_user, $db_password) or die($strNoConnection);
mysql_select_db ($db_name) or die ($strNoDatabase);
$userQuery = mysql_query("SELECT * FROM wps_users WHERE user = '$login'");
// check user and password
if (mysql_num_rows($userQuery) != 0) {
// user exist --> continue
$userArray = mysql_fetch_array($userQuery);
if ($login != $userArray["user"]) {
// Case sensitive user not present in database
$message = $strUserNotExist;
include("interface.php");
exit;
}
} else {
// user not present in database
$message = $strUserNotExist;
include("interface.php");
exit;
}
if (empty($userArray["password"])) {
// password not present in database for this user
$message = $strPwNotFound;
include("interface.php");
exit;
}
if (stripslashes($userArray["password"]) != $password) {
// password is wrong
$message = $strPwFalse;
include("interface.php");
exit;
}
if ( isset($userArray["userlevel"]) ) {
$userLevel = stripslashes($userArray["userlevel"]);
}
if ( isset($minUserLevel) ) {
// check for minimum user level
if ( empty($userArray["userlevel"]) ) {
// check if column (as entered in the configuration file) exist in database
$message = $strNoUserLevelColumn;
include("interface.php");
exit;
}
if ( empty($minUserLevel) || ( $userLevel < $minUserLevel ) ) {
// this user does not have the required user level
$message = $strUserNotAllowed;
include("interface.php");
exit;
}
}
if ( isset($userArray["id"]) ) {
$ID = stripslashes($userArray["id"]);
}
}
?>