View file admin/secure.php

File size: 4.52Kb
<?php

/****** Installation ******/
$noDetailedMessages = false;

// https support
if (getenv("HTTPS") == 'on') {
	$cfgUrl = 'https://';
} else {
	$cfgUrl = 'http://';
}

$message = "";

// Create a constant that can be checked inside the files to be included.
// This gives an indication if secure.php has been loaded correctly.
define("LOADED_PROPERLY", true);

/*** STRINGS ***/
// Login and Password errors
$strNoAccess          = "Access denied";
$strNoPassword        = "No password entered";
$strPwFalse           = "Wrong password";
$strPwNotFound        = "No password was found in the database";
$strUserNotAllowed    = "You are not allowed to access this page";
$strUserNotExist      = "No such user";

// Installation and Database errors
$strNoConnection      = "Warning: your browser was not able to connect to the database-server. Please try to reload the page by clicking on <a href='javascript:location.reload()' target='_self'>reload</a>. If this problem is still there, contact the administrator.";
$strNoDatabase        = "Warning: the database-server was not able to find the desired database and table. Please try to reload the page by clicking on <a href='javascript:location.reload()' target='_self'>reload</a>. If this problem is still there, contact the administrator.";
$strNoDataMethod      = "Error in the configuration file.<BR>Neither of the two data inputs was chosen.<BR>Contact the administrator.";
$strNoUserLevelColumn = "Error in the configuration file.<BR>Can't find the database column with user levels.<BR>Contact the administrator.";


// choose between login or logout
if (isset($logout)) {

	// logout
	session_start();
	session_unregister("login");
	session_unregister("password");
	session_destroy();
	$sessionPath = session_get_cookie_params();
	setcookie(session_name(), "", 0, $sessionPath["path"], $sessionPath["domain"]);

} else {

	// loading functions and libraries

	if ($noDetailedMessages == true) {
		$strUserNotExist = $strUserNotAllowed = $strPwNotFound = $strPwFalse = $strNoPassword = $strNoAccess;
	}

	// Check if secure.php has been loaded correctly
	if ( !defined("LOADED_PROPERLY") || isset($_GET["cfgProgDir"]) || isset($_POST["cfgProgDir"])) {
		echo "Script executing has been stopped!";
		exit();
	}

	// check if login is necesary
	if (empty($wps_username) && empty($wps_password)) {
		// use data from session
			session_start();
	} else {
		// use entered data
			session_start();
			session_unregister("login");
			session_unregister("password");

			$login = $wps_username;
			$password = $wps_password;

			session_register("login");
			session_register("password");
	}

	if (empty($login) || $login=="") {
		// no login available
		include("interface.php");
		exit;
	}
	if (empty($password) || $password=="") {
		// no password available
		$message = $strNoPassword;
		include("interface.php");
		exit;
	}

	// contact database
	$link = mysql_connect($db_host, $db_user, $db_password) or die($strNoConnection);
	mysql_select_db ($db_name) or die ($strNoDatabase);
	$userQuery = mysql_query("SELECT * FROM wps_users WHERE user = '$login'");

	// check user and password
	if (mysql_num_rows($userQuery) != 0) {
		// user exist --> continue
		$userArray = mysql_fetch_array($userQuery);

		if ($login != $userArray["user"]) {
			// Case sensitive user not present in database
			$message = $strUserNotExist;
			include("interface.php");
			exit;
		}
	} else {
		// user not present in database
		$message = $strUserNotExist;
		include("interface.php");
		exit;
	}
	if (empty($userArray["password"])) {
		// password not present in database for this user
		$message = $strPwNotFound;
		include("interface.php");
		exit;
	}
	if (stripslashes($userArray["password"]) != $password) {
		// password is wrong
		$message = $strPwFalse;
		include("interface.php");
		exit;
	}
	if ( isset($userArray["userlevel"]) ) {
		$userLevel = stripslashes($userArray["userlevel"]);
	}
	if ( isset($minUserLevel) ) {
		// check for minimum user level
		if ( empty($userArray["userlevel"]) ) {
			// check if column (as entered in the configuration file) exist in database
			$message = $strNoUserLevelColumn;
			include("interface.php");
			exit;
		}
		if ( empty($minUserLevel) || ( $userLevel < $minUserLevel ) ) {
			// this user does not have the required user level
			$message = $strUserNotAllowed;
			include("interface.php");
			exit;
		}
	}
	if ( isset($userArray["id"]) ) {
		$ID = stripslashes($userArray["id"]);
	}
}
?>