-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauthenticate.php
executable file
·108 lines (91 loc) · 3.56 KB
/
authenticate.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
<?
/*
authenticate.php
Fuse Playout System Management
This file checks a user's cookies to ensure they are authorised to be logged in, and with what access level.
*/
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
include ('includes/functions.php');
// Global variable
$adminaccess = false;
$newsaccess = false;
$userid;
if(isset($_COOKIE['Fuse_Playout_User']) AND isset($_COOKIE['Fuse_Playout_Pass'])) {
// Start checking cookie's authenticity
$user = $_COOKIE['Fuse_Playout_User'];
$md5pass = $_COOKIE['Fuse_Playout_Pass'];
$pass = passwordsearch($user,$ldapconn,$ldapbasedn);
if ($pass == "No Results") {
// Cookies invalidated
$hour = time() - 3600;
setcookie(Fuse_Playout_User, "false", $hour);
setcookie(Fuse_Playout_Pass, "false", $hour);
// The uid entered doesn't have a corresponding password record.
header ("Location: logon.php");
die("Possible hacking attempt");
} else if ($pass == "Too Many Results") {
// Cookies invalidated
$hour = time() - 3600;
setcookie(Fuse_Playout_User, "false", $hour);
setcookie(Fuse_Playout_Pass, "false", $hour);
// The search returned multiple passwords and we don't know which one to use. They should be unique.
header ("Location: logon.php");
die("Possible hacking attempt");
} else {
// We should now have the correct password, but it needs to be verified.
if (strcasecmp($md5pass,$pass) == 0) {
// Password matches. Now to check permissions
$authenticated = false;
// Cycle through admin groups to locate the user
for ($i = 0; $i < count($admingroups); $i++) {
if (groupsearch($admingroups[$i],$user,$ldapconn,$ldapbasedn)) {
$authenticated = true;
$adminaccess = true;
}
}
// Cycle through news groups to locate the user
if ($authenticated == false) {
for ($i = 0; $i < count($newsgroups); $i++) {
if (groupsearch($newsgroups[$i],$user,$ldapconn,$ldapbasedn)) {
$authenticated = true;
$newsaccess = true;
}
}
}
// Cycle through user groups to locate the user
if ($authenticated == false) {
for ($i = 0; $i < count($usergroups); $i++) {
if (groupsearch($usergroups[$i],$user,$ldapconn,$ldapbasedn)) {
$authenticated = true;
}
}
}
if ($authenticated) {
// Set the cookies, ensuring an allowed logon time of one hour.
$hour = time() + 3600;
setcookie(Fuse_Playout_User, $user, $hour);
setcookie(Fuse_Playout_Pass, $pass, $hour);
// Allows user's specific show info to be located.
$userid = $user;
} else {
// User is not a member of the correct LDAP groups.
header ("Location: logon.php");
die("Possible hacking attempt");
}
} else {
// Cookie password does not match the one in the database. Password may have been changed.
// Cookies invalidated, user returned to logon form.
$hour = time() - 3600;
setcookie(Fuse_Playout_User, "false", $hour);
setcookie(Fuse_Playout_Pass, "false", $hour);
header ("Location: logon.php");
die("Possible hacking attempt");
}
}
// Finish checking cookie's authenticity
} else {
header ("Location: logon.php");
die("Possible hacking attempt");
}
?>