[racktables] / inc / auth.php

<?
/*

Authentication library for RackTables.

*/

// This function ensures that we don't continue without a legitimate
// username and password.
function authenticate ()
{
	if (array_search (PASSWORD_HASH, hash_algos()) === FALSE)
	{
		showError ('Password hash not supported, authentication impossible.');
		die();
	}
	if
	(
		!isset ($_SERVER['PHP_AUTH_USER']) or
		!isset ($_SERVER['PHP_AUTH_PW']) or
		!authenticated ($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])
	)
	{
		header ('WWW-Authenticate: Basic realm="' . getConfigVar ('enterprise') . ' RackTables access"');
		header ('HTTP/1.0 401 Unauthorized');
		showError ('This system requires authentication. You should use a username and a password.');
		die();
	}
}

// Show error unless the user is allowed access here.
function authorize ()
{
	global $remote_username, $pageno, $tabno;
	if (!authorized ($remote_username, $pageno, $tabno))
	{
		showError ("User '${remote_username}' is not allowed to access here.");
		die();
	}
}

// This function returns TRUE, if username and password are valid.
function authenticated ($username, $password)
{
	global $accounts;
	if (!isset ($accounts[$username]['user_password_hash']))
		return FALSE;
	if ($accounts[$username]['user_enabled'] != 'yes')
		return FALSE;
	if ($accounts[$username]['user_password_hash'] == hash (PASSWORD_HASH, $password))
		return TRUE;
	return FALSE;
}

// This function returns TRUE, if specified user has access to the
// page and tab.
function authorized ($username, $pageno, $tabno)
{
	global $perms;
	// Deny access by default, then accumulate all corrections from database.
	// Order of nested cycles is important here!
	// '%' as page or tab name has a special value and means "any".
	// 0 as user_id means "any user".
	$answer = 'no';
	foreach (array ('%', $username) as $u)
		foreach (array ('%', $tabno) as $t)
			foreach (array ('%', $pageno) as $p)
				if (isset ($perms[$u][$p][$t]))
					$answer = $perms[$u][$p][$t];
	if ($answer == 'yes')
		return TRUE;
	return FALSE;
}

// This function returns password hash for given user ID.
function getHashByID ($user_id = 0)
{
	if ($user_id <= 0)
	{
		showError ('Invalid user_id in getHashByID()');
		return NULL;
	}
	global $accounts;
	foreach ($accounts as $account)
		if ($account['user_id'] == $user_id)
			return $account['user_password_hash'];
	return NULL;
}

?>
Commit	Line	Data
e673ee24 DO	1	<?
	2	/*
	3
	4	Authentication library for RackTables.
	5
	6	*/
	7
	8	// This function ensures that we don't continue without a legitimate
	9	// username and password.
	10	function authenticate ()
	11	{
	12	if (array_search (PASSWORD_HASH, hash_algos()) === FALSE)
	13	{
	14	showError ('Password hash not supported, authentication impossible.');
	15	die();
	16	}
e673ee24 DO	17	if
	18	(
	19	!isset ($_SERVER['PHP_AUTH_USER']) or
	20	!isset ($_SERVER['PHP_AUTH_PW']) or
	21	!authenticated ($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])
	22	)
	23	{
9c0b0016	24	header ('WWW-Authenticate: Basic realm="' . getConfigVar ('enterprise') . ' RackTables access"');
e673ee24 DO	25	header ('HTTP/1.0 401 Unauthorized');
	26	showError ('This system requires authentication. You should use a username and a password.');
	27	die();
	28	}
	29	}
	30
	31	// Show error unless the user is allowed access here.
	32	function authorize ()
	33	{
	34	global $remote_username, $pageno, $tabno;
	35	if (!authorized ($remote_username, $pageno, $tabno))
	36	{
	37	showError ("User '${remote_username}' is not allowed to access here.");
	38	die();
	39	}
	40	}
	41
	42	// This function returns TRUE, if username and password are valid.
	43	function authenticated ($username, $password)
	44	{
	45	global $accounts;
	46	if (!isset ($accounts[$username]['user_password_hash']))
	47	return FALSE;
	48	if ($accounts[$username]['user_enabled'] != 'yes')
	49	return FALSE;
	50	if ($accounts[$username]['user_password_hash'] == hash (PASSWORD_HASH, $password))
	51	return TRUE;
	52	return FALSE;
	53	}
	54
	55	// This function returns TRUE, if specified user has access to the
	56	// page and tab.
	57	function authorized ($username, $pageno, $tabno)
	58	{
	59	global $perms;
	60	// Deny access by default, then accumulate all corrections from database.
	61	// Order of nested cycles is important here!
	62	// '%' as page or tab name has a special value and means "any".
	63	// 0 as user_id means "any user".
	64	$answer = 'no';
	65	foreach (array ('%', $username) as $u)
	66	foreach (array ('%', $tabno) as $t)
	67	foreach (array ('%', $pageno) as $p)
	68	if (isset ($perms[$u][$p][$t]))
	69	$answer = $perms[$u][$p][$t];
	70	if ($answer == 'yes')
	71	return TRUE;
	72	return FALSE;
	73	}
	74
	75	// This function returns password hash for given user ID.
	76	function getHashByID ($user_id = 0)
	77	{
	78	if ($user_id <= 0)
	79	{
	80	showError ('Invalid user_id in getHashByID()');
	81	return NULL;
	82	}
	83	global $accounts;
	84	foreach ($accounts as $account)
	85	if ($account['user_id'] == $user_id)
	86	return $account['user_password_hash'];
	87	return NULL;
	88	}
89
90	?>