r1209 + adding recent cool DB upgrade feature
[racktables] / inc / auth.php
CommitLineData
e673ee24
DO
1<?
2/*
3
4Authentication library for RackTables.
5
6*/
7
8// This function ensures that we don't continue without a legitimate
9// username and password.
10function authenticate ()
11{
12 if (array_search (PASSWORD_HASH, hash_algos()) === FALSE)
13 {
14 showError ('Password hash not supported, authentication impossible.');
15 die();
16 }
e673ee24
DO
17 if
18 (
19 !isset ($_SERVER['PHP_AUTH_USER']) or
20 !isset ($_SERVER['PHP_AUTH_PW']) or
21 !authenticated ($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])
22 )
23 {
9c0b0016 24 header ('WWW-Authenticate: Basic realm="' . getConfigVar ('enterprise') . ' RackTables access"');
e673ee24
DO
25 header ('HTTP/1.0 401 Unauthorized');
26 showError ('This system requires authentication. You should use a username and a password.');
27 die();
28 }
29}
30
31// Show error unless the user is allowed access here.
32function authorize ()
33{
34 global $remote_username, $pageno, $tabno;
35 if (!authorized ($remote_username, $pageno, $tabno))
36 {
37 showError ("User '${remote_username}' is not allowed to access here.");
38 die();
39 }
40}
41
42// This function returns TRUE, if username and password are valid.
43function authenticated ($username, $password)
44{
45 global $accounts;
46 if (!isset ($accounts[$username]['user_password_hash']))
47 return FALSE;
48 if ($accounts[$username]['user_enabled'] != 'yes')
49 return FALSE;
50 if ($accounts[$username]['user_password_hash'] == hash (PASSWORD_HASH, $password))
51 return TRUE;
52 return FALSE;
53}
54
55// This function returns TRUE, if specified user has access to the
56// page and tab.
57function authorized ($username, $pageno, $tabno)
58{
59 global $perms;
60 // Deny access by default, then accumulate all corrections from database.
61 // Order of nested cycles is important here!
62 // '%' as page or tab name has a special value and means "any".
63 // 0 as user_id means "any user".
64 $answer = 'no';
65 foreach (array ('%', $username) as $u)
66 foreach (array ('%', $tabno) as $t)
67 foreach (array ('%', $pageno) as $p)
68 if (isset ($perms[$u][$p][$t]))
69 $answer = $perms[$u][$p][$t];
70 if ($answer == 'yes')
71 return TRUE;
72 return FALSE;
73}
74
75// This function returns password hash for given user ID.
76function getHashByID ($user_id = 0)
77{
78 if ($user_id <= 0)
79 {
80 showError ('Invalid user_id in getHashByID()');
81 return NULL;
82 }
83 global $accounts;
84 foreach ($accounts as $account)
85 if ($account['user_id'] == $user_id)
86 return $account['user_password_hash'];
87 return NULL;
88}
89
90?>