r1202 + all options have moved into the database
[racktables] / inc / auth.php
1 <?
2 /*
3
4 Authentication library for RackTables.
5
6 */
7
8 // This function ensures that we don't continue without a legitimate
9 // username and password.
10 function authenticate ()
11 {
12 if (array_search (PASSWORD_HASH, hash_algos()) === FALSE)
13 {
14 showError ('Password hash not supported, authentication impossible.');
15 die();
16 }
17 if
18 (
19 !isset ($_SERVER['PHP_AUTH_USER']) or
20 !isset ($_SERVER['PHP_AUTH_PW']) or
21 !authenticated ($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])
22 )
23 {
24 header ('WWW-Authenticate: Basic realm="' . getConfigVar ('enterprise') . ' RackTables access"');
25 header ('HTTP/1.0 401 Unauthorized');
26 showError ('This system requires authentication. You should use a username and a password.');
27 die();
28 }
29 }
30
31 // Show error unless the user is allowed access here.
32 function authorize ()
33 {
34 global $remote_username, $pageno, $tabno;
35 if (!authorized ($remote_username, $pageno, $tabno))
36 {
37 showError ("User '${remote_username}' is not allowed to access here.");
38 die();
39 }
40 }
41
42 // This function returns TRUE, if username and password are valid.
43 function authenticated ($username, $password)
44 {
45 global $accounts;
46 if (!isset ($accounts[$username]['user_password_hash']))
47 return FALSE;
48 if ($accounts[$username]['user_enabled'] != 'yes')
49 return FALSE;
50 if ($accounts[$username]['user_password_hash'] == hash (PASSWORD_HASH, $password))
51 return TRUE;
52 return FALSE;
53 }
54
55 // This function returns TRUE, if specified user has access to the
56 // page and tab.
57 function authorized ($username, $pageno, $tabno)
58 {
59 global $perms;
60 // Deny access by default, then accumulate all corrections from database.
61 // Order of nested cycles is important here!
62 // '%' as page or tab name has a special value and means "any".
63 // 0 as user_id means "any user".
64 $answer = 'no';
65 foreach (array ('%', $username) as $u)
66 foreach (array ('%', $tabno) as $t)
67 foreach (array ('%', $pageno) as $p)
68 if (isset ($perms[$u][$p][$t]))
69 $answer = $perms[$u][$p][$t];
70 if ($answer == 'yes')
71 return TRUE;
72 return FALSE;
73 }
74
75 // This function returns password hash for given user ID.
76 function getHashByID ($user_id = 0)
77 {
78 if ($user_id <= 0)
79 {
80 showError ('Invalid user_id in getHashByID()');
81 return NULL;
82 }
83 global $accounts;
84 foreach ($accounts as $account)
85 if ($account['user_id'] == $user_id)
86 return $account['user_password_hash'];
87 return NULL;
88 }
89
90 ?>