4 Authentication library for RackTables.
8 // This function ensures that we don't continue without a legitimate
9 // username and password.
10 function authenticate ()
12 if (array_search (PASSWORD_HASH
, hash_algos()) === FALSE)
14 showError ('Password hash not supported, authentication impossible.');
20 !isset ($_SERVER['PHP_AUTH_USER']) or
21 !isset ($_SERVER['PHP_AUTH_PW']) or
22 !authenticated ($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])
25 header ("WWW-Authenticate: Basic realm=\"${enterprise} RackTables access\"");
26 header ('HTTP/1.0 401 Unauthorized');
27 showError ('This system requires authentication. You should use a username and a password.');
32 // Show error unless the user is allowed access here.
35 global $remote_username, $pageno, $tabno;
36 if (!authorized ($remote_username, $pageno, $tabno))
38 showError ("User '${remote_username}' is not allowed to access here.");
43 // This function returns TRUE, if username and password are valid.
44 function authenticated ($username, $password)
47 if (!isset ($accounts[$username]['user_password_hash']))
49 if ($accounts[$username]['user_enabled'] != 'yes')
51 if ($accounts[$username]['user_password_hash'] == hash (PASSWORD_HASH
, $password))
56 // This function returns TRUE, if specified user has access to the
58 function authorized ($username, $pageno, $tabno)
61 // Deny access by default, then accumulate all corrections from database.
62 // Order of nested cycles is important here!
63 // '%' as page or tab name has a special value and means "any".
64 // 0 as user_id means "any user".
66 foreach (array ('%', $username) as $u)
67 foreach (array ('%', $tabno) as $t)
68 foreach (array ('%', $pageno) as $p)
69 if (isset ($perms[$u][$p][$t]))
70 $answer = $perms[$u][$p][$t];
76 // This function returns password hash for given user ID.
77 function getHashByID ($user_id = 0)
81 showError ('Invalid user_id in getHashByID()');
85 foreach ($accounts as $account)
86 if ($account['user_id'] == $user_id)
87 return $account['user_password_hash'];