Location: PHPKode > projects > php CMS > phpcms/parser/include/class.login_phpcms.php
<?php
/* $Id: class.login_phpcms.php,v 1.2.2.9 2006/06/18 18:07:31 ignatius0815 Exp $ */
/*
   +----------------------------------------------------------------------+
   | phpCMS Content Management System - Version 1.2
   +----------------------------------------------------------------------+
   | phpCMS is Copyright (c) 2001-2006 by the phpCMS Team
   +----------------------------------------------------------------------+
   | This program is free software; you can redistribute it and/or modify
   | it under the terms of the GNU General Public License as published by
   | the Free Software Foundation; either version 2 of the License, or
   | (at your option) any later version.
   |
   | This program is distributed in the hope that it will be useful, but
   | WITHOUT ANY WARRANTY; without even the implied warranty of
   | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   | General Public License for more details.
   |
   | You should have received a copy of the GNU General Public License
   | along with this program; if not, write to the Free Software
   | Foundation, Inc., 59 Temple Place - Suite 330, Boston,
   | MA  02111-1307, USA.
   +----------------------------------------------------------------------+
   | Contributors:
   |    Michael Brauchl (mcyra)
   +----------------------------------------------------------------------+
*/
if (!defined('PHPCMS_RUNNING')) die('Hacking attempt...');

define('PHPCMS_INCLUDEPATH', 'includes/');
//##################################################################
// generische login-funktionen
// läuft standalone und als plugin
// setzt eine zentrale userverwaltung voraus
//
// die konstante PHPCMS_INCLUDEPATH = pfad zu den include-klassen
// muss vor dem Aufruf dieser funktionen gesetzt sein
//
// am ende aller funktionen muß von dem aufrufenden
// programm die funktion clean_exit() aufgerufen werden,
// damit die session geschlossen wird.
//##################################################################

//##################################################################
// testen ob als plugin oder standalone
// und alle erforderlichen libraries einbinden
//##################################################################

if(!defined("_LIBPHPCMS_")) {
	include(PHPCMS_INCLUDEPATH.'/class.lib_phpcms.php');
	$PHP = new LibphpCMS;
}
if(!defined("_DEFAULTS_")) {
	include(PHPCMS_INCLUDEPATH.'/default.php');
	$DEFAULTS = new defaults;
}
if(!defined("_DATACONTAINER_")) {
	include(PHPCMS_INCLUDEPATH.'/class.lib_data_file_phpcms.php');
}
if(!defined("_SESSION_")) {
	include(PHPCMS_INCLUDEPATH.'/class.session_phpcms.php');
	$session = new session;
}
if(!defined("_GROUP_")) {
	include(PHPCMS_INCLUDEPATH.'/class.group_phpcms.php');
}
if(!defined("_USER_")) {
	include(PHPCMS_INCLUDEPATH.'/class.user_phpcms.php');
}
if(!defined("_FORM_")) {
	include(PHPCMS_INCLUDEPATH.'/class.form_phpcms.php');
}


// check phpCMS-installation directory
if(!isset($PHPCMS_INSTALL_DIR)) {
	$lpos = strrpos(PHPCMS_INCLUDEPATH, '/');
	$PHPCMS_INSTALL_DIR = substr(PHPCMS_INCLUDEPATH, 0, $lpos);
}

// check, if there are already groups in the group-directory
function is_group_dir_aviable() {
	global $PHPCMS_INSTALL_DIR;

	if(file_exists($PHPCMS_INSTALL_DIR.'/group/NAME')) {
		return true;
	} else {
		return false;
	}
}

// check, if there is a user in the user-directory an if the superuser already exists
function is_user_dir_aviable() {
	global $PHPCMS_INSTALL_DIR;

	if(file_exists($PHPCMS_INSTALL_DIR.'/user/NICKNAME')) {
		$user = new user($PHPCMS_INSTALL_DIR.'/user');
		if($user->search_user('NICKNAME', 'root')) {
			return true;
		}
	}
	return false;
}

// creates the standard-groups and the superuser "root" with pass "phpcms". opened session needed!
function init() {
	global $PHPCMS_INSTALL_DIR, $session, $DEFAULTS;

	// creating groups
	$group = new group($PHPCMS_INSTALL_DIR.'/group');

	$group->make_new_group();
	$group->NAME = 'ADMIN';
	$group->STORE['DESCRIPTION'] = 'Alle Administratoren von phpCMS.';
	$group->save_group_data($group->GROUPID);

	$group->make_new_group();
	$group->NAME = 'WEBMASTER';
	$group->STORE['DESCRIPTION'] = 'Alle Webmaster von phpCMS.';
	$group->save_group_data($group->GROUPID);

	$group->make_new_group();
	$group->NAME = 'DESIGNER';
	$group->STORE['DESCRIPTION'] = 'Alle Designer von phpCMS.';
	$group->save_group_data($group->GROUPID);

	$group->make_new_group();
	$group->NAME = 'REDAKTEUR';
	$group->STORE['DESCRIPTION'] = 'Alle Redakteure von phpCMS.';
	$group->save_group_data($group->GROUPID);

	$group->make_new_group();
	$group->NAME = 'GUEST';
	$group->STORE['DESCRIPTION'] = 'Websitebesucher und Gäste';
	$group->save_group_data($group->GROUPID);

	// creating superuser
	$user = new user($PHPCMS_INSTALL_DIR.'/user');
	$user->make_new_user();

	$user->VORNAME  = 'root';
	$user->NACHNAME = 'root';
	$user->NICKNAME = 'root';
	$user->EMAIL    = 'hide@address.com';
	$user->PASSWORD = 'phpcms';
	$user->GROUPS   = 'ADMIN;WEBMASTER;DESIGNER;REDAKTEUR;GUEST';
	$user->STORE['DESCRIPTION'] = 'Superuser von phpCMS. Dieser User hat alle Rechte';
	$user->save_user_data($user->USERID);
	$session->vars['FIRST_LOGIN'] = true;
}

// check, if the logged-in user is in the given group. needs opened session and a logged-in user.
function is_user_in_group($group) {
	global $session, $PHPCMS_INSTALL_DIR;

	// root is allowed to do everything
	$user = new user($PHPCMS_INSTALL_DIR.'/user');
	$user->get_user_data($session->vars['USERID']);
	if($user->NICKNAME == 'root') {
		return true;
	}
	// check for entrys in $group
	$check_count = 0;
	if(strstr($group, ';')) {
		$temp = explode(';', $group);
		for($i = 0; $i < count($temp); $i++) {
			$temp[$i] = trim ($temp[$i]);
			if(strlen($temp[$i]) == 0) {
				continue;
			}
			$to_check[$check_count] = $temp[$i];
			$check_count++;
		}
	} else {
		$to_check[$check_count] = trim($group);
		$check_count++;
	}
	$valid = FALSE;
	$groupar = explode(';', $session->vars['USERGROUPS']);
	for($i = 0; $i < $check_count; $i++) {
		while(list($k, $groupname) = each($groupar)) {
			if(trim($groupname) == $to_check[$i]) {
				return TRUE;
			}
		}
	}
}

// show loginscreen
function draw_login_screen($title = 'Login') {
	b_write('<html>');
	b_write('<table border="0" cellspacing="0" cellpadding="0" width="100%" height="100%">');
	b_write('<tr><td align="center">');
	$login_form = new form();
	$login_form->set_select('CHECK_LOGIN');
	$login_form->set_callback('LOGIN');
	$login_form->set_bgcolor('DDEEDD');
	$login_form->add_area('1');
	$login_form->set_area_title('1', $title);
	$login_form->add_area_input_text('1', 'nickname', '10', 'User:');
	$login_form->add_area_input_password('1', 'password', '10', 'Paßwort:');
	$login_form->add_button('submit', 'submit', 'Login');
	$login_form->compose_form();
	b_write ('</td></tr></table></html>');
	return;
}

// checks, if a user is logged in. If not, show loginscreen
function login() {
	global $session, $user, $PHPCMS_INSTALL_DIR;

	$f_vars = new get_form();

	if(isset($f_vars->select) AND $f_vars->select == 'CHECK_LOGIN') {
		$user = new user($PHPCMS_INSTALL_DIR.'/user');

		$ID = $user->search_user('NICKNAME', $f_vars->nickname);
		if(!isset($ID)) {
			draw_login_screen('Falscher Username');
			clean_exit();
		}
		if(count($ID) > 1) {
			echo 'Mehrere User mit dem gleichen Nicknamen gefunden!';
			clean_exit();
		}

		$user->get_user_data($ID[0]);
		if($user->PASSWORD != $f_vars->password) {
			draw_login_screen('Falsches Paßwort');
			clean_exit();
		}
		$session->vars['USERID'] = $ID[0];
		$session->vars['USERGROUPS'] = $user->GROUPS;
	}

	if(!isset($session->vars['USERID'])) {
		draw_login_screen('Login');
		clean_exit();
	}
}

// if the function b_write for printing to screen does not exist, it will be created here
if(!function_exists('bwrite')) {
	function b_write($str) {
		echo $str;
	}
}

// creating the function clean_exit, if it does not exist
if(!function_exists('clean_exit')) {
	function clean_exit() {
		global $session,$logger;
		$session->close();
		exit;
	}
}

// initializing the base-structur
if(!is_group_dir_aviable()) {
	init();
}
if(!is_user_dir_aviable()) {
	init();
}

// starting the login-dialog.
login();

// creating the superuser at the first login.
if(isset($session->vars['FIRST_LOGIN']) AND $session->vars['FIRST_LOGIN'] == true) {
	include(PHPCMS_INCLUDEPATH.'/class.firstlogin_phpcms.php');
	login();
}

?>
Return current item: php CMS