Location: PHPKode > scripts > Prioritexter > Security.php
<?php
class Security {


function requireLogin($pass_in) {
  global $this_page;

  $pass_real = Encrypt::xcrypt(0,PASSWORD_HASH);  

  $this_page->echoAtEnd("here we go");
  $this_page->echoAtEnd("cookie is: " . $_COOKIE["admin_logged_in"]);

  // if logged in cookie is NOT set...
  //  if (Encrypt::xcrypt(0,$_COOKIE[Encrypt::xcrypt(1,'admin_logged_in')]) != "true") {
  if ($_COOKIE["admin_logged_in"] != "true") {
    $this_page->echoAtEnd("no session");
    //     $this_page->echoAtEnd(Encrypt::xcrypt(1, $pass_in));

    // then check if they have just submitted a working password...
    if ($pass_in==$pass_real) {

      $this_page->echoAtEnd("setting session");

      // if the password works, set session
      //          setcookie (Encrypt::xcrypt(1,'admin_logged_in'), Encrypt::xcrypt(1,"true"), time()+VERY_BIG_NUMBER);
      setcookie ("admin_logged_in", "true", time()+VERY_BIG_NUMBER);
      setcookie (Encrypt::xcrypt(1,"login_time"), Encrypt::xcrypt(1,time()), time()+VERY_BIG_NUMBER);

      return true;

    } else {
      // there was no cookie set before, and password was not valid...

      //redirect the bastards now!
      //      echo "<script language='javascript'>";

      // if they weren't trying to login, just show them the form with no comments
      if ($pass_in=="") {
	header("Location: " . Http::fullUrl() . "?action=showLogin&page=" . SEC_SUB_ID);
	echo "Location: " . Http::fullUrl() . "?action=showLogin&page=" . SEC_SUB_ID;
      }
      //	echo 'location.href="'. Http::baseUrl() .'?action=showLogin";';
      else // otherwise, give 'em shit for it!
	//	echo 'location.href="'. Http::baseUrl() .'?action=badPass";';
	header("Location: " . Http::baseUrl() . "?action=badPass&page=" . SEC_SUB_ID);

      echo '</script>';
    }
  // now if the logged in cooke WAS set,
  // let 'em in, but first check that session isn't too old (or fraudulent)
  } else {
   $this_page->echoAtEnd("yes session");

   // how long has it been since they logged in?
   // diff is measured in seconds.
   $diff = time() - 
      Encrypt::xcrypt(0,$_COOKIE[Encrypt::xcrypt(1,'login_time')]);

   $this_page->echoAtEnd("time: " . time());
   $this_page->echoAtEnd("login time cookie: " 
      . Encrypt::xcrypt(0,$_COOKIE[Encrypt::xcrypt(1,'login_time')]));
   $this_page->echoAtEnd("diff: " . $diff);

   // if it's been too long,
   if (($diff > (ADMIN_LOGIN_MAX_MINUTES * 60)) || ($diff < 0)) {

     // johnny come-latelies! get out!
     Security::killCookies();
     $this_page->echoAtEnd("you are being evicted.");

     // if you're late, and you're REALLY late, like 2 hours later late,
     // you won't expect to be recognized anyway... so just show login 
     // screen.
     //  this happens whenever someone was logged in yesterday, and
     // click edit mode today... you've got the cookie, but it's ancient.
     //  if cookie was from recently, but you're too late, explain what
     // happened.
     $s = "Sorry, your login has expired.<br>"
	. "Your work has been saved. Please log in again.";
     if ($diff > ADMIN_LOGIN_MAX_MINUTES * 120) {
       global $action;
       $action = "showLogin";
     } else 
       $this_page->addBanner($s);

     //redirect the bastards now!

   } else
     return true;
  }
  // done with checking up on them.

  return false;
}

 
function showLogin() {
  global $this_page;

  $login_form="";

  $login_form .= "<p align=right>";
  $login_form .= "<table border=0 cellspacing=0 cellpadding=0>";
  $login_form .= "<tr>";

  $login_form .= "<form id=login name=login ";
  $login_form .= "action=\"" . Http::baseUrl() . "?mode=edit&";
  $login_form .= "page=" . SEC_SUB_ID . "\" method=POST>";
  $login_form .= "<input type=hidden name=mode value=edit>";
  $login_form .= "<input type=hidden name=show_content value=0>";
  $login_form .= "<input type=hidden name=stage value=start>";
  $login_form .= "<td colspan=1 class=plain align=left valign=bottom>";
  $login_form .= "Please enter your password:&nbsp;</td>";
  $login_form .= "<td colspan=3 class=plain><input class=plain type=password size=10 ";
  $login_form .= "id=POST_password name=POST_password>";
  $login_form .= "</td>";
  $login_form .= "<td align=right class=plain>&nbsp;";
  $login_form .= Output::submitButton("log in &rarr;");
  $login_form .= "</td></form>";

  $login_form .= "</tr></table>";

  $this_page->login_form = $login_form;
}


 function setWarnings() {

   $s="";
   // this stuff sets timers to log them out if they stay on the same page
   // for too long.
   $s .= 'function warn_session() {';
   $s .=  'alert("Warning!\n\nYour login session will expire soon\n';
   $s .=  'unless you load a new page soon.\n\nIf you are entering ';
   $s .=  'information,\nplease save what you have\nand finish promptly. ';
   $s .=  'You\ncan always go back and edit\nor add more later.");';
   $s .= '}';
   $s .= 'function end_session() {';
   $s .=  'location.href="' . Http::baseUrl() . '?action=forceLogout&page=';
   $s .=   SEC_SUB_ID . '";';
   $s .= '}';
   $s .= 'window.setTimeout( "warn_session()", ';
   $s .=  (ADMIN_LOGIN_WARN_MINUTES * 60000) . ');';
   $s .= 'window.setTimeout( "end_session()", ';
   $s .=  (ADMIN_LOGIN_MINUTES * 60000) . ');';
   return $s;
 }

 function killCookies() {
    setcookie ("admin_logged_in", "", time()-VERY_BIG_NUMBER);
    setcookie (Encrypt::xcrypt(1,"login_time"), "", time()-VERY_BIG_NUMBER);
 }

 function referrerIsInternal() {
   $referer = getenv("HTTP_REFERER");
   //   echo "ref: ". $referer ."<br>";
   //echo "sub: ". substr($referer,0,strlen(SITE_BASE_ADDR)) ."<br>";
   if (substr($referer,0,strlen(SITE_BASE_ADDR)) == SITE_BASE_ADDR) 
     return true;
   else
     return false;
 }


} 
?>
Return current item: Prioritexter