|
PCCS MySQLDatabase Admin Tool version 1.3.4
|
/ -> dologin.php
1 <?php
2 ////////////////////////////////////////////////////////////////////////////////////////////////////////////
3 // coder: Chauncey Thorn
4 // email: cthorn
5 /************************************************************************
6 PCCS MySQLDatabase Admin Tool
7 Copyright (C) 1999 Chauncey Thorn
8
9 This program is free software; you can redistribute it and/or
10 modify it under the terms of the GNU General Public License
11 as published by the Free Software Foundation; either version 2
12 of the License, or (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA , USA.
22 **************************************************************************/
23 // We should only get called by login.php?action=dologin
24 /*
25 $file = "http://" . gethostbyaddr($SERVER_ADDR) . "/pccsmysqladm/login.php";
26 if($HTTP_REFERER != $file) {
27 print "Hack attempt";
28 } else {
29
30 }
31 */
32 if($action == "dologin"):
33 // If you read the INSTALL you know that you need to edit the ruser and rpasswd
34 // I hope you created the account.
35
36
37 include('incs/dbuserpasswd.php');
38
39 $ruser=$db_user;
40 $rpasswd="$db_passwd";
41
42 // You may need to modify this if you are running this from a
43 // /~userid setup
44
45 $URL = "http://" . gethostbyaddr($SERVER_ADDR) . "/pccsmysqladm/";
46
47
48 function checkID($userid,$password) {
49 global $REMOTE_ADDR, $ruser, $rpasswd, $URL;
50 mysql_connect("localhost","$ruser","$rpasswd");
51 $chkid=mysql("mysql","SELECT User,Password FROM user WHERE User='$userid' HAVING Password=password('$password')");
52 $numrows=mysql_num_rows($chkid);
53
54 // See if the query return anything
55 if(!$numrows > 0) {
56 echo "Login Failed";
57 echo "Either the UserID or Password is Bad";
58 echo "<P>";
59 echo "Or you do not have permissions to connect to DB";
60 echo "<P>";
61 echo "<A HREF=login.php>Relogin</A>";
62 exit;
63 } else {
64 // Creating string to act as userid/password hash
65 // adding current day to hash string
66 // If you don't logout for 24 hours, you will need
67 // to relogin.
68 $private_hash = $REMOTE_ADDR . date("mdY");
69 $db_userid = "$userid";
70 $db_userid =strtolower($db_user);
71
72 // pass strings to md5()
73 // kinda makes it hard to hack
74 $userid_hash= md5($db_user.$private_hash);
75 $hashed_var= md5($HTTP_USER_AGENT.$private_hash);
76
77 // set these variables as cookies
78 SetCookie("LOGGEDIN", "$REMOTE_ADDR", 0, "/");
79 SetCookie("db_userid", "$db_userid", 0, "/");
80 SetCookie("userid_hash", "$userid_hash", 0, "/");
81
82 // redirect to app
83
84 header ("Location: $URL");
85 }
86
87 }
88
89 // Force userid
90 // That why we have a logon manager (+:
91
92 if(!$userid) {
93 echo "You must Enter a UserID";
94 echo " <A HREF=login.php>Relogin</A>";
95 } else {
96
97 checkID("$userid","$password");
98 }
99
100 endif;
101
102 ?>
| |