auth["uname"]=$username; ## This provides access for "loginform.ihtml" } $uid = false; $this->db->query(sprintf("select user_id, perms ". " from %s ". " where username = '%s' ". " and password = '%s'", $this->database_table, addslashes($username), addslashes($password))); while($this->db->next_record()) { $uid = $this->db->f("user_id"); $this->auth["perm"] = $this->db->f("perms"); } return $uid; } } class Example_Default_Auth extends Example_Auth { var $classname = "Example_Default_Auth"; var $nobody = true; } class Example_Challenge_Auth extends Auth { var $classname = "Example_Challenge_Auth"; var $lifetime = 1; var $magic = "Simsalabim"; ## Challenge seed var $database_class = "DB_Example"; var $database_table = "auth_user"; function auth_loginform() { global $sess; global $challenge; global $_PHPLIB; $challenge = md5(uniqid($this->magic)); $sess->register("challenge"); include($_PHPLIB["libdir"] . "crloginform.ihtml"); } function auth_validatelogin() { global $username, $password, $challenge, $response; if(isset($username)) { $this->auth["uname"]=$username; ## This provides access for "loginform.ihtml" } $this->db->query(sprintf("select user_id,perms,password ". "from %s where username = '%s'", $this->database_table, addslashes($username))); while($this->db->next_record()) { $uid = $this->db->f("user_id"); $perm = $this->db->f("perms"); $pass = $this->db->f("password"); } $exspected_response = md5("$username:$pass:$challenge"); ## True when JS is disabled if ($response == "") { if ($password != $pass) { return false; } else { $this->auth["perm"] = $perm; return $uid; } } ## Response is set, JS is enabled if ($exspected_response != $response) { return false; } else { $this->auth["perm"] = $perm; return $uid; } } } ## ## Example_Challenge_Crypt_Auth: Keep passwords in md5 hashes rather ## than cleartext in database ## Author: Jim Zajkowski class Example_Challenge_Crypt_Auth extends Auth { var $classname = "Example_Challenge_Crypt_Auth"; var $lifetime = 1; var $magic = "Frobozzica"; ## Challenge seed var $database_class = "DB_Example"; var $database_table = "auth_user_md5"; function auth_loginform() { global $sess; global $challenge; $challenge = md5(uniqid($this->magic)); $sess->register("challenge"); include("crcloginform.ihtml"); } function auth_validatelogin() { global $username, $password, $challenge, $response; $this->auth["uname"]=$username; ## This provides access for "loginform.ihtml" $this->db->query(sprintf("select user_id,perms,password ". "from %s where username = '%s'", $this->database_table, addslashes($username))); while($this->db->next_record()) { $uid = $this->db->f("user_id"); $perm = $this->db->f("perms"); $pass = $this->db->f("password"); ## Password is stored as a md5 hash } $exspected_response = md5("$username:$pass:$challenge"); ## True when JS is disabled if ($response == "") { if (md5($password) != $pass) { ## md5 hash for non-JavaScript browsers return false; } else { $this->auth["perm"] = $perm; return $uid; } } ## Response is set, JS is enabled if ($exspected_response != $response) { return false; } else { $this->auth["perm"] = $perm; return $uid; } } } class Example_Perm extends Perm { var $classname = "Example_Perm"; var $permissions = array( "user" => 1, "author" => 2, "editor" => 4, "supervisor" => 8, "admin" => 16 ); function perm_invalid($does_have, $must_have) { global $perm, $auth, $sess; global $_PHPLIB; include($_PHPLIB["libdir"] . "perminvalid.ihtml"); } } ?>