novabbs
/
rocksolid-light
2
0
Fork 1
Code Issues 14 Pull Requests Releases Wiki Activity

* Renamed auth.inc to auth.inc.php. It is a general purpose authentication module that can be used anywhere. Successful authorization sets $logged_in = true

This commit is contained in:
vga256 2023-07-03 13:29:11 -06:00 committed by Retro_Guy
parent 4b626a3cc9
commit e9a33a1418
1 changed files with 45 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
Rocksolid_Light/rocksolid/auth.inc.php Normal file
View File

@ -0,0 +1,45 @@
<?php
$keyfile = $spooldir.'/keys.dat';
$keys = unserialize(file_get_contents($keyfile));
// How long should cookie allow user to stay logged in?
// 14400 = 4 hours
$auth_expire = 14400;
$logged_in = false;
if(!isset($_POST['username'])) {
$_POST['username'] = $_COOKIE['mail_name'];
}
$name = $_POST['username'];
if(!isset($_POST['password'])) {
$_POST['password'] = null;
}
if(!isset($_COOKIE['mail_auth'])) {
$_COOKIE['mail_auth'] = null;
}
if(((get_user_mail_auth_data($_COOKIE['mail_name'])) && password_verify($_POST['username'].$keys[0].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'].$keys[1].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['mail_auth']))) {
$logged_in = true;
} else {
if(check_bbs_auth($_POST['username'], $_POST['password'])) {
$authkey = password_hash($_POST['username'].$keys[0].get_user_config($_POST['username'],'encryptionkey'), PASSWORD_DEFAULT);
$pkey = hash('crc32', get_user_config($_POST['username'],'encryptionkey'));
set_user_config(strtolower($_POST['username']), "pkey", $pkey);
?>
<script type="text/javascript">
if (navigator.cookieEnabled)
var authcookie = "<?php echo $authkey; ?>";
var savename = "<?php echo stripslashes($name); ?>";
var auth_expire = "<?php echo $auth_expire; ?>";
var name_expire = "7776000";
var pkey = "<?php echo $pkey; ?>";
document.cookie = "mail_auth="+authcookie+"; max-age="+auth_expire+"; path=/";
document.cookie = "mail_name="+savename+"; max-age="+name_expire+"; path=/";
document.cookie = "pkey="+pkey+"; max-age="+name_expire+"; path=/";
</script>
<?php
$logged_in = true;
}
else
{
echo 'Authorization failed.';
}
}