1 <?php

     2 

     3 /**

     4  * Greyhound - real web management for Amarok

     5  * Copyright (C) 2008 Dan Fuhry

     6  *

     7  * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License

     8  * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

     9  *

    10  * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied

    11  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.

    12  */

    13 

    14 function greyhound_login_page($httpd, $socket)

    15 {

    16   if ( session_check() )

    17   {

    18     $httpd->header('HTTP/1.1 307 Temporary Redirect');

    19     $httpd->header('Location: /');

    20     

    21     return;

    22   }

    23   $tried = false;

    24   $success = false;

    25   if ( isset($_POST['username']) && isset($_POST['password']) )

    26   {

    27     $tried = true;

    28     if ( $sessionid = login($_POST['username'], $_POST['password']) )

    29     {

    30       $success = true;

    31       $httpd->setcookie('grey_session', $sessionid, time() + ( 86400 * 3650 ));

    32     }

    33   }

    34   

    35   global $theme;

    36   $iphone = ( ( strpos($_SERVER['HTTP_USER_AGENT'], 'iPhone') ||

    37        strpos($_SERVER['HTTP_USER_AGENT'], 'iPod') ||

    38        strpos($_SERVER['HTTP_USER_AGENT'], 'BlackBerry') ||

    39        isset($_GET['m']) )

    40        && !isset($_GET['f'])

    41        );

    42   $theme_id = ( $iphone ) ? 'iphone' : $theme;

    43   $smarty = load_theme($theme_id);

    44   

    45   $smarty->assign('theme', $theme_id);

    46   $smarty->assign('greyhound_version', GREY_VERSION);

    47   $smarty->assign('tried', $tried);

    48   $smarty->assign('success', $success);

    49   $smarty->display('login.tpl');

    50 }

    51 

    52 function greyhound_logout($httpd, $socket)

    53 {

    54   // destroy the session

    55   if ( isset($_COOKIE['grey_session']) )

    56   {

    57     load_session_data();

    58     global $session_data;

    59     unset($session_data[$_COOKIE['grey_session']]);

    60     session_commit_db();

    61   }

    62   

    63   $httpd->setcookie('grey_session', '', time() - 864000);

    64   $httpd->header('HTTP/1.1 307 Temporary Redirect');

    65   $httpd->header('Location: /');

    66 }

    67 

    68 /**

    69  * Check to see if we're logged in

    70  */

    71 

    72 function session_check()

    73 {

    74   global $use_auth, $auth_data;

    75   if ( isset($_COOKIE['grey_session']) )

    76   {

    77     load_session_data();

    78     global $session_data;

    79     if ( isset($session_data[$_COOKIE['grey_session']]) )

    80     {

    81       // has a cookie with a valid session ID, check credentials

    82       $session =& $session_data[$_COOKIE['grey_session']];

    83       if ( isset($auth_data[$session['user']]) )

    84       {

    85         if ( $session['hash'] === md5($auth_data[$session['user']] . $session['salt']) )

    86         {

    87           // session is valid, logged in

    88           return true;

    89         }

    90       }

    91     }

    92   }

    93   return ( $use_auth ) ? false : true;

    94 }

    95 

    96 function login($username, $password)

    97 {

    98   global $use_auth, $auth_data;

    99   if ( !$use_auth )

   100     return false;

   101   

   102   if ( isset($auth_data[$username]) )

   103   {

   104     if ( $auth_data[$username] === $password )

   105     {

   106       return create_session($username, $password);

   107     }

   108   }

   109   return false;

   110 }

   111 

   112 function create_session($username, $password)

   113 {

   114   load_session_data();

   115   global $session_data;

   116   

   117   $sessid = md5(sha1(microtime() . mt_rand()));

   118   $salt = md5(sha1(md5(mt_rand() . microtime() . microtime() . mt_rand())));

   119   

   120   $session_data[$sessid] = array(

   121       'user' => $username,

   122       'hash' => md5($password . $salt),

   123       'salt' => $salt

   124     );

   125   session_commit_db();

   126   

   127   return $sessid;

   128 }

   129 

   130 function var_export_string($arr)

   131 {

   132   ob_start();

   133   var_export($arr);

   134   $r = ob_get_contents();

   135   ob_end_clean();

   136   return $r;

   137 }

   138 

   139 function session_commit_db()

   140 {

   141   global $session_data;

   142   $d = var_export_string($session_data);

   143   $fp = @fopen('./session_db.php', 'w');

   144   if ( !$fp )

   145   {

   146     warning('Could not open the session database for writing. Logins may not work.');

   147     return false;

   148   }

   149   $d = <<<EOF

   150 <?php

   151 

   152 // Automatically generated session database for Greyhound. Do not edit this file!

   153 

   154 \$GLOBALS['session_data'] = $d;

   155 EOF;

   156   

   157   fwrite($fp, $d);

   158   fclose($fp);

   159   

   160   return true;

   161 }

   162 

   163 function load_session_data()

   164 {

   165   if ( file_exists('./session_db.php') )

   166   {

   167     require('./session_db.php');

   168   }

   169   else

   170   {

   171     $GLOBALS['session_data'] = array();

   172   }

   173 }

   174 

   175 $session_data = array();

   176 

   177 ?>