Implement login facility and basic user handling

diff --git a/index.php b/index.php
index b2aacb1..46f5c6c 100644 (file)
--- a/index.php
+++ b/index.php
@@ -7,6 +7,9 @@ require_once('config.php');
 require_once('lib/general.php');
 require_once('lib/menu.php');
 
+connect_db();
+check_session();
+
 $jsfiles = array('lib/json_parse.js');
 $jscode = '';
 $menu = menu();

diff --git a/lib/general.php b/lib/general.php
index 215eee4..c296728 100644 (file)
--- a/lib/general.php
+++ b/lib/general.php
@@ -1,5 +1,21 @@
 <?php
 
+function check_session()
+{
+  if (!empty($_POST['login']) && !empty($_POST['passwd'])) {
+    require_once('lib/login.php');
+    if (check_passwd()) {
+      header('Location: ./');
+      exit();
+    }
+  }
+
+  if (empty($_SESSION['sys']['login']) && empty($_GET['login'])) {
+    header('Location: ./?login=true');
+    exit();
+  }
+}
+
 function sanitise_filename($file)
 {
   return str_replace('./','x',$file);
@@ -40,6 +56,11 @@ function load_js($jsfiles, $jscode)
 
 function process()
 {
+  if (!empty($_GET['login'])) {
+    require_once('lib/login.php');
+    return mask_login();
+  }
+
   if (!empty($_GET['mask'])) {
     require_once('lib/mask.php');
     return mask($_GET['mask']);

diff --git a/lib/login.php b/lib/login.php
new file mode 100644 (file)
index 0000000..e45b4ec
--- /dev/null
+++ b/lib/login.php
@@ -0,0 +1,54 @@
+<?php
+
+function passwd($login,$pass)
+{
+  return md5(md5($pass).$login);
+}
+
+function check_passwd()
+{
+  if (empty($_POST['login']) || empty($_POST['passwd']))
+    return false;
+
+  $sql = sprintf("SELECT * FROM sys_user WHERE login = '%s' AND passwd = '%s'",
+                pg_escape_string($_POST['login']), passwd($_POST['login'], $_POST['passwd']));
+
+  $sth = pg_query($sql);
+
+  if ($sth === false) return false;
+
+  if ($row = pg_fetch_assoc($sth)) {
+    $_SESSION['sys'] = array('uid' => $row['id'],
+                            'login' => $row['login'],
+                            'name' => $row['name'],
+                            'email' => $row['email']);
+    return true;
+  }
+
+  error_log('Failed login attempt for user ' . $_POST['login']);
+  return false;
+}
+
+function mask_login()
+{
+  $ret = '<div class="login">';
+
+  $ret .= '<div align="center">';
+  $ret .= '<form action="index.php" method="POST">';
+  $ret .= '<table class="login" cellpadding="5">';
+  $ret .= '<tr><th align="left" colspan="2" style="background: #BBD9EE;">Anmeldung</th></tr>';
+
+  $ret .= '<tr><th align="right">Login</th><td><input type="text" name="login" size="15"></td></tr>';
+  $ret .= '<tr><th align="right">Passwort</th><td><input type="password" name="passwd" size="15"></td></tr>';
+
+  $ret .= '<tr><td colspan="2" align="center"><input type="submit" value="Anmelden"></td></tr>';
+
+  $ret .= '</table>';
+  $ret .= '</form>';
+  $ret .= '</div>';
+  $ret .= '</div>';
+
+  return $ret;
+}
+
+?>

diff --git a/stylesheet.css b/stylesheet.css
index c599d61..30a78b3 100644 (file)
--- a/stylesheet.css
+++ b/stylesheet.css
@@ -23,10 +23,25 @@ div.form {
     border: 1px solid #AAA;
 }
 
-div.form input {
-    border: 1px solid #AAA;
+input, select {
+    border: 1px solid #CCC;
 }
 
-div.form button {
-    border: 1px solid #AAA;
+button {
+    border: 1px solid #CCC;
+}
+
+div.login {
+    background-image: url('lib/login.jpg');
+    background-repeat: no-repeat;
+    background-position: center center;
+    margin: -15px;
+    height: 600px;
+}
+
+table.login {
+    border: 1px solid #7b7b7b;
+    background: #f7f7f7;
+    position: relative;
+    top: 290px;
 }