*# #* *# #* This program is free software; you can redistribute it and/or modify *# #* it under the terms of the GNU General Public License as published by *# #* the Free Software Foundation; either version 2 of the License, or *# #* (at your option) any later version. *# #* *# #* This program is distributed in the hope that it will be useful, *# #* but WITHOUT ANY WARRANTY; without even the implied warranty of *# #* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *# #* GNU General Public License for more details. *# #* *# #* You should have received a copy of the GNU General Public License *# #* along with this program; if not, write to the Free Software *# #* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ $isauthenticated = function( $role = 'user' ) use ($app) { return function() use ( $app, $role ) { // Globalize the phptodo variables needed global $skynet_sessTime, $skynet_serveruri, $smarty_data; // Try and get the id, last time, and user id from the sessions // database $result = $app->db->table('sessions') ->select('id', 'last', 'user_id') ->where('phpsessid', '=', session_id()) ->first(); $id = $result['id']; $last = $result['last']; $user_id = $result['user_id']; // Check to see if an id was set, and if the time is valid if ((isset($id)) && (($last + $skynet_sessTime) >= time())) { // Good session, update the timestamp $app->db->table('sessions') ->where('id', '=', $id) ->update(array('last' => time())); // Create the user object $user_obj = new skynetUser($app->db, $user_id); // Assign the appropriate data to the smarty array $smarty_data['username'] = $user_obj->username(); $smarty_data['adminflag'] = $user_obj->adminflag(); if (get_magic_quotes_gpc()) { $smarty_data['fullname'] = stripslashes(htmlentities($user_obj->fullname(), ENT_QUOTES)); } else { $smarty_data['fullname'] = htmlentities($user_obj->fullname(),ENT_QUOTES); } return($user_obj); } else { // If a guest role, then bypass the login redirect if ($role == 'guest') { $smarty_data['username'] = 'guest'; return; } // Return a 0 to indicate that authentication was not successful $app = \Slim\Slim::getInstance(); $app->flash('error', 'Login required'); $app->redirect('/login'); } // Return a 0 to indicate that authentication was not successful $app = \Slim\Slim::getInstance(); $app->flash('error', 'Login required'); $app->redirect('/login'); }; }; // Login routine // TODO: Add a redirect here for users already logged in $app->get('/login', function () use ($app) { global $smarty_data; prep_smarty($app); $app->render('login.tpl', $smarty_data); }); // Login routine $app->post('/login', function () use ($app) { // Some global variables $skynet_nameRegex = '/^[a-zA-Z0-9_\-]{1,15}\z/'; $skynet_pwdRegex = '/^[a-zA-Z0-9@#$%\^&\*\/]{4,15}\z/'; // Check to see if this is a login attempt if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) { if (preg_match($skynet_nameRegex, $_REQUEST['username']) && preg_match($skynet_pwdRegex, $_REQUEST['password'])) { $authenticated = login($_REQUEST['username'], $_REQUEST['password']); } else { $app->flash('error', 'Invalid Username or Password'); $app->redirect('/login'); } } else { $app->flash('error', 'Username or Password missing'); $app->redirect('/login'); } // If the user is authenticated, jump them to the main page if ((isset($authenticated) && ($authenticated == 1)) || ($user_obj = authenticate())) { if (isset($_SESSION['redirect'])) { $app->redirect($_SESSION['redirect']); } else { $app->redirect('/'); } unset($_SESSION['redirect']); // Otherwise show the login page } else { $app->flash('error', 'Invalid Username or Password'); $app->redirect('/login'); } $app->flash('error', 'Critical Failure'); $app->redirect('/login'); }); // Logout routine $app->get('/logout', function () use ($app) { logout(); $app->flash('success', 'Logout successful'); $app->redirect('/login'); }); ?>