146 lines
3.1 KiB
PHP
146 lines
3.1 KiB
PHP
<?php
|
|
|
|
include 'userlist.php';
|
|
$action = $_REQUEST['action'];
|
|
|
|
if ( $action == null )
|
|
{
|
|
die ("");
|
|
}
|
|
|
|
switch ( $action )
|
|
{
|
|
case 'add':
|
|
$username = $_REQUEST['user'];
|
|
$password = $_REQUEST['pass'];
|
|
|
|
if ( !( $username != null && $password != null ))
|
|
{
|
|
die ("");
|
|
}
|
|
|
|
if ( preg_match ( '/[^a-zA-Z0-9_]/', $username ))
|
|
{
|
|
print "The username can only contain characters in the charset '[a-zA-Z0-9_]'\n";
|
|
return 1;
|
|
}
|
|
|
|
if ( preg_match ( '/[^a-zA-Z0-9]/', $password ) || strlen ( $password ) != 32 )
|
|
{
|
|
print "The provided password is not a valid hash\n";
|
|
return 1;
|
|
}
|
|
|
|
if ( !( $xml = new SimpleXMLElement ( $xmlcontent )))
|
|
{
|
|
print "Unable to open the users XML file\n";
|
|
return 1;
|
|
}
|
|
|
|
for ( $i = 0; $i < count ( $xml->user ); $i++ )
|
|
{
|
|
if ( !strcasecmp ( $xml->user[$i]['name'], $username ))
|
|
{
|
|
print "The specified user already exists\n";
|
|
return 1;
|
|
}
|
|
}
|
|
|
|
$newuser = $xml->addChild ( 'user' );
|
|
$newuser->addAttribute ( 'name', $username );
|
|
$newuser->addAttribute ( 'pass', $password );
|
|
$newuser->addAttribute ( 'home', '/home/' . $username );
|
|
|
|
if ( !( $fp = fopen ( 'userlist.php', 'w' )))
|
|
{
|
|
print "Unable to add the specified user, unknown error\n";
|
|
return 1;
|
|
}
|
|
|
|
fwrite ( $fp, "<?php\n\n\$xmlcontent = <<<XML\n" . $xml->asXML() . "\nXML;\n\n?>\n" );
|
|
fclose ( $fp );
|
|
|
|
print 'User "'.$username.' successfully added, home directory set to "/home/'.$username."\"\n";
|
|
break;
|
|
|
|
case 'login':
|
|
$username = $_REQUEST['user'];
|
|
$password = $_REQUEST['pass'];
|
|
|
|
if ( !( $username != null && $password != null ))
|
|
{
|
|
die ("");
|
|
}
|
|
|
|
if ( preg_match ( '/[^a-zA-Z0-9_]/', $username ))
|
|
{
|
|
print "The username can only contain characters in the charset '[a-zA-Z0-9_]'\n";
|
|
return 1;
|
|
}
|
|
|
|
if ( !( $xml = new SimpleXMLElement ( $xmlcontent )))
|
|
{
|
|
print "Unable to open the users XML file\n";
|
|
return 1;
|
|
}
|
|
|
|
for ( $i = 0; $i < count ( $xml->user ) && !$found; $i++ )
|
|
{
|
|
if ( !strcasecmp ( $xml->user[$i]['name'], $username ))
|
|
{
|
|
if ( strcasecmp ( $xml->user[$i]['pass'], $password ))
|
|
{
|
|
print "Wrong password provided for user '$username'\n";
|
|
return 1;
|
|
} else {
|
|
$auth = md5 ( $xml->user[$i]['name'] . $xml->user[$i]['pass'] );
|
|
setcookie ( 'username', $xml->user[$i]['name'], 0, "/" );
|
|
setcookie ( 'auth', $auth, 0, "/" );
|
|
|
|
print "Successfully logged in as '$username' $auth\n";
|
|
return 0;
|
|
}
|
|
}
|
|
}
|
|
|
|
print "Username not found: '$username'\n";
|
|
break;
|
|
|
|
case 'getuser':
|
|
if ( isset ( $_COOKIE['username'] ) && isset ( $_COOKIE['auth'] ))
|
|
{
|
|
if ( !( $xml = new SimpleXMLElement ( $xmlcontent )))
|
|
{
|
|
print "Unable to open the users XML file\n";
|
|
return 1;
|
|
}
|
|
|
|
for ( $i = 0; $i < count ( $xml->user ) && !$found; $i++ )
|
|
{
|
|
if ( !strcasecmp ( $xml->user[$i]['name'], $_COOKIE['username'] ))
|
|
{
|
|
$auth = md5 ( $xml->user[$i]['name'] . $xml->user[$i]['pass'] );
|
|
|
|
if ( !strcasecmp ( $auth, $_COOKIE['auth'] ))
|
|
{
|
|
print $xml->user[$i]['name'];
|
|
return 0;
|
|
} else {
|
|
print "guest";
|
|
return 1;
|
|
}
|
|
}
|
|
}
|
|
|
|
print "guest";
|
|
return 1;
|
|
}
|
|
|
|
print "guest";
|
|
return 1;
|
|
break;
|
|
}
|
|
|
|
?>
|
|
|