1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
/**
* Login processing to PgpoolAdmin
*
* PHP versions 4 and 5
*
* LICENSE: Permission to use, copy, modify, and distribute this software and
* its documentation for any purpose and without fee is hereby
* granted, provided that the above copyright notice appear in all
* copies and that both that copyright notice and this permission
* notice appear in supporting documentation, and that the name of the
* author not be used in advertising or publicity pertaining to
* distribution of the software without specific, written prior
* permission. The author makes no representations about the
* suitability of this software for any purpose. It is provided "as
* is" without express or implied warranty.
*
* @author Ryuma Ando <[email protected]>
* @copyright 2003-2018 PgPool Global Development Group
* @version CVS: $Id$
*/
require_once('common.php');
require_once('command.php');
/* --------------------------------------------------------------------- */
/* login.php */
/* --------------------------------------------------------------------- */
// Check loginstatus
$success = FALSE;
if (isset($_SESSION[SESSION_LOGIN_USER])) {
$success = TRUE;
}
// Do login
if ($success == FALSE) {
if (isset($_POST['username']) && $_POST['username'] != '') {
$username = trim($_POST['username']);
} else {
$tpl->display('login.tpl');
exit();
}
if (isset($_POST['password']) && $_POST['password'] != '') {
$password = trim($_POST['password']);
} else {
$tpl->display('login.tpl');
exit();
}
$md5username = md5($username);
$md5password = md5($password);
if (!file_exists(_PGPOOL2_PASSWORD_FILE)) {
$errorCode = 'e7001';
$tpl->assign('errorCode', $errorCode);
$tpl->display('error.tpl');
exit();
}
// Check each rows in pcp.conf to search
$fp = fopen(_PGPOOL2_PASSWORD_FILE, 'r');
$input = "{$md5username}:{$md5password}";
if ($fp != NULL) {
while (!feof($fp)) {
$line = trim(fgets($fp));
$line_arr = explode(':', $line);
// Ignore empty lines and comment lines
if (count($line_arr) != 2 || $line_arr[0] == '' || $line_arr[1] == '' ||
strpos($line, '#') === 0) {
continue;
}
$expected_username = md5($line_arr[0]);
$expected_password = $line_arr[1];
$expected = "{$expected_username}:{$expected_password}";
if (hash_equals($expected, $input)) {
$_SESSION[SESSION_LOGIN_USER] = $username;
$_SESSION[SESSION_LOGIN_USER_PASSWORD] = $password;
$success = TRUE;
break;
}
}
}
fclose($fp);
// If login falied, show login page again.
if (!$success) {
$tpl->display('login.tpl');
exit();
}
}
// If user has already logined, show status page.
header("Location: status.php");
exit();
|
