<?php /***************************************************************************** IP Reg, a PHP/MySQL IPAM tool Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5) Copyright (C) 2011-2023 Thomas Hooge SPDX-License-Identifier: GPL-3.0-or-later *****************************************************************************/ session_name('ipreg'); session_start(); include("config.php"); include("dbconnect.php"); include("lib.php"); function user_login($user_name, $user_pass) { global $dbh; if (strlen($user_name) < 1) { return FALSE; } if (strlen($user_pass) < 1) { return FALSE; } $sql = "SELECT user_id, user_pass, user_displayname, user_language, user_imagesize, user_imagecount, user_mac, user_dateformat, user_dns1suffix, user_dns2suffix, user_menu_assets, user_menu_assetclasses, user_menu_assetclassgroups, user_menu_locations, user_menu_nodes, user_menu_subnets, user_menu_users, user_menu_vlans, user_menu_zones, user_tooltips FROM user WHERE user_name=?"; $sth = $dbh->prepare($sql); $sth->execute([$user_name]); if (!$user = $sth->fetch(PDO::FETCH_OBJ)) { // no user record found return FALSE; } // TODO use secure algo with salt! if (strcmp(md5($user_pass), $user->user_pass) != 0) { // password does not match return FALSE; } // all ok: user is logged in, register session data $_SESSION['suser_id'] = $user->user_id; $_SESSION['suser_displayname'] = $user->user_displayname; $_SESSION['suser_language'] = $user->user_language; $_SESSION['suser_imagesize'] = $user->user_imagesize; $_SESSION['suser_imagecount'] = $user->user_imagecount; $_SESSION['suser_mac'] = $user->user_mac; $_SESSION['suser_dateformat'] = $user->user_dateformat; $_SESSION['suser_dns1suffix'] = $user->user_dns1suffix; $_SESSION['suser_dns2suffix'] = $user->user_dns2suffix; $_SESSION['suser_menu_assets'] = $user->user_menu_assets; $_SESSION['suser_menu_assetclasses'] = $user->user_menu_assetclasses; $_SESSION['suser_menu_assetclassgroups'] = $user->user_menu_assetclassgroups; $_SESSION['suser_menu_locations'] = $user->user_menu_locations; $_SESSION['suser_menu_nodes'] = $user->user_menu_nodes; $_SESSION['suser_menu_subnets'] = $user->user_menu_subnets; $_SESSION['suser_menu_users'] = $user->user_menu_users; $_SESSION['suser_menu_vlans'] = $user->user_menu_vlans; $_SESSION['suser_menu_zones'] = $user->user_menu_zones; $_SESSION['suser_tooltips'] = $user->user_tooltips; return TRUE; } // No header included, this page has no menu $language = lang_getfrombrowser($config_lang, $config_lang_default, null, false); include('lang/' . $language . '.php'); if ($_SERVER['REQUEST_METHOD']=="POST" ) { $user_name = sanitize($_POST['user_name']); $user_pass = sanitize($_POST['user_pass']); if (user_login($user_name, $user_pass) == TRUE) { header_location("index.php"); } else { $_SESSION = array(); session_destroy(); } } $smarty->assign("config_version", $config_version); $smarty->assign($lang); $smarty->display("login.tpl"); include("footer.php"); ?>