Source Code Index
<?php
 
/* USERS.PHP - handles user login/logout via cookies
 
VISITOR code is here too.
 
Currently there is only one pre-defined user, 'admin', as THIS was designed to
be a single-user website -- the capability exists for this to be changed.
 
There is a really simple database (see file DATABASE):
 
	+-----------------------------+
	| userid                      | VARCHAR UNIQUE
	+-----------------------------+
	| pasword: p6gYt5as1          | TEXT
	| name: Jones!                |
	|                             |
	| I am a great person.        |
	+-----------------------------+
 
The following functions are defined:
 
	userstate()
	userlogin($userid, $password)
	userlogout()
	usererror($user)
	thiscrypt()
*/
 
/* userstate - returns user ID string if user logged in else empty string */
 
// there are two cookies, userid and userdat; userdat is encoded userid hash
// if hash is wrong nothing happens - use of userdat solely prevents someone
// creating a cookie by editing a browser cookie file - if we had just that
// one userid cookie that could let someone in - if our password salt got
// leaked someone could create a userdat cookie as well - we will add more
// data to userdat at some point...
 
function userstate() {
 
// testing mode code
	if (config('testing'))
		return 1;			// note: integer
// end
	$userid = cookie_get('userid');
	debug("userid '$userid'");
 
	if ($userid) {
		$c = cookie_get('userdat');
		$c = cookie_decode($c,$userid,$_SERVER['REMOTE_ADDR']);
		if ($c != $userid) {
			debug("userdat '$c' != '$userid'");
			return '';
		}
	}
	return ($userid) ? $userid : '';	// NULL, FALSE become ''
}
 
/* userlogin - check user exists; set cookie if yes, returns user RECORD */
 
function userlogin($userid, $password) {
 
	$userid = trim($userid);
	$userid = strtolower($userid);
 
// testing mode code
	if (config('testing')) {
		if ($userid != AD_NAME)
			return FALSE;
		$user['userid'] = AD_NAME;
		$user['password'] = AD_PASS;
	}
	else					// note the else!
// end testing mode code
 
	$user = userget($userid);
 
	if (!$user) {
		debug(usererror($user,$userid));
		return FALSE;
	}
 
	if (thiscrypt($password,$user['password']) != $user['password']) {
		debug("user '$userid' password wrong");
		return 0;
	}
 
	cookie_set('userid',$user['userid']);
	$c = cookie_encode($user['userid'],$_SERVER['REMOTE_ADDR']);
	cookie_set('userdat',$c);
 
	debug("userid '$userid' userdat '$c'");
 
	return $user;
}
 
 
/* userlogout - forget user information */
 
function userlogout() {
 
	cookie_unset('userid');
	cookie_unset('userdat');
	// maybe more here later
}
 
 
/* usererror - return error string */
 
function usererror($user, $userid) {
 
	if ($user === "") $e = "is empty";
	if ($user === NULL) $e = "is invalid";
	if ($user === FALSE) $e = "not found";
	if ($user === 0) $e = "password wrong";
 
	return "user '$userid' $e";
}
 
 
/* usernew - add a new user to the database */
 
function usernew($userid, $passwd) {
 
	debug("'$userid','$passwd'");
 
	if (userget($userid))
		return NULL;
 
	$record['name'] = $userid;
	$record['password'] = thiscrypt($passwd);
	$record['body'] = dbnewuser($userid,$record);
 
	return $record;
}
 
 
/* userput - update user data (password only for right now) */
 
function userput($userid, $password) {
 
	$record = _userget($userid);
	$passwd = thiscrypt($password);
	$record['password'] = $passwd;
 
	return dbputuser($userid,$record);
}
 
 
/* userget - read user as a 'record' */
 
function userget($userid) {
 
	if (!$userid) return "";
	if (preg_match("/\W/",$userid)) return NULL;
 
	return dbreaduser($userid);
}
 
 
/* thiscrypt - encrypt a new or check an existing password */
 
function thiscrypt($string, $password = '') {
 
	if ($password)
		return crypt($string,$password);
 
	return crypt($string,SALT1);
}
 
 
/* vcrypt - this is for known visitors */
 
// note that this one's argument is always the encrypted code
 
function vcrypt($code) {
 
	return crypt($code,SALT2);
}
 
 
 
/* VISITOR Functions */
 
// all these are pretty weird and subject to change... consider it all
// experimental
 
 
/* visitorget - lookup from visitor store; returns visitor record or 0 */
 
function visitorget($from) {
 
	debug("'$from'");
 
	if ($from === "") return "";
	if (strtolower($from) == 'nobody') return 0;
 
	$record = dbreadvisitor($from);
 
	if ($record) {
		// need to validate the record; if a future version adds
		// required data, we need to make sure the old records
		// are updated here... maybe
	}
 
	return $record;
}
 
 
/* visitornew - create a new visitor record */
 
// $code is already encrypted; $body and $create are for Admin
// called by visitor_store() below and by Admin
 
function visitornew($from, $code, $body = NULL, $creat = 1) {
 
	debug("'$from','$code'");
 
	// caller validates from data
 
	if (!$body)
		$body = 'ip:'.$_SERVER['REMOTE_ADDR'].THIS_EOL.'time:'.time();
 
	$record['from'] = $from;	// store from in header; important!
	$record['code'] = $code;
	$record['body'] = $body;
 
// NOTE that if new data needs to go in just add to 'body' - no need to
// modify the database table
 
	if (!$creat)
		return $record;
 
	return dbnewvisitor($from,$record);
}
 
 
/* visitorcreat - create a new database entry */
 
// called by Admin - record is created from an Admin form ($_POST data)
 
function visitorcreat($record) {
 
	debug($record);
 
	if (trim($record['from']) === "" || trim($record['code']) === "")
		return '';
 
	$record['code'] = vcrypt($record['code']);
 
	return dbnewvisitor($record['from'],$record);
}
 
 
/* visitorput - update a visitor record */
 
// called by Admin when editing a visitor record
 
function visitorput($record) {
 
	$from = $record['from'];
	debug("'$from'");
 
	if (!dbreadvisitor($from))
		return FALSE;
 
	// has Admin updated the code?
 
	if (!preg_match('/^'.SALT2.'/',$record['code']))
		$record['code'] = vcrypt($record['code']);
 
	return dbputvisitor($from,$record);
}
 
 
/* visitorchksum - validates a record */
 
// created this due to finding a corrupt record in the database
// this is not a real "check sum" as is just checks for all fields to exist
// note that we eventually will store the record "definition" somewhere...
// called by Admin
 
function visitorchksum($record, $test = TRUE) {
 
	if ($test) {
		foreach (array('from','code','body') as $k)
			if (!isset($record[$k]))
				return FALSE;
		return TRUE;
	}
 
	// not complete...
	return TRUE;
}
 
 
/* visitorpost - create visitor record from POST data */
 
// should change this name as "post" implies a verb like the others...
// called by Admin which immediately calls visitorcreat() right after...
 
function visitorpost() {
 
	$def = array('from','code','body');
	$record = postvars($def,TRUE);
 
	return $record;
}
 
 
/* these functions are called by various modules, principly DISPLAY.PHP */
 
 
/* visitor_check - gets visitor cookie */
 
function visitor_check() {
 
	return cookie_get('from');
}
 
 
/* visitor_login - compare from/code pair login from FORM against store */
 
// FALSE if from not found
// NULL  if code/vcode mis-match,
// ""    if no from or code
 
function visitor_login($from, $code) {
 
	debug("'$from','$code'");
 
	if (!$from || !$code)
		return '';
 
	if (!($visitor = visitorget($from)))
		return FALSE;
 
	$vcode = $visitor['code'];
 
	if ($vcode != vcrypt($code))
		return NULL;
 
	return $vcode;
}
 
 
/* visitor_validate - compare from/code pair from comment FORM against store */
 
// 1     if cookie and from match
// FALSE if from/cookie mis-match,
// NULL  if code/vcode mis-match,
// ""    if no visitor
 
function visitor_validate($from, $code) {
 
	debug("'$from','$code'");
 
	$cfrom = cookie_get('from');
	if ($cfrom !== '') {
 
		// first check is if form from matches cookie from
 
		if ($from != $cfrom) {
			debug("from '$from' != '$cfrom'");
			return FALSE;
		}
 
		// then check if the encoded cookie matches (i.e. can someone
		// forge the encryted from?)
 
		$cdat = cookie_get('fromdat');
		$cdat = cookie_decode($cdat,$cfrom);
		if ($cdat != $cfrom) {
			debug("'$cdat' != '$cfrom'");
			return FALSE;
		}
		debug('validated');
		return 1;
	}
 
	// no cookie so see if code
 
	// if $code is empty, that's okay
	// if $code and not $visitor, that's okay
	// if $code and $visitor and $code != $vcode that's not okay
 
	if ($from !== '' && $code !== '' && $visitor = visitorget($from)) {
		$vcode = $visitor['code'];
		if (vcrypt($code) != $vcode) {
			debug("'$code' != '$vcode'");
			return NULL;
		}
		debug('validated');
		return 1;
	}
 
	return '';
}
 
 
/* visitor_store - updates cookie and/or stores from/code pair */
 
// if visitorcode off jus sets cookie from comment FORM; see file VISITOR
 
function visitor_store($from, $code) {
 
	debug("'$from','$code'");
 
// special case for us:
	if (strtolower($from) == 'nobody')
		return;
 
	// if have from new cookie (or re-set expire time)
 
	if ($from !== "") {
		cookie_set('from',$from);
		$c = cookie_encode($from);
		cookie_set('fromdat',$c);
		debug("from cookie: '$c'");
	}
 
	if (!config('visitorcode'))
		return;
 
	// if have from/code pair and not stored create new stored pair
 
	if ($from !== "" && $code !== "" && !visitorget($from)) {
		visitornew($from,vcrypt($code));
		$c = 'true';
		cookie_set('visitor',$c);
		debug("visitor cookie: '$c'");
	}
}
 
?>
 
THIS source compiler