arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

refactor some of the authenticaiton code into the .inc.php

Browse Source 
add a password changer

check for expired passwords and force changing if expired
This commit is contained in:
james 2005-02-16 20:04:12 +00:00
parent ebe549d56f
commit 12c514d8c5
6 changed files with 156 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
register_judges.inc.php
View File

@ -73,6 +73,37 @@ function expertiseStatus()
return "incomplete"; return "incomplete";
}
//authenticate based on email address and registration number from the SESSION
if(! ($_SESSION['email'] && $_SESSION['judges_id']) )
{
header("Location: register_judges.php");
exit;
}
$q=mysql_query("SELECT * FROM judges WHERE email='".$_SESSION['email']."' AND id='".$_SESSION['judges_id']."' AND deleted='no'");
echo mysql_error();
if(mysql_num_rows($q)==0)
{
header("Location: register_judges.php?action=logout");
exit;
}
$judgeinfo=mysql_fetch_object($q);
//only check for password expiry if we are NOT on the change password page, otherwise we create endless redirect loops
if(!strstr($_SERVER['PHP_SELF'],"register_judges_password.php"))
{
//check for expired password
$q=mysql_query("SELECT id FROM judges WHERE email='".$_SESSION['email']."' AND id='".$_SESSION['judges_id']."' AND deleted='no' AND passwordexpiry<=NOW()");
if(mysql_num_rows($q))
{
$_SESSION['judges_password_expired']=true;
header("Location: register_judges_password.php");
}
} }
?> ?>

9
register_judges.php
View File

@ -41,7 +41,7 @@
} }
else else
{ {
mysql_query("INSERT INTO judges (email,password) VALUES ('".$_SESSION['email']."','".$_POST['pass1']."')"); mysql_query("INSERT INTO judges (email,password,created) VALUES ('".$_SESSION['email']."','".$_POST['pass1']."',NOW())");
$id=mysql_insert_id(); $id=mysql_insert_id();
$_SESSION['judges_id']=$id; $_SESSION['judges_id']=$id;
@ -64,6 +64,8 @@
{ {
$r=mysql_fetch_object($q); $r=mysql_fetch_object($q);
$_SESSION['judges_id']=$r->id; $_SESSION['judges_id']=$r->id;
$_SESSION['judges_lastlogin']=$r->lastlogin;
mysql_query("UPDATE judges SET lastlogin=NOW() WHERE id='$r->id'");
header("Location: register_judges_main.php"); header("Location: register_judges_main.php");
} }
else else
@ -86,10 +88,15 @@
{ {
unset($_SESSION['email']); unset($_SESSION['email']);
unset($_SESSION['judges_id']); unset($_SESSION['judges_id']);
unset($_SESSION['judges_lastlogin']);
unset($_SESSION['judges_password_expired']);
send_header("Judges Registration"); send_header("Judges Registration");
echo notice(i18n("You have been successfully logged out")); echo notice(i18n("You have been successfully logged out"));
} }
if($_SESSION['email'] && $_SESSION['judges_id'])
header("Location: register_judges_main.php");
send_header("Judges Registration"); send_header("Judges Registration");

15
register_judges_expertise.php
View File

@ -25,21 +25,6 @@
require("common.inc.php"); require("common.inc.php");
include "register_judges.inc.php"; include "register_judges.inc.php";
//authenticate based on email address and registration number from the SESSION
if(! ($_SESSION['email'] && $_SESSION['judges_id']) )
{
header("Location: register_judges.php");
exit;
}
$q=mysql_query("SELECT id FROM judges WHERE email='".$_SESSION['email']."' AND id='".$_SESSION['judges_id']."'");
echo mysql_error();
if(mysql_num_rows($q)==0)
{
header("Location: register_judges.php?action=logout");
exit;
}
//send the header //send the header
send_header("Judges Registration - Areas of Expertise Information"); send_header("Judges Registration - Areas of Expertise Information");

18
register_judges_main.php
View File

@ -25,22 +25,6 @@
require("common.inc.php"); require("common.inc.php");
include "register_judges.inc.php"; include "register_judges.inc.php";
//authenticate based on email address and registration number from the SESSION
if(! ($_SESSION['email'] && $_SESSION['judges_id']) )
{
header("Location: register_judges.php");
exit;
}
$q=mysql_query("SELECT * FROM judges WHERE email='".$_SESSION['email']."' AND id='".$_SESSION['judges_id']."' AND deleted='no'");
echo mysql_error();
if(mysql_num_rows($q)==0)
{
header("Location: register_judges.php?action=logout");
exit;
}
$judgeinfo=mysql_fetch_object($q);
send_header("Judges Registration"); send_header("Judges Registration");
if($_GET['action']=="activate") if($_GET['action']=="activate")
@ -162,6 +146,8 @@ echo "<input style=\"width: 300px;\" onclick=\"return confirmClick('".i18n("Are
echo "</form>"; echo "</form>";
echo "<br />";
echo "<a href=\"register_judges_password.php\">".i18n("Change Password")."</a>";
echo "<br />"; echo "<br />";
echo "<a href=\"register_judges.php?action=logout\">".i18n("Logout")."</a>"; echo "<a href=\"register_judges.php?action=logout\">".i18n("Logout")."</a>";

115
register_judges_password.php Normal file
View File

@ -0,0 +1,115 @@
<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
Copyright (C) 2005 James Grant <james@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
require("common.inc.php");
include "register_judges.inc.php";
//send the header
send_header("Judges Registration - Change Password");
if(!$_SESSION['judges_password_expired'])
{
echo "<a href=\"register_judges_main.php\">&lt;&lt; ".i18n("Back to Judges Registration Summary (discard changes)")."</a><br />";
echo "<br />";
}
if($_POST['action']=="save")
{
//first, lets see if they choosed the same password again (bad bad bad)
$q=mysql_query("SELECT password FROM judges WHERE id='".$_SESSION['judges_id']."' AND email='".$_SESSION['email']."' AND password='".$_POST['pass1']."'");
if(mysql_num_rows($q))
{
echo error(i18n("You cannot choose the same password again. Please choose a different password"));
}
//now make sure their password is good
else if(!$_POST['pass1'])
{
echo error(i18n("New Password is required"));
}
else if(!$_POST['pass2'])
{
echo error(i18n("Confirm New Password is required"));
}
else if($_POST['pass1'] != $_POST['pass2'])
{
echo error(i18n("Passwords do not match"));
}
else
{
if($config['judges_password_expiry_days']>0)
{
$ex="passwordexpiry=DATE_ADD(CURDATE(),INTERVAL ".$config['judges_password_expiry_days']." DAY)";
}
else
{
$ex="passwordexpiry=NULL";
}
mysql_query("UPDATE judges SET password='".$_POST['pass1']."', $ex WHERE id='".$_SESSION['judges_id']."' AND email='".$_SESSION['email']."'");
echo happy(i18n("Password successfully changed"));
if($_SESSION['judges_password_expired'])
{
unset($_SESSION['judges_password_expired']);
echo "<a href=\"register_judges_main.php\">&lt;&lt; ".i18n("Back to Judges Registration Summary (discard changes)")."</a><br />";
echo "<br />";
}
}
}
else
{
if($_SESSION['judges_password_expired'])
echo error(i18n("Your password has expired. You must choose a new password now"));
}
echo "<form name=\"changepassform\" method=\"post\" action=\"register_judges_password.php\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"save\" />\n";
echo "<table>\n";
echo "<br />";
echo "<table>";
echo "<tr><td>";
echo i18n("Enter New Password:");
echo "</td><td>";
echo "<input type=\"password\" size=\"10\" name=\"pass1\">";
echo "</td></tr>";
echo "<tr><td>";
echo i18n("Confirm New Password:");
echo "</td><td>";
echo "<input type=\"password\" size=\"10\" name=\"pass2\">";
echo "</td></tr>";
echo "</table>";
echo "</table>";
echo "<input type=\"submit\" value=\"".i18n("Change Password")."\" />\n";
echo "</form>";
if(!$_SESSION['judges_password_expired'])
{
echo "<br />";
echo "<a href=\"register_judges_main.php\">&lt;&lt; ".i18n("Back to Judges Registration Summary (discard changes)")."</a><br />";
}
send_footer();
?>

15
register_judges_personal.php
View File

@ -25,21 +25,6 @@
require("common.inc.php"); require("common.inc.php");
include "register_judges.inc.php"; include "register_judges.inc.php";
//authenticate based on email address and registration number from the SESSION
if(! ($_SESSION['email'] && $_SESSION['judges_id']) )
{
header("Location: register_judges.php");
exit;
}
$q=mysql_query("SELECT id FROM judges WHERE email='".$_SESSION['email']."' AND id='".$_SESSION['judges_id']."'");
echo mysql_error();
if(mysql_num_rows($q)==0)
{
header("Location: register_judges.php?action=logout");
exit;
}
//send the header //send the header
send_header("Judges Registration - Personal Information"); send_header("Judges Registration - Personal Information");