phase=0;
proceed=true;
while (proceed==true) {
- (void) rou_alert(0,"%s JMPDBG phase='%d'",OPEP,phase);
+ //(void) rou_alert(0,"%s JMPDBG phase='%d'",OPEP,phase);
switch (phase) {
case 0 : //Starting lock
if (mar_request(marptr,"BEGIN")<0) {
//present password is crypted as a hash and in password too
//adding a list of local email
+//==============================================================
//set for local test
+INSERT INTO emails (email,password) \
+ values ('root@example.com','4cabri');
INSERT INTO emails (email,password) \
values ('postmaster@example.com','postmaster');
INSERT INTO emails (email,password) \
INSERT INTO emails (email,password) \
values ('user2@mardb.example.com','user2');
+//==============================================================
//List of remote IP status
INSERT INTO remotes (remoteip,credit,lastscan) \
values ('127.127.0.25',10,now());
INSERT INTO remotes (remoteip) \
values ('193.111.208.122');
+//==============================================================
//selected IP from from 'clean' server
INSERT INTO remotes (remoteip) \
values ('192.219.254.189');
//selected IP with low credit
INSERT INTO remotes (remoteip,credit) \
values ('127.127.127.127',-50);
+
+//==============================================================
+//defining admin user
+INSERT INTO admins (email) \
+ values ('root@example.com');
+//==============================================================
function sql_getlogname($dbsql)
{
+global $isadmin;
+
$OPEP="gessql.php:sql_getlogname";
+$isadmin=0;
$logname=NULL;
$expire=NULL;
$cookie=$_COOKIE[getenv("APPNAME")];
$phase=999;
}
break;
+ case 4 : //checking if logname is an admin
+ $stmt=$dbsql->Select("Select * from admins where email='$logname'");
+ $id=$stmt->fetch(PDO::FETCH_ASSOC)['email'];
+ if ($id!=NULL)
+ $isadmin=true;
+ break;
default : //SAFE Guard
$proceed=false;
break;
+++ /dev/null
-<?php
-// vim: smarttab tabstop=8 shiftwidth=2 expandtab
-include_once "subrou.php";
-include_once "unienv.php";
-include_once "scrfun.php";
-include_once "gessql.php";
-
-//section to generate the main screen body
-//
-function body()
-
-{
-//including screen function
-//
-
-$footer=footer("home");
-$login=login();
-
-$STR = <<<EOT
-<!DOCTYPE html>
-<HTML>
-<HEAD>
-<TITLE>Starting</TITLE>
-<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
-</HEAD>
-<BODY="white">
-
-<CENTER><STRONG><FONT SIZE=+2 color=red>
-Mailleur
-</FONT></STRONG></CENTER>
-$login
-$footer
-</BODY>
-</HTML>
-EOT;
-
-return $STR;
-}
-
-if ($_SERVER["REQUEST_METHOD"] == "POST") {
- $pass=$_POST["passwd"];
- $logname=$_POST["email"];
- $dbsql=sql_connect();
- $isok=sql_checkpassword($dbsql,$logname,$pass);
- sql_close($dbsql);
- switch ($isok) {
- case false : //trouble report
- echo "<script>";
- echo "alert('wrong username or password. Please try again.');";
- echo "</script>";
- break;
- default :
- header('Location: mailleur.php');
- break;
- }
- }
-
-//display main screen
-echo body();
-?>
-
-
-
-home.php
\ No newline at end of file
+login.php
\ No newline at end of file
<?php
-// In a real application, connect to a database and verify credentials securely.
-// This is a simplified example for demonstration.
+// vim: smarttab tabstop=8 shiftwidth=2 expandtab
+//==============================================================
+//
+// login screen management
+//
+//==============================================================
+include_once "subrou.php";
+include_once "unienv.php";
+include_once "scrfun.php";
+include_once "gessql.php";
+
+//section to generate the main screen body
+//
+function body()
+
+{
+//including screen function
+//
+
+$footer=footer("login");
+$login=login();
+
+$STR = <<<EOT
+<!DOCTYPE html>
+<HTML>
+<HEAD>
+<TITLE>Starting</TITLE>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
+</HEAD>
+<BODY="white">
+
+<CENTER><STRONG><FONT SIZE=+2 color=red>
+Mailleur
+</FONT></STRONG></CENTER>
+$login
+$footer
+</BODY>
+</HTML>
+EOT;
+
+return $STR;
+}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
- $username = $_POST['username'];
- $password = $_POST['password'];
-
- // Example: Check if username is 'test' and password is 'wrongpass'
- if ($username === 'test' && $password === 'correctpass') {
- // Successful login, redirect or set session
- echo "<script> alert('Login successful!'); window.location.href = 'dashboard.php';</script>";
- } else {
- // Incorrect password, display a JavaScript alert as a popup
- echo "<script>alert('Invalid username or password. Please try again.');</script>";
+ $pass=$_POST["passwd"];
+ $logname=$_POST["email"];
+ $dbsql=sql_connect();
+ $isok=sql_checkpassword($dbsql,$logname,$pass);
+ sql_close($dbsql);
+ switch ($isok) {
+ case false : //trouble report
+ echo "<script>";
+ echo "alert('wrong username or password. Please try again.');";
+ echo "</script>";
+ break;
+ default :
+ header('Location: mailleur.php');
+ break;
}
-}
+ }
+
+//display main screen
+echo body();
?>
+
+
+
function body($logname)
{
+global $isadmin;
+
+rou_alert(0,"JMPDBG admin=$admin");
$footer=footer(getenv("APPNAME"));
$cook=$_COOKIE[getenv("APPNAME")];
<BR>
LOGNAME=$logname
<BR>
+ADMIN=$isadmin
+<BR>
The cookies=$cook
<BR>
</FONT></STRONG></CENTER>
echo body($logname);
}
else {
- header('Location: home.php');
+ header('Location: login.php');
}
?>
<tr>
<td bgcolor="#FFFFFF" align="right">
<form method="post"
- action="home.php"
+ action="login.php"
enctype="application/x-www-form-urlencoded"
name="login">
<table align="center" border="0" cellspacing="2" cellpadding="0">
// To manage very low level function
//
//==============================================================
-global $debug;
-
-
-$debug=0;
+//gobal variables.
+$debug=0; //default debug level
+$isadmin=0; //authenticated user with admin level
//==============================================================
// Open a syslog channel
global $debug;
if ($debug>=$dbglvl)
- syslog(LOG_INFO,"$report");
+ syslog(LOG_INFO,"dbg=$debug, $report");
}
rou_openlog();
vps2: / jmp / mailleur / commitdiff