root/branches/dsss-smi/chkpw.php

<?PHP
/*
 *  Copyright (c) 2006  Gregor Richards
 *  
 *  Permission is hereby granted, free of charge, to any person obtaining a
 *  copy of this software and associated documentation files (the "Software"),
 *  to deal in the Software without restriction, including without limitation
 *  the rights to use, copy, modify, merge, publish, distribute, sublicense,
 *  and/or sell copies of the Software, and to permit persons to whom the
 *  Software is furnished to do so, subject to the following conditions:
 *  
 *  The above copyright notice and this permission notice shall be included in
 *  all copies or substantial portions of the Software.
 *  
 *  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 *  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 *  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 *  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 *  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 *  FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 *  DEALINGS IN THE SOFTWARE.
 */

require("pws.php");

// Check a password, return true or false
function chkpw($un, $pw)
{
    global $pws;
    if (isset($pws[$un]) &&
        $pws[$un] == sha1($pw)) return true;
    return false;
}

// Generate a key/hash = array(key, hash)
function genkeyhash($un)
{
    global $pws;
    if (!isset($pws[$un])) return false;
    
    $key = time();
    $prehash = $pws[$un] . "DSSSSMI" . $key;
    $hash = sha1($prehash);
    
    return array($key, $hash);
}

// Check a key/hash, return true or false
function chkkeyhash($un, $key, $hash)
{
    global $pws;
    if (!isset($pws[$un])) return false;
    
    // key has expired
    $tm = time();
    if ($key < $tm - 3600 ||
        $key > $tm) return false;
    
    // key is wrong
    $prehash = $pws[$un] . "DSSSSMI" . $key;
    $goodhash = sha1($prehash);
    if ($hash != $goodhash) return false;
    
    return true;
}

// Validate the login, DIES on failure
function validate()
{
    global $pws;
    $failmsg = "Invalid login, perhaps your session has expired.";
    
    if (!isset($_COOKIE['DSSS_SMI_UN']) ||
        !isset($_COOKIE['DSSS_SMI_KEY']) ||
        !isset($_COOKIE['DSSS_SMI_HASH']))
        die($failmsg);
    
    global $un;
    $un = $_COOKIE['DSSS_SMI_UN'];
    
    if (!chkkeyhash($_COOKIE['DSSS_SMI_UN'],
                    $_COOKIE['DSSS_SMI_KEY'],
                    $_COOKIE['DSSS_SMI_HASH']))
        die($failmsg);
}

// Export the pws array, return false on failure
function savepws()
{
    global $pws;
    
    $handle = fopen("pws.php", "w");
    if ($handle === false) return false;
    
    flock($handle, LOCK_EX);
    
    fwrite($handle, "<?PHP\n" .
           "\$pws = array(\n");
    foreach (array_keys($pws) as $un) {
        if ($un == "0") continue;
        fwrite($handle, "\"$un\" => \"" . $pws[$un] . "\",\n");
    }
    fwrite($handle, "0);\n" .
           "?>\n");
    
    flock($handle, LOCK_UN);
    fclose($handle);
    
    return true;
}

// Add a user, return true on success
function adduser($un, $pw)
{
    global $pws;
    if (isset($pws[$un])) return false;
    
    $pws[$un] = sha1($pw);
    return savepws();
}

// Change a user's password: Assumes the user's old password has been checked
function chpasswd($un, $newpw)
{
    global $pws;
    if (!isset($pws[$un])) return false;
    
    $pws[$un] = sha1($newpw);
    return savepws();
}
?>