Permalink
Browse files

add autologin capability

  • Loading branch information...
wazari972 committed Feb 27, 2015
1 parent d942411 commit 34d3125464dcaebf7e69abf9541eb4ee02a35e6a
Showing with 15 additions and 2 deletions.
  1. +15 −2 admin/auth.php
@@ -42,8 +42,21 @@
exit;
}
// autologin for SSH authenticated ips
$AUTOLOGIN_FILE = "/var/www/alternc/k/kevin/.ssh_autologin";
$autologin = FALSE;
if (file_exists($AUTOLOGIN_FILE)
//&& (time() - filemtime($AUTOLOGIN_FILE)) < 60*60*12 // file is newer than 12h
&& $_SERVER["REMOTE_ADDR"] == str_replace("\n", "", file_get_contents($AUTOLOGIN_FILE)))
{
$autologin = TRUE;
$_POST['nom_utilisateur'] = $GLOBALS['identifiant'];
$_POST['mot_de_passe'] = $GLOBALS['mdp'];
}
// Auth checking :
if (isset($_POST['_verif_envoi']) and valider_form() === TRUE) { // OK : getting in.
if (isset($_POST['_verif_envoi']) and valider_form() === TRUE or $autologin) { // OK : getting in.
$ip = (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) ? htmlspecialchars($_SERVER['HTTP_X_FORWARDED_FOR']) : htmlspecialchars($_SERVER['REMOTE_ADDR']);
$_SESSION['user_id'] = $_POST['nom_utilisateur'].hash_password($_POST['mot_de_passe'], $GLOBALS['salt']).md5($_SERVER['HTTP_USER_AGENT'].$ip); // set special hash
usleep(100000); // 100ms sleep to avoid bruteforce
@@ -69,7 +82,7 @@
// The login was right, so we give a token because the previous one expired with the session
$_SESSION['BT-post-token'] = new_token();
}
$_SESSION['user_id'] = $_SESSION['user_id'] = $_POST['nom_utilisateur'].$_POST['mot_de_passe'].md5($_SERVER['HTTP_USER_AGENT'].$ip);
header('Location: '.$location);
} else { // On sort…

0 comments on commit 34d3125

Please sign in to comment.