Thread: PHP+Apache web server for calibre ...
View Single Post
Old 01-03-2013, 07:14 PM   #250
claduver
Junior Member
claduver began at the beginning.
 
Posts: 2
Karma: 10
Join Date: Oct 2012
Device: Sony PRS-T1
Windows auth & disconnect functionnality
Hello All,

First thanks to Charles for this great work !!
I've spent the last three evenings installing and configuring it on my windows XP box acting as server. It works fine, and answers all my needs.
I've put Apache 2.2.22 + PHP 5.2.17 + smarty 2.6.27 (the 3.x versions produced errors as said in another post)

Just two little add-ons I made :
1 - on windows, as you pointed out, Apache MD5 encoder doesn't work the same as PHP's so no password is recognized correctly if encrypted. I had to go for plain text.
So I added in config_local_php an entry :
$config['password_crypted'] = [true|false];
and modified index.php as below :
Moderator Notice
Changed the FONT tags around the source code to CODE tags so that indentation is not lost

Code:
if ($config['use_internal_login']) {
		$_REQUEST['msg'] = '';
		if (!isset($_SESSION['has_logged_in'])) {
			if (isset($_REQUEST['name']) && isset($_REQUEST['password'])) {
				$lines = file($config['password_file'], FILE_IGNORE_NEW_LINES);
				$upw = $_REQUEST['password'];
						
				foreach ($lines as $line) {
					list($name, $fpw) = explode(':', $line, 2);					
					if ($name == $_REQUEST['name']) {
						$cpwd = '';
						// test if password needs to be encrypted before compare with file password
						if ($config['password_crypted']) {
							$cpwd= crypt($upw, $fpw);							
						}
						else {
							$cpwd=$upw;
						}
						if ($cpwd == $fpw) {						
							$_SESSION['has_logged_in'] = $_REQUEST['name'];
							dprint("$name has logged in");
							break;
						}
					}
				}
				if (!isset($_SESSION['has_logged_in'])) {
					$_REQUEST['m'] = 'login';
					$_REQUEST['msg'] = 'invalid user name or password';
				}
			}
		}
		if (!isset($_SESSION['has_logged_in'])) {
			$_REQUEST['m'] = 'login';
		} else {
			$_SERVER['REMOTE_USER'] = $_SESSION['has_logged_in'];
		}
	}
Besides, I corrected a bug in the loop because the password was re-encrypted upon each turn.

Authentication works fine now.


2 - I have declared three users with differents rights and I felt the need to disconnect properly, so I added a "disconnect" functionality in the header and a disconnect.php file.
I also modify the styles to display the message in login page more beautifully (I used the stylesheets published by another user).
here goes in attached files.

Hope this will please you, and thanks again for your great work.

Claire.
Attached Files
File Type: zip disconnect.zip (2.0 KB, 638 views)
Last edited by chaley; 01-04-2013 at 04:33 AM.
claduver is offline   Reply With Quote