BMC VM Linux Management and Archiving Code

Brought to you by: bmc_software, stevecarl, whurley

[r3]: / www / auth.new Maximize Restore History

69 lines (68 with data), 2.2 kB

<?php 
/*
vmlmat: VM Linux Management and Archival Tool.
Copyright (C) 2007 Ronnie Michael, BMC Software, Inc.  
this is a copy of auth.php with the sauth variable hardwired to "allow"
The purpose is to allow the admin a way of specifying the user's userid
without knowing their password for debug purpose.
This routine would temporary replace auth.php during the test. 
It is recommended that the original auth.php be backed up first before
being replaced with this version.
example: 
cp auth.php auth.bk
cp auth.new auth.php
when testing is finished
cp auth.bk auth.php
*/
if (isset($_REQUEST['cancel'])) {
header("Location: http://".$_SERVER['HTTP_HOST']."/index.html");
exit;
}
$USER = $_REQUEST['user'] ;
if (empty($USER)) {
	header("Location: http://".$_SERVER['HTTP_HOST']."/autherr.html");
        exit;
}
$PASS = $_REQUEST['pass'] ;
if (empty($PASS)) {
	header("Location: http://".$_SERVER['HTTP_HOST']."/autherr.html");
        exit;
}
#
# get parmfile variables needed
include '/var/clone/bkinc.php';
#
#escape char any dollar sign in password
$PASS = str_replace("$","\\$",$PASS);
#strip off adprod domain if they specified with the nt userid
#as userid is later checked against owners in the authfile.
$ul=strlen($USER);
if ($ul>7) {
if (strtoupper(substr($USER,0,6))==$domain) {
$USER=substr($USER,7,$ul-7);
}
}
# Sandra Knight found the need to add domain to user. Also escape to password to prevent 
# anonyomous login as Nobody.
$sauth = "allow";                                                               
    if ($sauth=="allow" || $sauth=="allow\n") { 
        session_start();
        $_SESSION['user']=$USER;
#begin email check
	$filen="archive/profile";
	$fp = fopen($filen, 'r' ); 
	$file_data = fread( $fp, filesize( $filen ) ); 
	fclose( $fp ); 
	$lines = explode ( "\n", $file_data ); 
	foreach ( $lines as $line ) { 
	list( $owner, $omail, $onote ) = explode( ':', $line ); 
	if (strtoupper($USER) == strtoupper($owner) && strlen($omail) > 4) {
	$_SESSION['umail']=$omail;	
	$_SESSION['unote']=$onote;
	}
	}
	header("Location: http://".$_SERVER['HTTP_HOST']."/index.php");
    } else { 
	header("Location: http://".$_SERVER['HTTP_HOST']."/autherr.html");
    } 
?>