Enano CMS (1.1.x): includes/sessions.php@663fcf528726 (annotated)

1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1	<?php
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	3	/*
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	4	* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
21 663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs Dan parents: 18 diff changeset	5	* Version 1.0 (Banshee)
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	6	* Copyright (C) 2006-2007 Dan Fuhry
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	7	* sessions.php - everything related to security and user management
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	8	*
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	9	* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	10	* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	11	*
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	12	* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	13	* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	14	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	15
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	16	// Prepare a string for insertion into a MySQL database
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	17	function filter($str) { return $db->escape($str); }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	18
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	19	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	20	* Anything and everything related to security and user management. This includes AES encryption, which is illegal in some countries.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	21	* Documenting the API was not easy - I hope you folks enjoy it.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	22	* @package Enano
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	23	* @subpackage Session manager
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	24	* @category security, user management, logins, etc.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	25	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	26
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	27	class sessionManager {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	28
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	29	# Variables
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	30
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	31	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	32	* Whether we're logged in or not
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	33	* @var bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	34	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	35
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	36	var $user_logged_in = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	37
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	38	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	39	* Our current low-privilege session key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	40	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	41	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	42
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	43	var $sid;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	44
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	45	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	46	* Username of currently logged-in user, or IP address if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	47	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	48	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	49
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	50	var $username;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	51
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	52	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	53	* User ID of currently logged-in user, or -1 if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	54	* @var int
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	55	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	56
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	57	var $user_id;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	58
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	59	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	60	* Real name of currently logged-in user, or blank if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	61	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	62	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	63
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	64	var $real_name;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	65
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	66	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	67	* E-mail address of currently logged-in user, or blank if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	68	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	69	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	70
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	71	var $email;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	72
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	73	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	74	* User level of current user
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	75	* USER_LEVEL_GUEST: guest
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	76	* USER_LEVEL_MEMBER: regular user
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	77	* USER_LEVEL_CHPREF: default - pseudo-level that allows changing password and e-mail address (requires re-authentication)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	78	* USER_LEVEL_MOD: moderator
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	79	* USER_LEVEL_ADMIN: administrator
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	80	* @var int
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	81	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	82
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	83	var $user_level;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	84
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	85	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	86	* High-privilege session key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	87	* @var string or false if not running on high-level authentication
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	88	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	89
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	90	var $sid_super;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	91
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	92	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	93	* The user's theme preference, defaults to $template->default_theme
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	94	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	95	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	96
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	97	var $theme;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	98
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	99	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	100	* The user's style preference, or style auto-detected based on theme if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	101	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	102	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	103
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	104	var $style;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	105
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	106	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	107	* Signature of current user - appended to comments, etc.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	108	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	109	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	110
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	111	var $signature;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	112
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	113	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	114	* UNIX timestamp of when we were registered, or 0 if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	115	* @var int
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	116	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	117
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	118	var $reg_time;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	119
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	120	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	121	* MD5 hash of the current user's password, if applicable
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	122	* @var string OR bool false
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	123	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	124
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	125	var $password_hash;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	126
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	127	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	128	* The number of unread private messages this user has.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	129	* @var int
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	130	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	131
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	132	var $unread_pms = 0;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	133
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	134	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	135	* AES key used to encrypt passwords and session key info - irreversibly destroyed when disallow_password_grab() is called
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	136	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	137	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	138
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	139	var $private_key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	140
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	141	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	142	* Regex that defines a valid username, minus the ^ and $, these are added later
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	143	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	144	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	145
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	146	var $valid_username = '([A-Za-z0-9 \!\@-]+)';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	147
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	148	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	149	* What we're allowed to do as far as permissions go. This changes based on the value of the "auth" URI param.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	150	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	151	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	152
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	153	var $auth_level = -1;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	154
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	155	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	156	* State variable to track if a session timed out
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	157	* @var bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	158	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	159
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	160	var $sw_timed_out = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	161
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	162	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	163	* Switch to track if we're started or not.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	164	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	165	* @var bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	166	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	167
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	168	var $started = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	169
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	170	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	171	* Switch to control compatibility mode (for older Enano websites being upgraded)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	172	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	173	* @var bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	174	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	175
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	176	var $compat = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	177
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	178	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	179	* Our list of permission types.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	180	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	181	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	182	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	183
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	184	var $acl_types = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	185
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	186	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	187	* The list of descriptions for the permission types
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	188	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	189	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	190
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	191	var $acl_descs = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	192
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	193	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	194	* A list of dependencies for ACL types.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	195	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	196	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	197
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	198	var $acl_deps = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	199
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	200	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	201	* Our tell-all list of permissions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	202	* @access private - or, preferably, protected
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	203	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	204	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	205
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	206	var $perms = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	207
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	208	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	209	* A cache variable - saved after sitewide permissions are checked but before page-specific permissions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	210	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	211	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	212	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	213
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	214	var $acl_base_cache = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	215
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	216	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	217	* Stores the scope information for ACL types.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	218	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	219	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	220	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	221
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	222	var $acl_scope = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	223
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	224	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	225	* Array to track which default permissions are being used
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	226	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	227	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	228	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	229
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	230	var $acl_defaults_used = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	231
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	232	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	233	* Array to track group membership.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	234	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	235	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	236
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	237	var $groups = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	238
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	239	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	240	* Associative array to track group modship.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	241	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	242	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	243
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	244	var $group_mod = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	245
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	246	# Basic functions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	247
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	248	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	249	* Constructor.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	250	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	251
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	252	function __construct()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	253	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	254	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	255	include(ENANO_ROOT.'/config.php');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	256	unset($dbhost, $dbname, $dbuser, $dbpasswd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	257	if(isset($crypto_key))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	258	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	259	$this->private_key = $crypto_key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	260	$this->private_key = hexdecode($this->private_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	261	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	262	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	263	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	264	if(is_writable(ENANO_ROOT.'/config.php'))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	265	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	266	// Generate and stash a private key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	267	// This should only happen during an automated silent gradual migration to the new encryption platform.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	268	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	269	$this->private_key = $aes->gen_readymade_key();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	270
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	271	$config = file_get_contents(ENANO_ROOT.'/config.php');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	272	if(!$config)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	273	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	274	die('$session->__construct(): can\'t get the contents of config.php');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	275	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	276
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	277	$config = str_replace("?>", "\$crypto_key = '{$this->private_key}';\n?>", $config);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	278	// And while we're at it...
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	279	$config = str_replace('MIDGET_INSTALLED', 'ENANO_INSTALLED', $config);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	280	$fh = @fopen(ENANO_ROOT.'/config.php', 'w');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	281	if ( !$fh )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	282	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	283	die('$session->__construct(): Couldn\'t open config file for writing to store the private key, I tried to avoid something like this...');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	284	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	285
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	286	fwrite($fh, $config);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	287	fclose($fh);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	288	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	289	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	290	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	291	die_semicritical('Crypto error', '<p>No private key was found in the config file, and we can\'t generate one because we don\'t have write access to the config file. Please CHMOD config.php to 666 or 777 and reload this page.</p>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	292	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	293	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	294	// Check for compatibility mode
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	295	if(defined('IN_ENANO_INSTALL'))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	296	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	297	$q = $db->sql_query('SELECT old_encryption FROM '.table_prefix.'users LIMIT 1;');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	298	if(!$q)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	299	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	300	$error = mysql_error();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	301	if(strstr($error, "Unknown column 'old_encryption'"))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	302	$this->compat = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	303	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	304	$db->_die('This should never happen and is a bug - the only error that was supposed to happen here didn\'t happen. (sessions.php in constructor, during compat mode check)');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	305	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	306	$db->free_result();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	307	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	308	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	309
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	310	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	311	* PHP 4 compatible constructor.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	312	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	313
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	314	function sessionManager()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	315	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	316	$this->__construct();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	317	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	318
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	319	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	320	* Wrapper function to sanitize strings for MySQL and HTML
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	321	* @param string $text The text to sanitize
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	322	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	323	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	324
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	325	function prepare_text($text)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	326	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	327	global $db;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	328	return $db->escape(htmlspecialchars($text));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	329	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	330
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	331	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	332	* Makes a SQL query and handles error checking
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	333	* @param string $query The SQL query to make
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	334	* @return resource
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	335	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	336
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	337	function sql($query)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	338	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	339	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	340	$result = $db->sql_query($query);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	341	if(!$result)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	342	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	343	$db->_die('The error seems to have occurred somewhere in the session management code.');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	344	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	345	return $result;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	346	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	347
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	348	# Session restoration and permissions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	349
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	350	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	351	* Initializes the basic state of things, including most user prefs, login data, cookie stuff
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	352	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	353
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	354	function start()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	355	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	356	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	357	if($this->started) return;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	358	$this->started = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	359	$user = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	360	if(isset($_COOKIE['sid']))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	361	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	362	if($this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	363	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	364	$userdata = $this->compat_validate_session($_COOKIE['sid']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	365	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	366	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	367	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	368	$userdata = $this->validate_session($_COOKIE['sid']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	369	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	370	if(is_array($userdata))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	371	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	372	$data = RenderMan::strToPageID($paths->get_pageid_from_url());
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	373
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	374	if(!$this->compat && $userdata['account_active'] != 1 && $data[1] != 'Special' && $data[1] != 'Admin')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	375	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	376	$this->logout();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	377	$a = getConfig('account_activation');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	378	switch($a)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	379	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	380	case 'none':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	381	default:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	382	$solution = 'Your account was most likely deactivated by an administrator. Please contact the site administration for further assistance.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	383	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	384	case 'user':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	385	$solution = 'Please check your e-mail; you should have been sent a message with instructions on how to activate your account. If you do not receive an e-mail from this site within 24 hours, please contact the site administration for further assistance.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	386	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	387	case 'admin':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	388	$solution = 'This website has been configured so that all user accounts must be activated by the administrator before they can be used, so your account will most likely be activated the next time the one of the administrators visits the site.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	389	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	390	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	391	die_semicritical('Account error', '<p>It appears that your user account has not yet been activated. '.$solution.'</p>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	392	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	393
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	394	$this->sid = $_COOKIE['sid'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	395	$this->user_logged_in = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	396	$this->user_id = intval($userdata['user_id']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	397	$this->username = $userdata['username'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	398	$this->password_hash = $userdata['password'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	399	$this->user_level = intval($userdata['user_level']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	400	$this->real_name = $userdata['real_name'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	401	$this->email = $userdata['email'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	402	$this->unread_pms = $userdata['num_pms'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	403	if(!$this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	404	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	405	$this->theme = $userdata['theme'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	406	$this->style = $userdata['style'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	407	$this->signature = $userdata['signature'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	408	$this->reg_time = $userdata['reg_time'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	409	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	410	// Small security risk here - it allows someone who has already authenticated as an administrator to store the "super" key in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	411	// the cookie. Change this to USER_LEVEL_MEMBER to override that. The same 15-minute restriction applies to this "exploit".
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	412	$this->auth_level = $userdata['auth_level'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	413	if(!isset($template->named_theme_list[$this->theme]))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	414	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	415	if($this->compat \|\| !is_object($template))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	416	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	417	$this->theme = 'oxygen';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	418	$this->style = 'bleu';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	419	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	420	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	421	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	422	$this->theme = $template->default_theme;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	423	$this->style = $template->default_style;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	424	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	425	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	426	$user = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	427
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	428	if(isset($_REQUEST['auth']) && !$this->sid_super)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	429	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	430	// Now he thinks he's a moderator. Or maybe even an administrator. Let's find out if he's telling the truth.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	431	if($this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	432	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	433	$key = $_REQUEST['auth'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	434	$super = $this->compat_validate_session($key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	435	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	436	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	437	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	438	$key = strrev($_REQUEST['auth']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	439	$super = $this->validate_session($key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	440	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	441	if(is_array($super))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	442	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	443	$this->auth_level = intval($super['auth_level']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	444	$this->sid_super = $_REQUEST['auth'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	445	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	446	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	447	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	448	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	449	if(!$user)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	450	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	451	//exit;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	452	$this->register_guest_session();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	453	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	454	if(!$this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	455	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	456	// init groups
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	457	$q = $this->sql('SELECT g.group_name,g.group_id,m.is_mod FROM '.table_prefix.'groups AS g
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	458	LEFT JOIN '.table_prefix.'group_members AS m
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	459	ON g.group_id=m.group_id
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	460	WHERE ( m.user_id='.$this->user_id.'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	461	OR g.group_name=\'Everyone\')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	462	' . ( enano_version() == '1.0RC1' ? '' : 'AND ( m.pending != 1 OR m.pending IS NULL )' ) . '
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	463	ORDER BY group_id ASC;'); // Make sure "Everyone" comes first so the permissions can be overridden
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	464	if($row = $db->fetchrow())
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	465	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	466	do {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	467	$this->groups[$row['group_id']] = $row['group_name'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	468	$this->group_mod[$row['group_id']] = ( intval($row['is_mod']) == 1 );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	469	} while($row = $db->fetchrow());
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	470	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	471	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	472	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	473	die('No group info');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	474	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	475	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	476	$this->check_banlist();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	477
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	478	if ( isset ( $_GET['printable'] ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	479	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	480	$this->theme = 'printable';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	481	$this->style = 'default';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	482	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	483
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	484	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	485
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	486	# Logins
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	487
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	488	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	489	* Attempts to perform a login using crypto functions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	490	* @param string $username The username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	491	* @param string $aes_data The encrypted password, hex-encoded
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	492	* @param string $aes_key The MD5 hash of the encryption key, hex-encoded
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	493	* @param string $challenge The 256-bit MD5 challenge string - first 128 bits should be the hash, the last 128 should be the challenge salt
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	494	* @param int $level The privilege level we're authenticating for, defaults to 0
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	495	* @return string 'success' on success, or error string on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	496	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	497
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	498	function login_with_crypto($username, $aes_data, $aes_key, $challenge, $level = USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	499	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	500	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	501
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	502	$privcache = $this->private_key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	503
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	504	// Instanciate the Rijndael encryption object
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	505	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	506
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	507	// Fetch our decryption key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	508
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	509	$aes_key = $this->fetch_public_key($aes_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	510	if(!$aes_key)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	511	return 'Couldn\'t look up public key "'.$aes_key.'" for decryption';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	512
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	513	// Convert the key to a binary string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	514	$bin_key = hexdecode($aes_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	515
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	516	if(strlen($bin_key) != AES_BITS / 8)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	517	return 'The decryption key is the wrong length';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	518
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	519	// Decrypt our password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	520	$password = $aes->decrypt($aes_data, $bin_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	521
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	522	// Initialize our success switch
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	523	$success = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	524
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	525	// Select the user data from the table, and decrypt that so we can verify the password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	526	$this->sql('SELECT password,old_encryption,user_id,user_level,theme,style,temp_password,temp_password_time FROM '.table_prefix.'users WHERE lcase(username)=\''.$this->prepare_text(strtolower($username)).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	527	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	528	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	529	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	530
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	531	// Check to see if we're logging in using a temporary password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	532
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	533	if((intval($row['temp_password_time']) + 3600*24) > time() )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	534	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	535	$temp_pass = $aes->decrypt( $row['temp_password'], $this->private_key, ENC_HEX );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	536	if( $temp_pass == $password )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	537	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	538	$url = makeUrlComplete('Special', 'PasswordReset/stage2/' . $row['user_id'] . '/' . $row['temp_password']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	539
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	540	$code = $plugins->setHook('login_password_reset');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	541	foreach ( $code as $cmd )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	542	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	543	eval($cmd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	544	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	545
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	546	redirect($url, 'Login sucessful', 'Please wait while you are transferred to the Password Reset form.');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	547	exit;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	548	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	549	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	550
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	551	if($row['old_encryption'] == 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	552	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	553	// The user's password is stored using the obsolete and insecure MD5 algorithm, so we'll update the field with the new password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	554	if(md5($password) == $row['password'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	555	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	556	$pass_stashed = $aes->encrypt($password, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	557	$this->sql('UPDATE '.table_prefix.'users SET password=\''.$pass_stashed.'\',old_encryption=0 WHERE user_id='.$row['user_id'].';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	558	$success = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	559	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	560	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	561	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	562	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	563	// Our password field is up-to-date with the >=1.0RC1 encryption standards, so decrypt the password in the table and see if we have a match; if so then do challenge authentication
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	564	$real_pass = $aes->decrypt(hexdecode($row['password']), $this->private_key, ENC_BINARY);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	565	if($password == $real_pass)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	566	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	567	// Yay! We passed AES authentication, now do an MD5 challenge check to make sure we weren't spoofed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	568	$chal = substr($challenge, 0, 32);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	569	$salt = substr($challenge, 32, 32);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	570	$correct_challenge = md5( $real_pass . $salt );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	571	if($chal == $correct_challenge)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	572	$success = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	573	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	574	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	575	if($success)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	576	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	577	if($level > $row['user_level'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	578	return 'You are not authorized for this level of access.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	579
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	580	$sess = $this->register_session(intval($row['user_id']), $username, $password, $level);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	581	if($sess)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	582	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	583	$this->username = $username;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	584	$this->user_id = intval($row['user_id']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	585	$this->theme = $row['theme'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	586	$this->style = $row['style'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	587
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	588	if($level > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	589	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_good\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	590	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	591	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_good\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	592
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	593	$code = $plugins->setHook('login_success');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	594	foreach ( $code as $cmd )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	595	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	596	eval($cmd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	597	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	598	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	599	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	600	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	601	return 'Your login credentials were correct, but an internal error occurred while registering the session key in the database.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	602	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	603	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	604	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	605	if($level > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	606	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	607	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	608	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	609
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	610	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	611	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	612	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	613
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	614	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	615	* Attempts to login without using crypto stuff, mainly for use when the other side doesn't like Javascript
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	616	* This method of authentication is inherently insecure, there's really nothing we can do about it except hope and pray that everyone moves to Firefox
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	617	* Technically it still uses crypto, but it only decrypts the password already stored, which is (obviously) required for authentication
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	618	* @param string $username The username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	619	* @param string $password The password -OR- the MD5 hash of the password if $already_md5ed is true
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	620	* @param bool $already_md5ed This should be set to true if $password is an MD5 hash, and should be false if it's plaintext. Defaults to false.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	621	* @param int $level The privilege level we're authenticating for, defaults to 0
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	622	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	623
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	624	function login_without_crypto($username, $password, $already_md5ed = false, $level = USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	625	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	626	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	627
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	628	$pass_hashed = ( $already_md5ed ) ? $password : md5($password);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	629
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	630	// Perhaps we're upgrading Enano?
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	631	if($this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	632	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	633	return $this->login_compat($username, $pass_hashed, $level);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	634	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	635
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	636	// Instanciate the Rijndael encryption object
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	637	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	638
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	639	// Initialize our success switch
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	640	$success = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	641
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	642	// Retrieve the real password from the database
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	643	$this->sql('SELECT password,old_encryption,user_id,user_level,temp_password,temp_password_time FROM '.table_prefix.'users WHERE lcase(username)=\''.$this->prepare_text(strtolower($username)).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	644	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	645	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	646	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	647
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	648	// Check to see if we're logging in using a temporary password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	649
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	650	if((intval($row['temp_password_time']) + 3600*24) > time() )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	651	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	652	$temp_pass = $aes->decrypt( $row['temp_password'], $this->private_key, ENC_HEX );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	653	if( md5($temp_pass) == $pass_hashed )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	654	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	655	$code = $plugins->setHook('login_password_reset');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	656	foreach ( $code as $cmd )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	657	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	658	eval($cmd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	659	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	660
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	661	header('Location: ' . makeUrlComplete('Special', 'PasswordReset/stage2/' . $row['user_id'] . '/' . $row['temp_password']) );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	662
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	663	exit;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	664	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	665	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	666
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	667	if($row['old_encryption'] == 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	668	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	669	// The user's password is stored using the obsolete and insecure MD5 algorithm - we'll update the field with the new password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	670	if($pass_hashed == $row['password'] && !$already_md5ed)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	671	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	672	$pass_stashed = $aes->encrypt($password, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	673	$this->sql('UPDATE '.table_prefix.'users SET password=\''.$pass_stashed.'\',old_encryption=0 WHERE user_id='.$row['user_id'].';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	674	$success = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	675	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	676	elseif($pass_hashed == $row['password'] && $already_md5ed)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	677	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	678	// We don't have the real password so don't bother with encrypting it, just call it success and get out of here
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	679	$success = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	680	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	681	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	682	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	683	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	684	// Our password field is up-to-date with the >=1.0RC1 encryption standards, so decrypt the password in the table and see if we have a match
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	685	$real_pass = $aes->decrypt($row['password'], $this->private_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	686	if($pass_hashed == md5($real_pass))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	687	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	688	$success = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	689	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	690	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	691	if($success)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	692	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	693	if((int)$level > (int)$row['user_level'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	694	return 'You are not authorized for this level of access.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	695	$sess = $this->register_session(intval($row['user_id']), $username, $real_pass, $level);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	696	if($sess)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	697	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	698	if($level > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	699	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_good\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	700	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	701	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_good\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	702
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	703	$code = $plugins->setHook('login_success');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	704	foreach ( $code as $cmd )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	705	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	706	eval($cmd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	707	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	708	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	709	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	710	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	711	return 'Your login credentials were correct, but an internal error occured while registering the session key in the database.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	712	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	713	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	714	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	715	if($level > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	716	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	717	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	718	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	719
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	720	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	721	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	722	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	723
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	724	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	725	* Attempts to log in using the old table structure and algorithm.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	726	* @param string $username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	727	* @param string $password This should be an MD5 hash
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	728	* @return string 'success' if successful, or error message on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	729	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	730
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	731	function login_compat($username, $password, $level = 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	732	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	733	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	734	$pass_hashed =& $password;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	735	$this->sql('SELECT password,user_id,user_level FROM '.table_prefix.'users WHERE username=\''.$this->prepare_text($username).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	736	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	737	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	738	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	739	if($row['password'] == $password)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	740	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	741	if((int)$level > (int)$row['user_level'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	742	return 'You are not authorized for this level of access.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	743	$sess = $this->register_session_compat(intval($row['user_id']), $username, $password, $level);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	744	if($sess)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	745	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	746	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	747	return 'Your login credentials were correct, but an internal error occured while registering the session key in the database.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	748	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	749	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	750	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	751	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	752	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	753	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	754
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	755	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	756	* Registers a session key in the database. This function ASSUMES that the username and password have already been validated!
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	757	* Basically the session key is a base64-encoded cookie (encrypted with the site's private key) that says "u=[username];p=[sha1 of password]"
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	758	* @param int $user_id
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	759	* @param string $username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	760	* @param string $password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	761	* @param int $level The level of access to grant, defaults to USER_LEVEL_MEMBER
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	762	* @return bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	763	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	764
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	765	function register_session($user_id, $username, $password, $level = USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	766	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	767	$salt = md5(microtime() . mt_rand());
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	768	$passha1 = sha1($password);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	769	$session_key = "u=$username;p=$passha1;s=$salt";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	770	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	771	$session_key = $aes->encrypt($session_key, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	772	if($level > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	773	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	774	$hexkey = strrev($session_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	775	$this->sid_super = $hexkey;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	776	$_GET['auth'] = $hexkey;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	777	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	778	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	779	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	780	setcookie( 'sid', $session_key, time()+315360000, scriptPath.'/' );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	781	$_COOKIE['sid'] = $session_key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	782	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	783	$keyhash = md5($session_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	784	$ip = ip2hex($_SERVER['REMOTE_ADDR']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	785	if(!$ip)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	786	die('$session->register_session: Remote-Addr was spoofed');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	787	$time = time();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	788	if(!is_int($user_id))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	789	die('Somehow an SQL injection attempt crawled into our session registrar! (1)');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	790	if(!is_int($level))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	791	die('Somehow an SQL injection attempt crawled into our session registrar! (2)');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	792
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	793	$query = $this->sql('INSERT INTO '.table_prefix.'session_keys(session_key, salt, user_id, auth_level, source_ip, time) VALUES(\''.$keyhash.'\', \''.$salt.'\', '.$user_id.', '.$level.', \''.$ip.'\', '.$time.');');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	794	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	795	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	796
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	797	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	798	* Identical to register_session in nature, but uses the old login/table structure. DO NOT use this.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	799	* @see sessionManager::register_session()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	800	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	801	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	802
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	803	function register_session_compat($user_id, $username, $password, $level = 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	804	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	805	$salt = md5(microtime() . mt_rand());
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	806	$thekey = md5($password . $salt);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	807	if($level > 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	808	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	809	$this->sid_super = $thekey;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	810	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	811	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	812	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	813	setcookie( 'sid', $thekey, time()+315360000, scriptPath.'/' );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	814	$_COOKIE['sid'] = $thekey;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	815	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	816	$ip = ip2hex($_SERVER['REMOTE_ADDR']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	817	if(!$ip)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	818	die('$session->register_session: Remote-Addr was spoofed');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	819	$time = time();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	820	if(!is_int($user_id))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	821	die('Somehow an SQL injection attempt crawled into our session registrar! (1)');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	822	if(!is_int($level))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	823	die('Somehow an SQL injection attempt crawled into our session registrar! (2)');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	824	$query = $this->sql('INSERT INTO '.table_prefix.'session_keys(session_key, salt, user_id, auth_level, source_ip, time) VALUES(\''.$thekey.'\', \''.$salt.'\', '.$user_id.', '.$level.', \''.$ip.'\', '.$time.');');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	825	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	826	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	827
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	828	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	829	* Creates/restores a guest session
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	830	* @todo implement real session management for guests
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	831	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	832
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	833	function register_guest_session()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	834	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	835	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	836	$this->username = $_SERVER['REMOTE_ADDR'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	837	$this->user_level = USER_LEVEL_GUEST;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	838	if($this->compat \|\| defined('IN_ENANO_INSTALL'))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	839	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	840	$this->theme = 'oxygen';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	841	$this->style = 'bleu';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	842	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	843	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	844	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	845	$this->theme = ( isset($_GET['theme']) && isset($template->named_theme_list[$_GET['theme']])) ? $_GET['theme'] : $template->default_theme;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	846	$this->style = ( isset($_GET['style']) && file_exists(ENANO_ROOT.'/themes/'.$this->theme . '/css/'.$_GET['style'].'.css' )) ? $_GET['style'] : substr($template->named_theme_list[$this->theme]['default_style'], 0, strlen($template->named_theme_list[$this->theme]['default_style'])-4);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	847	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	848	$this->user_id = 1;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	849	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	850
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	851	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	852	* Validates a session key, and returns the userdata associated with the key or false
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	853	* @param string $key The session key to validate
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	854	* @return array Keys are 'user_id', 'username', 'email', 'real_name', 'user_level', 'theme', 'style', 'signature', 'reg_time', 'account_active', 'activation_key', and 'auth_level' or bool false if validation failed. The key 'auth_level' is the maximum authorization level that this key provides.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	855	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	856
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	857	function validate_session($key)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	858	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	859	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	860	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE, true);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	861	$decrypted_key = $aes->decrypt($key, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	862
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	863	if ( !$decrypted_key )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	864	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	865	die_semicritical('AES encryption error', '<p>Something went wrong during the AES decryption process.</p><pre>'.print_r($decrypted_key, true).'</pre>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	866	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	867
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	868	$n = preg_match('/^u='.$this->valid_username.';p=([A-Fa-f0-9]+?);s=([A-Fa-f0-9]+?)$/', $decrypted_key, $keydata);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	869	if($n < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	870	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	871	// echo '(debug) $session->validate_session: Key does not match regex<br />Decrypted key: '.$decrypted_key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	872	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	873	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	874	$keyhash = md5($key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	875	$salt = $db->escape($keydata[3]);
18 edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	876	$query = $db->sql_query('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms,x.* FROM '.table_prefix.'session_keys AS k
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	877	LEFT JOIN '.table_prefix.'users AS u
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	878	ON ( u.user_id=k.user_id )
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	879	LEFT JOIN '.table_prefix.'users_extra AS x
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	880	ON ( u.user_id=x.user_id OR x.user_id IS NULL )
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	881	LEFT JOIN '.table_prefix.'privmsgs AS p
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	882	ON ( p.message_to=u.username AND p.message_read=0 )
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	883	WHERE k.session_key=\''.$keyhash.'\'
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	884	AND k.salt=\''.$salt.'\'
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	885	GROUP BY u.user_id;');
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	886	if ( !$query )
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	887	{
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	888	$query = $this->sql('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms FROM '.table_prefix.'session_keys AS k
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	889	LEFT JOIN '.table_prefix.'users AS u
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	890	ON ( u.user_id=k.user_id )
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	891	LEFT JOIN '.table_prefix.'privmsgs AS p
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	892	ON ( p.message_to=u.username AND p.message_read=0 )
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	893	WHERE k.session_key=\''.$keyhash.'\'
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	894	AND k.salt=\''.$salt.'\'
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	895	GROUP BY u.user_id;');
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	896	}
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	897	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	898	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	899	// echo '(debug) $session->validate_session: Key was not found in database<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	900	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	901	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	902	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	903	$row['user_id'] =& $row['uid'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	904	$ip = ip2hex($_SERVER['REMOTE_ADDR']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	905	if($row['auth_level'] > $row['user_level'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	906	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	907	// Failed authorization check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	908	// echo '(debug) $session->validate_session: access to this auth level denied<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	909	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	910	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	911	if($ip != $row['source_ip'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	912	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	913	// Failed IP address check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	914	// echo '(debug) $session->validate_session: IP address mismatch<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	915	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	916	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	917
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	918	// Do the password validation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	919	$real_pass = $aes->decrypt($row['password'], $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	920
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	921	//die('<pre>'.print_r($keydata, true).'</pre>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	922	if(sha1($real_pass) != $keydata[2])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	923	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	924	// Failed password check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	925	// echo '(debug) $session->validate_session: encrypted password is wrong<br />Real password: '.$real_pass.'<br />Real hash: '.sha1($real_pass).'<br />User hash: '.$keydata[2];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	926	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	927	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	928
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	929	$time_now = time();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	930	$time_key = $row['time'] + 900;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	931	if($time_now > $time_key && $row['auth_level'] > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	932	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	933	// Session timed out
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	934	// echo '(debug) $session->validate_session: super session timed out<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	935	$this->sw_timed_out = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	936	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	937	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	938
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	939	// If this is an elevated-access session key, update the time
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	940	if( $row['auth_level'] > USER_LEVEL_MEMBER )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	941	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	942	$this->sql('UPDATE '.table_prefix.'session_keys SET time='.time().' WHERE session_key=\''.$keyhash.'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	943	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	944
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	945	$row['password'] = md5($real_pass);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	946	return $row;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	947	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	948
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	949	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	950	* Validates a session key, and returns the userdata associated with the key or false. Optimized for compatibility with the old MD5-based auth system.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	951	* @param string $key The session key to validate
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	952	* @return array Keys are 'user_id', 'username', 'email', 'real_name', 'user_level', 'theme', 'style', 'signature', 'reg_time', 'account_active', 'activation_key', and 'auth_level' or bool false if validation failed. The key 'auth_level' is the maximum authorization level that this key provides.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	953	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	954
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	955	function compat_validate_session($key)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	956	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	957	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	958	$key = $db->escape($key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	959
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	960	$query = $this->sql('SELECT u.user_id,u.username,u.password,u.email,u.real_name,u.user_level,k.source_ip,k.salt,k.time,k.auth_level FROM '.table_prefix.'session_keys AS k
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	961	LEFT JOIN '.table_prefix.'users AS u
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	962	ON u.user_id=k.user_id
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	963	WHERE k.session_key=\''.$key.'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	964	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	965	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	966	// echo '(debug) $session->validate_session: Key '.$key.' was not found in database<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	967	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	968	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	969	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	970	$ip = ip2hex($_SERVER['REMOTE_ADDR']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	971	if($row['auth_level'] > $row['user_level'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	972	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	973	// Failed authorization check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	974	// echo '(debug) $session->validate_session: user not authorized for this access level';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	975	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	976	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	977	if($ip != $row['source_ip'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	978	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	979	// Failed IP address check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	980	// echo '(debug) $session->validate_session: IP address mismatch; IP in table: '.$row['source_ip'].'; reported IP: '.$ip.'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	981	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	982	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	983
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	984	// Do the password validation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	985	$real_key = md5($row['password'] . $row['salt']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	986
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	987	//die('<pre>'.print_r($keydata, true).'</pre>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	988	if($real_key != $key)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	989	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	990	// Failed password check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	991	// echo '(debug) $session->validate_session: supplied password is wrong<br />Real key: '.$real_key.'<br />User key: '.$key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	992	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	993	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	994
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	995	$time_now = time();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	996	$time_key = $row['time'] + 900;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	997	if($time_now > $time_key && $row['auth_level'] >= 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	998	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	999	$this->sw_timed_out = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1000	// Session timed out
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1001	// echo '(debug) $session->validate_session: super session timed out<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1002	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1003	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1004
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1005	return $row;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1006	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1007
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1008	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1009	* Demotes us to one less than the specified auth level. AKA destroys elevated authentication and/or logs out the user, depending on $level
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1010	* @param int $level How low we should go - USER_LEVEL_MEMBER means demote to USER_LEVEL_GUEST, and anything more powerful than USER_LEVEL_MEMBER means demote to USER_LEVEL_MEMBER
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1011	* @return string 'success' if successful, or error on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1012	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1013
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1014	function logout($level = USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1015	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1016	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1017	$ou = $this->username;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1018	$oid = $this->user_id;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1019	if($level > USER_LEVEL_CHPREF)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1020	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1021	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1022	if(!$this->user_logged_in \|\| $this->auth_level < USER_LEVEL_MOD) return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1023	// Destroy elevated privileges
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1024	$keyhash = md5(strrev($this->sid_super));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1025	$this->sql('DELETE FROM '.table_prefix.'session_keys WHERE session_key=\''.$keyhash.'\' AND user_id=\'' . $this->user_id . '\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1026	$this->sid_super = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1027	$this->auth_level = USER_LEVEL_MEMBER;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1028	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1029	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1030	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1031	if($this->user_logged_in)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1032	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1033	// Completely destroy our session
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1034	if($this->auth_level > USER_LEVEL_CHPREF)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1035	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1036	$this->logout(USER_LEVEL_ADMIN);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1037	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1038	$this->sql('DELETE FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($this->sid).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1039	setcookie( 'sid', '', time()-(3600*24), scriptPath.'/' );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1040	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1041	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1042	$code = $plugins->setHook('logout_success'); // , Array('level'=>$level,'old_username'=>$ou,'old_user_id'=>$oid));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1043	foreach ( $code as $cmd )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1044	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1045	eval($cmd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1046	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1047	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1048	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1049
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1050	# Miscellaneous stuff
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1051
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1052	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1053	* Appends the high-privilege session key to the URL if we are authorized to do high-privilege stuff
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1054	* @param string $url The URL to add session data to
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1055	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1056	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1057
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1058	function append_sid($url)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1059	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1060	$sep = ( strstr($url, '?') ) ? '&' : '?';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1061	if ( $this->sid_super )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1062	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1063	$url = $url . $sep . 'auth=' . urlencode($this->sid_super);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1064	// echo($this->sid_super.'<br/>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1065	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1066	return $url;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1067	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1068
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1069	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1070	* Grabs the user's password MD5
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1071	* @return string, or bool false if access denied
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1072	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1073
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1074	function grab_password_hash()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1075	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1076	if(!$this->password_hash) return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1077	return $this->password_hash;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1078	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1079
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1080	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1081	* Destroys the user's password MD5 in memory
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1082	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1083
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1084	function disallow_password_grab()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1085	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1086	$this->password_hash = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1087	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1088	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1089
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1090	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1091	* Generates an AES key and stashes it in the database
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1092	* @return string Hex-encoded AES key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1093	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1094
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1095	function rijndael_genkey()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1096	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1097	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1098	$key = $aes->gen_readymade_key();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1099	$keys = getConfig('login_key_cache');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1100	if(is_string($keys))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1101	$keys .= $key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1102	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1103	$keys = $key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1104	setConfig('login_key_cache', $keys);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1105	return $key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1106	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1107
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1108	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1109	* Generate a totally random 128-bit value for MD5 challenges
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1110	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1111	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1112
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1113	function dss_rand()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1114	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1115	$aes = new AESCrypt();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1116	$random = $aes->randkey(128);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1117	unset($aes);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1118	return md5(microtime() . $random);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1119	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1120
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1121	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1122	* Fetch a cached login public key using the MD5sum as an identifier. Each key can only be fetched once before it is destroyed.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1123	* @param string $md5 The MD5 sum of the key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1124	* @return string, or bool false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1125	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1126
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1127	function fetch_public_key($md5)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1128	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1129	$keys = getConfig('login_key_cache');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1130	$keys = enano_str_split($keys, AES_BITS / 4);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1131
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1132	foreach($keys as $i => $k)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1133	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1134	if(md5($k) == $md5)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1135	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1136	unset($keys[$i]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1137	if(count($keys) > 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1138	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1139	if ( strlen(getConfig('login_key_cache') ) > 64000 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1140	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1141	// This should only need to be done once every month or so for an average-size site
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1142	setConfig('login_key_cache', '');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1143	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1144	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1145	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1146	$keys = implode('', array_values($keys));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1147	setConfig('login_key_cache', $keys);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1148	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1149	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1150	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1151	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1152	setConfig('login_key_cache', '');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1153	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1154	return $k;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1155	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1156	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1157	// Couldn't find the key...
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1158	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1159	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1160
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1161	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1162	* Adds a user to a group.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1163	* @param int User ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1164	* @param int Group ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1165	* @param bool Group moderator - defaults to false
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1166	* @return bool True on success, false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1167	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1168
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1169	function add_user_to_group($user_id, $group_id, $is_mod = false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1170	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1171	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1172
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1173	// Validation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1174	if ( !is_int($user_id) \|\| !is_int($group_id) \|\| !is_bool($is_mod) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1175	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1176	if ( $user_id < 1 \|\| $group_id < 1 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1177	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1178
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1179	$mod_switch = ( $is_mod ) ? '1' : '0';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1180	$q = $this->sql('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $user_id . ' AND group_id=' . $group_id . ';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1181	if ( !$q )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1182	$db->_die();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1183	if ( $db->numrows() < 1 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1184	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1185	// User is not in group
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1186	$this->sql('INSERT INTO '.table_prefix.'group_members(user_id,group_id,is_mod) VALUES(' . $user_id . ', ' . $group_id . ', ' . $mod_switch . ');');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1187	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1188	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1189	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1190	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1191	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1192	// Update modship status
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1193	if ( strval($row['is_mod']) == $mod_switch )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1194	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1195	// Modship unchanged
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1196	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1197	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1198	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1199	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1200	// Modship changed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1201	$this->sql('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod_switch . ' WHERE member_id=' . $row['member_id'] . ';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1202	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1203	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1204	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1205	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1206	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1207
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1208	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1209	* Removes a user from a group.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1210	* @param int User ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1211	* @param int Group ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1212	* @return bool True on success, false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1213	* @todo put a little more error checking in...
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1214	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1215
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1216	function remove_user_from_group($user_id, $group_id)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1217	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1218	if ( !is_int($user_id) \|\| !is_int($group_id) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1219	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1220	$this->sql('DELETE FROM '.table_prefix."group_members WHERE user_id=$user_id AND group_id=$group_id;");
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1221	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1222	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1223
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1224	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1225	* Checks the banlist to ensure that we're an allowed user. Doesn't return anything because it dies if the user is banned.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1226	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1227
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1228	function check_banlist()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1229	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1230	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1231	if($this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1232	$q = $this->sql('SELECT ban_id,ban_type,ban_value,is_regex FROM '.table_prefix.'banlist ORDER BY ban_type;');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1233	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1234	$q = $this->sql('SELECT ban_id,ban_type,ban_value,is_regex,reason FROM '.table_prefix.'banlist ORDER BY ban_type;');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1235	if(!$q) $db->_die('The banlist data could not be selected.');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1236	$banned = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1237	while($row = $db->fetchrow())
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1238	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1239	if($this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1240	$row['reason'] = 'None available - session manager is in compatibility mode';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1241	switch($row['ban_type'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1242	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1243	case BAN_IP:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1244	if(intval($row['is_regex'])==1) {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1245	if(preg_match('#'.$row['ban_value'].'#i', $_SERVER['REMOTE_ADDR']))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1246	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1247	$banned = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1248	$reason = $row['reason'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1249	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1250	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1251	else {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1252	if($row['ban_value']==$_SERVER['REMOTE_ADDR']) { $banned = true; $reason = $row['reason']; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1253	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1254	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1255	case BAN_USER:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1256	if(intval($row['is_regex'])==1) {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1257	if(preg_match('#'.$row['ban_value'].'#i', $this->username))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1258	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1259	$banned = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1260	$reason = $row['reason'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1261	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1262	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1263	else {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1264	if($row['ban_value']==$this->username) { $banned = true; $reason = $row['reason']; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1265	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1266	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1267	case BAN_EMAIL:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1268	if(intval($row['is_regex'])==1) {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1269	if(preg_match('#'.$row['ban_value'].'#i', $this->email))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1270	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1271	$banned = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1272	$reason = $row['reason'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1273	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1274	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1275	else {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1276	if($row['ban_value']==$this->email) { $banned = true; $reason = $row['reason']; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1277	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1278	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1279	default:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1280	die('Ban error: rule "'.$row['ban_value'].'" has an invalid type ('.$row['ban_type'].')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1281	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1282	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1283	if($banned && $paths->get_pageid_from_url() != $paths->nslist['Special'].'CSS')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1284	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1285	// This guy is banned - kill the session, kill the database connection, bail out, and be pretty about it
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1286	die_semicritical('Ban notice', '<div class="error-box">You have been banned from this website. Please contact the site administrator for more information.<br /><br />Reason:<br />'.$reason.'</div>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1287	exit;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1288	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1289	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1290
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1291	# Registration
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1292
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1293	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1294	* Registers a user. This does not perform any type of login.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1295	* @param string $username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1296	* @param string $password This should be unencrypted.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1297	* @param string $email
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1298	* @param string $real_name Optional, defaults to ''.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1299	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1300
13 fdd6b9dd42c3 Installer actually works now on dev servers; minor language change in template.php; code cleanliness fix in sessions.php Dan parents: 1 diff changeset	1301	function create_user($username, $password, $email, $real_name = '')
fdd6b9dd42c3 Installer actually works now on dev servers; minor language change in template.php; code cleanliness fix in sessions.php Dan parents: 1 diff changeset	1302	{
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1303	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1304
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1305	// Initialize AES
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1306	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1307
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1308	if(!preg_match('#^'.$this->valid_username.'$#', $username)) return 'The username you chose contains invalid characters.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1309	$username = $this->prepare_text($username);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1310	$email = $this->prepare_text($email);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1311	$real_name = $this->prepare_text($real_name);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1312	$password = $aes->encrypt($password, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1313
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1314	$nameclause = ( $real_name != '' ) ? ' OR real_name=\''.$real_name.'\'' : '';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1315	$q = $this->sql('SELECT * FROM '.table_prefix.'users WHERE lcase(username)=\''.strtolower($username).'\' OR email=\''.$email.'\''.$nameclause.';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1316	if($db->numrows() > 0) {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1317	$r = 'The ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1318	$i=0;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1319	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1320	// Wow! An error checker that actually speaks English with the properest grammar! :-P
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1321	if($row['username'] == $username) { $r .= 'username'; $i++; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1322	if($row['email'] == $email) { if($i) $r.=', '; $r .= 'e-mail address'; $i++; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1323	if($row['real_name'] == $real_name && $real_name != '') { if($i) $r.=', and '; $r .= 'real name'; $i++; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1324	$r .= ' that you entered ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1325	$r .= ( $i == 1 ) ? 'is' : 'are';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1326	$r .= ' already in use by another user.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1327	return $r;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1328	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1329
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1330	// Require the account to be activated?
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1331	switch(getConfig('account_activation'))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1332	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1333	case 'none':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1334	default:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1335	$active = '1';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1336	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1337	case 'user':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1338	$active = '0';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1339	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1340	case 'admin':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1341	$active = '0';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1342	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1343	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1344
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1345	// Generate a totally random activation key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1346	$actkey = sha1 ( microtime() . mt_rand() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1347
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1348	// We good, create the user
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1349	$this->sql('INSERT INTO '.table_prefix.'users ( username, password, email, real_name, theme, style, reg_time, account_active, activation_key, user_level ) VALUES ( \''.$username.'\', \''.$password.'\', \''.$email.'\', \''.$real_name.'\', \''.$template->default_theme.'\', \''.$template->default_style.'\', '.time().', '.$active.', \''.$actkey.'\', '.USER_LEVEL_CHPREF.' )');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1350
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1351	// Require the account to be activated?
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1352	switch(getConfig('account_activation'))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1353	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1354	case 'none':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1355	default:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1356	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1357	case 'user':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1358	$a = $this->send_activation_mail($username);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1359	if(!$a)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1360	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1361	$this->admin_activation_request($username);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1362	return 'The activation e-mail could not be sent due to an internal error. This could possibly be due to an incorrect SMTP configuration. A request has been sent to the administrator to activate your account for you. ' . $a;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1363	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1364	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1365	case 'admin':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1366	$this->admin_activation_request($username);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1367	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1368	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1369
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1370	// Leave some data behind for the hook
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1371	$code = $plugins->setHook('user_registered'); // , Array('username'=>$username));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1372	foreach ( $code as $cmd )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1373	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1374	eval($cmd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1375	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1376
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1377	// $this->register_session($username, $password);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1378	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1379	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1380
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1381	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1382	* Attempts to send an e-mail to the specified user with activation instructions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1383	* @param string $u The usernamd of the user requesting activation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1384	* @return bool true on success, false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1385	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1386
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1387	function send_activation_mail($u, $actkey = false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1388	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1389	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1390	$q = $this->sql('SELECT username,email FROM '.table_prefix.'users WHERE user_id=1 OR user_level=' . USER_LEVEL_ADMIN . ' ORDER BY user_id ASC;');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1391	$un = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1392	$admin_user = $un['username'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1393	$q = $this->sql('SELECT username,activation_key,account_active,email FROM '.table_prefix.'users WHERE username=\''.$db->escape($u).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1394	$r = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1395	if ( empty($r['email']) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1396	$db->_die('BUG: $session->send_activation_mail(): no e-mail address in row');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1397	$message = 'Dear '.$u.',
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1398	Thank you for registering on '.getConfig('site_name').'. Your account creation is almost complete. To complete the registration process, please click the following link or paste it into your web browser:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1399
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1400	';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1401	if(isset($_SERVER['HTTPS'])) $prot = 'https';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1402	else $prot = 'http';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1403	if($_SERVER['SERVER_PORT'] == '80') $p = '';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1404	else $p = ':'.$_SERVER['SERVER_PORT'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1405	$sidbak = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1406	if($this->sid_super)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1407	$sidbak = $this->sid_super;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1408	$this->sid_super = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1409	$aklink = makeUrlNS('Special', 'ActivateAccount/'.str_replace(' ', '_', $u).'/'. ( ( is_string($actkey) ) ? $actkey : $r['activation_key'] ) );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1410	if($sidbak)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1411	$this->sid_super = $sidbak;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1412	unset($sidbak);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1413	$message .= "$prot://".$_SERVER['HTTP_HOST'].$p.$aklink;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1414	$message .= "\n\nSincerely yours, \n$admin_user and the ".$_SERVER['HTTP_HOST']." administration team";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1415	error_reporting(E_ALL);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1416	dc_dump($r, 'session: about to send activation e-mail to '.$r['email']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1417	if(getConfig('smtp_enabled') == '1')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1418	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1419	$result = smtp_send_email($r['email'], getConfig('site_name').' website account activation', preg_replace("#(?<!\r)\n#s", "\n", $message), getConfig('contact_email'));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1420	if($result == 'success') $result = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1421	else { echo $result; $result = false; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1422	} else {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1423	$result = mail($r['email'], getConfig('site_name').' website account activation', preg_replace("#(?<!\r)\n#s", "\n", $message), 'From: '.getConfig('contact_email'));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1424	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1425	return $result;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1426	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1427
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1428	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1429	* Sends an e-mail to a user so they can reset their password.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1430	* @param int $user The user ID, or username if it's a string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1431	* @return bool true on success, false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1432	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1433
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1434	function mail_password_reset($user)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1435	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1436	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1437	if(is_int($user))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1438	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1439	$q = $this->sql('SELECT user_id,username,email FROM '.table_prefix.'users WHERE user_id='.$user.';'); // This is SAFE! This is only called if $user is an integer
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1440	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1441	elseif(is_string($user))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1442	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1443	$q = $this->sql('SELECT user_id,username,email FROM '.table_prefix.'users WHERE username=\''.$db->escape($user).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1444	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1445	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1446	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1447	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1448	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1449
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1450	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1451	$temp_pass = $this->random_pass();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1452
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1453	$this->register_temp_password($row['user_id'], $temp_pass);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1454
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1455	$site_name = getConfig('site_name');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1456
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1457	$message = "Dear {$row['username']},
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1458
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1459	Someone (hopefully you) on the {$site_name} website requested that a new password be created.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1460
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1461	The request was sent from the IP address {$_SERVER['REMOTE_ADDR']}.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1462
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1463	If you did not request the new password, then you do not need to do anything; the password will be invalidated after 24 hours.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1464
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1465	If you did request this password, then please log in using the password shown below:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1466
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1467	Password: {$temp_pass}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1468
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1469	After you log in using this password, you will be able to reset your real password. You can only log in using this temporary password once.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1470
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1471	Sincerely yours,
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1472	The {$site_name} administration team
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1473	";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1474
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1475	if(getConfig('smtp_enabled') == '1')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1476	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1477	$result = smtp_send_email($row['email'], getConfig('site_name').' password reset', preg_replace("#(?<!\r)\n#s", "\n", $message), getConfig('contact_email'));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1478	if($result == 'success')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1479	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1480	$result = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1481	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1482	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1483	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1484	echo '<p>'.$result.'</p>';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1485	$result = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1486	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1487	} else {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1488	$result = mail($row['email'], getConfig('site_name').' password reset', preg_replace("#(?<!\r)\n#s", "\n", $message), 'From: '.getConfig('contact_email'));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1489	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1490	return $result;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1491	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1492
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1493	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1494	* Sets the temporary password for the specified user to whatever is specified.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1495	* @param int $user_id
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1496	* @param string $password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1497	* @return bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1498	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1499
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1500	function register_temp_password($user_id, $password)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1501	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1502	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1503	$temp_pass = $aes->encrypt($password, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1504	$this->sql('UPDATE '.table_prefix.'users SET temp_password=\'' . $temp_pass . '\',temp_password_time='.time().' WHERE user_id='.intval($user_id).';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1505	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1506
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1507	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1508	* Sends a request to the admin panel to have the username $u activated.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1509	* @param string $u The username of the user requesting activation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1510	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1511
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1512	function admin_activation_request($u)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1513	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1514	global $db;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1515	$this->sql('INSERT INTO '.table_prefix.'logs(log_type, action, time_id, date_string, author, edit_summary) VALUES(\'admin\', \'activ_req\', '.time().', \''.date('d M Y h:i a').'\', \''.$this->username.'\', \''.$db->escape($u).'\');');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1516	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1517
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1518	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1519	* Activates a user account. If the action fails, a report is sent to the admin.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1520	* @param string $user The username of the user requesting activation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1521	* @param string $key The activation key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1522	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1523
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1524	function activate_account($user, $key)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1525	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1526	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1527	$this->sql('UPDATE '.table_prefix.'users SET account_active=1 WHERE username=\''.$db->escape($user).'\' AND activation_key=\''.$db->escape($key).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1528	$r = mysql_affected_rows();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1529	if ( $r > 0 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1530	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1531	$e = $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'activ_good\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($user).'\', \''.$_SERVER['REMOTE_ADDR'].'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1532	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1533	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1534	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1535	$e = $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'activ_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($user).'\', \''.$_SERVER['REMOTE_ADDR'].'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1536	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1537	return $r;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1538	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1539
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1540	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1541	* For a given user level identifier (USER_LEVEL_*), returns a string describing that user level.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1542	* @param int User level
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1543	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1544	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1545
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1546	function userlevel_to_string($user_level)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1547	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1548	switch ( $user_level )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1549	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1550	case USER_LEVEL_GUEST:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1551	return 'Low - guest privileges';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1552	case USER_LEVEL_MEMBER:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1553	return 'Standard - normal member level';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1554	case USER_LEVEL_CHPREF:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1555	return 'Medium - user can change his/her own e-mail address and password';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1556	case USER_LEVEL_MOD:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1557	return 'High - moderator privileges';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1558	case USER_LEVEL_ADMIN:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1559	return 'Highest - administrative privileges';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1560	default:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1561	return "Unknown ($user_level)";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1562	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1563	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1564
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1565	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1566	* Updates a user's information in the database. Note that any of the values except $user_id can be false if you want to preserve the old values.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1567	* @param int $user_id The user ID of the user to update - this cannot be changed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1568	* @param string $username The new username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1569	* @param string $old_pass The current password - only required if sessionManager::$user_level < USER_LEVEL_ADMIN. This should usually be an UNENCRYPTED string. This can also be an array - if it is, key 0 is treated as data AES-encrypted with key 1
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1570	* @param string $password The new password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1571	* @param string $email The new e-mail address
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1572	* @param string $realname The new real name
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1573	* @param string $signature The updated forum/comment signature
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1574	* @param int $user_level The updated user level
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1575	* @return string 'success' if successful, or array of error strings on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1576	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1577
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1578	function update_user($user_id, $username = false, $old_pass = false, $password = false, $email = false, $realname = false, $signature = false, $user_level = false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1579	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1580	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1581
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1582	// Create some arrays
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1583
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1584	$errors = Array(); // Used to hold error strings
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1585	$strs = Array(); // Sub-query statements
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1586
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1587	// Scan the user ID for problems
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1588	if(intval($user_id) < 1) $errors[] = 'SQL injection attempt';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1589
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1590	// Instanciate the AES encryption class
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1591	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1592
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1593	// If all of our input vars are false, then we've effectively done our job so get out of here
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1594	if($username === false && $password === false && $email === false && $realname === false && $signature === false && $user_level === false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1595	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1596	// echo 'debug: $session->update_user(): success (no changes requested)';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1597	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1598	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1599
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1600	// Initialize our authentication check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1601	$authed = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1602
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1603	// Verify the inputted password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1604	if(is_string($old_pass))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1605	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1606	$q = $this->sql('SELECT password FROM '.table_prefix.'users WHERE user_id='.$user_id.';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1607	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1608	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1609	$errors[] = 'The password data could not be selected for verification.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1610	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1611	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1612	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1613	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1614	$real = $aes->decrypt($row['password'], $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1615	if($real == $old_pass)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1616	$authed = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1617	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1618	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1619
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1620	elseif(is_array($old_pass))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1621	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1622	$old_pass = $aes->decrypt($old_pass[0], $old_pass[1]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1623	$q = $this->sql('SELECT password FROM '.table_prefix.'users WHERE user_id='.$user_id.';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1624	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1625	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1626	$errors[] = 'The password data could not be selected for verification.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1627	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1628	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1629	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1630	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1631	$real = $aes->decrypt($row['password'], $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1632	if($real == $old_pass)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1633	$authed = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1634	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1635	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1636
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1637	// Initialize our query
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1638	$q = 'UPDATE '.table_prefix.'users SET ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1639
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1640	if($this->auth_level >= USER_LEVEL_ADMIN \|\| $authed) // Need the current password in order to update the e-mail address, change the username, or reset the password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1641	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1642	// Username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1643	if(is_string($username))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1644	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1645	// Check the username for problems
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1646	if(!preg_match('#^'.$this->valid_username.'$#', $username))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1647	$errors[] = 'The username you entered contains invalid characters.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1648	$strs[] = 'username=\''.$db->escape($username).'\'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1649	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1650	// Password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1651	if(is_string($password) && strlen($password) >= 6)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1652	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1653	// Password needs to be encrypted before being stashed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1654	$encpass = $aes->encrypt($password, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1655	if(!$encpass)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1656	$errors[] = 'The password could not be encrypted due to an internal error.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1657	$strs[] = 'password=\''.$encpass.'\'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1658	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1659	// E-mail addy
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1660	if(is_string($email))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1661	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1662	// I didn't write this regex.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1663	if(!preg_match('/^(?:[\w\d]+\.?)+@(?:(?:[\w\d]\-?)+\.)+\w{2,4}$/', $email))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1664	$errors[] = 'The e-mail address you entered is invalid.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1665	$strs[] = 'email=\''.$db->escape($email).'\'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1666	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1667	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1668	// Real name
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1669	if(is_string($realname))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1670	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1671	$strs[] = 'real_name=\''.$db->escape($realname).'\'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1672	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1673	// Forum/comment signature
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1674	if(is_string($signature))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1675	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1676	$strs[] = 'signature=\''.$db->escape($signature).'\'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1677	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1678	// User level
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1679	if(is_int($user_level))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1680	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1681	$strs[] = 'user_level='.$user_level;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1682	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1683
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1684	// Add our generated query to the query string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1685	$q .= implode(',', $strs);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1686
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1687	// One last error check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1688	if(sizeof($strs) < 1) $errors[] = 'An internal error occured building the SQL query, this is a bug';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1689	if(sizeof($errors) > 0) return $errors;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1690
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1691	// Free our temp arrays
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1692	unset($strs, $errors);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1693
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1694	// Finalize the query and run it
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1695	$q .= ' WHERE user_id='.$user_id.';';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1696	$this->sql($q);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1697
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1698	// We also need to trigger re-activation.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1699	if ( is_string($email) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1700	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1701	switch(getConfig('account_activation'))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1702	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1703	case 'user':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1704	case 'admin':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1705
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1706	if ( $session->user_level >= USER_LEVEL_MOD && getConfig('account_activation') == 'admin' )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1707	// Don't require re-activation by admins for admins
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1708	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1709
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1710	// retrieve username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1711	if ( !$username )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1712	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1713	$q = $this->sql('SELECT username FROM '.table_prefix.'users WHERE user_id='.$user_id.';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1714	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1715	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1716	$errors[] = 'The username could not be selected.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1717	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1718	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1719	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1720	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1721	$username = $row['username'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1722	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1723	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1724	if ( !$username )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1725	return $errors;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1726
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1727	// Generate a totally random activation key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1728	$actkey = sha1 ( microtime() . mt_rand() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1729	$a = $this->send_activation_mail($username, $actkey);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1730	if(!$a)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1731	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1732	$this->admin_activation_request($username);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1733	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1734	// Deactivate the account until e-mail is confirmed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1735	$q = $db->sql_query('UPDATE '.table_prefix.'users SET account_active=0,activation_key=\'' . $actkey . '\' WHERE user_id=' . $user_id . ';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1736	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1737	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1738	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1739
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1740	// Yay! We're done
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1741	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1742	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1743
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1744	#
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1745	# Access Control Lists
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1746	#
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1747
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1748	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1749	* Creates a new permission field in memory. If the permissions are set in the database, they are used. Otherwise, $default_perm is used.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1750	* @param string $acl_type An identifier for this field
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1751	* @param int $default_perm Whether permission should be granted or not if it's not specified in the ACLs.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1752	* @param string $desc A human readable name for the permission type
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1753	* @param array $deps The list of dependencies - this should be an array of ACL types
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1754	* @param string $scope Which namespaces this field should apply to. This should be either a pipe-delimited list of namespace IDs or just "All".
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1755	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1756
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1757	function register_acl_type($acl_type, $default_perm = AUTH_DISALLOW, $desc = false, $deps = Array(), $scope = 'All')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1758	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1759	if(isset($this->acl_types[$acl_type]))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1760	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1761	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1762	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1763	if(!$desc)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1764	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1765	$desc = capitalize_first_letter(str_replace('_', ' ', $acl_type));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1766	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1767	$this->acl_types[$acl_type] = $default_perm;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1768	$this->acl_descs[$acl_type] = $desc;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1769	$this->acl_deps[$acl_type] = $deps;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1770	$this->acl_scope[$acl_type] = explode('\|', $scope);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1771	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1772	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1773	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1774
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1775	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1776	* Tells us whether permission $type is allowed or not based on the current rules.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1777	* @param string $type The permission identifier ($acl_type passed to sessionManager::register_acl_type())
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1778	* @param bool $no_deps If true, disables dependency checking
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1779	* @return bool True if allowed, false if denied or if an error occured
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1780	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1781
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1782	function get_permissions($type, $no_deps = false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1783	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1784	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1785	if ( isset( $this->perms[$type] ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1786	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1787	if ( $this->perms[$type] == AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1788	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1789	else if ( $this->perms[$type] == AUTH_WIKIMODE && $paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1790	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1791	else if ( $this->perms[$type] == AUTH_WIKIMODE && !$paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1792	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1793	else if ( $this->perms[$type] == AUTH_ALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1794	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1795	else if ( $this->perms[$type] == AUTH_DISALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1796	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1797	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1798	else if(isset($this->acl_types[$type]))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1799	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1800	if ( $this->acl_types[$type] == AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1801	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1802	else if ( $this->acl_types[$type] == AUTH_WIKIMODE && $paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1803	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1804	else if ( $this->acl_types[$type] == AUTH_WIKIMODE && !$paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1805	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1806	else if ( $this->acl_types[$type] == AUTH_ALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1807	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1808	else if ( $this->acl_types[$type] == AUTH_DISALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1809	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1810	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1811	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1812	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1813	// ACL type is undefined
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1814	trigger_error('Unknown access type "' . $type . '"', E_USER_WARNING);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1815	return false; // Be on the safe side and deny access
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1816	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1817	if ( !$no_deps )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1818	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1819	if ( !$this->acl_check_deps($type) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1820	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1821	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1822	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1823	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1824
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1825	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1826	* Fetch the permissions that apply to the current user for the page specified. The object you get will have the get_permissions method
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1827	* and several other abilities.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1828	* @param string $page_id
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1829	* @param string $namespace
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1830	* @return object
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1831	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1832
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1833	function fetch_page_acl($page_id, $namespace)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1834	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1835	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1836
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1837	if ( count ( $this->acl_base_cache ) < 1 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1838	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1839	// Permissions table not yet initialized
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1840	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1841	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1842
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1843	//if ( !isset( $paths->pages[$paths->nslist[$namespace] . $page_id] ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1844	//{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1845	// // Page does not exist
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1846	// return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1847	//}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1848
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1849	$object = new Session_ACLPageInfo( $page_id, $namespace, $this->acl_types, $this->acl_descs, $this->acl_deps, $this->acl_base_cache );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1850
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1851	return $object;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1852
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1853	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1854
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1855	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1856	* Read all of our permissions from the database and process/apply them. This should be called after the page is determined.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1857	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1858	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1859
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1860	function init_permissions()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1861	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1862	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1863	// Initialize the permissions list with some defaults
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1864	$this->perms = $this->acl_types;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1865	$this->acl_defaults_used = $this->perms;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1866
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1867	// Fetch sitewide defaults from the permissions table
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1868	$bs = 'SELECT rules FROM '.table_prefix.'acl WHERE page_id IS NULL AND namespace IS NULL AND ( ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1869
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1870	$q = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1871	$q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$this->user_id.' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1872	if(count($this->groups) > 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1873	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1874	foreach($this->groups as $g_id => $g_name)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1875	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1876	$q[] = '( target_type='.ACL_TYPE_GROUP.' AND target_id='.intval($g_id).' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1877	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1878	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1879	$bs .= implode(' OR ', $q) . ' ) ORDER BY target_type ASC, target_id ASC;';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1880	$q = $this->sql($bs);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1881	if ( $row = $db->fetchrow() )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1882	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1883	do {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1884	$rules = $this->string_to_perm($row['rules']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1885	$is_everyone = ( $row['target_type'] == ACL_TYPE_GROUP && $row['target_id'] == 1 );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1886	$this->acl_merge_with_current($rules, $is_everyone);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1887	} while ( $row = $db->fetchrow() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1888	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1889
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1890	// Eliminate types that don't apply to this namespace
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1891	foreach ( $this->perms AS $i => $perm )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1892	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1893	if ( !in_array ( $paths->namespace, $this->acl_scope[$i] ) && !in_array('All', $this->acl_scope[$i]) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1894	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1895	unset($this->perms[$i]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1896	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1897	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1898
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1899	// Cache the sitewide permissions for later use
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1900	$this->acl_base_cache = $this->perms;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1901
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1902	// Build a query to grab ACL info
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1903	$bs = 'SELECT rules,target_type,target_id FROM '.table_prefix.'acl WHERE ( ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1904	$q = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1905	$q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$this->user_id.' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1906	if(count($this->groups) > 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1907	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1908	foreach($this->groups as $g_id => $g_name)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1909	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1910	$q[] = '( target_type='.ACL_TYPE_GROUP.' AND target_id='.intval($g_id).' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1911	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1912	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1913	// The reason we're using an ORDER BY statement here is because ACL_TYPE_GROUP is less than ACL_TYPE_USER, causing the user's individual
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1914	// permissions to override group permissions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1915	$bs .= implode(' OR ', $q) . ' ) AND ( page_id=\''.$db->escape($paths->cpage['urlname_nons']).'\' AND namespace=\''.$db->escape($paths->namespace).'\' )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1916	ORDER BY target_type ASC, page_id ASC, namespace ASC;';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1917	$q = $this->sql($bs);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1918	if ( $row = $db->fetchrow() )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1919	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1920	do {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1921	$rules = $this->string_to_perm($row['rules']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1922	$is_everyone = ( $row['target_type'] == ACL_TYPE_GROUP && $row['target_id'] == 1 );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1923	$this->acl_merge_with_current($rules, $is_everyone);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1924	} while ( $row = $db->fetchrow() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1925	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1926
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1927	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1928
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1929	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1930	* Extends the scope of a permission type.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1931	* @param string The name of the permission type
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1932	* @param string The namespace(s) that should be covered. This can be either one namespace ID or a pipe-delimited list.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1933	* @param object Optional - the current $paths object, in case we're doing this from the acl_rule_init hook
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1934	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1935
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1936	function acl_extend_scope($perm_type, $namespaces, &$p_in)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1937	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1938	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1939	$p_obj = ( is_object($p_in) ) ? $p_in : $paths;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1940	$nslist = explode('\|', $namespaces);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1941	foreach ( $nslist as $i => $ns )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1942	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1943	if ( !isset($p_obj->nslist[$ns]) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1944	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1945	unset($nslist[$i]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1946	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1947	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1948	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1949	$this->acl_scope[$perm_type][] = $ns;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1950	if ( isset($this->acl_types[$perm_type]) && !isset($this->perms[$perm_type]) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1951	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1952	$this->perms[$perm_type] = $this->acl_types[$perm_type];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1953	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1954	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1955	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1956	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1957
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1958	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1959	* Converts a permissions field into a string for database insertion. Similar in spirit to serialize().
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1960	* @param array $perms An associative array with only integers as values
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1961	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1962	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1963
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1964	function perm_to_string($perms)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1965	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1966	$s = '';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1967	foreach($perms as $perm => $ac)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1968	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1969	$s .= "$perm=$ac;";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1970	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1971	return $s;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1972	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1973
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1974	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1975	* Converts a permissions string back to an array.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1976	* @param string $perms The result from sessionManager::perm_to_string()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1977	* @return array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1978	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1979
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1980	function string_to_perm($perms)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1981	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1982	$ret = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1983	preg_match_all('#([a-z0-9_-]+)=([0-9]+);#i', $perms, $matches);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1984	foreach($matches[1] as $i => $t)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1985	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1986	$ret[$t] = intval($matches[2][$i]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1987	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1988	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1989	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1990
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1991	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1992	* Merges two ACL arrays. Both parameters should be permission list arrays. The second group takes precedence over the first, but AUTH_DENY always prevails.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1993	* @param array $perm1 The first set of permissions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1994	* @param array $perm2 The second set of permissions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1995	* @return array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1996	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1997
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1998	function acl_merge($perm1, $perm2)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1999	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2000	$ret = $perm1;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2001	foreach ( $perm2 as $type => $level )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2002	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2003	if ( isset( $ret[$type] ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2004	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2005	if ( $ret[$type] != AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2006	$ret[$type] = $level;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2007	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2008	// else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2009	// {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2010	// $ret[$type] = $level;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2011	// }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2012	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2013	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2014	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2015
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2016	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2017	* Merges the ACL array sent with the current permissions table, deciding precedence based on whether defaults are in effect or not.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2018	* @param array The array to merge into the master ACL list
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2019	* @param bool If true, $perm is treated as the "new default"
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2020	* @param int 1 if this is a site-wide ACL, 2 if page-specific. Defaults to 2.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2021	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2022
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2023	function acl_merge_with_current($perm, $is_everyone = false, $scope = 2)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2024	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2025	foreach ( $this->perms as $i => $p )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2026	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2027	if ( isset($perm[$i]) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2028	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2029	if ( $is_everyone && !$this->acl_defaults_used[$i] )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2030	continue;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2031	// Decide precedence
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2032	if ( isset($this->acl_defaults_used[$i]) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2033	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2034	//echo "$i: default in use, overriding to: {$perm[$i]}<br />";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2035	// Defaults are in use, override
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2036	$this->perms[$i] = $perm[$i];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2037	$this->acl_defaults_used[$i] = ( $is_everyone );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2038	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2039	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2040	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2041	//echo "$i: default NOT in use";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2042	// Defaults are not in use, merge as normal
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2043	if ( $this->perms[$i] != AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2044	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2045	//echo ", but overriding";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2046	$this->perms[$i] = $perm[$i];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2047	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2048	//echo "<br />";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2049	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2050	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2051	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2052	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2053
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2054	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2055	* Merges two ACL arrays. Both parameters should be permission list arrays. The second group takes precedence
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2056	* over the first, without exceptions. This is used to merge the hardcoded defaults with admin-specified
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2057	* defaults, which take precedence.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2058	* @param array $perm1 The first set of permissions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2059	* @param array $perm2 The second set of permissions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2060	* @return array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2061	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2062
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2063	function acl_merge_complete($perm1, $perm2)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2064	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2065	$ret = $perm1;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2066	foreach ( $perm2 as $type => $level )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2067	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2068	$ret[$type] = $level;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2069	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2070	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2071	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2072
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2073	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2074	* Tell us if the dependencies for a given permission are met.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2075	* @param string The ACL permission ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2076	* @return bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2077	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2078
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2079	function acl_check_deps($type)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2080	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2081	if(!isset($this->acl_deps[$type])) // This will only happen if the permissions table is hacked or improperly accessed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2082	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2083	if(sizeof($this->acl_deps[$type]) < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2084	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2085	$deps = $this->acl_deps[$type];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2086	while(true)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2087	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2088	$full_resolved = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2089	$j = sizeof($deps);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2090	for ( $i = 0; $i < $j; $i++ )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2091	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2092	$b = $deps;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2093	$deps = array_merge($deps, $this->acl_deps[$deps[$i]]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2094	if( $b == $deps )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2095	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2096	break 2;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2097	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2098	$j = sizeof($deps);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2099	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2100	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2101	//die('<pre>'.print_r($deps, true).'</pre>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2102	foreach($deps as $d)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2103	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2104	if ( !$this->get_permissions($d) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2105	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2106	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2107	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2108	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2109	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2110	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2111
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2112	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2113	* Makes a CAPTCHA code and caches the code in the database
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2114	* @param int $len The length of the code, in bytes
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2115	* @return string A unique identifier assigned to the code. This hash should be passed to sessionManager::getCaptcha() to retrieve the code.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2116	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2117
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2118	function make_captcha($len = 7)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2119	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2120	$chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2121	$s = '';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2122	for($i=0;$i<$len;$i++) $s .= $chars[mt_rand(0, count($chars)-1)];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2123	$hash = md5(microtime() . mt_rand());
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2124	$this->sql('INSERT INTO '.table_prefix.'session_keys(session_key,salt,auth_level,source_ip,user_id) VALUES(\''.$hash.'\', \''.$s.'\', -1, \''.ip2hex($_SERVER['REMOTE_ADDR']).'\', -2);');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2125	return $hash;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2126	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2127
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2128	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2129	* For the given code ID, returns the correct CAPTCHA code, or false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2130	* @param string $hash The unique ID assigned to the code
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2131	* @return string The correct confirmation code
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2132	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2133
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2134	function get_captcha($hash)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2135	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2136	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2137	$s = $this->sql('SELECT salt FROM '.table_prefix.'session_keys WHERE session_key=\''.$db->escape($hash).'\' AND source_ip=\''.ip2hex($_SERVER['REMOTE_ADDR']).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2138	if($db->numrows() < 1) return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2139	$r = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2140	return $r['salt'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2141	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2142
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2143	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2144	* Deletes all CAPTCHA codes cached in the DB for this user.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2145	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2146
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2147	function kill_captcha()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2148	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2149	$this->sql('DELETE FROM '.table_prefix.'session_keys WHERE user_id=-2 AND source_ip=\''.ip2hex($_SERVER['REMOTE_ADDR']).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2150	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2151
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2152	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2153	* Generates a random password.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2154	* @param int $length Optional - length of password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2155	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2156	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2157
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2158	function random_pass($length = 10)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2159	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2160	$valid_chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_+@#%&<>';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2161	$valid_chars = enano_str_split($valid_chars);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2162	$ret = '';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2163	for ( $i = 0; $i < $length; $i++ )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2164	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2165	$ret .= $valid_chars[mt_rand(0, count($valid_chars)-1)];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2166	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2167	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2168	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2169
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2170	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2171	* Generates some Javascript that calls the AES encryption library.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2172	* @param string The name of the form
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2173	* @param string The name of the password field
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2174	* @param string The name of the field that switches encryption on or off
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2175	* @param string The name of the field that contains the encryption key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2176	* @param string The name of the field that will contain the encrypted password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2177	* @param string The name of the field that handles MD5 challenge data
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2178	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2179	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2180
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2181	function aes_javascript($form_name, $pw_field, $use_crypt, $crypt_key, $crypt_data, $challenge)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2182	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2183	$code = '
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2184	<script type="text/javascript">
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2185	disableJSONExts();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2186	str = \'\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2187	for(i=0;i<keySizeInBits/4;i++) str+=\'0\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2188	var key = hexToByteArray(str);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2189	var pt = hexToByteArray(str);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2190	var ct = rijndaelEncrypt(pt, key, \'ECB\');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2191	var ct = byteArrayToHex(ct);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2192	switch(keySizeInBits)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2193	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2194	case 128:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2195	v = \'66e94bd4ef8a2c3b884cfa59ca342b2e\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2196	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2197	case 192:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2198	v = \'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2199	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2200	case 256:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2201	v = \'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2202	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2203	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2204	var testpassed = ' . ( ( isset($_GET['use_crypt']) && $_GET['use_crypt']=='0') ? 'false; // CRYPTO-AUTH DISABLED ON USER REQUEST // ' : '' ) . '( ct == v && md5_vm_test() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2205	var frm = document.forms.'.$form_name.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2206	if(testpassed)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2207	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2208	frm.'.$use_crypt.'.value = \'yes\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2209	var cryptkey = frm.'.$crypt_key.'.value;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2210	frm.'.$crypt_key.'.value = hex_md5(cryptkey);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2211	cryptkey = hexToByteArray(cryptkey);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2212	if(!cryptkey \|\| ( ( typeof cryptkey == \'string\' \|\| typeof cryptkey == \'object\' ) ) && cryptkey.length != keySizeInBits / 8 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2213	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2214	if ( frm._login ) frm._login.disabled = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2215	len = ( typeof cryptkey == \'string\' \|\| typeof cryptkey == \'object\' ) ? \'\\nLen: \'+cryptkey.length : \'\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2216	alert(\'The key is messed up\\nType: \'+typeof(cryptkey)+len);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2217	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2218	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2219	if(frm.username) frm.username.focus();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2220	function runEncryption()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2221	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2222	if(testpassed)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2223	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2224	pass = frm.'.$pw_field.'.value;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2225	chal = frm.'.$challenge.'.value;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2226	challenge = hex_md5(pass + chal) + chal;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2227	frm.'.$challenge.'.value = challenge;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2228	pass = stringToByteArray(pass);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2229	cryptstring = rijndaelEncrypt(pass, cryptkey, \'ECB\');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2230	if(!cryptstring)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2231	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2232	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2233	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2234	cryptstring = byteArrayToHex(cryptstring);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2235	frm.'.$crypt_data.'.value = cryptstring;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2236	frm.'.$pw_field.'.value = \'\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2237	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2238	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2239	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2240	</script>
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2241	';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2242	return $code;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2243	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2244
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2245	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2246
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2247	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2248	* Class used to fetch permissions for a specific page. Used internally by SessionManager.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2249	* @package Enano
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2250	* @subpackage Session manager
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2251	* @license http://www.gnu.org/copyleft/gpl.html
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2252	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2253	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2254
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2255	class Session_ACLPageInfo {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2256
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2257	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2258	* The page ID of this ACL info package
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2259	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2260	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2261
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2262	var $page_id;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2263
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2264	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2265	* The namespace of the page being checked
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2266	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2267	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2268
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2269	var $namespace;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2270
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2271	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2272	* Our list of permission types.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2273	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2274	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2275	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2276
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2277	var $acl_types = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2278
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2279	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2280	* The list of descriptions for the permission types
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2281	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2282	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2283
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2284	var $acl_descs = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2285
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2286	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2287	* A list of dependencies for ACL types.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2288	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2289	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2290
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2291	var $acl_deps = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2292
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2293	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2294	* Our tell-all list of permissions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2295	* @access private - or, preferably, protected...too bad this has to be PHP4 compatible
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2296	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2297	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2298
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2299	var $perms = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2300
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2301	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2302	* Constructor.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2303	* @param string $page_id The ID of the page to check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2304	* @param string $namespace The namespace of the page to check.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2305	* @param array $acl_types List of ACL types
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2306	* @param array $acl_descs List of human-readable descriptions for permissions (associative)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2307	* @param array $acl_deps List of dependencies for permissions. For example, viewing history/diffs depends on the ability to read the page.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2308	* @param array $base What to start with - this is an attempt to reduce the number of SQL queries.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2309	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2310
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2311	function Session_ACLPageInfo($page_id, $namespace, $acl_types, $acl_descs, $acl_deps, $base)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2312	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2313	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2314
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2315	$this->perms = $session->acl_merge_complete($acl_types, $base);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2316	$this->acl_deps = $acl_deps;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2317	$this->acl_types = $acl_types;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2318	$this->acl_descs = $acl_descs;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2319
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2320	// Build a query to grab ACL info
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2321	$bs = 'SELECT rules FROM '.table_prefix.'acl WHERE ( ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2322	$q = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2323	$q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$session->user_id.' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2324	if(count($session->groups) > 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2325	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2326	foreach($session->groups as $g_id => $g_name)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2327	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2328	$q[] = '( target_type='.ACL_TYPE_GROUP.' AND target_id='.intval($g_id).' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2329	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2330	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2331	// The reason we're using an ORDER BY statement here is because ACL_TYPE_GROUP is less than ACL_TYPE_USER, causing the user's individual
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2332	// permissions to override group permissions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2333	$bs .= implode(' OR ', $q) . ' ) AND ( page_id=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\' )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2334	ORDER BY target_type ASC, page_id ASC, namespace ASC;';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2335	$q = $session->sql($bs);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2336	if ( $row = $db->fetchrow() )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2337	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2338	do {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2339	$rules = $session->string_to_perm($row['rules']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2340	$this->perms = $session->acl_merge($this->perms, $rules);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2341	} while ( $row = $db->fetchrow() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2342	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2343
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2344	$this->page_id = $page_id;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2345	$this->namespace = $namespace;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2346	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2347
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2348	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2349	* Tells us whether permission $type is allowed or not based on the current rules.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2350	* @param string $type The permission identifier ($acl_type passed to sessionManager::register_acl_type())
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2351	* @param bool $no_deps If true, disables dependency checking
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2352	* @return bool True if allowed, false if denied or if an error occured
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2353	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2354
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2355	function get_permissions($type, $no_deps = false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2356	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2357	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2358	if ( isset( $this->perms[$type] ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2359	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2360	if ( $this->perms[$type] == AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2361	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2362	else if ( $this->perms[$type] == AUTH_WIKIMODE &&
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2363	( isset($paths->pages[$paths->nslist[$this->namespace].$this->page_id]) &&
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2364	( $paths->pages[$paths->nslist[$this->namespace].$this->page_id]['wiki_mode'] == '1' \|\|
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2365	( $paths->pages[$paths->nslist[$this->namespace].$this->page_id]['wiki_mode'] == '2'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2366	&& getConfig('wiki_mode') == '1'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2367	) ) ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2368	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2369	else if ( $this->perms[$type] == AUTH_WIKIMODE && (
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2370	!isset($paths->pages[$paths->nslist[$this->namespace].$this->page_id])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2371	\|\| (
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2372	isset($paths->pages[$paths->nslist[$this->namespace].$this->page_id]) && (
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2373	$paths->pages[$paths->nslist[$this->namespace].$this->page_id]['wiki_mode'] == '0'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2374	\|\| (
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2375	$paths->pages[$paths->nslist[$this->namespace].$this->page_id]['wiki_mode'] == '2' && getConfig('wiki_mode') != '1'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2376	) ) ) ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2377	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2378	else if ( $this->perms[$type] == AUTH_ALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2379	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2380	else if ( $this->perms[$type] == AUTH_DISALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2381	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2382	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2383	else if(isset($this->acl_types[$type]))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2384	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2385	if ( $this->acl_types[$type] == AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2386	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2387	else if ( $this->acl_types[$type] == AUTH_WIKIMODE && $paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2388	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2389	else if ( $this->acl_types[$type] == AUTH_WIKIMODE && !$paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2390	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2391	else if ( $this->acl_types[$type] == AUTH_ALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2392	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2393	else if ( $this->acl_types[$type] == AUTH_DISALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2394	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2395	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2396	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2397	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2398	// ACL type is undefined
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2399	trigger_error('Unknown access type "' . $type . '"', E_USER_WARNING);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2400	return false; // Be on the safe side and deny access
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2401	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2402	if ( !$no_deps )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2403	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2404	if ( !$this->acl_check_deps($type) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2405	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2406	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2407	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2408	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2409
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2410	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2411	* Tell us if the dependencies for a given permission are met.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2412	* @param string The ACL permission ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2413	* @return bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2414	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2415
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2416	function acl_check_deps($type)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2417	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2418	if(!isset($this->acl_deps[$type])) // This will only happen if the permissions table is hacked or improperly accessed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2419	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2420	if(sizeof($this->acl_deps[$type]) < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2421	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2422	$deps = $this->acl_deps[$type];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2423	while(true)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2424	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2425	$full_resolved = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2426	$j = sizeof($deps);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2427	for ( $i = 0; $i < $j; $i++ )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2428	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2429	$b = $deps;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2430	$deps = array_merge($deps, $this->acl_deps[$deps[$i]]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2431	if( $b == $deps )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2432	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2433	break 2;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2434	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2435	$j = sizeof($deps);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2436	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2437	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2438	//die('<pre>'.print_r($deps, true).'</pre>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2439	foreach($deps as $d)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2440	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2441	if ( !$this->get_permissions($d) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2442	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2443	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2444	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2445	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2446	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2447	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2448
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2449	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2450
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2451	?>

author	Dan
	Tue, 26 Jun 2007 17:28:18 -0400
changeset 21	663fcf528726
parent 18	edfc24408769
child 30	7e8fd44b36b0
permissions	-rw-r--r--