Enano CMS (1.1.x): includes/sessions.php@7e8fd44b36b0 (annotated)

1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1	<?php
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	3	/*
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	4	* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
21 663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs Dan parents: 18 diff changeset	5	* Version 1.0 (Banshee)
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	6	* Copyright (C) 2006-2007 Dan Fuhry
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	7	* sessions.php - everything related to security and user management
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	8	*
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	9	* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	10	* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	11	*
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	12	* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	13	* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	14	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	15
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	16	// Prepare a string for insertion into a MySQL database
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	17	function filter($str) { return $db->escape($str); }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	18
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	19	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	20	* Anything and everything related to security and user management. This includes AES encryption, which is illegal in some countries.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	21	* Documenting the API was not easy - I hope you folks enjoy it.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	22	* @package Enano
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	23	* @subpackage Session manager
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	24	* @category security, user management, logins, etc.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	25	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	26
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	27	class sessionManager {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	28
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	29	# Variables
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	30
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	31	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	32	* Whether we're logged in or not
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	33	* @var bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	34	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	35
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	36	var $user_logged_in = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	37
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	38	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	39	* Our current low-privilege session key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	40	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	41	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	42
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	43	var $sid;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	44
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	45	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	46	* Username of currently logged-in user, or IP address if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	47	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	48	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	49
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	50	var $username;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	51
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	52	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	53	* User ID of currently logged-in user, or -1 if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	54	* @var int
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	55	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	56
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	57	var $user_id;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	58
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	59	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	60	* Real name of currently logged-in user, or blank if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	61	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	62	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	63
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	64	var $real_name;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	65
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	66	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	67	* E-mail address of currently logged-in user, or blank if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	68	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	69	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	70
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	71	var $email;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	72
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	73	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	74	* User level of current user
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	75	* USER_LEVEL_GUEST: guest
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	76	* USER_LEVEL_MEMBER: regular user
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	77	* USER_LEVEL_CHPREF: default - pseudo-level that allows changing password and e-mail address (requires re-authentication)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	78	* USER_LEVEL_MOD: moderator
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	79	* USER_LEVEL_ADMIN: administrator
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	80	* @var int
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	81	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	82
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	83	var $user_level;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	84
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	85	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	86	* High-privilege session key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	87	* @var string or false if not running on high-level authentication
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	88	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	89
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	90	var $sid_super;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	91
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	92	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	93	* The user's theme preference, defaults to $template->default_theme
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	94	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	95	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	96
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	97	var $theme;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	98
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	99	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	100	* The user's style preference, or style auto-detected based on theme if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	101	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	102	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	103
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	104	var $style;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	105
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	106	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	107	* Signature of current user - appended to comments, etc.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	108	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	109	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	110
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	111	var $signature;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	112
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	113	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	114	* UNIX timestamp of when we were registered, or 0 if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	115	* @var int
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	116	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	117
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	118	var $reg_time;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	119
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	120	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	121	* MD5 hash of the current user's password, if applicable
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	122	* @var string OR bool false
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	123	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	124
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	125	var $password_hash;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	126
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	127	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	128	* The number of unread private messages this user has.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	129	* @var int
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	130	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	131
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	132	var $unread_pms = 0;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	133
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	134	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	135	* AES key used to encrypt passwords and session key info - irreversibly destroyed when disallow_password_grab() is called
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	136	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	137	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	138
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	139	var $private_key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	140
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	141	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	142	* Regex that defines a valid username, minus the ^ and $, these are added later
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	143	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	144	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	145
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	146	var $valid_username = '([A-Za-z0-9 \!\@-]+)';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	147
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	148	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	149	* What we're allowed to do as far as permissions go. This changes based on the value of the "auth" URI param.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	150	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	151	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	152
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	153	var $auth_level = -1;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	154
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	155	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	156	* State variable to track if a session timed out
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	157	* @var bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	158	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	159
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	160	var $sw_timed_out = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	161
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	162	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	163	* Switch to track if we're started or not.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	164	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	165	* @var bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	166	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	167
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	168	var $started = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	169
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	170	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	171	* Switch to control compatibility mode (for older Enano websites being upgraded)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	172	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	173	* @var bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	174	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	175
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	176	var $compat = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	177
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	178	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	179	* Our list of permission types.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	180	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	181	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	182	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	183
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	184	var $acl_types = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	185
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	186	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	187	* The list of descriptions for the permission types
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	188	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	189	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	190
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	191	var $acl_descs = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	192
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	193	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	194	* A list of dependencies for ACL types.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	195	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	196	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	197
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	198	var $acl_deps = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	199
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	200	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	201	* Our tell-all list of permissions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	202	* @access private - or, preferably, protected
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	203	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	204	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	205
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	206	var $perms = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	207
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	208	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	209	* A cache variable - saved after sitewide permissions are checked but before page-specific permissions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	210	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	211	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	212	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	213
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	214	var $acl_base_cache = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	215
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	216	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	217	* Stores the scope information for ACL types.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	218	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	219	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	220	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	221
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	222	var $acl_scope = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	223
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	224	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	225	* Array to track which default permissions are being used
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	226	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	227	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	228	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	229
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	230	var $acl_defaults_used = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	231
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	232	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	233	* Array to track group membership.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	234	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	235	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	236
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	237	var $groups = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	238
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	239	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	240	* Associative array to track group modship.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	241	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	242	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	243
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	244	var $group_mod = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	245
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	246	# Basic functions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	247
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	248	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	249	* Constructor.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	250	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	251
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	252	function __construct()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	253	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	254	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	255	include(ENANO_ROOT.'/config.php');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	256	unset($dbhost, $dbname, $dbuser, $dbpasswd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	257	if(isset($crypto_key))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	258	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	259	$this->private_key = $crypto_key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	260	$this->private_key = hexdecode($this->private_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	261	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	262	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	263	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	264	if(is_writable(ENANO_ROOT.'/config.php'))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	265	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	266	// Generate and stash a private key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	267	// This should only happen during an automated silent gradual migration to the new encryption platform.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	268	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	269	$this->private_key = $aes->gen_readymade_key();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	270
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	271	$config = file_get_contents(ENANO_ROOT.'/config.php');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	272	if(!$config)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	273	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	274	die('$session->__construct(): can\'t get the contents of config.php');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	275	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	276
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	277	$config = str_replace("?>", "\$crypto_key = '{$this->private_key}';\n?>", $config);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	278	// And while we're at it...
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	279	$config = str_replace('MIDGET_INSTALLED', 'ENANO_INSTALLED', $config);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	280	$fh = @fopen(ENANO_ROOT.'/config.php', 'w');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	281	if ( !$fh )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	282	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	283	die('$session->__construct(): Couldn\'t open config file for writing to store the private key, I tried to avoid something like this...');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	284	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	285
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	286	fwrite($fh, $config);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	287	fclose($fh);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	288	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	289	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	290	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	291	die_semicritical('Crypto error', '<p>No private key was found in the config file, and we can\'t generate one because we don\'t have write access to the config file. Please CHMOD config.php to 666 or 777 and reload this page.</p>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	292	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	293	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	294	// Check for compatibility mode
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	295	if(defined('IN_ENANO_INSTALL'))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	296	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	297	$q = $db->sql_query('SELECT old_encryption FROM '.table_prefix.'users LIMIT 1;');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	298	if(!$q)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	299	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	300	$error = mysql_error();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	301	if(strstr($error, "Unknown column 'old_encryption'"))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	302	$this->compat = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	303	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	304	$db->_die('This should never happen and is a bug - the only error that was supposed to happen here didn\'t happen. (sessions.php in constructor, during compat mode check)');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	305	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	306	$db->free_result();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	307	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	308	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	309
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	310	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	311	* PHP 4 compatible constructor.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	312	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	313
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	314	function sessionManager()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	315	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	316	$this->__construct();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	317	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	318
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	319	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	320	* Wrapper function to sanitize strings for MySQL and HTML
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	321	* @param string $text The text to sanitize
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	322	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	323	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	324
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	325	function prepare_text($text)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	326	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	327	global $db;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	328	return $db->escape(htmlspecialchars($text));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	329	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	330
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	331	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	332	* Makes a SQL query and handles error checking
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	333	* @param string $query The SQL query to make
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	334	* @return resource
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	335	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	336
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	337	function sql($query)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	338	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	339	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	340	$result = $db->sql_query($query);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	341	if(!$result)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	342	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	343	$db->_die('The error seems to have occurred somewhere in the session management code.');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	344	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	345	return $result;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	346	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	347
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	348	# Session restoration and permissions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	349
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	350	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	351	* Initializes the basic state of things, including most user prefs, login data, cookie stuff
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	352	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	353
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	354	function start()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	355	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	356	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	357	if($this->started) return;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	358	$this->started = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	359	$user = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	360	if(isset($_COOKIE['sid']))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	361	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	362	if($this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	363	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	364	$userdata = $this->compat_validate_session($_COOKIE['sid']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	365	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	366	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	367	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	368	$userdata = $this->validate_session($_COOKIE['sid']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	369	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	370	if(is_array($userdata))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	371	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	372	$data = RenderMan::strToPageID($paths->get_pageid_from_url());
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	373
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	374	if(!$this->compat && $userdata['account_active'] != 1 && $data[1] != 'Special' && $data[1] != 'Admin')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	375	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	376	$this->logout();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	377	$a = getConfig('account_activation');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	378	switch($a)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	379	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	380	case 'none':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	381	default:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	382	$solution = 'Your account was most likely deactivated by an administrator. Please contact the site administration for further assistance.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	383	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	384	case 'user':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	385	$solution = 'Please check your e-mail; you should have been sent a message with instructions on how to activate your account. If you do not receive an e-mail from this site within 24 hours, please contact the site administration for further assistance.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	386	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	387	case 'admin':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	388	$solution = 'This website has been configured so that all user accounts must be activated by the administrator before they can be used, so your account will most likely be activated the next time the one of the administrators visits the site.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	389	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	390	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	391	die_semicritical('Account error', '<p>It appears that your user account has not yet been activated. '.$solution.'</p>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	392	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	393
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	394	$this->sid = $_COOKIE['sid'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	395	$this->user_logged_in = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	396	$this->user_id = intval($userdata['user_id']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	397	$this->username = $userdata['username'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	398	$this->password_hash = $userdata['password'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	399	$this->user_level = intval($userdata['user_level']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	400	$this->real_name = $userdata['real_name'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	401	$this->email = $userdata['email'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	402	$this->unread_pms = $userdata['num_pms'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	403	if(!$this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	404	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	405	$this->theme = $userdata['theme'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	406	$this->style = $userdata['style'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	407	$this->signature = $userdata['signature'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	408	$this->reg_time = $userdata['reg_time'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	409	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	410	// Small security risk here - it allows someone who has already authenticated as an administrator to store the "super" key in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	411	// the cookie. Change this to USER_LEVEL_MEMBER to override that. The same 15-minute restriction applies to this "exploit".
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	412	$this->auth_level = $userdata['auth_level'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	413	if(!isset($template->named_theme_list[$this->theme]))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	414	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	415	if($this->compat \|\| !is_object($template))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	416	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	417	$this->theme = 'oxygen';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	418	$this->style = 'bleu';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	419	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	420	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	421	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	422	$this->theme = $template->default_theme;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	423	$this->style = $template->default_style;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	424	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	425	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	426	$user = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	427
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	428	if(isset($_REQUEST['auth']) && !$this->sid_super)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	429	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	430	// Now he thinks he's a moderator. Or maybe even an administrator. Let's find out if he's telling the truth.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	431	if($this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	432	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	433	$key = $_REQUEST['auth'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	434	$super = $this->compat_validate_session($key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	435	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	436	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	437	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	438	$key = strrev($_REQUEST['auth']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	439	$super = $this->validate_session($key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	440	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	441	if(is_array($super))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	442	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	443	$this->auth_level = intval($super['auth_level']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	444	$this->sid_super = $_REQUEST['auth'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	445	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	446	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	447	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	448	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	449	if(!$user)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	450	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	451	//exit;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	452	$this->register_guest_session();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	453	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	454	if(!$this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	455	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	456	// init groups
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	457	$q = $this->sql('SELECT g.group_name,g.group_id,m.is_mod FROM '.table_prefix.'groups AS g
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	458	LEFT JOIN '.table_prefix.'group_members AS m
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	459	ON g.group_id=m.group_id
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	460	WHERE ( m.user_id='.$this->user_id.'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	461	OR g.group_name=\'Everyone\')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	462	' . ( enano_version() == '1.0RC1' ? '' : 'AND ( m.pending != 1 OR m.pending IS NULL )' ) . '
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	463	ORDER BY group_id ASC;'); // Make sure "Everyone" comes first so the permissions can be overridden
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	464	if($row = $db->fetchrow())
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	465	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	466	do {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	467	$this->groups[$row['group_id']] = $row['group_name'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	468	$this->group_mod[$row['group_id']] = ( intval($row['is_mod']) == 1 );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	469	} while($row = $db->fetchrow());
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	470	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	471	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	472	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	473	die('No group info');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	474	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	475	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	476	$this->check_banlist();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	477
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	478	if ( isset ( $_GET['printable'] ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	479	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	480	$this->theme = 'printable';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	481	$this->style = 'default';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	482	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	483
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	484	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	485
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	486	# Logins
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	487
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	488	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	489	* Attempts to perform a login using crypto functions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	490	* @param string $username The username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	491	* @param string $aes_data The encrypted password, hex-encoded
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	492	* @param string $aes_key The MD5 hash of the encryption key, hex-encoded
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	493	* @param string $challenge The 256-bit MD5 challenge string - first 128 bits should be the hash, the last 128 should be the challenge salt
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	494	* @param int $level The privilege level we're authenticating for, defaults to 0
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	495	* @return string 'success' on success, or error string on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	496	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	497
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	498	function login_with_crypto($username, $aes_data, $aes_key, $challenge, $level = USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	499	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	500	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	501
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	502	$privcache = $this->private_key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	503
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	504	// Instanciate the Rijndael encryption object
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	505	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	506
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	507	// Fetch our decryption key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	508
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	509	$aes_key = $this->fetch_public_key($aes_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	510	if(!$aes_key)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	511	return 'Couldn\'t look up public key "'.$aes_key.'" for decryption';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	512
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	513	// Convert the key to a binary string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	514	$bin_key = hexdecode($aes_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	515
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	516	if(strlen($bin_key) != AES_BITS / 8)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	517	return 'The decryption key is the wrong length';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	518
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	519	// Decrypt our password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	520	$password = $aes->decrypt($aes_data, $bin_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	521
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	522	// Initialize our success switch
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	523	$success = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	524
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	525	// Select the user data from the table, and decrypt that so we can verify the password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	526	$this->sql('SELECT password,old_encryption,user_id,user_level,theme,style,temp_password,temp_password_time FROM '.table_prefix.'users WHERE lcase(username)=\''.$this->prepare_text(strtolower($username)).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	527	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	528	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	529	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	530
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	531	// Check to see if we're logging in using a temporary password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	532
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	533	if((intval($row['temp_password_time']) + 3600*24) > time() )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	534	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	535	$temp_pass = $aes->decrypt( $row['temp_password'], $this->private_key, ENC_HEX );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	536	if( $temp_pass == $password )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	537	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	538	$url = makeUrlComplete('Special', 'PasswordReset/stage2/' . $row['user_id'] . '/' . $row['temp_password']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	539
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	540	$code = $plugins->setHook('login_password_reset');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	541	foreach ( $code as $cmd )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	542	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	543	eval($cmd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	544	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	545
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	546	redirect($url, 'Login sucessful', 'Please wait while you are transferred to the Password Reset form.');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	547	exit;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	548	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	549	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	550
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	551	if($row['old_encryption'] == 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	552	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	553	// The user's password is stored using the obsolete and insecure MD5 algorithm, so we'll update the field with the new password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	554	if(md5($password) == $row['password'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	555	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	556	$pass_stashed = $aes->encrypt($password, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	557	$this->sql('UPDATE '.table_prefix.'users SET password=\''.$pass_stashed.'\',old_encryption=0 WHERE user_id='.$row['user_id'].';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	558	$success = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	559	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	560	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	561	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	562	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	563	// Our password field is up-to-date with the >=1.0RC1 encryption standards, so decrypt the password in the table and see if we have a match; if so then do challenge authentication
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	564	$real_pass = $aes->decrypt(hexdecode($row['password']), $this->private_key, ENC_BINARY);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	565	if($password == $real_pass)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	566	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	567	// Yay! We passed AES authentication, now do an MD5 challenge check to make sure we weren't spoofed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	568	$chal = substr($challenge, 0, 32);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	569	$salt = substr($challenge, 32, 32);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	570	$correct_challenge = md5( $real_pass . $salt );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	571	if($chal == $correct_challenge)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	572	$success = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	573	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	574	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	575	if($success)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	576	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	577	if($level > $row['user_level'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	578	return 'You are not authorized for this level of access.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	579
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	580	$sess = $this->register_session(intval($row['user_id']), $username, $password, $level);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	581	if($sess)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	582	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	583	$this->username = $username;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	584	$this->user_id = intval($row['user_id']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	585	$this->theme = $row['theme'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	586	$this->style = $row['style'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	587
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	588	if($level > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	589	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_good\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	590	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	591	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_good\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	592
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	593	$code = $plugins->setHook('login_success');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	594	foreach ( $code as $cmd )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	595	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	596	eval($cmd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	597	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	598	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	599	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	600	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	601	return 'Your login credentials were correct, but an internal error occurred while registering the session key in the database.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	602	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	603	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	604	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	605	if($level > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	606	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	607	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	608	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	609
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	610	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	611	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	612	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	613
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	614	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	615	* Attempts to login without using crypto stuff, mainly for use when the other side doesn't like Javascript
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	616	* This method of authentication is inherently insecure, there's really nothing we can do about it except hope and pray that everyone moves to Firefox
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	617	* Technically it still uses crypto, but it only decrypts the password already stored, which is (obviously) required for authentication
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	618	* @param string $username The username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	619	* @param string $password The password -OR- the MD5 hash of the password if $already_md5ed is true
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	620	* @param bool $already_md5ed This should be set to true if $password is an MD5 hash, and should be false if it's plaintext. Defaults to false.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	621	* @param int $level The privilege level we're authenticating for, defaults to 0
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	622	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	623
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	624	function login_without_crypto($username, $password, $already_md5ed = false, $level = USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	625	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	626	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	627
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	628	$pass_hashed = ( $already_md5ed ) ? $password : md5($password);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	629
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	630	// Perhaps we're upgrading Enano?
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	631	if($this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	632	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	633	return $this->login_compat($username, $pass_hashed, $level);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	634	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	635
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	636	// Instanciate the Rijndael encryption object
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	637	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	638
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	639	// Initialize our success switch
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	640	$success = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	641
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	642	// Retrieve the real password from the database
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	643	$this->sql('SELECT password,old_encryption,user_id,user_level,temp_password,temp_password_time FROM '.table_prefix.'users WHERE lcase(username)=\''.$this->prepare_text(strtolower($username)).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	644	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	645	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	646	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	647
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	648	// Check to see if we're logging in using a temporary password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	649
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	650	if((intval($row['temp_password_time']) + 3600*24) > time() )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	651	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	652	$temp_pass = $aes->decrypt( $row['temp_password'], $this->private_key, ENC_HEX );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	653	if( md5($temp_pass) == $pass_hashed )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	654	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	655	$code = $plugins->setHook('login_password_reset');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	656	foreach ( $code as $cmd )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	657	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	658	eval($cmd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	659	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	660
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	661	header('Location: ' . makeUrlComplete('Special', 'PasswordReset/stage2/' . $row['user_id'] . '/' . $row['temp_password']) );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	662
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	663	exit;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	664	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	665	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	666
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	667	if($row['old_encryption'] == 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	668	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	669	// The user's password is stored using the obsolete and insecure MD5 algorithm - we'll update the field with the new password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	670	if($pass_hashed == $row['password'] && !$already_md5ed)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	671	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	672	$pass_stashed = $aes->encrypt($password, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	673	$this->sql('UPDATE '.table_prefix.'users SET password=\''.$pass_stashed.'\',old_encryption=0 WHERE user_id='.$row['user_id'].';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	674	$success = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	675	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	676	elseif($pass_hashed == $row['password'] && $already_md5ed)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	677	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	678	// We don't have the real password so don't bother with encrypting it, just call it success and get out of here
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	679	$success = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	680	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	681	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	682	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	683	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	684	// Our password field is up-to-date with the >=1.0RC1 encryption standards, so decrypt the password in the table and see if we have a match
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	685	$real_pass = $aes->decrypt($row['password'], $this->private_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	686	if($pass_hashed == md5($real_pass))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	687	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	688	$success = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	689	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	690	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	691	if($success)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	692	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	693	if((int)$level > (int)$row['user_level'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	694	return 'You are not authorized for this level of access.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	695	$sess = $this->register_session(intval($row['user_id']), $username, $real_pass, $level);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	696	if($sess)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	697	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	698	if($level > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	699	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_good\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	700	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	701	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_good\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	702
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	703	$code = $plugins->setHook('login_success');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	704	foreach ( $code as $cmd )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	705	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	706	eval($cmd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	707	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	708	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	709	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	710	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	711	return 'Your login credentials were correct, but an internal error occured while registering the session key in the database.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	712	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	713	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	714	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	715	if($level > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	716	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	717	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	718	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	719
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	720	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	721	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	722	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	723
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	724	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	725	* Attempts to log in using the old table structure and algorithm.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	726	* @param string $username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	727	* @param string $password This should be an MD5 hash
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	728	* @return string 'success' if successful, or error message on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	729	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	730
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	731	function login_compat($username, $password, $level = 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	732	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	733	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	734	$pass_hashed =& $password;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	735	$this->sql('SELECT password,user_id,user_level FROM '.table_prefix.'users WHERE username=\''.$this->prepare_text($username).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	736	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	737	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	738	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	739	if($row['password'] == $password)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	740	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	741	if((int)$level > (int)$row['user_level'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	742	return 'You are not authorized for this level of access.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	743	$sess = $this->register_session_compat(intval($row['user_id']), $username, $password, $level);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	744	if($sess)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	745	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	746	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	747	return 'Your login credentials were correct, but an internal error occured while registering the session key in the database.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	748	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	749	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	750	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	751	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	752	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	753	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	754
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	755	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	756	* Registers a session key in the database. This function ASSUMES that the username and password have already been validated!
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	757	* Basically the session key is a base64-encoded cookie (encrypted with the site's private key) that says "u=[username];p=[sha1 of password]"
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	758	* @param int $user_id
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	759	* @param string $username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	760	* @param string $password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	761	* @param int $level The level of access to grant, defaults to USER_LEVEL_MEMBER
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	762	* @return bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	763	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	764
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	765	function register_session($user_id, $username, $password, $level = USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	766	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	767	$salt = md5(microtime() . mt_rand());
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	768	$passha1 = sha1($password);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	769	$session_key = "u=$username;p=$passha1;s=$salt";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	770	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	771	$session_key = $aes->encrypt($session_key, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	772	if($level > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	773	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	774	$hexkey = strrev($session_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	775	$this->sid_super = $hexkey;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	776	$_GET['auth'] = $hexkey;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	777	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	778	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	779	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	780	setcookie( 'sid', $session_key, time()+315360000, scriptPath.'/' );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	781	$_COOKIE['sid'] = $session_key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	782	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	783	$keyhash = md5($session_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	784	$ip = ip2hex($_SERVER['REMOTE_ADDR']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	785	if(!$ip)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	786	die('$session->register_session: Remote-Addr was spoofed');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	787	$time = time();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	788	if(!is_int($user_id))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	789	die('Somehow an SQL injection attempt crawled into our session registrar! (1)');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	790	if(!is_int($level))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	791	die('Somehow an SQL injection attempt crawled into our session registrar! (2)');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	792
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	793	$query = $this->sql('INSERT INTO '.table_prefix.'session_keys(session_key, salt, user_id, auth_level, source_ip, time) VALUES(\''.$keyhash.'\', \''.$salt.'\', '.$user_id.', '.$level.', \''.$ip.'\', '.$time.');');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	794	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	795	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	796
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	797	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	798	* Identical to register_session in nature, but uses the old login/table structure. DO NOT use this.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	799	* @see sessionManager::register_session()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	800	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	801	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	802
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	803	function register_session_compat($user_id, $username, $password, $level = 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	804	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	805	$salt = md5(microtime() . mt_rand());
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	806	$thekey = md5($password . $salt);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	807	if($level > 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	808	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	809	$this->sid_super = $thekey;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	810	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	811	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	812	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	813	setcookie( 'sid', $thekey, time()+315360000, scriptPath.'/' );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	814	$_COOKIE['sid'] = $thekey;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	815	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	816	$ip = ip2hex($_SERVER['REMOTE_ADDR']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	817	if(!$ip)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	818	die('$session->register_session: Remote-Addr was spoofed');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	819	$time = time();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	820	if(!is_int($user_id))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	821	die('Somehow an SQL injection attempt crawled into our session registrar! (1)');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	822	if(!is_int($level))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	823	die('Somehow an SQL injection attempt crawled into our session registrar! (2)');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	824	$query = $this->sql('INSERT INTO '.table_prefix.'session_keys(session_key, salt, user_id, auth_level, source_ip, time) VALUES(\''.$thekey.'\', \''.$salt.'\', '.$user_id.', '.$level.', \''.$ip.'\', '.$time.');');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	825	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	826	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	827
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	828	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	829	* Creates/restores a guest session
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	830	* @todo implement real session management for guests
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	831	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	832
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	833	function register_guest_session()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	834	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	835	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	836	$this->username = $_SERVER['REMOTE_ADDR'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	837	$this->user_level = USER_LEVEL_GUEST;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	838	if($this->compat \|\| defined('IN_ENANO_INSTALL'))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	839	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	840	$this->theme = 'oxygen';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	841	$this->style = 'bleu';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	842	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	843	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	844	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	845	$this->theme = ( isset($_GET['theme']) && isset($template->named_theme_list[$_GET['theme']])) ? $_GET['theme'] : $template->default_theme;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	846	$this->style = ( isset($_GET['style']) && file_exists(ENANO_ROOT.'/themes/'.$this->theme . '/css/'.$_GET['style'].'.css' )) ? $_GET['style'] : substr($template->named_theme_list[$this->theme]['default_style'], 0, strlen($template->named_theme_list[$this->theme]['default_style'])-4);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	847	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	848	$this->user_id = 1;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	849	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	850
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	851	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	852	* Validates a session key, and returns the userdata associated with the key or false
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	853	* @param string $key The session key to validate
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	854	* @return array Keys are 'user_id', 'username', 'email', 'real_name', 'user_level', 'theme', 'style', 'signature', 'reg_time', 'account_active', 'activation_key', and 'auth_level' or bool false if validation failed. The key 'auth_level' is the maximum authorization level that this key provides.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	855	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	856
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	857	function validate_session($key)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	858	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	859	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	860	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE, true);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	861	$decrypted_key = $aes->decrypt($key, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	862
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	863	if ( !$decrypted_key )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	864	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	865	die_semicritical('AES encryption error', '<p>Something went wrong during the AES decryption process.</p><pre>'.print_r($decrypted_key, true).'</pre>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	866	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	867
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	868	$n = preg_match('/^u='.$this->valid_username.';p=([A-Fa-f0-9]+?);s=([A-Fa-f0-9]+?)$/', $decrypted_key, $keydata);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	869	if($n < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	870	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	871	// echo '(debug) $session->validate_session: Key does not match regex<br />Decrypted key: '.$decrypted_key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	872	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	873	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	874	$keyhash = md5($key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	875	$salt = $db->escape($keydata[3]);
18 edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	876	$query = $db->sql_query('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms,x.* FROM '.table_prefix.'session_keys AS k
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	877	LEFT JOIN '.table_prefix.'users AS u
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	878	ON ( u.user_id=k.user_id )
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	879	LEFT JOIN '.table_prefix.'users_extra AS x
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	880	ON ( u.user_id=x.user_id OR x.user_id IS NULL )
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	881	LEFT JOIN '.table_prefix.'privmsgs AS p
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	882	ON ( p.message_to=u.username AND p.message_read=0 )
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	883	WHERE k.session_key=\''.$keyhash.'\'
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	884	AND k.salt=\''.$salt.'\'
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	885	GROUP BY u.user_id;');
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	886	if ( !$query )
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	887	{
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	888	$query = $this->sql('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms FROM '.table_prefix.'session_keys AS k
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	889	LEFT JOIN '.table_prefix.'users AS u
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	890	ON ( u.user_id=k.user_id )
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	891	LEFT JOIN '.table_prefix.'privmsgs AS p
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	892	ON ( p.message_to=u.username AND p.message_read=0 )
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	893	WHERE k.session_key=\''.$keyhash.'\'
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	894	AND k.salt=\''.$salt.'\'
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	895	GROUP BY u.user_id;');
edfc24408769 Upgrades (RC2->RC3) should now work Dan parents: 16 diff changeset	896	}
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	897	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	898	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	899	// echo '(debug) $session->validate_session: Key was not found in database<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	900	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	901	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	902	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	903	$row['user_id'] =& $row['uid'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	904	$ip = ip2hex($_SERVER['REMOTE_ADDR']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	905	if($row['auth_level'] > $row['user_level'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	906	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	907	// Failed authorization check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	908	// echo '(debug) $session->validate_session: access to this auth level denied<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	909	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	910	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	911	if($ip != $row['source_ip'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	912	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	913	// Failed IP address check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	914	// echo '(debug) $session->validate_session: IP address mismatch<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	915	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	916	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	917
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	918	// Do the password validation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	919	$real_pass = $aes->decrypt($row['password'], $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	920
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	921	//die('<pre>'.print_r($keydata, true).'</pre>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	922	if(sha1($real_pass) != $keydata[2])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	923	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	924	// Failed password check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	925	// echo '(debug) $session->validate_session: encrypted password is wrong<br />Real password: '.$real_pass.'<br />Real hash: '.sha1($real_pass).'<br />User hash: '.$keydata[2];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	926	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	927	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	928
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	929	$time_now = time();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	930	$time_key = $row['time'] + 900;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	931	if($time_now > $time_key && $row['auth_level'] > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	932	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	933	// Session timed out
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	934	// echo '(debug) $session->validate_session: super session timed out<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	935	$this->sw_timed_out = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	936	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	937	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	938
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	939	// If this is an elevated-access session key, update the time
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	940	if( $row['auth_level'] > USER_LEVEL_MEMBER )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	941	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	942	$this->sql('UPDATE '.table_prefix.'session_keys SET time='.time().' WHERE session_key=\''.$keyhash.'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	943	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	944
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	945	$row['password'] = md5($real_pass);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	946	return $row;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	947	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	948
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	949	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	950	* Validates a session key, and returns the userdata associated with the key or false. Optimized for compatibility with the old MD5-based auth system.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	951	* @param string $key The session key to validate
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	952	* @return array Keys are 'user_id', 'username', 'email', 'real_name', 'user_level', 'theme', 'style', 'signature', 'reg_time', 'account_active', 'activation_key', and 'auth_level' or bool false if validation failed. The key 'auth_level' is the maximum authorization level that this key provides.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	953	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	954
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	955	function compat_validate_session($key)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	956	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	957	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	958	$key = $db->escape($key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	959
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	960	$query = $this->sql('SELECT u.user_id,u.username,u.password,u.email,u.real_name,u.user_level,k.source_ip,k.salt,k.time,k.auth_level FROM '.table_prefix.'session_keys AS k
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	961	LEFT JOIN '.table_prefix.'users AS u
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	962	ON u.user_id=k.user_id
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	963	WHERE k.session_key=\''.$key.'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	964	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	965	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	966	// echo '(debug) $session->validate_session: Key '.$key.' was not found in database<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	967	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	968	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	969	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	970	$ip = ip2hex($_SERVER['REMOTE_ADDR']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	971	if($row['auth_level'] > $row['user_level'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	972	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	973	// Failed authorization check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	974	// echo '(debug) $session->validate_session: user not authorized for this access level';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	975	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	976	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	977	if($ip != $row['source_ip'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	978	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	979	// Failed IP address check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	980	// echo '(debug) $session->validate_session: IP address mismatch; IP in table: '.$row['source_ip'].'; reported IP: '.$ip.'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	981	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	982	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	983
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	984	// Do the password validation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	985	$real_key = md5($row['password'] . $row['salt']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	986
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	987	//die('<pre>'.print_r($keydata, true).'</pre>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	988	if($real_key != $key)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	989	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	990	// Failed password check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	991	// echo '(debug) $session->validate_session: supplied password is wrong<br />Real key: '.$real_key.'<br />User key: '.$key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	992	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	993	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	994
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	995	$time_now = time();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	996	$time_key = $row['time'] + 900;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	997	if($time_now > $time_key && $row['auth_level'] >= 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	998	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	999	$this->sw_timed_out = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1000	// Session timed out
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1001	// echo '(debug) $session->validate_session: super session timed out<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1002	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1003	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1004
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1005	return $row;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1006	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1007
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1008	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1009	* Demotes us to one less than the specified auth level. AKA destroys elevated authentication and/or logs out the user, depending on $level
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1010	* @param int $level How low we should go - USER_LEVEL_MEMBER means demote to USER_LEVEL_GUEST, and anything more powerful than USER_LEVEL_MEMBER means demote to USER_LEVEL_MEMBER
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1011	* @return string 'success' if successful, or error on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1012	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1013
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1014	function logout($level = USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1015	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1016	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1017	$ou = $this->username;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1018	$oid = $this->user_id;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1019	if($level > USER_LEVEL_CHPREF)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1020	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1021	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1022	if(!$this->user_logged_in \|\| $this->auth_level < USER_LEVEL_MOD) return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1023	// Destroy elevated privileges
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1024	$keyhash = md5(strrev($this->sid_super));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1025	$this->sql('DELETE FROM '.table_prefix.'session_keys WHERE session_key=\''.$keyhash.'\' AND user_id=\'' . $this->user_id . '\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1026	$this->sid_super = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1027	$this->auth_level = USER_LEVEL_MEMBER;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1028	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1029	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1030	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1031	if($this->user_logged_in)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1032	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1033	// Completely destroy our session
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1034	if($this->auth_level > USER_LEVEL_CHPREF)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1035	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1036	$this->logout(USER_LEVEL_ADMIN);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1037	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1038	$this->sql('DELETE FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($this->sid).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1039	setcookie( 'sid', '', time()-(3600*24), scriptPath.'/' );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1040	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1041	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1042	$code = $plugins->setHook('logout_success'); // , Array('level'=>$level,'old_username'=>$ou,'old_user_id'=>$oid));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1043	foreach ( $code as $cmd )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1044	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1045	eval($cmd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1046	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1047	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1048	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1049
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1050	# Miscellaneous stuff
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1051
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1052	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1053	* Appends the high-privilege session key to the URL if we are authorized to do high-privilege stuff
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1054	* @param string $url The URL to add session data to
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1055	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1056	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1057
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1058	function append_sid($url)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1059	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1060	$sep = ( strstr($url, '?') ) ? '&' : '?';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1061	if ( $this->sid_super )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1062	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1063	$url = $url . $sep . 'auth=' . urlencode($this->sid_super);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1064	// echo($this->sid_super.'<br/>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1065	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1066	return $url;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1067	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1068
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1069	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1070	* Grabs the user's password MD5
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1071	* @return string, or bool false if access denied
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1072	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1073
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1074	function grab_password_hash()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1075	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1076	if(!$this->password_hash) return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1077	return $this->password_hash;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1078	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1079
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1080	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1081	* Destroys the user's password MD5 in memory
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1082	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1083
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1084	function disallow_password_grab()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1085	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1086	$this->password_hash = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1087	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1088	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1089
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1090	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1091	* Generates an AES key and stashes it in the database
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1092	* @return string Hex-encoded AES key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1093	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1094
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1095	function rijndael_genkey()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1096	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1097	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1098	$key = $aes->gen_readymade_key();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1099	$keys = getConfig('login_key_cache');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1100	if(is_string($keys))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1101	$keys .= $key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1102	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1103	$keys = $key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1104	setConfig('login_key_cache', $keys);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1105	return $key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1106	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1107
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1108	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1109	* Generate a totally random 128-bit value for MD5 challenges
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1110	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1111	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1112
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1113	function dss_rand()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1114	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1115	$aes = new AESCrypt();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1116	$random = $aes->randkey(128);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1117	unset($aes);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1118	return md5(microtime() . $random);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1119	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1120
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1121	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1122	* Fetch a cached login public key using the MD5sum as an identifier. Each key can only be fetched once before it is destroyed.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1123	* @param string $md5 The MD5 sum of the key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1124	* @return string, or bool false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1125	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1126
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1127	function fetch_public_key($md5)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1128	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1129	$keys = getConfig('login_key_cache');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1130	$keys = enano_str_split($keys, AES_BITS / 4);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1131
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1132	foreach($keys as $i => $k)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1133	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1134	if(md5($k) == $md5)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1135	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1136	unset($keys[$i]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1137	if(count($keys) > 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1138	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1139	if ( strlen(getConfig('login_key_cache') ) > 64000 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1140	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1141	// This should only need to be done once every month or so for an average-size site
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1142	setConfig('login_key_cache', '');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1143	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1144	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1145	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1146	$keys = implode('', array_values($keys));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1147	setConfig('login_key_cache', $keys);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1148	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1149	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1150	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1151	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1152	setConfig('login_key_cache', '');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1153	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1154	return $k;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1155	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1156	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1157	// Couldn't find the key...
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1158	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1159	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1160
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1161	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1162	* Adds a user to a group.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1163	* @param int User ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1164	* @param int Group ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1165	* @param bool Group moderator - defaults to false
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1166	* @return bool True on success, false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1167	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1168
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1169	function add_user_to_group($user_id, $group_id, $is_mod = false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1170	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1171	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1172
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1173	// Validation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1174	if ( !is_int($user_id) \|\| !is_int($group_id) \|\| !is_bool($is_mod) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1175	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1176	if ( $user_id < 1 \|\| $group_id < 1 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1177	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1178
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1179	$mod_switch = ( $is_mod ) ? '1' : '0';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1180	$q = $this->sql('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $user_id . ' AND group_id=' . $group_id . ';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1181	if ( !$q )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1182	$db->_die();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1183	if ( $db->numrows() < 1 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1184	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1185	// User is not in group
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1186	$this->sql('INSERT INTO '.table_prefix.'group_members(user_id,group_id,is_mod) VALUES(' . $user_id . ', ' . $group_id . ', ' . $mod_switch . ');');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1187	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1188	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1189	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1190	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1191	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1192	// Update modship status
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1193	if ( strval($row['is_mod']) == $mod_switch )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1194	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1195	// Modship unchanged
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1196	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1197	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1198	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1199	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1200	// Modship changed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1201	$this->sql('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod_switch . ' WHERE member_id=' . $row['member_id'] . ';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1202	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1203	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1204	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1205	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1206	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1207
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1208	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1209	* Removes a user from a group.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1210	* @param int User ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1211	* @param int Group ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1212	* @return bool True on success, false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1213	* @todo put a little more error checking in...
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1214	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1215
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1216	function remove_user_from_group($user_id, $group_id)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1217	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1218	if ( !is_int($user_id) \|\| !is_int($group_id) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1219	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1220	$this->sql('DELETE FROM '.table_prefix."group_members WHERE user_id=$user_id AND group_id=$group_id;");
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1221	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1222	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1223
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1224	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1225	* Checks the banlist to ensure that we're an allowed user. Doesn't return anything because it dies if the user is banned.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1226	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1227
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1228	function check_banlist()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1229	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1230	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1231	if($this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1232	$q = $this->sql('SELECT ban_id,ban_type,ban_value,is_regex FROM '.table_prefix.'banlist ORDER BY ban_type;');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1233	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1234	$q = $this->sql('SELECT ban_id,ban_type,ban_value,is_regex,reason FROM '.table_prefix.'banlist ORDER BY ban_type;');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1235	if(!$q) $db->_die('The banlist data could not be selected.');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1236	$banned = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1237	while($row = $db->fetchrow())
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1238	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1239	if($this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1240	$row['reason'] = 'None available - session manager is in compatibility mode';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1241	switch($row['ban_type'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1242	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1243	case BAN_IP:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1244	if(intval($row['is_regex'])==1) {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1245	if(preg_match('#'.$row['ban_value'].'#i', $_SERVER['REMOTE_ADDR']))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1246	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1247	$banned = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1248	$reason = $row['reason'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1249	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1250	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1251	else {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1252	if($row['ban_value']==$_SERVER['REMOTE_ADDR']) { $banned = true; $reason = $row['reason']; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1253	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1254	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1255	case BAN_USER:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1256	if(intval($row['is_regex'])==1) {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1257	if(preg_match('#'.$row['ban_value'].'#i', $this->username))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1258	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1259	$banned = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1260	$reason = $row['reason'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1261	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1262	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1263	else {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1264	if($row['ban_value']==$this->username) { $banned = true; $reason = $row['reason']; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1265	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1266	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1267	case BAN_EMAIL:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1268	if(intval($row['is_regex'])==1) {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1269	if(preg_match('#'.$row['ban_value'].'#i', $this->email))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1270	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1271	$banned = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1272	$reason = $row['reason'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1273	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1274	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1275	else {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1276	if($row['ban_value']==$this->email) { $banned = true; $reason = $row['reason']; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1277	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1278	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1279	default:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1280	die('Ban error: rule "'.$row['ban_value'].'" has an invalid type ('.$row['ban_type'].')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1281	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1282	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1283	if($banned && $paths->get_pageid_from_url() != $paths->nslist['Special'].'CSS')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1284	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1285	// This guy is banned - kill the session, kill the database connection, bail out, and be pretty about it
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1286	die_semicritical('Ban notice', '<div class="error-box">You have been banned from this website. Please contact the site administrator for more information.<br /><br />Reason:<br />'.$reason.'</div>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1287	exit;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1288	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1289	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1290
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1291	# Registration
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1292
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1293	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1294	* Registers a user. This does not perform any type of login.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1295	* @param string $username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1296	* @param string $password This should be unencrypted.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1297	* @param string $email
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1298	* @param string $real_name Optional, defaults to ''.
30 7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1299	* @param bool $coppa Optional. If true, the account is not activated initially and an admin activation request is sent. The caller is responsible for sending the address info and notice.
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1300	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1301
30 7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1302	function create_user($username, $password, $email, $real_name = '', $coppa = false)
13 fdd6b9dd42c3 Installer actually works now on dev servers; minor language change in template.php; code cleanliness fix in sessions.php Dan parents: 1 diff changeset	1303	{
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1304	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1305
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1306	// Initialize AES
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1307	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1308
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1309	if(!preg_match('#^'.$this->valid_username.'$#', $username)) return 'The username you chose contains invalid characters.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1310	$username = $this->prepare_text($username);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1311	$email = $this->prepare_text($email);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1312	$real_name = $this->prepare_text($real_name);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1313	$password = $aes->encrypt($password, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1314
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1315	$nameclause = ( $real_name != '' ) ? ' OR real_name=\''.$real_name.'\'' : '';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1316	$q = $this->sql('SELECT * FROM '.table_prefix.'users WHERE lcase(username)=\''.strtolower($username).'\' OR email=\''.$email.'\''.$nameclause.';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1317	if($db->numrows() > 0) {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1318	$r = 'The ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1319	$i=0;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1320	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1321	// Wow! An error checker that actually speaks English with the properest grammar! :-P
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1322	if($row['username'] == $username) { $r .= 'username'; $i++; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1323	if($row['email'] == $email) { if($i) $r.=', '; $r .= 'e-mail address'; $i++; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1324	if($row['real_name'] == $real_name && $real_name != '') { if($i) $r.=', and '; $r .= 'real name'; $i++; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1325	$r .= ' that you entered ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1326	$r .= ( $i == 1 ) ? 'is' : 'are';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1327	$r .= ' already in use by another user.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1328	return $r;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1329	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1330
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1331	// Require the account to be activated?
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1332	switch(getConfig('account_activation'))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1333	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1334	case 'none':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1335	default:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1336	$active = '1';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1337	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1338	case 'user':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1339	$active = '0';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1340	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1341	case 'admin':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1342	$active = '0';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1343	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1344	}
30 7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1345	if ( $coppa )
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1346	$active = '0';
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1347
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1348	$coppa_col = ( $coppa ) ? '1' : '0';
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1349
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1350	// Generate a totally random activation key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1351	$actkey = sha1 ( microtime() . mt_rand() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1352
30 7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1353	// We good, create the user
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1354	$this->sql('INSERT INTO '.table_prefix.'users ( username, password, email, real_name, theme, style, reg_time, account_active, activation_key, user_level, user_coppa ) VALUES ( \''.$username.'\', \''.$password.'\', \''.$email.'\', \''.$real_name.'\', \''.$template->default_theme.'\', \''.$template->default_style.'\', '.time().', '.$active.', \''.$actkey.'\', '.USER_LEVEL_CHPREF.', ' . $coppa_col . ' );');
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1355
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1356	// Require the account to be activated?
30 7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1357	if ( $coppa )
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1358	{
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1359	$this->admin_activation_request($username);
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1360	$this->send_coppa_mail($username,$email);
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1361	}
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1362	else
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1363	{
30 7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1364	switch(getConfig('account_activation'))
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1365	{
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1366	case 'none':
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1367	default:
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1368	break;
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1369	case 'user':
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1370	$a = $this->send_activation_mail($username);
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1371	if(!$a)
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1372	{
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1373	$this->admin_activation_request($username);
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1374	return 'The activation e-mail could not be sent due to an internal error. This could possibly be due to an incorrect SMTP configuration. A request has been sent to the administrator to activate your account for you. ' . $a;
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1375	}
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1376	break;
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1377	case 'admin':
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1378	$this->admin_activation_request($username);
30 7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1379	break;
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1380	}
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1381	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1382
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1383	// Leave some data behind for the hook
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1384	$code = $plugins->setHook('user_registered'); // , Array('username'=>$username));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1385	foreach ( $code as $cmd )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1386	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1387	eval($cmd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1388	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1389
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1390	// $this->register_session($username, $password);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1391	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1392	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1393
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1394	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1395	* Attempts to send an e-mail to the specified user with activation instructions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1396	* @param string $u The usernamd of the user requesting activation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1397	* @return bool true on success, false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1398	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1399
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1400	function send_activation_mail($u, $actkey = false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1401	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1402	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1403	$q = $this->sql('SELECT username,email FROM '.table_prefix.'users WHERE user_id=1 OR user_level=' . USER_LEVEL_ADMIN . ' ORDER BY user_id ASC;');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1404	$un = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1405	$admin_user = $un['username'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1406	$q = $this->sql('SELECT username,activation_key,account_active,email FROM '.table_prefix.'users WHERE username=\''.$db->escape($u).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1407	$r = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1408	if ( empty($r['email']) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1409	$db->_die('BUG: $session->send_activation_mail(): no e-mail address in row');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1410	$message = 'Dear '.$u.',
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1411	Thank you for registering on '.getConfig('site_name').'. Your account creation is almost complete. To complete the registration process, please click the following link or paste it into your web browser:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1412
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1413	';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1414	if(isset($_SERVER['HTTPS'])) $prot = 'https';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1415	else $prot = 'http';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1416	if($_SERVER['SERVER_PORT'] == '80') $p = '';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1417	else $p = ':'.$_SERVER['SERVER_PORT'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1418	$sidbak = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1419	if($this->sid_super)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1420	$sidbak = $this->sid_super;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1421	$this->sid_super = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1422	$aklink = makeUrlNS('Special', 'ActivateAccount/'.str_replace(' ', '_', $u).'/'. ( ( is_string($actkey) ) ? $actkey : $r['activation_key'] ) );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1423	if($sidbak)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1424	$this->sid_super = $sidbak;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1425	unset($sidbak);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1426	$message .= "$prot://".$_SERVER['HTTP_HOST'].$p.$aklink;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1427	$message .= "\n\nSincerely yours, \n$admin_user and the ".$_SERVER['HTTP_HOST']." administration team";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1428	error_reporting(E_ALL);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1429	dc_dump($r, 'session: about to send activation e-mail to '.$r['email']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1430	if(getConfig('smtp_enabled') == '1')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1431	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1432	$result = smtp_send_email($r['email'], getConfig('site_name').' website account activation', preg_replace("#(?<!\r)\n#s", "\n", $message), getConfig('contact_email'));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1433	if($result == 'success') $result = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1434	else { echo $result; $result = false; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1435	} else {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1436	$result = mail($r['email'], getConfig('site_name').' website account activation', preg_replace("#(?<!\r)\n#s", "\n", $message), 'From: '.getConfig('contact_email'));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1437	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1438	return $result;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1439	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1440
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1441	/**
30 7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1442	* Attempts to send an e-mail to the specified user's e-mail address on file intended for the parents
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1443	* @param string $u The usernamd of the user requesting activation
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1444	* @return bool true on success, false on failure
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1445	*/
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1446
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1447	function send_coppa_mail($u, $actkey = false)
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1448	{
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1449
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1450	global $db, $session, $paths, $template, $plugins; // Common objects
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1451
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1452	$q = $this->sql('SELECT username,email FROM '.table_prefix.'users WHERE user_id=2 OR user_level=' . USER_LEVEL_ADMIN . ' ORDER BY user_id ASC;');
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1453	$un = $db->fetchrow();
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1454	$admin_user = $un['username'];
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1455
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1456	$q = $this->sql('SELECT username,activation_key,account_active,email FROM '.table_prefix.'users WHERE username=\''.$db->escape($u).'\';');
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1457	$r = $db->fetchrow();
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1458	if ( empty($r['email']) )
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1459	$db->_die('BUG: $session->send_activation_mail(): no e-mail address in row');
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1460
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1461	if(isset($_SERVER['HTTPS'])) $prot = 'https';
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1462	else $prot = 'http';
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1463	if($_SERVER['SERVER_PORT'] == '80') $p = '';
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1464	else $p = ':'.$_SERVER['SERVER_PORT'];
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1465	$sidbak = false;
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1466	if($this->sid_super)
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1467	$sidbak = $this->sid_super;
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1468	$this->sid_super = false;
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1469	if($sidbak)
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1470	$this->sid_super = $sidbak;
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1471	unset($sidbak);
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1472	$link = "$prot://".$_SERVER['HTTP_HOST'].scriptPath;
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1473
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1474	$message = 'Dear parent or legal guardian,
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1475	A child under the username ' . $u . ' recently registered on our website. The child provided your e-mail address as the one of his or her authorized parent or legal guardian, and to comply with the United States Childrens\' Online Privacy Protection act, we ask that all parents of children ages 13 or under please mail us a written form authorizing their child\'s use of our website.
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1476
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1477	If you wish for your child to be allowed access to our website, please print and fill out the form below, and mail it to this address:
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1478
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1479	' . getConfig('coppa_address') . '
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1480
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1481	If you do NOT wish for your child to be allowed access to our site, you do not need to do anything - your child will not be able to access our site as a registered user unless you authorize their account activation.
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1482
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1483	Authorization form:
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1484	-------------------------------- Cut here --------------------------------
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1485
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1486	I, _______________________________________, the legal parent or guardian of the child registered on the website "' . getConfig('site_name') . '" as ' . $u . ', hereby give my authorization for the child\'s e-mail address, instant messaging information, location, and real name, to be collected and stored in a database owned and maintained by ' . getConfig('site_name') . ' at the child\'s option, and for the administrators of this website to use this information according to the privacy policy displayed on their website <' . $link . '>.
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1487
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1488	Child\'s name: _____________________________________
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1489
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1490	Child\'s e-mail address: _____________________________________
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1491	(optional - if you don\'t provide this, we\'ll just send site-related e-mails to your e-mail address)
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1492
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1493	Signature of parent or guardian:
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1494
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1495	____________________________________________________
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1496
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1497	Date (YYYY-MM-DD): ______ / _____ / _____
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1498
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1499	-------------------------------- Cut here --------------------------------';
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1500	$message .= "\n\nSincerely yours, \n$admin_user and the ".$_SERVER['HTTP_HOST']." administration team";
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1501
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1502	error_reporting(E_ALL);
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1503
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1504	dc_dump($r, 'session: about to send COPPA e-mail to '.$r['email']);
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1505	if(getConfig('smtp_enabled') == '1')
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1506	{
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1507	$result = smtp_send_email($r['email'], getConfig('site_name').' website account activation', preg_replace("#(?<!\r)\n#s", "\n", $message), getConfig('contact_email'));
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1508	if($result == 'success')
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1509	{
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1510	$result = true;
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1511	}
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1512	else
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1513	{
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1514	echo $result;
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1515	$result = false;
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1516	}
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1517	}
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1518	else
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1519	{
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1520	$result = mail($r['email'], getConfig('site_name').' website account activation', preg_replace("#(?<!\r)\n#s", "\n", $message), 'From: '.getConfig('contact_email'));
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1521	}
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1522	return $result;
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1523	}
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1524
7e8fd44b36b0 COPPA support added Dan parents: 21 diff changeset	1525	/**
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1526	* Sends an e-mail to a user so they can reset their password.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1527	* @param int $user The user ID, or username if it's a string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1528	* @return bool true on success, false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1529	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1530
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1531	function mail_password_reset($user)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1532	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1533	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1534	if(is_int($user))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1535	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1536	$q = $this->sql('SELECT user_id,username,email FROM '.table_prefix.'users WHERE user_id='.$user.';'); // This is SAFE! This is only called if $user is an integer
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1537	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1538	elseif(is_string($user))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1539	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1540	$q = $this->sql('SELECT user_id,username,email FROM '.table_prefix.'users WHERE username=\''.$db->escape($user).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1541	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1542	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1543	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1544	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1545	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1546
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1547	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1548	$temp_pass = $this->random_pass();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1549
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1550	$this->register_temp_password($row['user_id'], $temp_pass);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1551
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1552	$site_name = getConfig('site_name');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1553
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1554	$message = "Dear {$row['username']},
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1555
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1556	Someone (hopefully you) on the {$site_name} website requested that a new password be created.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1557
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1558	The request was sent from the IP address {$_SERVER['REMOTE_ADDR']}.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1559
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1560	If you did not request the new password, then you do not need to do anything; the password will be invalidated after 24 hours.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1561
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1562	If you did request this password, then please log in using the password shown below:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1563
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1564	Password: {$temp_pass}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1565
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1566	After you log in using this password, you will be able to reset your real password. You can only log in using this temporary password once.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1567
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1568	Sincerely yours,
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1569	The {$site_name} administration team
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1570	";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1571
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1572	if(getConfig('smtp_enabled') == '1')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1573	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1574	$result = smtp_send_email($row['email'], getConfig('site_name').' password reset', preg_replace("#(?<!\r)\n#s", "\n", $message), getConfig('contact_email'));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1575	if($result == 'success')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1576	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1577	$result = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1578	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1579	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1580	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1581	echo '<p>'.$result.'</p>';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1582	$result = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1583	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1584	} else {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1585	$result = mail($row['email'], getConfig('site_name').' password reset', preg_replace("#(?<!\r)\n#s", "\n", $message), 'From: '.getConfig('contact_email'));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1586	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1587	return $result;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1588	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1589
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1590	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1591	* Sets the temporary password for the specified user to whatever is specified.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1592	* @param int $user_id
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1593	* @param string $password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1594	* @return bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1595	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1596
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1597	function register_temp_password($user_id, $password)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1598	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1599	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1600	$temp_pass = $aes->encrypt($password, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1601	$this->sql('UPDATE '.table_prefix.'users SET temp_password=\'' . $temp_pass . '\',temp_password_time='.time().' WHERE user_id='.intval($user_id).';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1602	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1603
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1604	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1605	* Sends a request to the admin panel to have the username $u activated.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1606	* @param string $u The username of the user requesting activation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1607	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1608
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1609	function admin_activation_request($u)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1610	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1611	global $db;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1612	$this->sql('INSERT INTO '.table_prefix.'logs(log_type, action, time_id, date_string, author, edit_summary) VALUES(\'admin\', \'activ_req\', '.time().', \''.date('d M Y h:i a').'\', \''.$this->username.'\', \''.$db->escape($u).'\');');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1613	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1614
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1615	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1616	* Activates a user account. If the action fails, a report is sent to the admin.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1617	* @param string $user The username of the user requesting activation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1618	* @param string $key The activation key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1619	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1620
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1621	function activate_account($user, $key)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1622	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1623	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1624	$this->sql('UPDATE '.table_prefix.'users SET account_active=1 WHERE username=\''.$db->escape($user).'\' AND activation_key=\''.$db->escape($key).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1625	$r = mysql_affected_rows();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1626	if ( $r > 0 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1627	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1628	$e = $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'activ_good\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($user).'\', \''.$_SERVER['REMOTE_ADDR'].'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1629	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1630	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1631	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1632	$e = $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'activ_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($user).'\', \''.$_SERVER['REMOTE_ADDR'].'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1633	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1634	return $r;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1635	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1636
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1637	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1638	* For a given user level identifier (USER_LEVEL_*), returns a string describing that user level.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1639	* @param int User level
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1640	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1641	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1642
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1643	function userlevel_to_string($user_level)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1644	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1645	switch ( $user_level )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1646	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1647	case USER_LEVEL_GUEST:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1648	return 'Low - guest privileges';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1649	case USER_LEVEL_MEMBER:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1650	return 'Standard - normal member level';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1651	case USER_LEVEL_CHPREF:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1652	return 'Medium - user can change his/her own e-mail address and password';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1653	case USER_LEVEL_MOD:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1654	return 'High - moderator privileges';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1655	case USER_LEVEL_ADMIN:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1656	return 'Highest - administrative privileges';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1657	default:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1658	return "Unknown ($user_level)";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1659	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1660	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1661
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1662	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1663	* Updates a user's information in the database. Note that any of the values except $user_id can be false if you want to preserve the old values.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1664	* @param int $user_id The user ID of the user to update - this cannot be changed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1665	* @param string $username The new username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1666	* @param string $old_pass The current password - only required if sessionManager::$user_level < USER_LEVEL_ADMIN. This should usually be an UNENCRYPTED string. This can also be an array - if it is, key 0 is treated as data AES-encrypted with key 1
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1667	* @param string $password The new password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1668	* @param string $email The new e-mail address
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1669	* @param string $realname The new real name
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1670	* @param string $signature The updated forum/comment signature
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1671	* @param int $user_level The updated user level
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1672	* @return string 'success' if successful, or array of error strings on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1673	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1674
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1675	function update_user($user_id, $username = false, $old_pass = false, $password = false, $email = false, $realname = false, $signature = false, $user_level = false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1676	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1677	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1678
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1679	// Create some arrays
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1680
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1681	$errors = Array(); // Used to hold error strings
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1682	$strs = Array(); // Sub-query statements
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1683
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1684	// Scan the user ID for problems
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1685	if(intval($user_id) < 1) $errors[] = 'SQL injection attempt';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1686
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1687	// Instanciate the AES encryption class
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1688	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1689
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1690	// If all of our input vars are false, then we've effectively done our job so get out of here
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1691	if($username === false && $password === false && $email === false && $realname === false && $signature === false && $user_level === false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1692	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1693	// echo 'debug: $session->update_user(): success (no changes requested)';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1694	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1695	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1696
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1697	// Initialize our authentication check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1698	$authed = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1699
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1700	// Verify the inputted password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1701	if(is_string($old_pass))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1702	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1703	$q = $this->sql('SELECT password FROM '.table_prefix.'users WHERE user_id='.$user_id.';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1704	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1705	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1706	$errors[] = 'The password data could not be selected for verification.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1707	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1708	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1709	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1710	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1711	$real = $aes->decrypt($row['password'], $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1712	if($real == $old_pass)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1713	$authed = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1714	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1715	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1716
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1717	elseif(is_array($old_pass))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1718	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1719	$old_pass = $aes->decrypt($old_pass[0], $old_pass[1]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1720	$q = $this->sql('SELECT password FROM '.table_prefix.'users WHERE user_id='.$user_id.';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1721	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1722	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1723	$errors[] = 'The password data could not be selected for verification.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1724	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1725	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1726	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1727	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1728	$real = $aes->decrypt($row['password'], $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1729	if($real == $old_pass)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1730	$authed = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1731	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1732	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1733
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1734	// Initialize our query
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1735	$q = 'UPDATE '.table_prefix.'users SET ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1736
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1737	if($this->auth_level >= USER_LEVEL_ADMIN \|\| $authed) // Need the current password in order to update the e-mail address, change the username, or reset the password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1738	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1739	// Username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1740	if(is_string($username))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1741	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1742	// Check the username for problems
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1743	if(!preg_match('#^'.$this->valid_username.'$#', $username))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1744	$errors[] = 'The username you entered contains invalid characters.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1745	$strs[] = 'username=\''.$db->escape($username).'\'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1746	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1747	// Password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1748	if(is_string($password) && strlen($password) >= 6)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1749	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1750	// Password needs to be encrypted before being stashed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1751	$encpass = $aes->encrypt($password, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1752	if(!$encpass)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1753	$errors[] = 'The password could not be encrypted due to an internal error.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1754	$strs[] = 'password=\''.$encpass.'\'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1755	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1756	// E-mail addy
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1757	if(is_string($email))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1758	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1759	// I didn't write this regex.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1760	if(!preg_match('/^(?:[\w\d]+\.?)+@(?:(?:[\w\d]\-?)+\.)+\w{2,4}$/', $email))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1761	$errors[] = 'The e-mail address you entered is invalid.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1762	$strs[] = 'email=\''.$db->escape($email).'\'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1763	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1764	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1765	// Real name
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1766	if(is_string($realname))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1767	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1768	$strs[] = 'real_name=\''.$db->escape($realname).'\'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1769	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1770	// Forum/comment signature
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1771	if(is_string($signature))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1772	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1773	$strs[] = 'signature=\''.$db->escape($signature).'\'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1774	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1775	// User level
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1776	if(is_int($user_level))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1777	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1778	$strs[] = 'user_level='.$user_level;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1779	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1780
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1781	// Add our generated query to the query string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1782	$q .= implode(',', $strs);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1783
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1784	// One last error check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1785	if(sizeof($strs) < 1) $errors[] = 'An internal error occured building the SQL query, this is a bug';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1786	if(sizeof($errors) > 0) return $errors;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1787
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1788	// Free our temp arrays
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1789	unset($strs, $errors);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1790
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1791	// Finalize the query and run it
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1792	$q .= ' WHERE user_id='.$user_id.';';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1793	$this->sql($q);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1794
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1795	// We also need to trigger re-activation.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1796	if ( is_string($email) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1797	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1798	switch(getConfig('account_activation'))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1799	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1800	case 'user':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1801	case 'admin':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1802
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1803	if ( $session->user_level >= USER_LEVEL_MOD && getConfig('account_activation') == 'admin' )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1804	// Don't require re-activation by admins for admins
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1805	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1806
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1807	// retrieve username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1808	if ( !$username )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1809	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1810	$q = $this->sql('SELECT username FROM '.table_prefix.'users WHERE user_id='.$user_id.';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1811	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1812	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1813	$errors[] = 'The username could not be selected.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1814	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1815	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1816	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1817	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1818	$username = $row['username'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1819	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1820	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1821	if ( !$username )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1822	return $errors;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1823
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1824	// Generate a totally random activation key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1825	$actkey = sha1 ( microtime() . mt_rand() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1826	$a = $this->send_activation_mail($username, $actkey);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1827	if(!$a)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1828	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1829	$this->admin_activation_request($username);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1830	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1831	// Deactivate the account until e-mail is confirmed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1832	$q = $db->sql_query('UPDATE '.table_prefix.'users SET account_active=0,activation_key=\'' . $actkey . '\' WHERE user_id=' . $user_id . ';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1833	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1834	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1835	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1836
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1837	// Yay! We're done
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1838	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1839	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1840
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1841	#
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1842	# Access Control Lists
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1843	#
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1844
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1845	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1846	* Creates a new permission field in memory. If the permissions are set in the database, they are used. Otherwise, $default_perm is used.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1847	* @param string $acl_type An identifier for this field
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1848	* @param int $default_perm Whether permission should be granted or not if it's not specified in the ACLs.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1849	* @param string $desc A human readable name for the permission type
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1850	* @param array $deps The list of dependencies - this should be an array of ACL types
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1851	* @param string $scope Which namespaces this field should apply to. This should be either a pipe-delimited list of namespace IDs or just "All".
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1852	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1853
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1854	function register_acl_type($acl_type, $default_perm = AUTH_DISALLOW, $desc = false, $deps = Array(), $scope = 'All')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1855	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1856	if(isset($this->acl_types[$acl_type]))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1857	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1858	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1859	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1860	if(!$desc)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1861	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1862	$desc = capitalize_first_letter(str_replace('_', ' ', $acl_type));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1863	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1864	$this->acl_types[$acl_type] = $default_perm;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1865	$this->acl_descs[$acl_type] = $desc;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1866	$this->acl_deps[$acl_type] = $deps;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1867	$this->acl_scope[$acl_type] = explode('\|', $scope);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1868	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1869	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1870	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1871
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1872	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1873	* Tells us whether permission $type is allowed or not based on the current rules.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1874	* @param string $type The permission identifier ($acl_type passed to sessionManager::register_acl_type())
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1875	* @param bool $no_deps If true, disables dependency checking
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1876	* @return bool True if allowed, false if denied or if an error occured
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1877	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1878
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1879	function get_permissions($type, $no_deps = false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1880	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1881	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1882	if ( isset( $this->perms[$type] ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1883	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1884	if ( $this->perms[$type] == AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1885	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1886	else if ( $this->perms[$type] == AUTH_WIKIMODE && $paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1887	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1888	else if ( $this->perms[$type] == AUTH_WIKIMODE && !$paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1889	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1890	else if ( $this->perms[$type] == AUTH_ALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1891	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1892	else if ( $this->perms[$type] == AUTH_DISALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1893	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1894	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1895	else if(isset($this->acl_types[$type]))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1896	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1897	if ( $this->acl_types[$type] == AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1898	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1899	else if ( $this->acl_types[$type] == AUTH_WIKIMODE && $paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1900	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1901	else if ( $this->acl_types[$type] == AUTH_WIKIMODE && !$paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1902	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1903	else if ( $this->acl_types[$type] == AUTH_ALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1904	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1905	else if ( $this->acl_types[$type] == AUTH_DISALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1906	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1907	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1908	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1909	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1910	// ACL type is undefined
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1911	trigger_error('Unknown access type "' . $type . '"', E_USER_WARNING);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1912	return false; // Be on the safe side and deny access
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1913	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1914	if ( !$no_deps )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1915	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1916	if ( !$this->acl_check_deps($type) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1917	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1918	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1919	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1920	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1921
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1922	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1923	* Fetch the permissions that apply to the current user for the page specified. The object you get will have the get_permissions method
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1924	* and several other abilities.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1925	* @param string $page_id
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1926	* @param string $namespace
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1927	* @return object
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1928	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1929
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1930	function fetch_page_acl($page_id, $namespace)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1931	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1932	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1933
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1934	if ( count ( $this->acl_base_cache ) < 1 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1935	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1936	// Permissions table not yet initialized
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1937	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1938	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1939
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1940	//if ( !isset( $paths->pages[$paths->nslist[$namespace] . $page_id] ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1941	//{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1942	// // Page does not exist
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1943	// return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1944	//}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1945
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1946	$object = new Session_ACLPageInfo( $page_id, $namespace, $this->acl_types, $this->acl_descs, $this->acl_deps, $this->acl_base_cache );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1947
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1948	return $object;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1949
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1950	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1951
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1952	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1953	* Read all of our permissions from the database and process/apply them. This should be called after the page is determined.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1954	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1955	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1956
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1957	function init_permissions()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1958	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1959	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1960	// Initialize the permissions list with some defaults
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1961	$this->perms = $this->acl_types;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1962	$this->acl_defaults_used = $this->perms;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1963
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1964	// Fetch sitewide defaults from the permissions table
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1965	$bs = 'SELECT rules FROM '.table_prefix.'acl WHERE page_id IS NULL AND namespace IS NULL AND ( ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1966
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1967	$q = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1968	$q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$this->user_id.' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1969	if(count($this->groups) > 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1970	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1971	foreach($this->groups as $g_id => $g_name)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1972	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1973	$q[] = '( target_type='.ACL_TYPE_GROUP.' AND target_id='.intval($g_id).' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1974	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1975	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1976	$bs .= implode(' OR ', $q) . ' ) ORDER BY target_type ASC, target_id ASC;';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1977	$q = $this->sql($bs);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1978	if ( $row = $db->fetchrow() )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1979	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1980	do {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1981	$rules = $this->string_to_perm($row['rules']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1982	$is_everyone = ( $row['target_type'] == ACL_TYPE_GROUP && $row['target_id'] == 1 );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1983	$this->acl_merge_with_current($rules, $is_everyone);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1984	} while ( $row = $db->fetchrow() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1985	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1986
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1987	// Eliminate types that don't apply to this namespace
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1988	foreach ( $this->perms AS $i => $perm )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1989	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1990	if ( !in_array ( $paths->namespace, $this->acl_scope[$i] ) && !in_array('All', $this->acl_scope[$i]) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1991	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1992	unset($this->perms[$i]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1993	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1994	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1995
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1996	// Cache the sitewide permissions for later use
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1997	$this->acl_base_cache = $this->perms;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1998
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1999	// Build a query to grab ACL info
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2000	$bs = 'SELECT rules,target_type,target_id FROM '.table_prefix.'acl WHERE ( ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2001	$q = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2002	$q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$this->user_id.' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2003	if(count($this->groups) > 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2004	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2005	foreach($this->groups as $g_id => $g_name)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2006	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2007	$q[] = '( target_type='.ACL_TYPE_GROUP.' AND target_id='.intval($g_id).' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2008	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2009	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2010	// The reason we're using an ORDER BY statement here is because ACL_TYPE_GROUP is less than ACL_TYPE_USER, causing the user's individual
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2011	// permissions to override group permissions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2012	$bs .= implode(' OR ', $q) . ' ) AND ( page_id=\''.$db->escape($paths->cpage['urlname_nons']).'\' AND namespace=\''.$db->escape($paths->namespace).'\' )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2013	ORDER BY target_type ASC, page_id ASC, namespace ASC;';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2014	$q = $this->sql($bs);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2015	if ( $row = $db->fetchrow() )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2016	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2017	do {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2018	$rules = $this->string_to_perm($row['rules']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2019	$is_everyone = ( $row['target_type'] == ACL_TYPE_GROUP && $row['target_id'] == 1 );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2020	$this->acl_merge_with_current($rules, $is_everyone);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2021	} while ( $row = $db->fetchrow() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2022	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2023
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2024	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2025
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2026	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2027	* Extends the scope of a permission type.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2028	* @param string The name of the permission type
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2029	* @param string The namespace(s) that should be covered. This can be either one namespace ID or a pipe-delimited list.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2030	* @param object Optional - the current $paths object, in case we're doing this from the acl_rule_init hook
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2031	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2032
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2033	function acl_extend_scope($perm_type, $namespaces, &$p_in)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2034	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2035	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2036	$p_obj = ( is_object($p_in) ) ? $p_in : $paths;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2037	$nslist = explode('\|', $namespaces);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2038	foreach ( $nslist as $i => $ns )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2039	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2040	if ( !isset($p_obj->nslist[$ns]) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2041	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2042	unset($nslist[$i]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2043	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2044	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2045	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2046	$this->acl_scope[$perm_type][] = $ns;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2047	if ( isset($this->acl_types[$perm_type]) && !isset($this->perms[$perm_type]) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2048	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2049	$this->perms[$perm_type] = $this->acl_types[$perm_type];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2050	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2051	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2052	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2053	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2054
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2055	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2056	* Converts a permissions field into a string for database insertion. Similar in spirit to serialize().
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2057	* @param array $perms An associative array with only integers as values
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2058	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2059	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2060
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2061	function perm_to_string($perms)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2062	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2063	$s = '';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2064	foreach($perms as $perm => $ac)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2065	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2066	$s .= "$perm=$ac;";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2067	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2068	return $s;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2069	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2070
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2071	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2072	* Converts a permissions string back to an array.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2073	* @param string $perms The result from sessionManager::perm_to_string()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2074	* @return array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2075	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2076
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2077	function string_to_perm($perms)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2078	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2079	$ret = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2080	preg_match_all('#([a-z0-9_-]+)=([0-9]+);#i', $perms, $matches);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2081	foreach($matches[1] as $i => $t)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2082	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2083	$ret[$t] = intval($matches[2][$i]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2084	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2085	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2086	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2087
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2088	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2089	* Merges two ACL arrays. Both parameters should be permission list arrays. The second group takes precedence over the first, but AUTH_DENY always prevails.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2090	* @param array $perm1 The first set of permissions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2091	* @param array $perm2 The second set of permissions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2092	* @return array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2093	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2094
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2095	function acl_merge($perm1, $perm2)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2096	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2097	$ret = $perm1;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2098	foreach ( $perm2 as $type => $level )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2099	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2100	if ( isset( $ret[$type] ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2101	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2102	if ( $ret[$type] != AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2103	$ret[$type] = $level;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2104	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2105	// else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2106	// {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2107	// $ret[$type] = $level;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2108	// }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2109	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2110	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2111	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2112
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2113	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2114	* Merges the ACL array sent with the current permissions table, deciding precedence based on whether defaults are in effect or not.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2115	* @param array The array to merge into the master ACL list
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2116	* @param bool If true, $perm is treated as the "new default"
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2117	* @param int 1 if this is a site-wide ACL, 2 if page-specific. Defaults to 2.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2118	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2119
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2120	function acl_merge_with_current($perm, $is_everyone = false, $scope = 2)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2121	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2122	foreach ( $this->perms as $i => $p )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2123	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2124	if ( isset($perm[$i]) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2125	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2126	if ( $is_everyone && !$this->acl_defaults_used[$i] )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2127	continue;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2128	// Decide precedence
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2129	if ( isset($this->acl_defaults_used[$i]) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2130	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2131	//echo "$i: default in use, overriding to: {$perm[$i]}<br />";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2132	// Defaults are in use, override
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2133	$this->perms[$i] = $perm[$i];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2134	$this->acl_defaults_used[$i] = ( $is_everyone );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2135	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2136	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2137	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2138	//echo "$i: default NOT in use";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2139	// Defaults are not in use, merge as normal
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2140	if ( $this->perms[$i] != AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2141	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2142	//echo ", but overriding";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2143	$this->perms[$i] = $perm[$i];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2144	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2145	//echo "<br />";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2146	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2147	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2148	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2149	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2150
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2151	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2152	* Merges two ACL arrays. Both parameters should be permission list arrays. The second group takes precedence
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2153	* over the first, without exceptions. This is used to merge the hardcoded defaults with admin-specified
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2154	* defaults, which take precedence.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2155	* @param array $perm1 The first set of permissions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2156	* @param array $perm2 The second set of permissions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2157	* @return array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2158	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2159
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2160	function acl_merge_complete($perm1, $perm2)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2161	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2162	$ret = $perm1;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2163	foreach ( $perm2 as $type => $level )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2164	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2165	$ret[$type] = $level;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2166	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2167	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2168	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2169
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2170	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2171	* Tell us if the dependencies for a given permission are met.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2172	* @param string The ACL permission ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2173	* @return bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2174	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2175
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2176	function acl_check_deps($type)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2177	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2178	if(!isset($this->acl_deps[$type])) // This will only happen if the permissions table is hacked or improperly accessed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2179	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2180	if(sizeof($this->acl_deps[$type]) < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2181	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2182	$deps = $this->acl_deps[$type];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2183	while(true)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2184	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2185	$full_resolved = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2186	$j = sizeof($deps);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2187	for ( $i = 0; $i < $j; $i++ )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2188	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2189	$b = $deps;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2190	$deps = array_merge($deps, $this->acl_deps[$deps[$i]]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2191	if( $b == $deps )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2192	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2193	break 2;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2194	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2195	$j = sizeof($deps);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2196	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2197	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2198	//die('<pre>'.print_r($deps, true).'</pre>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2199	foreach($deps as $d)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2200	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2201	if ( !$this->get_permissions($d) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2202	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2203	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2204	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2205	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2206	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2207	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2208
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2209	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2210	* Makes a CAPTCHA code and caches the code in the database
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2211	* @param int $len The length of the code, in bytes
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2212	* @return string A unique identifier assigned to the code. This hash should be passed to sessionManager::getCaptcha() to retrieve the code.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2213	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2214
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2215	function make_captcha($len = 7)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2216	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2217	$chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2218	$s = '';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2219	for($i=0;$i<$len;$i++) $s .= $chars[mt_rand(0, count($chars)-1)];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2220	$hash = md5(microtime() . mt_rand());
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2221	$this->sql('INSERT INTO '.table_prefix.'session_keys(session_key,salt,auth_level,source_ip,user_id) VALUES(\''.$hash.'\', \''.$s.'\', -1, \''.ip2hex($_SERVER['REMOTE_ADDR']).'\', -2);');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2222	return $hash;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2223	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2224
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2225	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2226	* For the given code ID, returns the correct CAPTCHA code, or false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2227	* @param string $hash The unique ID assigned to the code
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2228	* @return string The correct confirmation code
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2229	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2230
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2231	function get_captcha($hash)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2232	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2233	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2234	$s = $this->sql('SELECT salt FROM '.table_prefix.'session_keys WHERE session_key=\''.$db->escape($hash).'\' AND source_ip=\''.ip2hex($_SERVER['REMOTE_ADDR']).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2235	if($db->numrows() < 1) return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2236	$r = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2237	return $r['salt'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2238	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2239
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2240	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2241	* Deletes all CAPTCHA codes cached in the DB for this user.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2242	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2243
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2244	function kill_captcha()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2245	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2246	$this->sql('DELETE FROM '.table_prefix.'session_keys WHERE user_id=-2 AND source_ip=\''.ip2hex($_SERVER['REMOTE_ADDR']).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2247	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2248
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2249	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2250	* Generates a random password.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2251	* @param int $length Optional - length of password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2252	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2253	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2254
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2255	function random_pass($length = 10)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2256	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2257	$valid_chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_+@#%&<>';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2258	$valid_chars = enano_str_split($valid_chars);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2259	$ret = '';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2260	for ( $i = 0; $i < $length; $i++ )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2261	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2262	$ret .= $valid_chars[mt_rand(0, count($valid_chars)-1)];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2263	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2264	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2265	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2266
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2267	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2268	* Generates some Javascript that calls the AES encryption library.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2269	* @param string The name of the form
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2270	* @param string The name of the password field
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2271	* @param string The name of the field that switches encryption on or off
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2272	* @param string The name of the field that contains the encryption key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2273	* @param string The name of the field that will contain the encrypted password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2274	* @param string The name of the field that handles MD5 challenge data
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2275	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2276	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2277
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2278	function aes_javascript($form_name, $pw_field, $use_crypt, $crypt_key, $crypt_data, $challenge)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2279	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2280	$code = '
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2281	<script type="text/javascript">
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2282	disableJSONExts();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2283	str = \'\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2284	for(i=0;i<keySizeInBits/4;i++) str+=\'0\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2285	var key = hexToByteArray(str);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2286	var pt = hexToByteArray(str);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2287	var ct = rijndaelEncrypt(pt, key, \'ECB\');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2288	var ct = byteArrayToHex(ct);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2289	switch(keySizeInBits)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2290	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2291	case 128:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2292	v = \'66e94bd4ef8a2c3b884cfa59ca342b2e\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2293	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2294	case 192:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2295	v = \'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2296	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2297	case 256:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2298	v = \'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2299	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2300	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2301	var testpassed = ' . ( ( isset($_GET['use_crypt']) && $_GET['use_crypt']=='0') ? 'false; // CRYPTO-AUTH DISABLED ON USER REQUEST // ' : '' ) . '( ct == v && md5_vm_test() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2302	var frm = document.forms.'.$form_name.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2303	if(testpassed)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2304	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2305	frm.'.$use_crypt.'.value = \'yes\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2306	var cryptkey = frm.'.$crypt_key.'.value;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2307	frm.'.$crypt_key.'.value = hex_md5(cryptkey);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2308	cryptkey = hexToByteArray(cryptkey);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2309	if(!cryptkey \|\| ( ( typeof cryptkey == \'string\' \|\| typeof cryptkey == \'object\' ) ) && cryptkey.length != keySizeInBits / 8 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2310	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2311	if ( frm._login ) frm._login.disabled = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2312	len = ( typeof cryptkey == \'string\' \|\| typeof cryptkey == \'object\' ) ? \'\\nLen: \'+cryptkey.length : \'\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2313	alert(\'The key is messed up\\nType: \'+typeof(cryptkey)+len);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2314	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2315	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2316	if(frm.username) frm.username.focus();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2317	function runEncryption()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2318	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2319	if(testpassed)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2320	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2321	pass = frm.'.$pw_field.'.value;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2322	chal = frm.'.$challenge.'.value;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2323	challenge = hex_md5(pass + chal) + chal;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2324	frm.'.$challenge.'.value = challenge;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2325	pass = stringToByteArray(pass);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2326	cryptstring = rijndaelEncrypt(pass, cryptkey, \'ECB\');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2327	if(!cryptstring)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2328	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2329	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2330	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2331	cryptstring = byteArrayToHex(cryptstring);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2332	frm.'.$crypt_data.'.value = cryptstring;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2333	frm.'.$pw_field.'.value = \'\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2334	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2335	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2336	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2337	</script>
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2338	';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2339	return $code;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2340	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2341
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2342	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2343
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2344	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2345	* Class used to fetch permissions for a specific page. Used internally by SessionManager.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2346	* @package Enano
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2347	* @subpackage Session manager
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2348	* @license http://www.gnu.org/copyleft/gpl.html
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2349	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2350	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2351
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2352	class Session_ACLPageInfo {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2353
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2354	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2355	* The page ID of this ACL info package
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2356	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2357	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2358
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2359	var $page_id;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2360
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2361	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2362	* The namespace of the page being checked
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2363	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2364	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2365
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2366	var $namespace;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2367
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2368	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2369	* Our list of permission types.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2370	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2371	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2372	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2373
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2374	var $acl_types = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2375
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2376	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2377	* The list of descriptions for the permission types
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2378	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2379	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2380
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2381	var $acl_descs = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2382
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2383	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2384	* A list of dependencies for ACL types.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2385	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2386	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2387
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2388	var $acl_deps = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2389
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2390	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2391	* Our tell-all list of permissions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2392	* @access private - or, preferably, protected...too bad this has to be PHP4 compatible
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2393	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2394	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2395
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2396	var $perms = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2397
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2398	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2399	* Constructor.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2400	* @param string $page_id The ID of the page to check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2401	* @param string $namespace The namespace of the page to check.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2402	* @param array $acl_types List of ACL types
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2403	* @param array $acl_descs List of human-readable descriptions for permissions (associative)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2404	* @param array $acl_deps List of dependencies for permissions. For example, viewing history/diffs depends on the ability to read the page.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2405	* @param array $base What to start with - this is an attempt to reduce the number of SQL queries.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2406	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2407
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2408	function Session_ACLPageInfo($page_id, $namespace, $acl_types, $acl_descs, $acl_deps, $base)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2409	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2410	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2411
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2412	$this->perms = $session->acl_merge_complete($acl_types, $base);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2413	$this->acl_deps = $acl_deps;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2414	$this->acl_types = $acl_types;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2415	$this->acl_descs = $acl_descs;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2416
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2417	// Build a query to grab ACL info
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2418	$bs = 'SELECT rules FROM '.table_prefix.'acl WHERE ( ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2419	$q = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2420	$q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$session->user_id.' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2421	if(count($session->groups) > 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2422	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2423	foreach($session->groups as $g_id => $g_name)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2424	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2425	$q[] = '( target_type='.ACL_TYPE_GROUP.' AND target_id='.intval($g_id).' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2426	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2427	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2428	// The reason we're using an ORDER BY statement here is because ACL_TYPE_GROUP is less than ACL_TYPE_USER, causing the user's individual
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2429	// permissions to override group permissions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2430	$bs .= implode(' OR ', $q) . ' ) AND ( page_id=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\' )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2431	ORDER BY target_type ASC, page_id ASC, namespace ASC;';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2432	$q = $session->sql($bs);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2433	if ( $row = $db->fetchrow() )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2434	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2435	do {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2436	$rules = $session->string_to_perm($row['rules']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2437	$this->perms = $session->acl_merge($this->perms, $rules);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2438	} while ( $row = $db->fetchrow() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2439	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2440
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2441	$this->page_id = $page_id;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2442	$this->namespace = $namespace;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2443	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2444
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2445	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2446	* Tells us whether permission $type is allowed or not based on the current rules.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2447	* @param string $type The permission identifier ($acl_type passed to sessionManager::register_acl_type())
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2448	* @param bool $no_deps If true, disables dependency checking
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2449	* @return bool True if allowed, false if denied or if an error occured
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2450	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2451
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2452	function get_permissions($type, $no_deps = false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2453	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2454	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2455	if ( isset( $this->perms[$type] ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2456	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2457	if ( $this->perms[$type] == AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2458	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2459	else if ( $this->perms[$type] == AUTH_WIKIMODE &&
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2460	( isset($paths->pages[$paths->nslist[$this->namespace].$this->page_id]) &&
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2461	( $paths->pages[$paths->nslist[$this->namespace].$this->page_id]['wiki_mode'] == '1' \|\|
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2462	( $paths->pages[$paths->nslist[$this->namespace].$this->page_id]['wiki_mode'] == '2'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2463	&& getConfig('wiki_mode') == '1'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2464	) ) ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2465	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2466	else if ( $this->perms[$type] == AUTH_WIKIMODE && (
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2467	!isset($paths->pages[$paths->nslist[$this->namespace].$this->page_id])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2468	\|\| (
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2469	isset($paths->pages[$paths->nslist[$this->namespace].$this->page_id]) && (
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2470	$paths->pages[$paths->nslist[$this->namespace].$this->page_id]['wiki_mode'] == '0'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2471	\|\| (
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2472	$paths->pages[$paths->nslist[$this->namespace].$this->page_id]['wiki_mode'] == '2' && getConfig('wiki_mode') != '1'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2473	) ) ) ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2474	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2475	else if ( $this->perms[$type] == AUTH_ALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2476	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2477	else if ( $this->perms[$type] == AUTH_DISALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2478	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2479	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2480	else if(isset($this->acl_types[$type]))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2481	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2482	if ( $this->acl_types[$type] == AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2483	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2484	else if ( $this->acl_types[$type] == AUTH_WIKIMODE && $paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2485	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2486	else if ( $this->acl_types[$type] == AUTH_WIKIMODE && !$paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2487	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2488	else if ( $this->acl_types[$type] == AUTH_ALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2489	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2490	else if ( $this->acl_types[$type] == AUTH_DISALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2491	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2492	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2493	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2494	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2495	// ACL type is undefined
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2496	trigger_error('Unknown access type "' . $type . '"', E_USER_WARNING);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2497	return false; // Be on the safe side and deny access
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2498	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2499	if ( !$no_deps )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2500	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2501	if ( !$this->acl_check_deps($type) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2502	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2503	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2504	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2505	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2506
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2507	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2508	* Tell us if the dependencies for a given permission are met.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2509	* @param string The ACL permission ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2510	* @return bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2511	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2512
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2513	function acl_check_deps($type)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2514	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2515	if(!isset($this->acl_deps[$type])) // This will only happen if the permissions table is hacked or improperly accessed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2516	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2517	if(sizeof($this->acl_deps[$type]) < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2518	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2519	$deps = $this->acl_deps[$type];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2520	while(true)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2521	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2522	$full_resolved = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2523	$j = sizeof($deps);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2524	for ( $i = 0; $i < $j; $i++ )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2525	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2526	$b = $deps;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2527	$deps = array_merge($deps, $this->acl_deps[$deps[$i]]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2528	if( $b == $deps )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2529	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2530	break 2;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2531	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2532	$j = sizeof($deps);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2533	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2534	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2535	//die('<pre>'.print_r($deps, true).'</pre>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2536	foreach($deps as $d)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2537	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2538	if ( !$this->get_permissions($d) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2539	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2540	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2541	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2542	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2543	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2544	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2545
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2546	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2547
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2548	?>

author	Dan
	Thu, 28 Jun 2007 13:49:40 -0400
changeset 30	7e8fd44b36b0
parent 21	663fcf528726
child 31	dc8741857bde
permissions	-rw-r--r--