<?php

/*

 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between

 * Version 1.1.1 (Caoineag alpha 1)

 * Copyright (C) 2006-2007 Dan Fuhry

 * sessions.php - everything related to security and user management

 *

 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License

 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied

 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.

 */

/**

 * Anything and everything related to security and user management. This includes AES encryption, which is illegal in some countries.

 * Documenting the API was not easy - I hope you folks enjoy it.

 * @package Enano

 * @subpackage Session manager

 * @category security, user management, logins, etc.

 */

class sessionManager {

  # Variables

  /**

   * Whether we're logged in or not

   * @var bool

   */

  var $user_logged_in = false;

  /**

   * Our current low-privilege session key

   * @var string

   */

  var $sid;

  /**

   * Username of currently logged-in user, or IP address if not logged in

   * @var string

   */

  var $username;

  /**

   * User ID of currently logged-in user, or -1 if not logged in

   * @var int

   */

  var $user_id;

  /**

   * Real name of currently logged-in user, or blank if not logged in

   * @var string

   */

  var $real_name;

  /**

   * E-mail address of currently logged-in user, or blank if not logged in

   * @var string

   */

  var $email;

  /**

   * List of "extra" user information fields (IM handles, etc.)

   * @var array (associative)

   */

  var $user_extra;

  /**

   * User level of current user

   * USER_LEVEL_GUEST: guest

   * USER_LEVEL_MEMBER: regular user

   * USER_LEVEL_CHPREF: default - pseudo-level that allows changing password and e-mail address (requires re-authentication)

   * USER_LEVEL_MOD: moderator

   * USER_LEVEL_ADMIN: administrator

   * @var int

   */

  var $user_level;

  /**

   * High-privilege session key

   * @var string or false if not running on high-level authentication

   */

  var $sid_super;

  /**

   * The user's theme preference, defaults to $template->default_theme

   * @var string

   */

  var $theme;

  /**

   * The user's style preference, or style auto-detected based on theme if not logged in

   * @var string

   */

  var $style;

  /**

   * Signature of current user - appended to comments, etc.

   * @var string

   */

  var $signature;

  /**

   * UNIX timestamp of when we were registered, or 0 if not logged in

   * @var int

   */

  var $reg_time;

  /**

   * MD5 hash of the current user's password, if applicable

   * @var string OR bool false

   */

  var $password_hash;

  /**

   * The number of unread private messages this user has.

   * @var int

   */

  var $unread_pms = 0;

  /**

   * AES key used to encrypt passwords and session key info - irreversibly destroyed when disallow_password_grab() is called

   * @var string

   */

  var $private_key;

  /**

   * Regex that defines a valid username, minus the ^ and $, these are added later

   * @var string

   */

  var $valid_username = '([^<>&\?\'"%\n\r\t\a\/]+)';

  /**

   * What we're allowed to do as far as permissions go. This changes based on the value of the "auth" URI param.

   * @var string

   */

  var $auth_level = -1;

  /**

   * State variable to track if a session timed out

   * @var bool

   */

  var $sw_timed_out = false;

  /**

   * Switch to track if we're started or not.

   * @access private

   * @var bool

   */

  var $started = false;

  /**

   * Switch to control compatibility mode (for older Enano websites being upgraded)

   * @access private

   * @var bool

   */

  var $compat = false;

  /**

   * Our list of permission types.

   * @access private

   * @var array

   */

  var $acl_types = Array();

  /**

   * The list of descriptions for the permission types

   * @var array

   */

  var $acl_descs = Array();

  /**

   * A list of dependencies for ACL types.

   * @var array

   */

  var $acl_deps = Array();

  /**

   * Our tell-all list of permissions. Do not even try to change this.

   * @access private

   * @var array

   */

  var $perms = Array();

  /**

   * A cache variable - saved after sitewide permissions are checked but before page-specific permissions.

   * @var array

   * @access private

   */

  var $acl_base_cache = Array();

  /**

   * Stores the scope information for ACL types.

   * @var array

   * @access private

   */

  var $acl_scope = Array();

  /**

   * Array to track which default permissions are being used

   * @var array

   * @access private

   */

  var $acl_defaults_used = Array();

  /**

   * Array to track group membership.

   * @var array

   */

  var $groups = Array();

  /**

   * Associative array to track group modship.

   * @var array

   */

  var $group_mod = Array();

  # Basic functions

  /**

   * Constructor.

   */

  function __construct()

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    if ( defined('IN_ENANO_INSTALL') && !defined('IN_ENANO_UPGRADE') )

    {

      @include(ENANO_ROOT.'/config.new.php');

    }

    else

    {

      @include(ENANO_ROOT.'/config.php');

    }

    unset($dbhost, $dbname, $dbuser, $dbpasswd);

    if(isset($crypto_key))

    {

      $this->private_key = $crypto_key;

      $this->private_key = hexdecode($this->private_key);

    }

    else

    {

      if(is_writable(ENANO_ROOT.'/config.php'))

      {

        // Generate and stash a private key

        // This should only happen during an automated silent gradual migration to the new encryption platform.

        $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);

        $this->private_key = $aes->gen_readymade_key();

        $config = file_get_contents(ENANO_ROOT.'/config.php');

        if(!$config)

        {

          die('$session->__construct(): can\'t get the contents of config.php');

        }

        $config = str_replace("?>", "\$crypto_key = '{$this->private_key}';\n?>", $config);

        // And while we're at it...

        $config = str_replace('MIDGET_INSTALLED', 'ENANO_INSTALLED', $config);

        $fh = @fopen(ENANO_ROOT.'/config.php', 'w');

        if ( !$fh ) 

        {

          die('$session->__construct(): Couldn\'t open config file for writing to store the private key, I tried to avoid something like this...');

        }

        fwrite($fh, $config);

        fclose($fh);

      }

      else

      {

        die_semicritical('Crypto error', '<p>No private key was found in the config file, and we can\'t generate one because we don\'t have write access to the config file. Please CHMOD config.php to 666 or 777 and reload this page.</p>');

      }

    }

    // Check for compatibility mode

    if(defined('IN_ENANO_INSTALL'))

    {

      $q = $db->sql_query('SELECT old_encryption FROM '.table_prefix.'users LIMIT 1;');

      if(!$q)

      {

        $error = mysql_error();

        if(strstr($error, "Unknown column 'old_encryption'"))

          $this->compat = true;

        else

          $db->_die('This should never happen and is a bug - the only error that was supposed to happen here didn\'t happen. (sessions.php in constructor, during compat mode check)');

      }

      $db->free_result();

    }

  }

  /**

   * PHP 4 compatible constructor. Deprecated in 1.1.x.

   */

  /*

  function sessionManager()

  {

    $this->__construct();

  }

  */

  /**

   * Wrapper function to sanitize strings for MySQL and HTML

   * @param string $text The text to sanitize

   * @return string

   */

  function prepare_text($text)

  {

    global $db;

    return $db->escape(htmlspecialchars($text));

  }

  /**

   * Makes a SQL query and handles error checking

   * @param string $query The SQL query to make

   * @return resource

   */

  function sql($query)

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    $result = $db->sql_query($query);

    if(!$result)

    {

      $db->_die('The error seems to have occurred somewhere in the session management code.');

    }

    return $result;

  }

  # Session restoration and permissions

  /**

   * Initializes the basic state of things, including most user prefs, login data, cookie stuff

   */

  function start()

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    global $lang;

    if($this->started) return;

    $this->started = true;

    $user = false;

    if(isset($_COOKIE['sid']))

    {

      if($this->compat)

      {

        $userdata = $this->compat_validate_session($_COOKIE['sid']);

      }

      else

      {

        $userdata = $this->validate_session($_COOKIE['sid']);

      }

      if(is_array($userdata))

      {

        $data = RenderMan::strToPageID($paths->get_pageid_from_url());

        if(!$this->compat && $userdata['account_active'] != 1 && $data[1] != 'Special' && $data[1] != 'Admin')

        {

          $language = intval(getConfig('default_language'));

          $lang = new Language($language);

          $this->logout();

          $a = getConfig('account_activation');

          switch($a)

          {

            case 'none':

            default:

              $solution = $lang->get('user_login_noact_solution_none');

              break;

            case 'user':

              $solution = $lang->get('user_login_noact_solution_user');

              break;

            case 'admin':

              $solution = $lang->get('user_login_noact_solution_admin');

              break;

          }

          // admin activation request opportunity

          $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND edit_summary=\'' . $db->escape($userdata['username']) . '\';');

          if ( !$q )

            $db->_die();

          $can_request = ( $db->numrows() < 1 );

          $db->free_result();

          if ( isset($_POST['logout']) )

          {

            $this->sid = $_COOKIE['sid'];

            $this->user_logged_in = true;

            $this->user_id =       intval($userdata['user_id']);

            $this->username =      $userdata['username'];

            $this->auth_level =    USER_LEVEL_MEMBER;

            $this->user_level =    USER_LEVEL_MEMBER;

            $this->logout();

            redirect(scriptPath . '/', $lang->get('user_login_noact_msg_logout_success_title'), $lang->get('user_login_noact_msg_logout_success_body'), 5);

          }

          if ( $can_request && !isset($_POST['activation_request']) )

          {

            $form = '<p>' . $lang->get('user_login_noact_msg_ask_admins') . '</p>

                     <form action="' . makeUrlNS('System', 'ActivateStub') . '" method="post">

                       <p><input type="submit" name="activation_request" value="' . $lang->get('user_login_noact_btn_request_activation') . '" /> <input type="submit" name="logout" value="' . $lang->get('user_login_noact_btn_log_out') . '" /></p>

                     </form>';

          }

          else

          {

            if ( $can_request && isset($_POST['activation_request']) )

            {

              $this->admin_activation_request($userdata['username']);

              $form = '<p>' . $lang->get('user_login_noact_msg_admins_just_asked') . '</p>

                       <form action="' . makeUrlNS('System', 'ActivateStub') . '" method="post">

                         <p><input type="submit" name="logout" value="' . $lang->get('user_login_noact_btn_log_out') . '" /></p>

                       </form>';

            }

            else

            {

              $form = '<p>' . $lang->get('user_login_noact_msg_admins_asked') . '</p>

                       <form action="' . makeUrlNS('System', 'ActivateStub') . '" method="post">

                         <p><input type="submit" name="logout" value="' . $lang->get('user_login_noact_btn_log_out') . '" /></p>

                       </form>';

            }

          }

          die_semicritical($lang->get('user_login_noact_title'), '<p>' . $lang->get('user_login_noact_msg_intro') . ' '.$solution.'</p>' . $form);

        }

        $this->sid = $_COOKIE['sid'];

        $this->user_logged_in = true;

        $this->user_id =       intval($userdata['user_id']);

        $this->username =      $userdata['username'];

        $this->password_hash = $userdata['password'];

        $this->user_level =    intval($userdata['user_level']);

        $this->real_name =     $userdata['real_name'];

        $this->email =         $userdata['email'];

        $this->unread_pms =    $userdata['num_pms'];

        if(!$this->compat)

        {

          $this->theme =         $userdata['theme'];

          $this->style =         $userdata['style'];

          $this->signature =     $userdata['signature'];

          $this->reg_time =      $userdata['reg_time'];

        }

        // Small security risk here - it allows someone who has already authenticated as an administrator to store the "super" key in

        // the cookie. Change this to USER_LEVEL_MEMBER to override that. The same 15-minute restriction applies to this "exploit".

        $this->auth_level =    $userdata['auth_level'];

        if(!isset($template->named_theme_list[$this->theme]))

        {

          if($this->compat || !is_object($template))

          {

            $this->theme = 'oxygen';

            $this->style = 'bleu';

          }

          else

          {

            $this->theme = $template->default_theme;

            $this->style = $template->default_style;

          }

        }

        $user = true;

        // Set language

        if ( !defined('ENANO_ALLOW_LOAD_NOLANG') )

        {

          $lang_id = intval($userdata['user_lang']);

          $lang = new Language($lang_id);

        }

        if(isset($_REQUEST['auth']) && !$this->sid_super)

        {

          // Now he thinks he's a moderator. Or maybe even an administrator. Let's find out if he's telling the truth.

          if($this->compat)

          {

            $key = $_REQUEST['auth'];

            $super = $this->compat_validate_session($key);

          }

          else

          {

            $key = strrev($_REQUEST['auth']);

            if ( !empty($key) && ( strlen($key) / 2 ) % 4 == 0 )

            {

              $super = $this->validate_session($key);

            }

          }

          if(is_array($super))

          {

            $this->auth_level = intval($super['auth_level']);