Enano CMS (1.1.x): includes/sessions.php@fdd6b9dd42c3 (annotated)

1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1	<?php
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	3	/*
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	4	* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	5	* Version 1.0 (Banshee)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	6	* Copyright (C) 2006-2007 Dan Fuhry
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	7	* sessions.php - everything related to security and user management
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	8	*
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	9	* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	10	* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	11	*
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	12	* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	13	* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	14	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	15
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	16	// Prepare a string for insertion into a MySQL database
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	17	function filter($str) { return $db->escape($str); }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	18
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	19	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	20	* Anything and everything related to security and user management. This includes AES encryption, which is illegal in some countries.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	21	* Documenting the API was not easy - I hope you folks enjoy it.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	22	* @package Enano
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	23	* @subpackage Session manager
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	24	* @category security, user management, logins, etc.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	25	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	26
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	27	class sessionManager {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	28
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	29	# Variables
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	30
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	31	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	32	* Whether we're logged in or not
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	33	* @var bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	34	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	35
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	36	var $user_logged_in = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	37
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	38	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	39	* Our current low-privilege session key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	40	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	41	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	42
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	43	var $sid;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	44
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	45	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	46	* Username of currently logged-in user, or IP address if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	47	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	48	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	49
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	50	var $username;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	51
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	52	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	53	* User ID of currently logged-in user, or -1 if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	54	* @var int
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	55	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	56
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	57	var $user_id;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	58
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	59	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	60	* Real name of currently logged-in user, or blank if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	61	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	62	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	63
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	64	var $real_name;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	65
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	66	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	67	* E-mail address of currently logged-in user, or blank if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	68	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	69	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	70
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	71	var $email;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	72
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	73	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	74	* User level of current user
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	75	* USER_LEVEL_GUEST: guest
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	76	* USER_LEVEL_MEMBER: regular user
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	77	* USER_LEVEL_CHPREF: default - pseudo-level that allows changing password and e-mail address (requires re-authentication)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	78	* USER_LEVEL_MOD: moderator
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	79	* USER_LEVEL_ADMIN: administrator
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	80	* @var int
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	81	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	82
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	83	var $user_level;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	84
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	85	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	86	* High-privilege session key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	87	* @var string or false if not running on high-level authentication
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	88	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	89
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	90	var $sid_super;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	91
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	92	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	93	* The user's theme preference, defaults to $template->default_theme
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	94	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	95	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	96
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	97	var $theme;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	98
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	99	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	100	* The user's style preference, or style auto-detected based on theme if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	101	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	102	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	103
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	104	var $style;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	105
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	106	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	107	* Signature of current user - appended to comments, etc.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	108	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	109	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	110
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	111	var $signature;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	112
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	113	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	114	* UNIX timestamp of when we were registered, or 0 if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	115	* @var int
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	116	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	117
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	118	var $reg_time;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	119
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	120	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	121	* MD5 hash of the current user's password, if applicable
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	122	* @var string OR bool false
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	123	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	124
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	125	var $password_hash;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	126
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	127	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	128	* The number of unread private messages this user has.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	129	* @var int
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	130	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	131
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	132	var $unread_pms = 0;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	133
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	134	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	135	* AES key used to encrypt passwords and session key info - irreversibly destroyed when disallow_password_grab() is called
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	136	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	137	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	138
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	139	var $private_key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	140
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	141	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	142	* Regex that defines a valid username, minus the ^ and $, these are added later
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	143	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	144	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	145
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	146	var $valid_username = '([A-Za-z0-9 \!\@-]+)';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	147
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	148	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	149	* What we're allowed to do as far as permissions go. This changes based on the value of the "auth" URI param.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	150	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	151	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	152
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	153	var $auth_level = -1;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	154
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	155	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	156	* State variable to track if a session timed out
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	157	* @var bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	158	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	159
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	160	var $sw_timed_out = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	161
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	162	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	163	* Switch to track if we're started or not.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	164	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	165	* @var bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	166	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	167
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	168	var $started = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	169
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	170	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	171	* Switch to control compatibility mode (for older Enano websites being upgraded)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	172	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	173	* @var bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	174	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	175
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	176	var $compat = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	177
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	178	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	179	* Our list of permission types.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	180	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	181	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	182	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	183
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	184	var $acl_types = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	185
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	186	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	187	* The list of descriptions for the permission types
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	188	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	189	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	190
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	191	var $acl_descs = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	192
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	193	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	194	* A list of dependencies for ACL types.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	195	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	196	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	197
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	198	var $acl_deps = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	199
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	200	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	201	* Our tell-all list of permissions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	202	* @access private - or, preferably, protected
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	203	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	204	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	205
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	206	var $perms = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	207
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	208	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	209	* A cache variable - saved after sitewide permissions are checked but before page-specific permissions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	210	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	211	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	212	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	213
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	214	var $acl_base_cache = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	215
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	216	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	217	* Stores the scope information for ACL types.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	218	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	219	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	220	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	221
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	222	var $acl_scope = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	223
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	224	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	225	* Array to track which default permissions are being used
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	226	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	227	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	228	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	229
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	230	var $acl_defaults_used = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	231
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	232	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	233	* Array to track group membership.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	234	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	235	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	236
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	237	var $groups = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	238
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	239	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	240	* Associative array to track group modship.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	241	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	242	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	243
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	244	var $group_mod = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	245
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	246	# Basic functions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	247
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	248	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	249	* Constructor.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	250	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	251
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	252	function __construct()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	253	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	254	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	255	include(ENANO_ROOT.'/config.php');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	256	unset($dbhost, $dbname, $dbuser, $dbpasswd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	257	if(isset($crypto_key))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	258	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	259	$this->private_key = $crypto_key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	260	$this->private_key = hexdecode($this->private_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	261	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	262	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	263	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	264	if(is_writable(ENANO_ROOT.'/config.php'))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	265	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	266	// Generate and stash a private key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	267	// This should only happen during an automated silent gradual migration to the new encryption platform.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	268	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	269	$this->private_key = $aes->gen_readymade_key();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	270
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	271	$config = file_get_contents(ENANO_ROOT.'/config.php');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	272	if(!$config)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	273	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	274	die('$session->__construct(): can\'t get the contents of config.php');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	275	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	276
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	277	$config = str_replace("?>", "\$crypto_key = '{$this->private_key}';\n?>", $config);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	278	// And while we're at it...
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	279	$config = str_replace('MIDGET_INSTALLED', 'ENANO_INSTALLED', $config);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	280	$fh = @fopen(ENANO_ROOT.'/config.php', 'w');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	281	if ( !$fh )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	282	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	283	die('$session->__construct(): Couldn\'t open config file for writing to store the private key, I tried to avoid something like this...');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	284	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	285
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	286	fwrite($fh, $config);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	287	fclose($fh);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	288	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	289	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	290	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	291	die_semicritical('Crypto error', '<p>No private key was found in the config file, and we can\'t generate one because we don\'t have write access to the config file. Please CHMOD config.php to 666 or 777 and reload this page.</p>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	292	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	293	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	294	// Check for compatibility mode
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	295	if(defined('IN_ENANO_INSTALL'))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	296	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	297	$q = $db->sql_query('SELECT old_encryption FROM '.table_prefix.'users LIMIT 1;');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	298	if(!$q)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	299	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	300	$error = mysql_error();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	301	if(strstr($error, "Unknown column 'old_encryption'"))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	302	$this->compat = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	303	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	304	$db->_die('This should never happen and is a bug - the only error that was supposed to happen here didn\'t happen. (sessions.php in constructor, during compat mode check)');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	305	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	306	$db->free_result();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	307	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	308	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	309
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	310	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	311	* PHP 4 compatible constructor.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	312	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	313
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	314	function sessionManager()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	315	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	316	$this->__construct();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	317	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	318
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	319	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	320	* Wrapper function to sanitize strings for MySQL and HTML
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	321	* @param string $text The text to sanitize
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	322	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	323	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	324
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	325	function prepare_text($text)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	326	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	327	global $db;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	328	return $db->escape(htmlspecialchars($text));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	329	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	330
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	331	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	332	* Makes a SQL query and handles error checking
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	333	* @param string $query The SQL query to make
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	334	* @return resource
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	335	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	336
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	337	function sql($query)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	338	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	339	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	340	$result = $db->sql_query($query);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	341	if(!$result)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	342	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	343	$db->_die('The error seems to have occurred somewhere in the session management code.');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	344	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	345	return $result;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	346	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	347
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	348	# Session restoration and permissions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	349
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	350	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	351	* Initializes the basic state of things, including most user prefs, login data, cookie stuff
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	352	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	353
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	354	function start()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	355	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	356	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	357	if($this->started) return;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	358	$this->started = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	359	$user = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	360	if(isset($_COOKIE['sid']))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	361	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	362	if($this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	363	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	364	$userdata = $this->compat_validate_session($_COOKIE['sid']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	365	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	366	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	367	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	368	$userdata = $this->validate_session($_COOKIE['sid']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	369	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	370	if(is_array($userdata))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	371	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	372	$data = RenderMan::strToPageID($paths->get_pageid_from_url());
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	373
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	374	if(!$this->compat && $userdata['account_active'] != 1 && $data[1] != 'Special' && $data[1] != 'Admin')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	375	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	376	$this->logout();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	377	$a = getConfig('account_activation');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	378	switch($a)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	379	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	380	case 'none':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	381	default:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	382	$solution = 'Your account was most likely deactivated by an administrator. Please contact the site administration for further assistance.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	383	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	384	case 'user':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	385	$solution = 'Please check your e-mail; you should have been sent a message with instructions on how to activate your account. If you do not receive an e-mail from this site within 24 hours, please contact the site administration for further assistance.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	386	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	387	case 'admin':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	388	$solution = 'This website has been configured so that all user accounts must be activated by the administrator before they can be used, so your account will most likely be activated the next time the one of the administrators visits the site.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	389	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	390	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	391	die_semicritical('Account error', '<p>It appears that your user account has not yet been activated. '.$solution.'</p>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	392	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	393
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	394	$this->sid = $_COOKIE['sid'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	395	$this->user_logged_in = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	396	$this->user_id = intval($userdata['user_id']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	397	$this->username = $userdata['username'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	398	$this->password_hash = $userdata['password'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	399	$this->user_level = intval($userdata['user_level']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	400	$this->real_name = $userdata['real_name'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	401	$this->email = $userdata['email'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	402	$this->unread_pms = $userdata['num_pms'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	403	if(!$this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	404	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	405	$this->theme = $userdata['theme'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	406	$this->style = $userdata['style'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	407	$this->signature = $userdata['signature'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	408	$this->reg_time = $userdata['reg_time'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	409	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	410	// Small security risk here - it allows someone who has already authenticated as an administrator to store the "super" key in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	411	// the cookie. Change this to USER_LEVEL_MEMBER to override that. The same 15-minute restriction applies to this "exploit".
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	412	$this->auth_level = $userdata['auth_level'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	413	if(!isset($template->named_theme_list[$this->theme]))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	414	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	415	if($this->compat \|\| !is_object($template))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	416	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	417	$this->theme = 'oxygen';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	418	$this->style = 'bleu';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	419	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	420	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	421	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	422	$this->theme = $template->default_theme;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	423	$this->style = $template->default_style;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	424	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	425	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	426	$user = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	427
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	428	if(isset($_REQUEST['auth']) && !$this->sid_super)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	429	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	430	// Now he thinks he's a moderator. Or maybe even an administrator. Let's find out if he's telling the truth.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	431	if($this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	432	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	433	$key = $_REQUEST['auth'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	434	$super = $this->compat_validate_session($key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	435	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	436	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	437	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	438	$key = strrev($_REQUEST['auth']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	439	$super = $this->validate_session($key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	440	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	441	if(is_array($super))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	442	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	443	$this->auth_level = intval($super['auth_level']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	444	$this->sid_super = $_REQUEST['auth'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	445	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	446	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	447	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	448	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	449	if(!$user)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	450	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	451	//exit;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	452	$this->register_guest_session();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	453	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	454	if(!$this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	455	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	456	// init groups
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	457	$q = $this->sql('SELECT g.group_name,g.group_id,m.is_mod FROM '.table_prefix.'groups AS g
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	458	LEFT JOIN '.table_prefix.'group_members AS m
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	459	ON g.group_id=m.group_id
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	460	WHERE ( m.user_id='.$this->user_id.'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	461	OR g.group_name=\'Everyone\')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	462	' . ( enano_version() == '1.0RC1' ? '' : 'AND ( m.pending != 1 OR m.pending IS NULL )' ) . '
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	463	ORDER BY group_id ASC;'); // Make sure "Everyone" comes first so the permissions can be overridden
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	464	if($row = $db->fetchrow())
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	465	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	466	do {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	467	$this->groups[$row['group_id']] = $row['group_name'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	468	$this->group_mod[$row['group_id']] = ( intval($row['is_mod']) == 1 );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	469	} while($row = $db->fetchrow());
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	470	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	471	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	472	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	473	die('No group info');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	474	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	475	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	476	$this->check_banlist();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	477
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	478	if ( isset ( $_GET['printable'] ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	479	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	480	$this->theme = 'printable';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	481	$this->style = 'default';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	482	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	483
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	484	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	485
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	486	# Logins
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	487
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	488	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	489	* Attempts to perform a login using crypto functions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	490	* @param string $username The username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	491	* @param string $aes_data The encrypted password, hex-encoded
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	492	* @param string $aes_key The MD5 hash of the encryption key, hex-encoded
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	493	* @param string $challenge The 256-bit MD5 challenge string - first 128 bits should be the hash, the last 128 should be the challenge salt
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	494	* @param int $level The privilege level we're authenticating for, defaults to 0
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	495	* @return string 'success' on success, or error string on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	496	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	497
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	498	function login_with_crypto($username, $aes_data, $aes_key, $challenge, $level = USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	499	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	500	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	501
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	502	$privcache = $this->private_key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	503
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	504	// Instanciate the Rijndael encryption object
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	505	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	506
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	507	// Fetch our decryption key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	508
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	509	$aes_key = $this->fetch_public_key($aes_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	510	if(!$aes_key)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	511	return 'Couldn\'t look up public key "'.$aes_key.'" for decryption';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	512
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	513	// Convert the key to a binary string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	514	$bin_key = hexdecode($aes_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	515
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	516	if(strlen($bin_key) != AES_BITS / 8)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	517	return 'The decryption key is the wrong length';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	518
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	519	// Decrypt our password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	520	$password = $aes->decrypt($aes_data, $bin_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	521
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	522	// Initialize our success switch
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	523	$success = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	524
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	525	// Select the user data from the table, and decrypt that so we can verify the password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	526	$this->sql('SELECT password,old_encryption,user_id,user_level,theme,style,temp_password,temp_password_time FROM '.table_prefix.'users WHERE lcase(username)=\''.$this->prepare_text(strtolower($username)).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	527	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	528	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	529	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	530
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	531	// Check to see if we're logging in using a temporary password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	532
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	533	if((intval($row['temp_password_time']) + 3600*24) > time() )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	534	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	535	$temp_pass = $aes->decrypt( $row['temp_password'], $this->private_key, ENC_HEX );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	536	if( $temp_pass == $password )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	537	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	538	$url = makeUrlComplete('Special', 'PasswordReset/stage2/' . $row['user_id'] . '/' . $row['temp_password']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	539
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	540	$code = $plugins->setHook('login_password_reset');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	541	foreach ( $code as $cmd )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	542	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	543	eval($cmd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	544	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	545
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	546	redirect($url, 'Login sucessful', 'Please wait while you are transferred to the Password Reset form.');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	547	exit;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	548	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	549	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	550
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	551	if($row['old_encryption'] == 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	552	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	553	// The user's password is stored using the obsolete and insecure MD5 algorithm, so we'll update the field with the new password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	554	if(md5($password) == $row['password'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	555	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	556	$pass_stashed = $aes->encrypt($password, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	557	$this->sql('UPDATE '.table_prefix.'users SET password=\''.$pass_stashed.'\',old_encryption=0 WHERE user_id='.$row['user_id'].';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	558	$success = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	559	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	560	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	561	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	562	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	563	// Our password field is up-to-date with the >=1.0RC1 encryption standards, so decrypt the password in the table and see if we have a match; if so then do challenge authentication
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	564	$real_pass = $aes->decrypt(hexdecode($row['password']), $this->private_key, ENC_BINARY);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	565	if($password == $real_pass)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	566	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	567	// Yay! We passed AES authentication, now do an MD5 challenge check to make sure we weren't spoofed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	568	$chal = substr($challenge, 0, 32);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	569	$salt = substr($challenge, 32, 32);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	570	$correct_challenge = md5( $real_pass . $salt );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	571	if($chal == $correct_challenge)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	572	$success = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	573	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	574	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	575	if($success)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	576	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	577	if($level > $row['user_level'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	578	return 'You are not authorized for this level of access.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	579
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	580	$sess = $this->register_session(intval($row['user_id']), $username, $password, $level);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	581	if($sess)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	582	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	583	$this->username = $username;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	584	$this->user_id = intval($row['user_id']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	585	$this->theme = $row['theme'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	586	$this->style = $row['style'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	587
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	588	if($level > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	589	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_good\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	590	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	591	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_good\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	592
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	593	$code = $plugins->setHook('login_success');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	594	foreach ( $code as $cmd )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	595	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	596	eval($cmd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	597	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	598	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	599	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	600	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	601	return 'Your login credentials were correct, but an internal error occurred while registering the session key in the database.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	602	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	603	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	604	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	605	if($level > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	606	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	607	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	608	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	609
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	610	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	611	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	612	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	613
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	614	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	615	* Attempts to login without using crypto stuff, mainly for use when the other side doesn't like Javascript
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	616	* This method of authentication is inherently insecure, there's really nothing we can do about it except hope and pray that everyone moves to Firefox
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	617	* Technically it still uses crypto, but it only decrypts the password already stored, which is (obviously) required for authentication
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	618	* @param string $username The username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	619	* @param string $password The password -OR- the MD5 hash of the password if $already_md5ed is true
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	620	* @param bool $already_md5ed This should be set to true if $password is an MD5 hash, and should be false if it's plaintext. Defaults to false.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	621	* @param int $level The privilege level we're authenticating for, defaults to 0
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	622	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	623
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	624	function login_without_crypto($username, $password, $already_md5ed = false, $level = USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	625	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	626	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	627
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	628	$pass_hashed = ( $already_md5ed ) ? $password : md5($password);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	629
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	630	// Perhaps we're upgrading Enano?
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	631	if($this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	632	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	633	return $this->login_compat($username, $pass_hashed, $level);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	634	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	635
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	636	// Instanciate the Rijndael encryption object
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	637	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	638
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	639	// Initialize our success switch
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	640	$success = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	641
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	642	// Retrieve the real password from the database
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	643	$this->sql('SELECT password,old_encryption,user_id,user_level,temp_password,temp_password_time FROM '.table_prefix.'users WHERE lcase(username)=\''.$this->prepare_text(strtolower($username)).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	644	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	645	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	646	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	647
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	648	// Check to see if we're logging in using a temporary password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	649
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	650	if((intval($row['temp_password_time']) + 3600*24) > time() )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	651	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	652	$temp_pass = $aes->decrypt( $row['temp_password'], $this->private_key, ENC_HEX );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	653	if( md5($temp_pass) == $pass_hashed )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	654	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	655	$code = $plugins->setHook('login_password_reset');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	656	foreach ( $code as $cmd )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	657	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	658	eval($cmd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	659	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	660
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	661	header('Location: ' . makeUrlComplete('Special', 'PasswordReset/stage2/' . $row['user_id'] . '/' . $row['temp_password']) );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	662
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	663	exit;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	664	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	665	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	666
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	667	if($row['old_encryption'] == 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	668	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	669	// The user's password is stored using the obsolete and insecure MD5 algorithm - we'll update the field with the new password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	670	if($pass_hashed == $row['password'] && !$already_md5ed)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	671	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	672	$pass_stashed = $aes->encrypt($password, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	673	$this->sql('UPDATE '.table_prefix.'users SET password=\''.$pass_stashed.'\',old_encryption=0 WHERE user_id='.$row['user_id'].';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	674	$success = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	675	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	676	elseif($pass_hashed == $row['password'] && $already_md5ed)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	677	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	678	// We don't have the real password so don't bother with encrypting it, just call it success and get out of here
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	679	$success = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	680	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	681	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	682	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	683	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	684	// Our password field is up-to-date with the >=1.0RC1 encryption standards, so decrypt the password in the table and see if we have a match
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	685	$real_pass = $aes->decrypt($row['password'], $this->private_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	686	if($pass_hashed == md5($real_pass))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	687	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	688	$success = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	689	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	690	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	691	if($success)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	692	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	693	if((int)$level > (int)$row['user_level'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	694	return 'You are not authorized for this level of access.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	695	$sess = $this->register_session(intval($row['user_id']), $username, $real_pass, $level);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	696	if($sess)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	697	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	698	if($level > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	699	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_good\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	700	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	701	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_good\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	702
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	703	$code = $plugins->setHook('login_success');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	704	foreach ( $code as $cmd )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	705	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	706	eval($cmd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	707	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	708	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	709	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	710	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	711	return 'Your login credentials were correct, but an internal error occured while registering the session key in the database.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	712	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	713	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	714	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	715	if($level > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	716	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	717	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	718	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	719
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	720	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	721	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	722	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	723
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	724	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	725	* Attempts to log in using the old table structure and algorithm.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	726	* @param string $username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	727	* @param string $password This should be an MD5 hash
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	728	* @return string 'success' if successful, or error message on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	729	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	730
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	731	function login_compat($username, $password, $level = 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	732	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	733	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	734	$pass_hashed =& $password;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	735	$this->sql('SELECT password,user_id,user_level FROM '.table_prefix.'users WHERE username=\''.$this->prepare_text($username).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	736	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	737	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	738	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	739	if($row['password'] == $password)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	740	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	741	if((int)$level > (int)$row['user_level'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	742	return 'You are not authorized for this level of access.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	743	$sess = $this->register_session_compat(intval($row['user_id']), $username, $password, $level);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	744	if($sess)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	745	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	746	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	747	return 'Your login credentials were correct, but an internal error occured while registering the session key in the database.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	748	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	749	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	750	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	751	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	752	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	753	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	754
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	755	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	756	* Registers a session key in the database. This function ASSUMES that the username and password have already been validated!
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	757	* Basically the session key is a base64-encoded cookie (encrypted with the site's private key) that says "u=[username];p=[sha1 of password]"
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	758	* @param int $user_id
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	759	* @param string $username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	760	* @param string $password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	761	* @param int $level The level of access to grant, defaults to USER_LEVEL_MEMBER
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	762	* @return bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	763	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	764
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	765	function register_session($user_id, $username, $password, $level = USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	766	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	767	$salt = md5(microtime() . mt_rand());
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	768	$passha1 = sha1($password);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	769	$session_key = "u=$username;p=$passha1;s=$salt";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	770	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	771	$session_key = $aes->encrypt($session_key, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	772	if($level > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	773	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	774	$hexkey = strrev($session_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	775	$this->sid_super = $hexkey;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	776	$_GET['auth'] = $hexkey;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	777	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	778	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	779	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	780	setcookie( 'sid', $session_key, time()+315360000, scriptPath.'/' );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	781	$_COOKIE['sid'] = $session_key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	782	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	783	$keyhash = md5($session_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	784	$ip = ip2hex($_SERVER['REMOTE_ADDR']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	785	if(!$ip)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	786	die('$session->register_session: Remote-Addr was spoofed');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	787	$time = time();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	788	if(!is_int($user_id))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	789	die('Somehow an SQL injection attempt crawled into our session registrar! (1)');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	790	if(!is_int($level))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	791	die('Somehow an SQL injection attempt crawled into our session registrar! (2)');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	792
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	793	$query = $this->sql('INSERT INTO '.table_prefix.'session_keys(session_key, salt, user_id, auth_level, source_ip, time) VALUES(\''.$keyhash.'\', \''.$salt.'\', '.$user_id.', '.$level.', \''.$ip.'\', '.$time.');');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	794	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	795	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	796
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	797	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	798	* Identical to register_session in nature, but uses the old login/table structure. DO NOT use this.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	799	* @see sessionManager::register_session()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	800	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	801	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	802
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	803	function register_session_compat($user_id, $username, $password, $level = 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	804	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	805	$salt = md5(microtime() . mt_rand());
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	806	$thekey = md5($password . $salt);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	807	if($level > 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	808	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	809	$this->sid_super = $thekey;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	810	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	811	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	812	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	813	setcookie( 'sid', $thekey, time()+315360000, scriptPath.'/' );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	814	$_COOKIE['sid'] = $thekey;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	815	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	816	$ip = ip2hex($_SERVER['REMOTE_ADDR']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	817	if(!$ip)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	818	die('$session->register_session: Remote-Addr was spoofed');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	819	$time = time();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	820	if(!is_int($user_id))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	821	die('Somehow an SQL injection attempt crawled into our session registrar! (1)');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	822	if(!is_int($level))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	823	die('Somehow an SQL injection attempt crawled into our session registrar! (2)');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	824	$query = $this->sql('INSERT INTO '.table_prefix.'session_keys(session_key, salt, user_id, auth_level, source_ip, time) VALUES(\''.$thekey.'\', \''.$salt.'\', '.$user_id.', '.$level.', \''.$ip.'\', '.$time.');');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	825	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	826	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	827
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	828	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	829	* Creates/restores a guest session
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	830	* @todo implement real session management for guests
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	831	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	832
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	833	function register_guest_session()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	834	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	835	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	836	$this->username = $_SERVER['REMOTE_ADDR'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	837	$this->user_level = USER_LEVEL_GUEST;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	838	if($this->compat \|\| defined('IN_ENANO_INSTALL'))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	839	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	840	$this->theme = 'oxygen';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	841	$this->style = 'bleu';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	842	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	843	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	844	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	845	$this->theme = ( isset($_GET['theme']) && isset($template->named_theme_list[$_GET['theme']])) ? $_GET['theme'] : $template->default_theme;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	846	$this->style = ( isset($_GET['style']) && file_exists(ENANO_ROOT.'/themes/'.$this->theme . '/css/'.$_GET['style'].'.css' )) ? $_GET['style'] : substr($template->named_theme_list[$this->theme]['default_style'], 0, strlen($template->named_theme_list[$this->theme]['default_style'])-4);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	847	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	848	$this->user_id = 1;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	849	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	850
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	851	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	852	* Validates a session key, and returns the userdata associated with the key or false
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	853	* @param string $key The session key to validate
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	854	* @return array Keys are 'user_id', 'username', 'email', 'real_name', 'user_level', 'theme', 'style', 'signature', 'reg_time', 'account_active', 'activation_key', and 'auth_level' or bool false if validation failed. The key 'auth_level' is the maximum authorization level that this key provides.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	855	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	856
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	857	function validate_session($key)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	858	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	859	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	860	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE, true);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	861	$decrypted_key = $aes->decrypt($key, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	862
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	863	if ( !$decrypted_key )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	864	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	865	die_semicritical('AES encryption error', '<p>Something went wrong during the AES decryption process.</p><pre>'.print_r($decrypted_key, true).'</pre>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	866	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	867
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	868	$n = preg_match('/^u='.$this->valid_username.';p=([A-Fa-f0-9]+?);s=([A-Fa-f0-9]+?)$/', $decrypted_key, $keydata);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	869	if($n < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	870	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	871	// echo '(debug) $session->validate_session: Key does not match regex<br />Decrypted key: '.$decrypted_key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	872	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	873	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	874	$keyhash = md5($key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	875	$salt = $db->escape($keydata[3]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	876	$query = $this->sql('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms,x.* FROM '.table_prefix.'session_keys AS k
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	877	LEFT JOIN '.table_prefix.'users AS u
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	878	ON ( u.user_id=k.user_id )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	879	LEFT JOIN '.table_prefix.'users_extra AS x
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	880	ON ( u.user_id=x.user_id OR x.user_id IS NULL )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	881	LEFT JOIN '.table_prefix.'privmsgs AS p
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	882	ON ( p.message_to=u.username AND p.message_read=0 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	883	WHERE k.session_key=\''.$keyhash.'\'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	884	AND k.salt=\''.$salt.'\'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	885	GROUP BY u.user_id;');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	886	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	887	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	888	// echo '(debug) $session->validate_session: Key was not found in database<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	889	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	890	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	891	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	892	$row['user_id'] =& $row['uid'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	893	$ip = ip2hex($_SERVER['REMOTE_ADDR']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	894	if($row['auth_level'] > $row['user_level'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	895	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	896	// Failed authorization check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	897	// echo '(debug) $session->validate_session: access to this auth level denied<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	898	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	899	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	900	if($ip != $row['source_ip'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	901	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	902	// Failed IP address check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	903	// echo '(debug) $session->validate_session: IP address mismatch<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	904	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	905	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	906
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	907	// Do the password validation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	908	$real_pass = $aes->decrypt($row['password'], $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	909
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	910	//die('<pre>'.print_r($keydata, true).'</pre>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	911	if(sha1($real_pass) != $keydata[2])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	912	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	913	// Failed password check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	914	// echo '(debug) $session->validate_session: encrypted password is wrong<br />Real password: '.$real_pass.'<br />Real hash: '.sha1($real_pass).'<br />User hash: '.$keydata[2];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	915	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	916	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	917
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	918	$time_now = time();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	919	$time_key = $row['time'] + 900;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	920	if($time_now > $time_key && $row['auth_level'] > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	921	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	922	// Session timed out
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	923	// echo '(debug) $session->validate_session: super session timed out<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	924	$this->sw_timed_out = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	925	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	926	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	927
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	928	// If this is an elevated-access session key, update the time
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	929	if( $row['auth_level'] > USER_LEVEL_MEMBER )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	930	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	931	$this->sql('UPDATE '.table_prefix.'session_keys SET time='.time().' WHERE session_key=\''.$keyhash.'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	932	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	933
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	934	$row['password'] = md5($real_pass);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	935	return $row;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	936	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	937
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	938	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	939	* Validates a session key, and returns the userdata associated with the key or false. Optimized for compatibility with the old MD5-based auth system.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	940	* @param string $key The session key to validate
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	941	* @return array Keys are 'user_id', 'username', 'email', 'real_name', 'user_level', 'theme', 'style', 'signature', 'reg_time', 'account_active', 'activation_key', and 'auth_level' or bool false if validation failed. The key 'auth_level' is the maximum authorization level that this key provides.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	942	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	943
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	944	function compat_validate_session($key)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	945	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	946	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	947	$key = $db->escape($key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	948
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	949	$query = $this->sql('SELECT u.user_id,u.username,u.password,u.email,u.real_name,u.user_level,k.source_ip,k.salt,k.time,k.auth_level FROM '.table_prefix.'session_keys AS k
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	950	LEFT JOIN '.table_prefix.'users AS u
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	951	ON u.user_id=k.user_id
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	952	WHERE k.session_key=\''.$key.'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	953	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	954	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	955	// echo '(debug) $session->validate_session: Key '.$key.' was not found in database<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	956	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	957	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	958	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	959	$ip = ip2hex($_SERVER['REMOTE_ADDR']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	960	if($row['auth_level'] > $row['user_level'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	961	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	962	// Failed authorization check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	963	// echo '(debug) $session->validate_session: user not authorized for this access level';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	964	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	965	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	966	if($ip != $row['source_ip'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	967	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	968	// Failed IP address check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	969	// echo '(debug) $session->validate_session: IP address mismatch; IP in table: '.$row['source_ip'].'; reported IP: '.$ip.'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	970	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	971	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	972
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	973	// Do the password validation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	974	$real_key = md5($row['password'] . $row['salt']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	975
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	976	//die('<pre>'.print_r($keydata, true).'</pre>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	977	if($real_key != $key)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	978	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	979	// Failed password check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	980	// echo '(debug) $session->validate_session: supplied password is wrong<br />Real key: '.$real_key.'<br />User key: '.$key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	981	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	982	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	983
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	984	$time_now = time();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	985	$time_key = $row['time'] + 900;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	986	if($time_now > $time_key && $row['auth_level'] >= 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	987	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	988	$this->sw_timed_out = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	989	// Session timed out
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	990	// echo '(debug) $session->validate_session: super session timed out<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	991	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	992	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	993
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	994	return $row;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	995	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	996
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	997	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	998	* Demotes us to one less than the specified auth level. AKA destroys elevated authentication and/or logs out the user, depending on $level
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	999	* @param int $level How low we should go - USER_LEVEL_MEMBER means demote to USER_LEVEL_GUEST, and anything more powerful than USER_LEVEL_MEMBER means demote to USER_LEVEL_MEMBER
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1000	* @return string 'success' if successful, or error on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1001	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1002
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1003	function logout($level = USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1004	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1005	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1006	$ou = $this->username;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1007	$oid = $this->user_id;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1008	if($level > USER_LEVEL_CHPREF)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1009	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1010	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1011	if(!$this->user_logged_in \|\| $this->auth_level < USER_LEVEL_MOD) return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1012	// Destroy elevated privileges
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1013	$keyhash = md5(strrev($this->sid_super));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1014	$this->sql('DELETE FROM '.table_prefix.'session_keys WHERE session_key=\''.$keyhash.'\' AND user_id=\'' . $this->user_id . '\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1015	$this->sid_super = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1016	$this->auth_level = USER_LEVEL_MEMBER;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1017	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1018	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1019	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1020	if($this->user_logged_in)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1021	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1022	// Completely destroy our session
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1023	if($this->auth_level > USER_LEVEL_CHPREF)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1024	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1025	$this->logout(USER_LEVEL_ADMIN);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1026	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1027	$this->sql('DELETE FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($this->sid).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1028	setcookie( 'sid', '', time()-(3600*24), scriptPath.'/' );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1029	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1030	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1031	$code = $plugins->setHook('logout_success'); // , Array('level'=>$level,'old_username'=>$ou,'old_user_id'=>$oid));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1032	foreach ( $code as $cmd )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1033	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1034	eval($cmd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1035	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1036	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1037	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1038
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1039	# Miscellaneous stuff
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1040
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1041	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1042	* Appends the high-privilege session key to the URL if we are authorized to do high-privilege stuff
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1043	* @param string $url The URL to add session data to
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1044	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1045	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1046
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1047	function append_sid($url)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1048	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1049	$sep = ( strstr($url, '?') ) ? '&' : '?';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1050	if ( $this->sid_super )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1051	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1052	$url = $url . $sep . 'auth=' . urlencode($this->sid_super);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1053	// echo($this->sid_super.'<br/>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1054	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1055	return $url;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1056	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1057
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1058	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1059	* Grabs the user's password MD5
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1060	* @return string, or bool false if access denied
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1061	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1062
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1063	function grab_password_hash()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1064	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1065	if(!$this->password_hash) return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1066	return $this->password_hash;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1067	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1068
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1069	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1070	* Destroys the user's password MD5 in memory
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1071	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1072
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1073	function disallow_password_grab()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1074	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1075	$this->password_hash = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1076	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1077	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1078
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1079	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1080	* Generates an AES key and stashes it in the database
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1081	* @return string Hex-encoded AES key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1082	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1083
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1084	function rijndael_genkey()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1085	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1086	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1087	$key = $aes->gen_readymade_key();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1088	$keys = getConfig('login_key_cache');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1089	if(is_string($keys))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1090	$keys .= $key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1091	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1092	$keys = $key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1093	setConfig('login_key_cache', $keys);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1094	return $key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1095	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1096
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1097	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1098	* Generate a totally random 128-bit value for MD5 challenges
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1099	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1100	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1101
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1102	function dss_rand()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1103	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1104	$aes = new AESCrypt();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1105	$random = $aes->randkey(128);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1106	unset($aes);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1107	return md5(microtime() . $random);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1108	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1109
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1110	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1111	* Fetch a cached login public key using the MD5sum as an identifier. Each key can only be fetched once before it is destroyed.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1112	* @param string $md5 The MD5 sum of the key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1113	* @return string, or bool false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1114	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1115
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1116	function fetch_public_key($md5)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1117	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1118	$keys = getConfig('login_key_cache');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1119	$keys = enano_str_split($keys, AES_BITS / 4);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1120
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1121	foreach($keys as $i => $k)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1122	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1123	if(md5($k) == $md5)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1124	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1125	unset($keys[$i]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1126	if(count($keys) > 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1127	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1128	if ( strlen(getConfig('login_key_cache') ) > 64000 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1129	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1130	// This should only need to be done once every month or so for an average-size site
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1131	setConfig('login_key_cache', '');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1132	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1133	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1134	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1135	$keys = implode('', array_values($keys));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1136	setConfig('login_key_cache', $keys);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1137	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1138	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1139	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1140	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1141	setConfig('login_key_cache', '');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1142	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1143	return $k;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1144	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1145	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1146	// Couldn't find the key...
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1147	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1148	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1149
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1150	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1151	* Adds a user to a group.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1152	* @param int User ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1153	* @param int Group ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1154	* @param bool Group moderator - defaults to false
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1155	* @return bool True on success, false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1156	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1157
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1158	function add_user_to_group($user_id, $group_id, $is_mod = false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1159	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1160	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1161
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1162	// Validation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1163	if ( !is_int($user_id) \|\| !is_int($group_id) \|\| !is_bool($is_mod) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1164	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1165	if ( $user_id < 1 \|\| $group_id < 1 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1166	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1167
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1168	$mod_switch = ( $is_mod ) ? '1' : '0';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1169	$q = $this->sql('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $user_id . ' AND group_id=' . $group_id . ';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1170	if ( !$q )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1171	$db->_die();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1172	if ( $db->numrows() < 1 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1173	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1174	// User is not in group
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1175	$this->sql('INSERT INTO '.table_prefix.'group_members(user_id,group_id,is_mod) VALUES(' . $user_id . ', ' . $group_id . ', ' . $mod_switch . ');');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1176	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1177	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1178	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1179	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1180	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1181	// Update modship status
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1182	if ( strval($row['is_mod']) == $mod_switch )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1183	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1184	// Modship unchanged
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1185	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1186	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1187	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1188	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1189	// Modship changed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1190	$this->sql('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod_switch . ' WHERE member_id=' . $row['member_id'] . ';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1191	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1192	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1193	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1194	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1195	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1196
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1197	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1198	* Removes a user from a group.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1199	* @param int User ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1200	* @param int Group ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1201	* @return bool True on success, false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1202	* @todo put a little more error checking in...
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1203	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1204
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1205	function remove_user_from_group($user_id, $group_id)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1206	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1207	if ( !is_int($user_id) \|\| !is_int($group_id) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1208	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1209	$this->sql('DELETE FROM '.table_prefix."group_members WHERE user_id=$user_id AND group_id=$group_id;");
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1210	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1211	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1212
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1213	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1214	* Checks the banlist to ensure that we're an allowed user. Doesn't return anything because it dies if the user is banned.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1215	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1216
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1217	function check_banlist()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1218	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1219	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1220	if($this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1221	$q = $this->sql('SELECT ban_id,ban_type,ban_value,is_regex FROM '.table_prefix.'banlist ORDER BY ban_type;');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1222	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1223	$q = $this->sql('SELECT ban_id,ban_type,ban_value,is_regex,reason FROM '.table_prefix.'banlist ORDER BY ban_type;');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1224	if(!$q) $db->_die('The banlist data could not be selected.');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1225	$banned = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1226	while($row = $db->fetchrow())
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1227	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1228	if($this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1229	$row['reason'] = 'None available - session manager is in compatibility mode';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1230	switch($row['ban_type'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1231	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1232	case BAN_IP:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1233	if(intval($row['is_regex'])==1) {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1234	if(preg_match('#'.$row['ban_value'].'#i', $_SERVER['REMOTE_ADDR']))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1235	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1236	$banned = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1237	$reason = $row['reason'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1238	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1239	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1240	else {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1241	if($row['ban_value']==$_SERVER['REMOTE_ADDR']) { $banned = true; $reason = $row['reason']; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1242	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1243	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1244	case BAN_USER:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1245	if(intval($row['is_regex'])==1) {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1246	if(preg_match('#'.$row['ban_value'].'#i', $this->username))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1247	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1248	$banned = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1249	$reason = $row['reason'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1250	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1251	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1252	else {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1253	if($row['ban_value']==$this->username) { $banned = true; $reason = $row['reason']; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1254	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1255	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1256	case BAN_EMAIL:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1257	if(intval($row['is_regex'])==1) {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1258	if(preg_match('#'.$row['ban_value'].'#i', $this->email))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1259	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1260	$banned = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1261	$reason = $row['reason'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1262	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1263	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1264	else {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1265	if($row['ban_value']==$this->email) { $banned = true; $reason = $row['reason']; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1266	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1267	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1268	default:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1269	die('Ban error: rule "'.$row['ban_value'].'" has an invalid type ('.$row['ban_type'].')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1270	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1271	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1272	if($banned && $paths->get_pageid_from_url() != $paths->nslist['Special'].'CSS')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1273	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1274	// This guy is banned - kill the session, kill the database connection, bail out, and be pretty about it
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1275	die_semicritical('Ban notice', '<div class="error-box">You have been banned from this website. Please contact the site administrator for more information.<br /><br />Reason:<br />'.$reason.'</div>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1276	exit;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1277	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1278	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1279
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1280	# Registration
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1281
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1282	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1283	* Registers a user. This does not perform any type of login.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1284	* @param string $username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1285	* @param string $password This should be unencrypted.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1286	* @param string $email
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1287	* @param string $real_name Optional, defaults to ''.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1288	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1289
13 fdd6b9dd42c3 Installer actually works now on dev servers; minor language change in template.php; code cleanliness fix in sessions.php Dan parents: 1 diff changeset	1290	function create_user($username, $password, $email, $real_name = '')
fdd6b9dd42c3 Installer actually works now on dev servers; minor language change in template.php; code cleanliness fix in sessions.php Dan parents: 1 diff changeset	1291	{
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1292	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1293
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1294	// Initialize AES
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1295	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1296
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1297	if(!preg_match('#^'.$this->valid_username.'$#', $username)) return 'The username you chose contains invalid characters.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1298	$username = $this->prepare_text($username);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1299	$email = $this->prepare_text($email);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1300	$real_name = $this->prepare_text($real_name);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1301	$password = $aes->encrypt($password, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1302
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1303	$nameclause = ( $real_name != '' ) ? ' OR real_name=\''.$real_name.'\'' : '';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1304	$q = $this->sql('SELECT * FROM '.table_prefix.'users WHERE lcase(username)=\''.strtolower($username).'\' OR email=\''.$email.'\''.$nameclause.';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1305	if($db->numrows() > 0) {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1306	$r = 'The ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1307	$i=0;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1308	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1309	// Wow! An error checker that actually speaks English with the properest grammar! :-P
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1310	if($row['username'] == $username) { $r .= 'username'; $i++; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1311	if($row['email'] == $email) { if($i) $r.=', '; $r .= 'e-mail address'; $i++; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1312	if($row['real_name'] == $real_name && $real_name != '') { if($i) $r.=', and '; $r .= 'real name'; $i++; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1313	$r .= ' that you entered ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1314	$r .= ( $i == 1 ) ? 'is' : 'are';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1315	$r .= ' already in use by another user.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1316	return $r;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1317	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1318
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1319	// Require the account to be activated?
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1320	switch(getConfig('account_activation'))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1321	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1322	case 'none':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1323	default:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1324	$active = '1';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1325	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1326	case 'user':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1327	$active = '0';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1328	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1329	case 'admin':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1330	$active = '0';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1331	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1332	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1333
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1334	// Generate a totally random activation key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1335	$actkey = sha1 ( microtime() . mt_rand() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1336
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1337	// We good, create the user
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1338	$this->sql('INSERT INTO '.table_prefix.'users ( username, password, email, real_name, theme, style, reg_time, account_active, activation_key, user_level ) VALUES ( \''.$username.'\', \''.$password.'\', \''.$email.'\', \''.$real_name.'\', \''.$template->default_theme.'\', \''.$template->default_style.'\', '.time().', '.$active.', \''.$actkey.'\', '.USER_LEVEL_CHPREF.' )');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1339
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1340	// Require the account to be activated?
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1341	switch(getConfig('account_activation'))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1342	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1343	case 'none':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1344	default:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1345	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1346	case 'user':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1347	$a = $this->send_activation_mail($username);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1348	if(!$a)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1349	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1350	$this->admin_activation_request($username);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1351	return 'The activation e-mail could not be sent due to an internal error. This could possibly be due to an incorrect SMTP configuration. A request has been sent to the administrator to activate your account for you. ' . $a;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1352	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1353	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1354	case 'admin':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1355	$this->admin_activation_request($username);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1356	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1357	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1358
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1359	// Leave some data behind for the hook
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1360	$code = $plugins->setHook('user_registered'); // , Array('username'=>$username));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1361	foreach ( $code as $cmd )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1362	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1363	eval($cmd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1364	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1365
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1366	// $this->register_session($username, $password);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1367	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1368	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1369
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1370	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1371	* Attempts to send an e-mail to the specified user with activation instructions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1372	* @param string $u The usernamd of the user requesting activation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1373	* @return bool true on success, false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1374	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1375
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1376	function send_activation_mail($u, $actkey = false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1377	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1378	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1379	$q = $this->sql('SELECT username,email FROM '.table_prefix.'users WHERE user_id=1 OR user_level=' . USER_LEVEL_ADMIN . ' ORDER BY user_id ASC;');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1380	$un = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1381	$admin_user = $un['username'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1382	$q = $this->sql('SELECT username,activation_key,account_active,email FROM '.table_prefix.'users WHERE username=\''.$db->escape($u).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1383	$r = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1384	if ( empty($r['email']) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1385	$db->_die('BUG: $session->send_activation_mail(): no e-mail address in row');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1386	$message = 'Dear '.$u.',
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1387	Thank you for registering on '.getConfig('site_name').'. Your account creation is almost complete. To complete the registration process, please click the following link or paste it into your web browser:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1388
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1389	';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1390	if(isset($_SERVER['HTTPS'])) $prot = 'https';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1391	else $prot = 'http';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1392	if($_SERVER['SERVER_PORT'] == '80') $p = '';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1393	else $p = ':'.$_SERVER['SERVER_PORT'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1394	$sidbak = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1395	if($this->sid_super)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1396	$sidbak = $this->sid_super;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1397	$this->sid_super = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1398	$aklink = makeUrlNS('Special', 'ActivateAccount/'.str_replace(' ', '_', $u).'/'. ( ( is_string($actkey) ) ? $actkey : $r['activation_key'] ) );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1399	if($sidbak)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1400	$this->sid_super = $sidbak;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1401	unset($sidbak);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1402	$message .= "$prot://".$_SERVER['HTTP_HOST'].$p.$aklink;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1403	$message .= "\n\nSincerely yours, \n$admin_user and the ".$_SERVER['HTTP_HOST']." administration team";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1404	error_reporting(E_ALL);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1405	dc_dump($r, 'session: about to send activation e-mail to '.$r['email']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1406	if(getConfig('smtp_enabled') == '1')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1407	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1408	$result = smtp_send_email($r['email'], getConfig('site_name').' website account activation', preg_replace("#(?<!\r)\n#s", "\n", $message), getConfig('contact_email'));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1409	if($result == 'success') $result = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1410	else { echo $result; $result = false; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1411	} else {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1412	$result = mail($r['email'], getConfig('site_name').' website account activation', preg_replace("#(?<!\r)\n#s", "\n", $message), 'From: '.getConfig('contact_email'));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1413	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1414	return $result;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1415	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1416
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1417	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1418	* Sends an e-mail to a user so they can reset their password.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1419	* @param int $user The user ID, or username if it's a string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1420	* @return bool true on success, false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1421	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1422
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1423	function mail_password_reset($user)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1424	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1425	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1426	if(is_int($user))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1427	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1428	$q = $this->sql('SELECT user_id,username,email FROM '.table_prefix.'users WHERE user_id='.$user.';'); // This is SAFE! This is only called if $user is an integer
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1429	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1430	elseif(is_string($user))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1431	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1432	$q = $this->sql('SELECT user_id,username,email FROM '.table_prefix.'users WHERE username=\''.$db->escape($user).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1433	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1434	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1435	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1436	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1437	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1438
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1439	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1440	$temp_pass = $this->random_pass();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1441
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1442	$this->register_temp_password($row['user_id'], $temp_pass);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1443
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1444	$site_name = getConfig('site_name');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1445
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1446	$message = "Dear {$row['username']},
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1447
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1448	Someone (hopefully you) on the {$site_name} website requested that a new password be created.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1449
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1450	The request was sent from the IP address {$_SERVER['REMOTE_ADDR']}.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1451
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1452	If you did not request the new password, then you do not need to do anything; the password will be invalidated after 24 hours.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1453
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1454	If you did request this password, then please log in using the password shown below:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1455
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1456	Password: {$temp_pass}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1457
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1458	After you log in using this password, you will be able to reset your real password. You can only log in using this temporary password once.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1459
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1460	Sincerely yours,
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1461	The {$site_name} administration team
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1462	";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1463
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1464	if(getConfig('smtp_enabled') == '1')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1465	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1466	$result = smtp_send_email($row['email'], getConfig('site_name').' password reset', preg_replace("#(?<!\r)\n#s", "\n", $message), getConfig('contact_email'));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1467	if($result == 'success')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1468	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1469	$result = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1470	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1471	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1472	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1473	echo '<p>'.$result.'</p>';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1474	$result = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1475	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1476	} else {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1477	$result = mail($row['email'], getConfig('site_name').' password reset', preg_replace("#(?<!\r)\n#s", "\n", $message), 'From: '.getConfig('contact_email'));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1478	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1479	return $result;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1480	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1481
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1482	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1483	* Sets the temporary password for the specified user to whatever is specified.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1484	* @param int $user_id
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1485	* @param string $password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1486	* @return bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1487	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1488
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1489	function register_temp_password($user_id, $password)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1490	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1491	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1492	$temp_pass = $aes->encrypt($password, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1493	$this->sql('UPDATE '.table_prefix.'users SET temp_password=\'' . $temp_pass . '\',temp_password_time='.time().' WHERE user_id='.intval($user_id).';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1494	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1495
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1496	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1497	* Sends a request to the admin panel to have the username $u activated.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1498	* @param string $u The username of the user requesting activation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1499	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1500
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1501	function admin_activation_request($u)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1502	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1503	global $db;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1504	$this->sql('INSERT INTO '.table_prefix.'logs(log_type, action, time_id, date_string, author, edit_summary) VALUES(\'admin\', \'activ_req\', '.time().', \''.date('d M Y h:i a').'\', \''.$this->username.'\', \''.$db->escape($u).'\');');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1505	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1506
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1507	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1508	* Activates a user account. If the action fails, a report is sent to the admin.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1509	* @param string $user The username of the user requesting activation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1510	* @param string $key The activation key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1511	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1512
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1513	function activate_account($user, $key)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1514	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1515	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1516	$this->sql('UPDATE '.table_prefix.'users SET account_active=1 WHERE username=\''.$db->escape($user).'\' AND activation_key=\''.$db->escape($key).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1517	$r = mysql_affected_rows();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1518	if ( $r > 0 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1519	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1520	$e = $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'activ_good\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($user).'\', \''.$_SERVER['REMOTE_ADDR'].'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1521	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1522	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1523	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1524	$e = $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'activ_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($user).'\', \''.$_SERVER['REMOTE_ADDR'].'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1525	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1526	return $r;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1527	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1528
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1529	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1530	* For a given user level identifier (USER_LEVEL_*), returns a string describing that user level.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1531	* @param int User level
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1532	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1533	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1534
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1535	function userlevel_to_string($user_level)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1536	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1537	switch ( $user_level )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1538	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1539	case USER_LEVEL_GUEST:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1540	return 'Low - guest privileges';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1541	case USER_LEVEL_MEMBER:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1542	return 'Standard - normal member level';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1543	case USER_LEVEL_CHPREF:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1544	return 'Medium - user can change his/her own e-mail address and password';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1545	case USER_LEVEL_MOD:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1546	return 'High - moderator privileges';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1547	case USER_LEVEL_ADMIN:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1548	return 'Highest - administrative privileges';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1549	default:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1550	return "Unknown ($user_level)";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1551	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1552	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1553
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1554	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1555	* Updates a user's information in the database. Note that any of the values except $user_id can be false if you want to preserve the old values.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1556	* @param int $user_id The user ID of the user to update - this cannot be changed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1557	* @param string $username The new username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1558	* @param string $old_pass The current password - only required if sessionManager::$user_level < USER_LEVEL_ADMIN. This should usually be an UNENCRYPTED string. This can also be an array - if it is, key 0 is treated as data AES-encrypted with key 1
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1559	* @param string $password The new password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1560	* @param string $email The new e-mail address
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1561	* @param string $realname The new real name
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1562	* @param string $signature The updated forum/comment signature
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1563	* @param int $user_level The updated user level
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1564	* @return string 'success' if successful, or array of error strings on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1565	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1566
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1567	function update_user($user_id, $username = false, $old_pass = false, $password = false, $email = false, $realname = false, $signature = false, $user_level = false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1568	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1569	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1570
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1571	// Create some arrays
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1572
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1573	$errors = Array(); // Used to hold error strings
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1574	$strs = Array(); // Sub-query statements
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1575
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1576	// Scan the user ID for problems
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1577	if(intval($user_id) < 1) $errors[] = 'SQL injection attempt';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1578
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1579	// Instanciate the AES encryption class
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1580	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1581
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1582	// If all of our input vars are false, then we've effectively done our job so get out of here
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1583	if($username === false && $password === false && $email === false && $realname === false && $signature === false && $user_level === false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1584	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1585	// echo 'debug: $session->update_user(): success (no changes requested)';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1586	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1587	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1588
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1589	// Initialize our authentication check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1590	$authed = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1591
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1592	// Verify the inputted password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1593	if(is_string($old_pass))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1594	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1595	$q = $this->sql('SELECT password FROM '.table_prefix.'users WHERE user_id='.$user_id.';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1596	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1597	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1598	$errors[] = 'The password data could not be selected for verification.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1599	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1600	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1601	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1602	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1603	$real = $aes->decrypt($row['password'], $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1604	if($real == $old_pass)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1605	$authed = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1606	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1607	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1608
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1609	elseif(is_array($old_pass))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1610	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1611	$old_pass = $aes->decrypt($old_pass[0], $old_pass[1]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1612	$q = $this->sql('SELECT password FROM '.table_prefix.'users WHERE user_id='.$user_id.';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1613	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1614	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1615	$errors[] = 'The password data could not be selected for verification.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1616	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1617	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1618	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1619	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1620	$real = $aes->decrypt($row['password'], $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1621	if($real == $old_pass)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1622	$authed = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1623	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1624	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1625
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1626	// Initialize our query
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1627	$q = 'UPDATE '.table_prefix.'users SET ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1628
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1629	if($this->auth_level >= USER_LEVEL_ADMIN \|\| $authed) // Need the current password in order to update the e-mail address, change the username, or reset the password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1630	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1631	// Username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1632	if(is_string($username))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1633	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1634	// Check the username for problems
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1635	if(!preg_match('#^'.$this->valid_username.'$#', $username))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1636	$errors[] = 'The username you entered contains invalid characters.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1637	$strs[] = 'username=\''.$db->escape($username).'\'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1638	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1639	// Password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1640	if(is_string($password) && strlen($password) >= 6)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1641	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1642	// Password needs to be encrypted before being stashed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1643	$encpass = $aes->encrypt($password, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1644	if(!$encpass)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1645	$errors[] = 'The password could not be encrypted due to an internal error.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1646	$strs[] = 'password=\''.$encpass.'\'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1647	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1648	// E-mail addy
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1649	if(is_string($email))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1650	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1651	// I didn't write this regex.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1652	if(!preg_match('/^(?:[\w\d]+\.?)+@(?:(?:[\w\d]\-?)+\.)+\w{2,4}$/', $email))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1653	$errors[] = 'The e-mail address you entered is invalid.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1654	$strs[] = 'email=\''.$db->escape($email).'\'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1655	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1656	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1657	// Real name
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1658	if(is_string($realname))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1659	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1660	$strs[] = 'real_name=\''.$db->escape($realname).'\'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1661	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1662	// Forum/comment signature
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1663	if(is_string($signature))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1664	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1665	$strs[] = 'signature=\''.$db->escape($signature).'\'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1666	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1667	// User level
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1668	if(is_int($user_level))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1669	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1670	$strs[] = 'user_level='.$user_level;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1671	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1672
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1673	// Add our generated query to the query string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1674	$q .= implode(',', $strs);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1675
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1676	// One last error check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1677	if(sizeof($strs) < 1) $errors[] = 'An internal error occured building the SQL query, this is a bug';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1678	if(sizeof($errors) > 0) return $errors;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1679
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1680	// Free our temp arrays
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1681	unset($strs, $errors);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1682
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1683	// Finalize the query and run it
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1684	$q .= ' WHERE user_id='.$user_id.';';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1685	$this->sql($q);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1686
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1687	// We also need to trigger re-activation.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1688	if ( is_string($email) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1689	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1690	switch(getConfig('account_activation'))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1691	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1692	case 'user':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1693	case 'admin':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1694
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1695	if ( $session->user_level >= USER_LEVEL_MOD && getConfig('account_activation') == 'admin' )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1696	// Don't require re-activation by admins for admins
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1697	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1698
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1699	// retrieve username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1700	if ( !$username )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1701	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1702	$q = $this->sql('SELECT username FROM '.table_prefix.'users WHERE user_id='.$user_id.';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1703	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1704	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1705	$errors[] = 'The username could not be selected.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1706	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1707	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1708	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1709	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1710	$username = $row['username'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1711	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1712	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1713	if ( !$username )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1714	return $errors;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1715
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1716	// Generate a totally random activation key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1717	$actkey = sha1 ( microtime() . mt_rand() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1718	$a = $this->send_activation_mail($username, $actkey);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1719	if(!$a)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1720	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1721	$this->admin_activation_request($username);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1722	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1723	// Deactivate the account until e-mail is confirmed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1724	$q = $db->sql_query('UPDATE '.table_prefix.'users SET account_active=0,activation_key=\'' . $actkey . '\' WHERE user_id=' . $user_id . ';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1725	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1726	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1727	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1728
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1729	// Yay! We're done
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1730	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1731	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1732
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1733	#
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1734	# Access Control Lists
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1735	#
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1736
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1737	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1738	* Creates a new permission field in memory. If the permissions are set in the database, they are used. Otherwise, $default_perm is used.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1739	* @param string $acl_type An identifier for this field
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1740	* @param int $default_perm Whether permission should be granted or not if it's not specified in the ACLs.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1741	* @param string $desc A human readable name for the permission type
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1742	* @param array $deps The list of dependencies - this should be an array of ACL types
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1743	* @param string $scope Which namespaces this field should apply to. This should be either a pipe-delimited list of namespace IDs or just "All".
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1744	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1745
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1746	function register_acl_type($acl_type, $default_perm = AUTH_DISALLOW, $desc = false, $deps = Array(), $scope = 'All')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1747	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1748	if(isset($this->acl_types[$acl_type]))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1749	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1750	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1751	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1752	if(!$desc)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1753	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1754	$desc = capitalize_first_letter(str_replace('_', ' ', $acl_type));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1755	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1756	$this->acl_types[$acl_type] = $default_perm;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1757	$this->acl_descs[$acl_type] = $desc;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1758	$this->acl_deps[$acl_type] = $deps;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1759	$this->acl_scope[$acl_type] = explode('\|', $scope);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1760	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1761	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1762	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1763
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1764	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1765	* Tells us whether permission $type is allowed or not based on the current rules.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1766	* @param string $type The permission identifier ($acl_type passed to sessionManager::register_acl_type())
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1767	* @param bool $no_deps If true, disables dependency checking
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1768	* @return bool True if allowed, false if denied or if an error occured
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1769	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1770
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1771	function get_permissions($type, $no_deps = false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1772	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1773	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1774	if ( isset( $this->perms[$type] ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1775	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1776	if ( $this->perms[$type] == AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1777	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1778	else if ( $this->perms[$type] == AUTH_WIKIMODE && $paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1779	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1780	else if ( $this->perms[$type] == AUTH_WIKIMODE && !$paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1781	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1782	else if ( $this->perms[$type] == AUTH_ALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1783	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1784	else if ( $this->perms[$type] == AUTH_DISALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1785	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1786	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1787	else if(isset($this->acl_types[$type]))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1788	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1789	if ( $this->acl_types[$type] == AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1790	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1791	else if ( $this->acl_types[$type] == AUTH_WIKIMODE && $paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1792	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1793	else if ( $this->acl_types[$type] == AUTH_WIKIMODE && !$paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1794	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1795	else if ( $this->acl_types[$type] == AUTH_ALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1796	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1797	else if ( $this->acl_types[$type] == AUTH_DISALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1798	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1799	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1800	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1801	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1802	// ACL type is undefined
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1803	trigger_error('Unknown access type "' . $type . '"', E_USER_WARNING);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1804	return false; // Be on the safe side and deny access
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1805	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1806	if ( !$no_deps )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1807	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1808	if ( !$this->acl_check_deps($type) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1809	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1810	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1811	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1812	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1813
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1814	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1815	* Fetch the permissions that apply to the current user for the page specified. The object you get will have the get_permissions method
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1816	* and several other abilities.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1817	* @param string $page_id
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1818	* @param string $namespace
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1819	* @return object
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1820	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1821
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1822	function fetch_page_acl($page_id, $namespace)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1823	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1824	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1825
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1826	if ( count ( $this->acl_base_cache ) < 1 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1827	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1828	// Permissions table not yet initialized
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1829	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1830	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1831
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1832	//if ( !isset( $paths->pages[$paths->nslist[$namespace] . $page_id] ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1833	//{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1834	// // Page does not exist
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1835	// return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1836	//}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1837
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1838	$object = new Session_ACLPageInfo( $page_id, $namespace, $this->acl_types, $this->acl_descs, $this->acl_deps, $this->acl_base_cache );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1839
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1840	return $object;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1841
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1842	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1843
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1844	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1845	* Read all of our permissions from the database and process/apply them. This should be called after the page is determined.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1846	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1847	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1848
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1849	function init_permissions()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1850	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1851	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1852	// Initialize the permissions list with some defaults
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1853	$this->perms = $this->acl_types;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1854	$this->acl_defaults_used = $this->perms;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1855
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1856	// Fetch sitewide defaults from the permissions table
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1857	$bs = 'SELECT rules FROM '.table_prefix.'acl WHERE page_id IS NULL AND namespace IS NULL AND ( ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1858
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1859	$q = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1860	$q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$this->user_id.' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1861	if(count($this->groups) > 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1862	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1863	foreach($this->groups as $g_id => $g_name)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1864	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1865	$q[] = '( target_type='.ACL_TYPE_GROUP.' AND target_id='.intval($g_id).' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1866	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1867	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1868	$bs .= implode(' OR ', $q) . ' ) ORDER BY target_type ASC, target_id ASC;';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1869	$q = $this->sql($bs);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1870	if ( $row = $db->fetchrow() )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1871	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1872	do {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1873	$rules = $this->string_to_perm($row['rules']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1874	$is_everyone = ( $row['target_type'] == ACL_TYPE_GROUP && $row['target_id'] == 1 );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1875	$this->acl_merge_with_current($rules, $is_everyone);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1876	} while ( $row = $db->fetchrow() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1877	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1878
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1879	// Eliminate types that don't apply to this namespace
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1880	foreach ( $this->perms AS $i => $perm )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1881	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1882	if ( !in_array ( $paths->namespace, $this->acl_scope[$i] ) && !in_array('All', $this->acl_scope[$i]) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1883	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1884	unset($this->perms[$i]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1885	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1886	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1887
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1888	// Cache the sitewide permissions for later use
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1889	$this->acl_base_cache = $this->perms;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1890
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1891	// Build a query to grab ACL info
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1892	$bs = 'SELECT rules,target_type,target_id FROM '.table_prefix.'acl WHERE ( ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1893	$q = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1894	$q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$this->user_id.' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1895	if(count($this->groups) > 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1896	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1897	foreach($this->groups as $g_id => $g_name)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1898	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1899	$q[] = '( target_type='.ACL_TYPE_GROUP.' AND target_id='.intval($g_id).' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1900	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1901	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1902	// The reason we're using an ORDER BY statement here is because ACL_TYPE_GROUP is less than ACL_TYPE_USER, causing the user's individual
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1903	// permissions to override group permissions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1904	$bs .= implode(' OR ', $q) . ' ) AND ( page_id=\''.$db->escape($paths->cpage['urlname_nons']).'\' AND namespace=\''.$db->escape($paths->namespace).'\' )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1905	ORDER BY target_type ASC, page_id ASC, namespace ASC;';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1906	$q = $this->sql($bs);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1907	if ( $row = $db->fetchrow() )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1908	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1909	do {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1910	$rules = $this->string_to_perm($row['rules']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1911	$is_everyone = ( $row['target_type'] == ACL_TYPE_GROUP && $row['target_id'] == 1 );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1912	$this->acl_merge_with_current($rules, $is_everyone);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1913	} while ( $row = $db->fetchrow() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1914	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1915
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1916	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1917
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1918	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1919	* Extends the scope of a permission type.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1920	* @param string The name of the permission type
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1921	* @param string The namespace(s) that should be covered. This can be either one namespace ID or a pipe-delimited list.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1922	* @param object Optional - the current $paths object, in case we're doing this from the acl_rule_init hook
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1923	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1924
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1925	function acl_extend_scope($perm_type, $namespaces, &$p_in)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1926	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1927	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1928	$p_obj = ( is_object($p_in) ) ? $p_in : $paths;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1929	$nslist = explode('\|', $namespaces);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1930	foreach ( $nslist as $i => $ns )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1931	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1932	if ( !isset($p_obj->nslist[$ns]) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1933	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1934	unset($nslist[$i]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1935	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1936	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1937	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1938	$this->acl_scope[$perm_type][] = $ns;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1939	if ( isset($this->acl_types[$perm_type]) && !isset($this->perms[$perm_type]) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1940	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1941	$this->perms[$perm_type] = $this->acl_types[$perm_type];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1942	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1943	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1944	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1945	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1946
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1947	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1948	* Converts a permissions field into a string for database insertion. Similar in spirit to serialize().
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1949	* @param array $perms An associative array with only integers as values
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1950	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1951	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1952
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1953	function perm_to_string($perms)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1954	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1955	$s = '';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1956	foreach($perms as $perm => $ac)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1957	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1958	$s .= "$perm=$ac;";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1959	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1960	return $s;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1961	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1962
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1963	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1964	* Converts a permissions string back to an array.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1965	* @param string $perms The result from sessionManager::perm_to_string()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1966	* @return array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1967	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1968
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1969	function string_to_perm($perms)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1970	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1971	$ret = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1972	preg_match_all('#([a-z0-9_-]+)=([0-9]+);#i', $perms, $matches);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1973	foreach($matches[1] as $i => $t)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1974	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1975	$ret[$t] = intval($matches[2][$i]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1976	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1977	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1978	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1979
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1980	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1981	* Merges two ACL arrays. Both parameters should be permission list arrays. The second group takes precedence over the first, but AUTH_DENY always prevails.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1982	* @param array $perm1 The first set of permissions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1983	* @param array $perm2 The second set of permissions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1984	* @return array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1985	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1986
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1987	function acl_merge($perm1, $perm2)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1988	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1989	$ret = $perm1;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1990	foreach ( $perm2 as $type => $level )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1991	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1992	if ( isset( $ret[$type] ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1993	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1994	if ( $ret[$type] != AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1995	$ret[$type] = $level;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1996	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1997	// else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1998	// {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1999	// $ret[$type] = $level;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2000	// }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2001	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2002	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2003	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2004
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2005	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2006	* Merges the ACL array sent with the current permissions table, deciding precedence based on whether defaults are in effect or not.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2007	* @param array The array to merge into the master ACL list
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2008	* @param bool If true, $perm is treated as the "new default"
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2009	* @param int 1 if this is a site-wide ACL, 2 if page-specific. Defaults to 2.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2010	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2011
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2012	function acl_merge_with_current($perm, $is_everyone = false, $scope = 2)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2013	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2014	foreach ( $this->perms as $i => $p )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2015	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2016	if ( isset($perm[$i]) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2017	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2018	if ( $is_everyone && !$this->acl_defaults_used[$i] )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2019	continue;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2020	// Decide precedence
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2021	if ( isset($this->acl_defaults_used[$i]) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2022	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2023	//echo "$i: default in use, overriding to: {$perm[$i]}<br />";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2024	// Defaults are in use, override
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2025	$this->perms[$i] = $perm[$i];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2026	$this->acl_defaults_used[$i] = ( $is_everyone );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2027	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2028	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2029	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2030	//echo "$i: default NOT in use";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2031	// Defaults are not in use, merge as normal
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2032	if ( $this->perms[$i] != AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2033	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2034	//echo ", but overriding";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2035	$this->perms[$i] = $perm[$i];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2036	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2037	//echo "<br />";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2038	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2039	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2040	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2041	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2042
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2043	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2044	* Merges two ACL arrays. Both parameters should be permission list arrays. The second group takes precedence
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2045	* over the first, without exceptions. This is used to merge the hardcoded defaults with admin-specified
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2046	* defaults, which take precedence.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2047	* @param array $perm1 The first set of permissions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2048	* @param array $perm2 The second set of permissions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2049	* @return array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2050	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2051
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2052	function acl_merge_complete($perm1, $perm2)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2053	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2054	$ret = $perm1;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2055	foreach ( $perm2 as $type => $level )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2056	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2057	$ret[$type] = $level;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2058	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2059	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2060	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2061
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2062	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2063	* Tell us if the dependencies for a given permission are met.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2064	* @param string The ACL permission ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2065	* @return bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2066	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2067
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2068	function acl_check_deps($type)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2069	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2070	if(!isset($this->acl_deps[$type])) // This will only happen if the permissions table is hacked or improperly accessed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2071	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2072	if(sizeof($this->acl_deps[$type]) < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2073	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2074	$deps = $this->acl_deps[$type];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2075	while(true)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2076	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2077	$full_resolved = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2078	$j = sizeof($deps);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2079	for ( $i = 0; $i < $j; $i++ )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2080	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2081	$b = $deps;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2082	$deps = array_merge($deps, $this->acl_deps[$deps[$i]]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2083	if( $b == $deps )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2084	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2085	break 2;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2086	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2087	$j = sizeof($deps);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2088	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2089	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2090	//die('<pre>'.print_r($deps, true).'</pre>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2091	foreach($deps as $d)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2092	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2093	if ( !$this->get_permissions($d) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2094	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2095	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2096	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2097	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2098	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2099	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2100
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2101	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2102	* Makes a CAPTCHA code and caches the code in the database
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2103	* @param int $len The length of the code, in bytes
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2104	* @return string A unique identifier assigned to the code. This hash should be passed to sessionManager::getCaptcha() to retrieve the code.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2105	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2106
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2107	function make_captcha($len = 7)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2108	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2109	$chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2110	$s = '';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2111	for($i=0;$i<$len;$i++) $s .= $chars[mt_rand(0, count($chars)-1)];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2112	$hash = md5(microtime() . mt_rand());
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2113	$this->sql('INSERT INTO '.table_prefix.'session_keys(session_key,salt,auth_level,source_ip,user_id) VALUES(\''.$hash.'\', \''.$s.'\', -1, \''.ip2hex($_SERVER['REMOTE_ADDR']).'\', -2);');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2114	return $hash;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2115	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2116
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2117	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2118	* For the given code ID, returns the correct CAPTCHA code, or false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2119	* @param string $hash The unique ID assigned to the code
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2120	* @return string The correct confirmation code
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2121	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2122
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2123	function get_captcha($hash)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2124	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2125	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2126	$s = $this->sql('SELECT salt FROM '.table_prefix.'session_keys WHERE session_key=\''.$db->escape($hash).'\' AND source_ip=\''.ip2hex($_SERVER['REMOTE_ADDR']).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2127	if($db->numrows() < 1) return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2128	$r = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2129	return $r['salt'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2130	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2131
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2132	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2133	* Deletes all CAPTCHA codes cached in the DB for this user.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2134	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2135
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2136	function kill_captcha()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2137	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2138	$this->sql('DELETE FROM '.table_prefix.'session_keys WHERE user_id=-2 AND source_ip=\''.ip2hex($_SERVER['REMOTE_ADDR']).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2139	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2140
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2141	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2142	* Generates a random password.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2143	* @param int $length Optional - length of password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2144	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2145	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2146
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2147	function random_pass($length = 10)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2148	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2149	$valid_chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_+@#%&<>';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2150	$valid_chars = enano_str_split($valid_chars);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2151	$ret = '';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2152	for ( $i = 0; $i < $length; $i++ )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2153	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2154	$ret .= $valid_chars[mt_rand(0, count($valid_chars)-1)];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2155	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2156	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2157	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2158
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2159	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2160	* Generates some Javascript that calls the AES encryption library.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2161	* @param string The name of the form
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2162	* @param string The name of the password field
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2163	* @param string The name of the field that switches encryption on or off
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2164	* @param string The name of the field that contains the encryption key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2165	* @param string The name of the field that will contain the encrypted password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2166	* @param string The name of the field that handles MD5 challenge data
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2167	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2168	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2169
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2170	function aes_javascript($form_name, $pw_field, $use_crypt, $crypt_key, $crypt_data, $challenge)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2171	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2172	$code = '
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2173	<script type="text/javascript">
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2174	disableJSONExts();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2175	str = \'\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2176	for(i=0;i<keySizeInBits/4;i++) str+=\'0\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2177	var key = hexToByteArray(str);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2178	var pt = hexToByteArray(str);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2179	var ct = rijndaelEncrypt(pt, key, \'ECB\');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2180	var ct = byteArrayToHex(ct);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2181	switch(keySizeInBits)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2182	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2183	case 128:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2184	v = \'66e94bd4ef8a2c3b884cfa59ca342b2e\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2185	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2186	case 192:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2187	v = \'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2188	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2189	case 256:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2190	v = \'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2191	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2192	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2193	var testpassed = ' . ( ( isset($_GET['use_crypt']) && $_GET['use_crypt']=='0') ? 'false; // CRYPTO-AUTH DISABLED ON USER REQUEST // ' : '' ) . '( ct == v && md5_vm_test() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2194	var frm = document.forms.'.$form_name.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2195	if(testpassed)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2196	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2197	frm.'.$use_crypt.'.value = \'yes\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2198	var cryptkey = frm.'.$crypt_key.'.value;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2199	frm.'.$crypt_key.'.value = hex_md5(cryptkey);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2200	cryptkey = hexToByteArray(cryptkey);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2201	if(!cryptkey \|\| ( ( typeof cryptkey == \'string\' \|\| typeof cryptkey == \'object\' ) ) && cryptkey.length != keySizeInBits / 8 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2202	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2203	if ( frm._login ) frm._login.disabled = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2204	len = ( typeof cryptkey == \'string\' \|\| typeof cryptkey == \'object\' ) ? \'\\nLen: \'+cryptkey.length : \'\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2205	alert(\'The key is messed up\\nType: \'+typeof(cryptkey)+len);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2206	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2207	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2208	if(frm.username) frm.username.focus();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2209	function runEncryption()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2210	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2211	if(testpassed)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2212	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2213	pass = frm.'.$pw_field.'.value;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2214	chal = frm.'.$challenge.'.value;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2215	challenge = hex_md5(pass + chal) + chal;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2216	frm.'.$challenge.'.value = challenge;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2217	pass = stringToByteArray(pass);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2218	cryptstring = rijndaelEncrypt(pass, cryptkey, \'ECB\');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2219	if(!cryptstring)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2220	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2221	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2222	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2223	cryptstring = byteArrayToHex(cryptstring);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2224	frm.'.$crypt_data.'.value = cryptstring;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2225	frm.'.$pw_field.'.value = \'\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2226	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2227	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2228	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2229	</script>
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2230	';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2231	return $code;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2232	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2233
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2234	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2235
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2236	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2237	* Class used to fetch permissions for a specific page. Used internally by SessionManager.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2238	* @package Enano
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2239	* @subpackage Session manager
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2240	* @license http://www.gnu.org/copyleft/gpl.html
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2241	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2242	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2243
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2244	class Session_ACLPageInfo {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2245
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2246	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2247	* The page ID of this ACL info package
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2248	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2249	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2250
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2251	var $page_id;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2252
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2253	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2254	* The namespace of the page being checked
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2255	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2256	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2257
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2258	var $namespace;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2259
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2260	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2261	* Our list of permission types.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2262	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2263	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2264	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2265
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2266	var $acl_types = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2267
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2268	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2269	* The list of descriptions for the permission types
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2270	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2271	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2272
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2273	var $acl_descs = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2274
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2275	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2276	* A list of dependencies for ACL types.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2277	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2278	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2279
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2280	var $acl_deps = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2281
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2282	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2283	* Our tell-all list of permissions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2284	* @access private - or, preferably, protected...too bad this has to be PHP4 compatible
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2285	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2286	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2287
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2288	var $perms = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2289
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2290	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2291	* Constructor.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2292	* @param string $page_id The ID of the page to check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2293	* @param string $namespace The namespace of the page to check.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2294	* @param array $acl_types List of ACL types
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2295	* @param array $acl_descs List of human-readable descriptions for permissions (associative)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2296	* @param array $acl_deps List of dependencies for permissions. For example, viewing history/diffs depends on the ability to read the page.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2297	* @param array $base What to start with - this is an attempt to reduce the number of SQL queries.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2298	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2299
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2300	function Session_ACLPageInfo($page_id, $namespace, $acl_types, $acl_descs, $acl_deps, $base)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2301	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2302	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2303
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2304	$this->perms = $session->acl_merge_complete($acl_types, $base);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2305	$this->acl_deps = $acl_deps;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2306	$this->acl_types = $acl_types;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2307	$this->acl_descs = $acl_descs;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2308
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2309	// Build a query to grab ACL info
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2310	$bs = 'SELECT rules FROM '.table_prefix.'acl WHERE ( ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2311	$q = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2312	$q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$session->user_id.' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2313	if(count($session->groups) > 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2314	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2315	foreach($session->groups as $g_id => $g_name)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2316	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2317	$q[] = '( target_type='.ACL_TYPE_GROUP.' AND target_id='.intval($g_id).' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2318	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2319	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2320	// The reason we're using an ORDER BY statement here is because ACL_TYPE_GROUP is less than ACL_TYPE_USER, causing the user's individual
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2321	// permissions to override group permissions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2322	$bs .= implode(' OR ', $q) . ' ) AND ( page_id=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\' )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2323	ORDER BY target_type ASC, page_id ASC, namespace ASC;';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2324	$q = $session->sql($bs);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2325	if ( $row = $db->fetchrow() )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2326	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2327	do {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2328	$rules = $session->string_to_perm($row['rules']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2329	$this->perms = $session->acl_merge($this->perms, $rules);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2330	} while ( $row = $db->fetchrow() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2331	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2332
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2333	$this->page_id = $page_id;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2334	$this->namespace = $namespace;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2335	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2336
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2337	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2338	* Tells us whether permission $type is allowed or not based on the current rules.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2339	* @param string $type The permission identifier ($acl_type passed to sessionManager::register_acl_type())
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2340	* @param bool $no_deps If true, disables dependency checking
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2341	* @return bool True if allowed, false if denied or if an error occured
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2342	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2343
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2344	function get_permissions($type, $no_deps = false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2345	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2346	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2347	if ( isset( $this->perms[$type] ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2348	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2349	if ( $this->perms[$type] == AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2350	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2351	else if ( $this->perms[$type] == AUTH_WIKIMODE &&
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2352	( isset($paths->pages[$paths->nslist[$this->namespace].$this->page_id]) &&
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2353	( $paths->pages[$paths->nslist[$this->namespace].$this->page_id]['wiki_mode'] == '1' \|\|
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2354	( $paths->pages[$paths->nslist[$this->namespace].$this->page_id]['wiki_mode'] == '2'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2355	&& getConfig('wiki_mode') == '1'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2356	) ) ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2357	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2358	else if ( $this->perms[$type] == AUTH_WIKIMODE && (
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2359	!isset($paths->pages[$paths->nslist[$this->namespace].$this->page_id])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2360	\|\| (
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2361	isset($paths->pages[$paths->nslist[$this->namespace].$this->page_id]) && (
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2362	$paths->pages[$paths->nslist[$this->namespace].$this->page_id]['wiki_mode'] == '0'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2363	\|\| (
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2364	$paths->pages[$paths->nslist[$this->namespace].$this->page_id]['wiki_mode'] == '2' && getConfig('wiki_mode') != '1'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2365	) ) ) ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2366	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2367	else if ( $this->perms[$type] == AUTH_ALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2368	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2369	else if ( $this->perms[$type] == AUTH_DISALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2370	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2371	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2372	else if(isset($this->acl_types[$type]))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2373	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2374	if ( $this->acl_types[$type] == AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2375	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2376	else if ( $this->acl_types[$type] == AUTH_WIKIMODE && $paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2377	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2378	else if ( $this->acl_types[$type] == AUTH_WIKIMODE && !$paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2379	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2380	else if ( $this->acl_types[$type] == AUTH_ALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2381	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2382	else if ( $this->acl_types[$type] == AUTH_DISALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2383	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2384	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2385	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2386	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2387	// ACL type is undefined
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2388	trigger_error('Unknown access type "' . $type . '"', E_USER_WARNING);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2389	return false; // Be on the safe side and deny access
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2390	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2391	if ( !$no_deps )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2392	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2393	if ( !$this->acl_check_deps($type) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2394	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2395	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2396	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2397	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2398
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2399	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2400	* Tell us if the dependencies for a given permission are met.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2401	* @param string The ACL permission ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2402	* @return bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2403	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2404
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2405	function acl_check_deps($type)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2406	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2407	if(!isset($this->acl_deps[$type])) // This will only happen if the permissions table is hacked or improperly accessed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2408	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2409	if(sizeof($this->acl_deps[$type]) < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2410	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2411	$deps = $this->acl_deps[$type];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2412	while(true)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2413	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2414	$full_resolved = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2415	$j = sizeof($deps);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2416	for ( $i = 0; $i < $j; $i++ )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2417	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2418	$b = $deps;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2419	$deps = array_merge($deps, $this->acl_deps[$deps[$i]]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2420	if( $b == $deps )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2421	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2422	break 2;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2423	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2424	$j = sizeof($deps);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2425	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2426	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2427	//die('<pre>'.print_r($deps, true).'</pre>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2428	foreach($deps as $d)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2429	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2430	if ( !$this->get_permissions($d) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2431	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2432	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2433	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2434	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2435	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2436	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2437
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2438	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2439
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2440	?>

author	Dan
	Fri, 22 Jun 2007 10:31:59 -0400
changeset 13	fdd6b9dd42c3
parent 1	fe660c52c48f
child 16	64e0d3d4cf14
permissions	-rw-r--r--