Enano CMS (1.1.x): includes/sessions.php~@fe660c52c48f (annotated)

1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1	<?php
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	3	/*
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	4	* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	5	* Version 1.0 (Banshee)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	6	* Copyright (C) 2006-2007 Dan Fuhry
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	7	* sessions.php - everything related to security and user management
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	8	*
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	9	* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	10	* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	11	*
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	12	* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	13	* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	14	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	15
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	16	// Prepare a string for insertion into a MySQL database
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	17	function filter($str) { return $db->escape($str); }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	18
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	19	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	20	* Anything and everything related to security and user management. This includes AES encryption, which is illegal in some countries.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	21	* Documenting the API was not easy - I hope you folks enjoy it.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	22	* @package Enano
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	23	* @subpackage Session manager
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	24	* @category security, user management, logins, etc.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	25	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	26
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	27	class sessionManager {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	28
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	29	# Variables
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	30
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	31	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	32	* Whether we're logged in or not
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	33	* @var bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	34	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	35
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	36	var $user_logged_in = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	37
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	38	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	39	* Our current low-privilege session key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	40	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	41	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	42
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	43	var $sid;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	44
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	45	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	46	* Username of currently logged-in user, or IP address if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	47	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	48	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	49
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	50	var $username;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	51
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	52	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	53	* User ID of currently logged-in user, or -1 if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	54	* @var int
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	55	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	56
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	57	var $user_id;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	58
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	59	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	60	* Real name of currently logged-in user, or blank if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	61	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	62	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	63
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	64	var $real_name;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	65
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	66	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	67	* E-mail address of currently logged-in user, or blank if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	68	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	69	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	70
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	71	var $email;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	72
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	73	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	74	* User level of current user
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	75	* USER_LEVEL_GUEST: guest
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	76	* USER_LEVEL_MEMBER: regular user
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	77	* USER_LEVEL_CHPREF: default - pseudo-level that allows changing password and e-mail address (requires re-authentication)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	78	* USER_LEVEL_MOD: moderator
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	79	* USER_LEVEL_ADMIN: administrator
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	80	* @var int
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	81	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	82
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	83	var $user_level;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	84
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	85	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	86	* High-privilege session key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	87	* @var string or false if not running on high-level authentication
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	88	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	89
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	90	var $sid_super;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	91
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	92	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	93	* The user's theme preference, defaults to $template->default_theme
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	94	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	95	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	96
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	97	var $theme;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	98
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	99	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	100	* The user's style preference, or style auto-detected based on theme if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	101	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	102	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	103
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	104	var $style;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	105
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	106	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	107	* Signature of current user - appended to comments, etc.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	108	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	109	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	110
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	111	var $signature;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	112
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	113	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	114	* UNIX timestamp of when we were registered, or 0 if not logged in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	115	* @var int
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	116	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	117
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	118	var $reg_time;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	119
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	120	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	121	* MD5 hash of the current user's password, if applicable
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	122	* @var string OR bool false
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	123	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	124
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	125	var $password_hash;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	126
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	127	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	128	* The number of unread private messages this user has.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	129	* @var int
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	130	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	131
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	132	var $unread_pms = 0;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	133
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	134	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	135	* AES key used to encrypt passwords and session key info - irreversibly destroyed when disallow_password_grab() is called
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	136	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	137	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	138
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	139	var $private_key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	140
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	141	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	142	* Regex that defines a valid username, minus the ^ and $, these are added later
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	143	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	144	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	145
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	146	var $valid_username = '([A-Za-z0-9 \!\@-]+)';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	147
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	148	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	149	* What we're allowed to do as far as permissions go. This changes based on the value of the "auth" URI param.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	150	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	151	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	152
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	153	var $auth_level = -1;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	154
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	155	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	156	* State variable to track if a session timed out
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	157	* @var bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	158	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	159
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	160	var $sw_timed_out = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	161
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	162	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	163	* Switch to track if we're started or not.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	164	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	165	* @var bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	166	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	167
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	168	var $started = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	169
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	170	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	171	* Switch to control compatibility mode (for older Enano websites being upgraded)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	172	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	173	* @var bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	174	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	175
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	176	var $compat = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	177
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	178	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	179	* Our list of permission types.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	180	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	181	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	182	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	183
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	184	var $acl_types = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	185
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	186	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	187	* The list of descriptions for the permission types
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	188	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	189	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	190
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	191	var $acl_descs = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	192
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	193	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	194	* A list of dependencies for ACL types.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	195	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	196	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	197
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	198	var $acl_deps = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	199
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	200	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	201	* Our tell-all list of permissions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	202	* @access private - or, preferably, protected
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	203	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	204	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	205
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	206	var $perms = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	207
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	208	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	209	* A cache variable - saved after sitewide permissions are checked but before page-specific permissions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	210	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	211	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	212	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	213
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	214	var $acl_base_cache = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	215
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	216	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	217	* Stores the scope information for ACL types.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	218	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	219	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	220	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	221
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	222	var $acl_scope = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	223
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	224	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	225	* Array to track which default permissions are being used
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	226	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	227	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	228	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	229
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	230	var $acl_defaults_used = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	231
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	232	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	233	* Array to track group membership.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	234	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	235	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	236
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	237	var $groups = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	238
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	239	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	240	* Associative array to track group modship.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	241	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	242	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	243
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	244	var $group_mod = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	245
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	246	# Basic functions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	247
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	248	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	249	* Constructor.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	250	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	251
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	252	function __construct()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	253	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	254	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	255	include(ENANO_ROOT.'/config.php');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	256	unset($dbhost, $dbname, $dbuser, $dbpasswd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	257	if(isset($crypto_key))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	258	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	259	$this->private_key = $crypto_key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	260	$this->private_key = hexdecode($this->private_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	261	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	262	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	263	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	264	if(is_writable(ENANO_ROOT.'/config.php'))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	265	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	266	// Generate and stash a private key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	267	// This should only happen during an automated silent gradual migration to the new encryption platform.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	268	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	269	$this->private_key = $aes->gen_readymade_key();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	270
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	271	$config = file_get_contents(ENANO_ROOT.'/config.php');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	272	if(!$config)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	273	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	274	die('$session->__construct(): can\'t get the contents of config.php');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	275	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	276
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	277	$config = str_replace("?>", "\$crypto_key = '{$this->private_key}';\n?>", $config);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	278	// And while we're at it...
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	279	$config = str_replace('MIDGET_INSTALLED', 'ENANO_INSTALLED', $config);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	280	$fh = @fopen(ENANO_ROOT.'/config.php', 'w');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	281	if ( !$fh )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	282	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	283	die('$session->__construct(): Couldn\'t open config file for writing to store the private key, I tried to avoid something like this...');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	284	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	285
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	286	fwrite($fh, $config);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	287	fclose($fh);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	288	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	289	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	290	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	291	die_semicritical('Crypto error', '<p>No private key was found in the config file, and we can\'t generate one because we don\'t have write access to the config file. Please CHMOD config.php to 666 or 777 and reload this page.</p>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	292	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	293	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	294	// Check for compatibility mode
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	295	if(defined('IN_ENANO_INSTALL'))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	296	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	297	$q = $db->sql_query('SELECT old_encryption FROM '.table_prefix.'users LIMIT 1;');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	298	if(!$q)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	299	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	300	$error = mysql_error();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	301	if(strstr($error, "Unknown column 'old_encryption'"))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	302	$this->compat = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	303	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	304	$db->_die('This should never happen and is a bug - the only error that was supposed to happen here didn\'t happen. (sessions.php in constructor, during compat mode check)');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	305	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	306	$db->free_result();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	307	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	308	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	309
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	310	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	311	* PHP 4 compatible constructor.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	312	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	313
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	314	function sessionManager()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	315	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	316	$this->__construct();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	317	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	318
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	319	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	320	* Wrapper function to sanitize strings for MySQL and HTML
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	321	* @param string $text The text to sanitize
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	322	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	323	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	324
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	325	function prepare_text($text)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	326	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	327	global $db;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	328	return $db->escape(htmlspecialchars($text));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	329	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	330
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	331	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	332	* Makes a SQL query and handles error checking
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	333	* @param string $query The SQL query to make
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	334	* @return resource
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	335	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	336
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	337	function sql($query)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	338	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	339	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	340	$result = $db->sql_query($query);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	341	if(!$result)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	342	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	343	$db->_die('The error seems to have occurred somewhere in the session management code.');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	344	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	345	return $result;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	346	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	347
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	348	# Session restoration and permissions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	349
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	350	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	351	* Initializes the basic state of things, including most user prefs, login data, cookie stuff
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	352	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	353
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	354	function start()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	355	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	356	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	357	if($this->started) return;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	358	$this->started = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	359	$user = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	360	if(isset($_COOKIE['sid']))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	361	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	362	if($this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	363	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	364	$userdata = $this->compat_validate_session($_COOKIE['sid']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	365	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	366	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	367	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	368	$userdata = $this->validate_session($_COOKIE['sid']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	369	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	370	if(is_array($userdata))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	371	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	372	$data = RenderMan::strToPageID($paths->get_pageid_from_url());
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	373
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	374	if(!$this->compat && $userdata['account_active'] != 1 && $data[1] != 'Special' && $data[1] != 'Admin')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	375	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	376	$this->logout();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	377	$a = getConfig('account_activation');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	378	switch($a)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	379	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	380	case 'none':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	381	default:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	382	$solution = 'Your account was most likely deactivated by an administrator. Please contact the site administration for further assistance.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	383	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	384	case 'user':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	385	$solution = 'Please check your e-mail; you should have been sent a message with instructions on how to activate your account. If you do not receive an e-mail from this site within 24 hours, please contact the site administration for further assistance.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	386	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	387	case 'admin':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	388	$solution = 'This website has been configured so that all user accounts must be activated by the administrator before they can be used, so your account will most likely be activated the next time the one of the administrators visits the site.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	389	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	390	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	391	die_semicritical('Account error', '<p>It appears that your user account has not yet been activated. '.$solution.'</p>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	392	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	393
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	394	$this->sid = $_COOKIE['sid'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	395	$this->user_logged_in = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	396	$this->user_id = intval($userdata['user_id']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	397	$this->username = $userdata['username'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	398	$this->password_hash = $userdata['password'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	399	$this->user_level = intval($userdata['user_level']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	400	$this->real_name = $userdata['real_name'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	401	$this->email = $userdata['email'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	402	$this->unread_pms = $userdata['num_pms'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	403	if(!$this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	404	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	405	$this->theme = $userdata['theme'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	406	$this->style = $userdata['style'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	407	$this->signature = $userdata['signature'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	408	$this->reg_time = $userdata['reg_time'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	409	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	410	// Small security risk here - it allows someone who has already authenticated as an administrator to store the "super" key in
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	411	// the cookie. Change this to USER_LEVEL_MEMBER to override that. The same 15-minute restriction applies to this "exploit".
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	412	$this->auth_level = $userdata['auth_level'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	413	if(!isset($template->named_theme_list[$this->theme]))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	414	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	415	if($this->compat \|\| !is_object($template))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	416	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	417	$this->theme = 'oxygen';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	418	$this->style = 'bleu';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	419	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	420	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	421	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	422	$this->theme = $template->default_theme;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	423	$this->style = $template->default_style;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	424	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	425	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	426	$user = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	427
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	428	if(isset($_REQUEST['auth']) && !$this->sid_super)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	429	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	430	// Now he thinks he's a moderator. Or maybe even an administrator. Let's find out if he's telling the truth.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	431	if($this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	432	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	433	$key = $_REQUEST['auth'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	434	$super = $this->compat_validate_session($key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	435	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	436	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	437	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	438	$key = strrev($_REQUEST['auth']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	439	$super = $this->validate_session($key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	440	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	441	if(is_array($super))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	442	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	443	$this->auth_level = intval($super['auth_level']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	444	$this->sid_super = $_REQUEST['auth'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	445	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	446	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	447	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	448	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	449	if(!$user)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	450	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	451	//exit;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	452	$this->register_guest_session();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	453	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	454	if(!$this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	455	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	456	// init groups
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	457	$q = $this->sql('SELECT g.group_name,g.group_id,m.is_mod FROM '.table_prefix.'groups AS g
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	458	LEFT JOIN '.table_prefix.'group_members AS m
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	459	ON g.group_id=m.group_id
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	460	WHERE ( m.user_id='.$this->user_id.'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	461	OR g.group_name=\'Everyone\')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	462	' . ( enano_version() == '1.0RC1' ? '' : 'AND ( m.pending != 1 OR m.pending IS NULL )' ) . '
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	463	ORDER BY group_id ASC;'); // Make sure "Everyone" comes first so the permissions can be overridden
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	464	if($row = $db->fetchrow())
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	465	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	466	do {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	467	$this->groups[$row['group_id']] = $row['group_name'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	468	$this->group_mod[$row['group_id']] = ( intval($row['is_mod']) == 1 );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	469	} while($row = $db->fetchrow());
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	470	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	471	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	472	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	473	die('No group info');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	474	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	475	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	476	$this->check_banlist();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	477
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	478	if ( isset ( $_GET['printable'] ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	479	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	480	$this->theme = 'printable';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	481	$this->style = 'default';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	482	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	483
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	484	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	485
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	486	# Logins
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	487
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	488	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	489	* Attempts to perform a login using crypto functions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	490	* @param string $username The username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	491	* @param string $aes_data The encrypted password, hex-encoded
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	492	* @param string $aes_key The MD5 hash of the encryption key, hex-encoded
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	493	* @param string $challenge The 256-bit MD5 challenge string - first 128 bits should be the hash, the last 128 should be the challenge salt
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	494	* @param int $level The privilege level we're authenticating for, defaults to 0
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	495	* @return string 'success' on success, or error string on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	496	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	497
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	498	function login_with_crypto($username, $aes_data, $aes_key, $challenge, $level = USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	499	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	500	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	501
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	502	$privcache = $this->private_key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	503
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	504	// Instanciate the Rijndael encryption object
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	505	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	506
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	507	// Fetch our decryption key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	508
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	509	$aes_key = $this->fetch_public_key($aes_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	510	if(!$aes_key)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	511	return 'Couldn\'t look up public key "'.$aes_key.'" for decryption';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	512
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	513	// Convert the key to a binary string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	514	$bin_key = hexdecode($aes_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	515
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	516	if(strlen($bin_key) != AES_BITS / 8)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	517	return 'The decryption key is the wrong length';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	518
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	519	// Decrypt our password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	520	$password = $aes->decrypt($aes_data, $bin_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	521
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	522	// Initialize our success switch
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	523	$success = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	524
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	525	// Select the user data from the table, and decrypt that so we can verify the password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	526	$this->sql('SELECT password,old_encryption,user_id,user_level,theme,style,temp_password,temp_password_time FROM '.table_prefix.'users WHERE lcase(username)=\''.$this->prepare_text(strtolower($username)).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	527	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	528	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	529	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	530
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	531	// Check to see if we're logging in using a temporary password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	532
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	533	if((intval($row['temp_password_time']) + 3600*24) > time() )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	534	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	535	$temp_pass = $aes->decrypt( $row['temp_password'], $this->private_key, ENC_HEX );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	536	if( $temp_pass == $password )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	537	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	538	$url = makeUrlComplete('Special', 'PasswordReset/stage2/' . $row['user_id'] . '/' . $row['temp_password']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	539	redirect($url, 'Login sucessful', 'Please wait while you are transferred to the Password Reset form.');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	540	exit;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	541	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	542	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	543
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	544	if($row['old_encryption'] == 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	545	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	546	// The user's password is stored using the obsolete and insecure MD5 algorithm, so we'll update the field with the new password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	547	if(md5($password) == $row['password'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	548	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	549	$pass_stashed = $aes->encrypt($password, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	550	$this->sql('UPDATE '.table_prefix.'users SET password=\''.$pass_stashed.'\',old_encryption=0 WHERE user_id='.$row['user_id'].';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	551	$success = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	552	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	553	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	554	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	555	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	556	// Our password field is up-to-date with the >=1.0RC1 encryption standards, so decrypt the password in the table and see if we have a match; if so then do challenge authentication
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	557	$real_pass = $aes->decrypt(hexdecode($row['password']), $this->private_key, ENC_BINARY);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	558	if($password == $real_pass)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	559	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	560	// Yay! We passed AES authentication, now do an MD5 challenge check to make sure we weren't spoofed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	561	$chal = substr($challenge, 0, 32);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	562	$salt = substr($challenge, 32, 32);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	563	$correct_challenge = md5( $real_pass . $salt );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	564	if($chal == $correct_challenge)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	565	$success = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	566	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	567	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	568	if($success)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	569	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	570	if($level > $row['user_level'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	571	return 'You are not authorized for this level of access.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	572
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	573	$sess = $this->register_session(intval($row['user_id']), $username, $password, $level);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	574	if($sess)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	575	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	576	$this->username = $username;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	577	$this->user_id = intval($row['user_id']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	578	$this->theme = $row['theme'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	579	$this->style = $row['style'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	580
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	581	if($level > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	582	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_good\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	583	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	584	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_good\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	585
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	586	$code = $plugins->setHook('login_success');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	587	foreach ( $code as $cmd )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	588	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	589	eval($cmd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	590	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	591	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	592	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	593	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	594	return 'Your login credentials were correct, but an internal error occurred while registering the session key in the database.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	595	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	596	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	597	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	598	if($level > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	599	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	600	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	601	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	602
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	603	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	604	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	605	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	606
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	607	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	608	* Attempts to login without using crypto stuff, mainly for use when the other side doesn't like Javascript
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	609	* This method of authentication is inherently insecure, there's really nothing we can do about it except hope and pray that everyone moves to Firefox
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	610	* Technically it still uses crypto, but it only decrypts the password already stored, which is (obviously) required for authentication
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	611	* @param string $username The username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	612	* @param string $password The password -OR- the MD5 hash of the password if $already_md5ed is true
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	613	* @param bool $already_md5ed This should be set to true if $password is an MD5 hash, and should be false if it's plaintext. Defaults to false.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	614	* @param int $level The privilege level we're authenticating for, defaults to 0
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	615	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	616
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	617	function login_without_crypto($username, $password, $already_md5ed = false, $level = USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	618	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	619	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	620
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	621	$pass_hashed = ( $already_md5ed ) ? $password : md5($password);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	622
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	623	// Perhaps we're upgrading Enano?
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	624	if($this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	625	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	626	return $this->login_compat($username, $pass_hashed, $level);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	627	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	628
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	629	// Instanciate the Rijndael encryption object
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	630	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	631
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	632	// Initialize our success switch
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	633	$success = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	634
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	635	// Retrieve the real password from the database
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	636	$this->sql('SELECT password,old_encryption,user_id,user_level,temp_password,temp_password_time FROM '.table_prefix.'users WHERE lcase(username)=\''.$this->prepare_text(strtolower($username)).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	637	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	638	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	639	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	640
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	641	// Check to see if we're logging in using a temporary password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	642
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	643	if((intval($row['temp_password_time']) + 3600*24) > time() )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	644	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	645	$temp_pass = $aes->decrypt( $row['temp_password'], $this->private_key, ENC_HEX );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	646	if( md5($temp_pass) == $pass_hashed )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	647	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	648	header('Location: ' . makeUrlComplete('Special', 'PasswordReset/stage2/' . $row['user_id'] . '/' . $row['temp_password']) );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	649	exit;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	650	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	651	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	652
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	653	if($row['old_encryption'] == 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	654	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	655	// The user's password is stored using the obsolete and insecure MD5 algorithm - we'll update the field with the new password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	656	if($pass_hashed == $row['password'] && !$already_md5ed)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	657	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	658	$pass_stashed = $aes->encrypt($password, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	659	$this->sql('UPDATE '.table_prefix.'users SET password=\''.$pass_stashed.'\',old_encryption=0 WHERE user_id='.$row['user_id'].';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	660	$success = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	661	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	662	elseif($pass_hashed == $row['password'] && $already_md5ed)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	663	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	664	// We don't have the real password so don't bother with encrypting it, just call it success and get out of here
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	665	$success = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	666	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	667	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	668	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	669	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	670	// Our password field is up-to-date with the >=1.0RC1 encryption standards, so decrypt the password in the table and see if we have a match
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	671	$real_pass = $aes->decrypt($row['password'], $this->private_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	672	if($pass_hashed == md5($real_pass))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	673	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	674	$success = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	675	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	676	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	677	if($success)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	678	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	679	if((int)$level > (int)$row['user_level'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	680	return 'You are not authorized for this level of access.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	681	$sess = $this->register_session(intval($row['user_id']), $username, $real_pass, $level);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	682	if($sess)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	683	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	684	if($level > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	685	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_good\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	686	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	687	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_good\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	688
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	689	$code = $plugins->setHook('login_success');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	690	foreach ( $code as $cmd )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	691	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	692	eval($cmd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	693	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	694	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	695	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	696	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	697	return 'Your login credentials were correct, but an internal error occured while registering the session key in the database.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	698	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	699	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	700	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	701	if($level > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	702	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	703	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	704	$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	705
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	706	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	707	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	708	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	709
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	710	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	711	* Attempts to log in using the old table structure and algorithm.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	712	* @param string $username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	713	* @param string $password This should be an MD5 hash
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	714	* @return string 'success' if successful, or error message on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	715	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	716
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	717	function login_compat($username, $password, $level = 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	718	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	719	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	720	$pass_hashed =& $password;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	721	$this->sql('SELECT password,user_id,user_level FROM '.table_prefix.'users WHERE username=\''.$this->prepare_text($username).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	722	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	723	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	724	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	725	if($row['password'] == $password)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	726	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	727	if((int)$level > (int)$row['user_level'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	728	return 'You are not authorized for this level of access.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	729	$sess = $this->register_session_compat(intval($row['user_id']), $username, $password, $level);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	730	if($sess)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	731	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	732	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	733	return 'Your login credentials were correct, but an internal error occured while registering the session key in the database.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	734	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	735	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	736	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	737	return 'The username and/or password is incorrect.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	738	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	739	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	740
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	741	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	742	* Registers a session key in the database. This function ASSUMES that the username and password have already been validated!
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	743	* Basically the session key is a base64-encoded cookie (encrypted with the site's private key) that says "u=[username];p=[sha1 of password]"
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	744	* @param int $user_id
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	745	* @param string $username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	746	* @param string $password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	747	* @param int $level The level of access to grant, defaults to USER_LEVEL_MEMBER
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	748	* @return bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	749	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	750
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	751	function register_session($user_id, $username, $password, $level = USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	752	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	753	$salt = md5(microtime() . mt_rand());
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	754	$passha1 = sha1($password);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	755	$session_key = "u=$username;p=$passha1;s=$salt";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	756	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	757	$session_key = $aes->encrypt($session_key, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	758	if($level > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	759	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	760	$hexkey = strrev($session_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	761	$this->sid_super = $hexkey;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	762	$_GET['auth'] = $hexkey;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	763	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	764	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	765	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	766	setcookie( 'sid', $session_key, time()+315360000, scriptPath.'/' );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	767	$_COOKIE['sid'] = $session_key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	768	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	769	$keyhash = md5($session_key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	770	$ip = ip2hex($_SERVER['REMOTE_ADDR']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	771	if(!$ip)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	772	die('$session->register_session: Remote-Addr was spoofed');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	773	$time = time();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	774	if(!is_int($user_id))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	775	die('Somehow an SQL injection attempt crawled into our session registrar! (1)');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	776	if(!is_int($level))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	777	die('Somehow an SQL injection attempt crawled into our session registrar! (2)');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	778
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	779	$query = $this->sql('INSERT INTO '.table_prefix.'session_keys(session_key, salt, user_id, auth_level, source_ip, time) VALUES(\''.$keyhash.'\', \''.$salt.'\', '.$user_id.', '.$level.', \''.$ip.'\', '.$time.');');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	780	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	781	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	782
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	783	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	784	* Identical to register_session in nature, but uses the old login/table structure. DO NOT use this.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	785	* @see sessionManager::register_session()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	786	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	787	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	788
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	789	function register_session_compat($user_id, $username, $password, $level = 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	790	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	791	$salt = md5(microtime() . mt_rand());
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	792	$thekey = md5($password . $salt);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	793	if($level > 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	794	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	795	$this->sid_super = $thekey;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	796	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	797	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	798	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	799	setcookie( 'sid', $thekey, time()+315360000, scriptPath.'/' );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	800	$_COOKIE['sid'] = $thekey;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	801	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	802	$ip = ip2hex($_SERVER['REMOTE_ADDR']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	803	if(!$ip)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	804	die('$session->register_session: Remote-Addr was spoofed');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	805	$time = time();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	806	if(!is_int($user_id))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	807	die('Somehow an SQL injection attempt crawled into our session registrar! (1)');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	808	if(!is_int($level))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	809	die('Somehow an SQL injection attempt crawled into our session registrar! (2)');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	810	$query = $this->sql('INSERT INTO '.table_prefix.'session_keys(session_key, salt, user_id, auth_level, source_ip, time) VALUES(\''.$thekey.'\', \''.$salt.'\', '.$user_id.', '.$level.', \''.$ip.'\', '.$time.');');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	811	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	812	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	813
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	814	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	815	* Creates/restores a guest session
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	816	* @todo implement real session management for guests
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	817	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	818
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	819	function register_guest_session()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	820	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	821	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	822	$this->username = $_SERVER['REMOTE_ADDR'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	823	$this->user_level = USER_LEVEL_GUEST;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	824	if($this->compat \|\| defined('IN_ENANO_INSTALL'))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	825	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	826	$this->theme = 'oxygen';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	827	$this->style = 'bleu';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	828	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	829	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	830	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	831	$this->theme = ( isset($_GET['theme']) && isset($template->named_theme_list[$_GET['theme']])) ? $_GET['theme'] : $template->default_theme;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	832	$this->style = ( isset($_GET['style']) && file_exists(ENANO_ROOT.'/themes/'.$this->theme . '/css/'.$_GET['style'].'.css' )) ? $_GET['style'] : substr($template->named_theme_list[$this->theme]['default_style'], 0, strlen($template->named_theme_list[$this->theme]['default_style'])-4);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	833	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	834	$this->user_id = 1;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	835	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	836
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	837	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	838	* Validates a session key, and returns the userdata associated with the key or false
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	839	* @param string $key The session key to validate
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	840	* @return array Keys are 'user_id', 'username', 'email', 'real_name', 'user_level', 'theme', 'style', 'signature', 'reg_time', 'account_active', 'activation_key', and 'auth_level' or bool false if validation failed. The key 'auth_level' is the maximum authorization level that this key provides.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	841	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	842
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	843	function validate_session($key)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	844	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	845	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	846	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE, true);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	847	$decrypted_key = $aes->decrypt($key, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	848
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	849	if ( !$decrypted_key )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	850	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	851	die_semicritical('AES encryption error', '<p>Something went wrong during the AES decryption process.</p><pre>'.print_r($decrypted_key, true).'</pre>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	852	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	853
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	854	$n = preg_match('/^u='.$this->valid_username.';p=([A-Fa-f0-9]+?);s=([A-Fa-f0-9]+?)$/', $decrypted_key, $keydata);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	855	if($n < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	856	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	857	// echo '(debug) $session->validate_session: Key does not match regex<br />Decrypted key: '.$decrypted_key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	858	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	859	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	860	$keyhash = md5($key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	861	$salt = $db->escape($keydata[3]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	862	$query = $this->sql('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms,x.* FROM '.table_prefix.'session_keys AS k
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	863	LEFT JOIN '.table_prefix.'users AS u
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	864	ON ( u.user_id=k.user_id )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	865	LEFT JOIN '.table_prefix.'users_extra AS x
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	866	ON ( u.user_id=x.user_id OR x.user_id IS NULL )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	867	LEFT JOIN '.table_prefix.'privmsgs AS p
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	868	ON ( p.message_to=u.username AND p.message_read=0 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	869	WHERE k.session_key=\''.$keyhash.'\'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	870	AND k.salt=\''.$salt.'\'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	871	GROUP BY u.user_id;');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	872	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	873	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	874	// echo '(debug) $session->validate_session: Key was not found in database<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	875	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	876	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	877	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	878	$row['user_id'] =& $row['uid'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	879	$ip = ip2hex($_SERVER['REMOTE_ADDR']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	880	if($row['auth_level'] > $row['user_level'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	881	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	882	// Failed authorization check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	883	// echo '(debug) $session->validate_session: access to this auth level denied<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	884	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	885	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	886	if($ip != $row['source_ip'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	887	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	888	// Failed IP address check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	889	// echo '(debug) $session->validate_session: IP address mismatch<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	890	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	891	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	892
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	893	// Do the password validation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	894	$real_pass = $aes->decrypt($row['password'], $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	895
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	896	//die('<pre>'.print_r($keydata, true).'</pre>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	897	if(sha1($real_pass) != $keydata[2])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	898	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	899	// Failed password check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	900	// echo '(debug) $session->validate_session: encrypted password is wrong<br />Real password: '.$real_pass.'<br />Real hash: '.sha1($real_pass).'<br />User hash: '.$keydata[2];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	901	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	902	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	903
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	904	$time_now = time();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	905	$time_key = $row['time'] + 900;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	906	if($time_now > $time_key && $row['auth_level'] > USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	907	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	908	// Session timed out
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	909	// echo '(debug) $session->validate_session: super session timed out<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	910	$this->sw_timed_out = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	911	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	912	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	913
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	914	// If this is an elevated-access session key, update the time
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	915	if( $row['auth_level'] > USER_LEVEL_MEMBER )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	916	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	917	$this->sql('UPDATE '.table_prefix.'session_keys SET time='.time().' WHERE session_key=\''.$keyhash.'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	918	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	919
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	920	$row['password'] = md5($real_pass);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	921	return $row;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	922	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	923
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	924	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	925	* Validates a session key, and returns the userdata associated with the key or false. Optimized for compatibility with the old MD5-based auth system.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	926	* @param string $key The session key to validate
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	927	* @return array Keys are 'user_id', 'username', 'email', 'real_name', 'user_level', 'theme', 'style', 'signature', 'reg_time', 'account_active', 'activation_key', and 'auth_level' or bool false if validation failed. The key 'auth_level' is the maximum authorization level that this key provides.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	928	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	929
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	930	function compat_validate_session($key)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	931	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	932	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	933	$key = $db->escape($key);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	934
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	935	$query = $this->sql('SELECT u.user_id,u.username,u.password,u.email,u.real_name,u.user_level,k.source_ip,k.salt,k.time,k.auth_level FROM '.table_prefix.'session_keys AS k
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	936	LEFT JOIN '.table_prefix.'users AS u
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	937	ON u.user_id=k.user_id
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	938	WHERE k.session_key=\''.$key.'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	939	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	940	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	941	// echo '(debug) $session->validate_session: Key '.$key.' was not found in database<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	942	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	943	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	944	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	945	$ip = ip2hex($_SERVER['REMOTE_ADDR']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	946	if($row['auth_level'] > $row['user_level'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	947	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	948	// Failed authorization check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	949	// echo '(debug) $session->validate_session: user not authorized for this access level';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	950	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	951	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	952	if($ip != $row['source_ip'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	953	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	954	// Failed IP address check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	955	// echo '(debug) $session->validate_session: IP address mismatch; IP in table: '.$row['source_ip'].'; reported IP: '.$ip.'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	956	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	957	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	958
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	959	// Do the password validation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	960	$real_key = md5($row['password'] . $row['salt']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	961
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	962	//die('<pre>'.print_r($keydata, true).'</pre>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	963	if($real_key != $key)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	964	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	965	// Failed password check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	966	// echo '(debug) $session->validate_session: supplied password is wrong<br />Real key: '.$real_key.'<br />User key: '.$key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	967	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	968	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	969
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	970	$time_now = time();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	971	$time_key = $row['time'] + 900;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	972	if($time_now > $time_key && $row['auth_level'] >= 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	973	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	974	$this->sw_timed_out = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	975	// Session timed out
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	976	// echo '(debug) $session->validate_session: super session timed out<br />';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	977	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	978	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	979
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	980	return $row;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	981	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	982
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	983	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	984	* Demotes us to one less than the specified auth level. AKA destroys elevated authentication and/or logs out the user, depending on $level
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	985	* @param int $level How low we should go - USER_LEVEL_MEMBER means demote to USER_LEVEL_GUEST, and anything more powerful than USER_LEVEL_MEMBER means demote to USER_LEVEL_MEMBER
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	986	* @return string 'success' if successful, or error on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	987	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	988
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	989	function logout($level = USER_LEVEL_MEMBER)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	990	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	991	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	992	$ou = $this->username;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	993	$oid = $this->user_id;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	994	if($level > USER_LEVEL_CHPREF)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	995	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	996	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	997	if(!$this->user_logged_in \|\| $this->auth_level < USER_LEVEL_MOD) return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	998	// Destroy elevated privileges
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	999	$keyhash = md5(strrev($this->sid_super));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1000	$this->sql('DELETE FROM '.table_prefix.'session_keys WHERE session_key=\''.$keyhash.'\' AND user_id=\'' . $this->user_id . '\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1001	$this->sid_super = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1002	$this->auth_level = USER_LEVEL_MEMBER;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1003	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1004	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1005	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1006	if($this->user_logged_in)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1007	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1008	// Completely destroy our session
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1009	if($this->auth_level > USER_LEVEL_CHPREF)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1010	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1011	$this->logout(USER_LEVEL_ADMIN);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1012	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1013	$this->sql('DELETE FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($this->sid).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1014	setcookie( 'sid', '', time()-(3600*24), scriptPath.'/' );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1015	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1016	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1017	$code = $plugins->setHook('logout_success'); // , Array('level'=>$level,'old_username'=>$ou,'old_user_id'=>$oid));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1018	foreach ( $code as $cmd )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1019	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1020	eval($cmd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1021	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1022	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1023	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1024
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1025	# Miscellaneous stuff
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1026
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1027	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1028	* Appends the high-privilege session key to the URL if we are authorized to do high-privilege stuff
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1029	* @param string $url The URL to add session data to
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1030	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1031	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1032
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1033	function append_sid($url)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1034	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1035	$sep = ( strstr($url, '?') ) ? '&' : '?';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1036	if ( $this->sid_super )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1037	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1038	$url = $url . $sep . 'auth=' . urlencode($this->sid_super);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1039	// echo($this->sid_super.'<br/>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1040	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1041	return $url;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1042	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1043
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1044	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1045	* Grabs the user's password MD5
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1046	* @return string, or bool false if access denied
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1047	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1048
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1049	function grab_password_hash()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1050	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1051	if(!$this->password_hash) return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1052	return $this->password_hash;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1053	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1054
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1055	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1056	* Destroys the user's password MD5 in memory
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1057	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1058
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1059	function disallow_password_grab()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1060	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1061	$this->password_hash = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1062	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1063	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1064
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1065	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1066	* Generates an AES key and stashes it in the database
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1067	* @return string Hex-encoded AES key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1068	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1069
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1070	function rijndael_genkey()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1071	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1072	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1073	$key = $aes->gen_readymade_key();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1074	$keys = getConfig('login_key_cache');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1075	if(is_string($keys))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1076	$keys .= $key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1077	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1078	$keys = $key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1079	setConfig('login_key_cache', $keys);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1080	return $key;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1081	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1082
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1083	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1084	* Generate a totally random 128-bit value for MD5 challenges
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1085	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1086	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1087
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1088	function dss_rand()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1089	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1090	$aes = new AESCrypt();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1091	$random = $aes->randkey(128);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1092	unset($aes);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1093	return md5(microtime() . $random);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1094	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1095
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1096	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1097	* Fetch a cached login public key using the MD5sum as an identifier. Each key can only be fetched once before it is destroyed.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1098	* @param string $md5 The MD5 sum of the key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1099	* @return string, or bool false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1100	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1101
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1102	function fetch_public_key($md5)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1103	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1104	$keys = getConfig('login_key_cache');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1105	$keys = enano_str_split($keys, AES_BITS / 4);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1106
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1107	foreach($keys as $i => $k)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1108	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1109	if(md5($k) == $md5)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1110	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1111	unset($keys[$i]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1112	if(count($keys) > 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1113	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1114	if ( strlen(getConfig('login_key_cache') ) > 64000 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1115	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1116	// This should only need to be done once every month or so for an average-size site
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1117	setConfig('login_key_cache', '');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1118	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1119	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1120	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1121	$keys = implode('', array_values($keys));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1122	setConfig('login_key_cache', $keys);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1123	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1124	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1125	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1126	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1127	setConfig('login_key_cache', '');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1128	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1129	return $k;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1130	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1131	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1132	// Couldn't find the key...
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1133	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1134	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1135
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1136	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1137	* Adds a user to a group.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1138	* @param int User ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1139	* @param int Group ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1140	* @param bool Group moderator - defaults to false
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1141	* @return bool True on success, false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1142	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1143
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1144	function add_user_to_group($user_id, $group_id, $is_mod = false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1145	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1146	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1147
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1148	// Validation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1149	if ( !is_int($user_id) \|\| !is_int($group_id) \|\| !is_bool($is_mod) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1150	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1151	if ( $user_id < 1 \|\| $group_id < 1 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1152	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1153
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1154	$mod_switch = ( $is_mod ) ? '1' : '0';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1155	$q = $this->sql('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $user_id . ' AND group_id=' . $group_id . ';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1156	if ( !$q )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1157	$db->_die();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1158	if ( $db->numrows() < 1 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1159	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1160	// User is not in group
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1161	$this->sql('INSERT INTO '.table_prefix.'group_members(user_id,group_id,is_mod) VALUES(' . $user_id . ', ' . $group_id . ', ' . $mod_switch . ');');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1162	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1163	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1164	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1165	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1166	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1167	// Update modship status
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1168	if ( strval($row['is_mod']) == $mod_switch )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1169	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1170	// Modship unchanged
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1171	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1172	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1173	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1174	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1175	// Modship changed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1176	$this->sql('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod_switch . ' WHERE member_id=' . $row['member_id'] . ';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1177	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1178	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1179	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1180	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1181	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1182
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1183	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1184	* Removes a user from a group.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1185	* @param int User ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1186	* @param int Group ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1187	* @return bool True on success, false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1188	* @todo put a little more error checking in...
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1189	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1190
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1191	function remove_user_from_group($user_id, $group_id)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1192	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1193	if ( !is_int($user_id) \|\| !is_int($group_id) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1194	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1195	$this->sql('DELETE FROM '.table_prefix."group_members WHERE user_id=$user_id AND group_id=$group_id;");
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1196	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1197	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1198
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1199	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1200	* Checks the banlist to ensure that we're an allowed user. Doesn't return anything because it dies if the user is banned.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1201	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1202
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1203	function check_banlist()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1204	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1205	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1206	if($this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1207	$q = $this->sql('SELECT ban_id,ban_type,ban_value,is_regex FROM '.table_prefix.'banlist ORDER BY ban_type;');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1208	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1209	$q = $this->sql('SELECT ban_id,ban_type,ban_value,is_regex,reason FROM '.table_prefix.'banlist ORDER BY ban_type;');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1210	if(!$q) $db->_die('The banlist data could not be selected.');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1211	$banned = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1212	while($row = $db->fetchrow())
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1213	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1214	if($this->compat)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1215	$row['reason'] = 'None available - session manager is in compatibility mode';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1216	switch($row['ban_type'])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1217	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1218	case BAN_IP:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1219	if(intval($row['is_regex'])==1) {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1220	if(preg_match('#'.$row['ban_value'].'#i', $_SERVER['REMOTE_ADDR']))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1221	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1222	$banned = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1223	$reason = $row['reason'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1224	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1225	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1226	else {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1227	if($row['ban_value']==$_SERVER['REMOTE_ADDR']) { $banned = true; $reason = $row['reason']; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1228	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1229	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1230	case BAN_USER:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1231	if(intval($row['is_regex'])==1) {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1232	if(preg_match('#'.$row['ban_value'].'#i', $this->username))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1233	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1234	$banned = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1235	$reason = $row['reason'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1236	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1237	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1238	else {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1239	if($row['ban_value']==$this->username) { $banned = true; $reason = $row['reason']; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1240	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1241	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1242	case BAN_EMAIL:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1243	if(intval($row['is_regex'])==1) {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1244	if(preg_match('#'.$row['ban_value'].'#i', $this->email))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1245	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1246	$banned = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1247	$reason = $row['reason'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1248	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1249	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1250	else {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1251	if($row['ban_value']==$this->email) { $banned = true; $reason = $row['reason']; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1252	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1253	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1254	default:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1255	die('Ban error: rule "'.$row['ban_value'].'" has an invalid type ('.$row['ban_type'].')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1256	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1257	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1258	if($banned && $paths->get_pageid_from_url() != $paths->nslist['Special'].'CSS')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1259	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1260	// This guy is banned - kill the session, kill the database connection, bail out, and be pretty about it
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1261	die_semicritical('Ban notice', '<div class="error-box">You have been banned from this website. Please contact the site administrator for more information.<br /><br />Reason:<br />'.$reason.'</div>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1262	exit;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1263	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1264	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1265
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1266	# Registration
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1267
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1268	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1269	* Registers a user. This does not perform any type of login.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1270	* @param string $username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1271	* @param string $password This should be unencrypted.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1272	* @param string $email
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1273	* @param string $real_name Optional, defaults to ''.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1274	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1275
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1276	function create_user($username, $password, $email, $real_name = '') {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1277	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1278
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1279	// Initialize AES
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1280	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1281
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1282	if(!preg_match('#^'.$this->valid_username.'$#', $username)) return 'The username you chose contains invalid characters.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1283	$username = $this->prepare_text($username);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1284	$email = $this->prepare_text($email);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1285	$real_name = $this->prepare_text($real_name);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1286	$password = $aes->encrypt($password, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1287
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1288	$nameclause = ( $real_name != '' ) ? ' OR real_name=\''.$real_name.'\'' : '';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1289	$q = $this->sql('SELECT * FROM '.table_prefix.'users WHERE lcase(username)=\''.strtolower($username).'\' OR email=\''.$email.'\''.$nameclause.';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1290	if($db->numrows() > 0) {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1291	$r = 'The ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1292	$i=0;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1293	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1294	// Wow! An error checker that actually speaks English with the properest grammar! :-P
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1295	if($row['username'] == $username) { $r .= 'username'; $i++; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1296	if($row['email'] == $email) { if($i) $r.=', '; $r .= 'e-mail address'; $i++; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1297	if($row['real_name'] == $real_name && $real_name != '') { if($i) $r.=', and '; $r .= 'real name'; $i++; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1298	$r .= ' that you entered ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1299	$r .= ( $i == 1 ) ? 'is' : 'are';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1300	$r .= ' already in use by another user.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1301	return $r;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1302	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1303
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1304	// Require the account to be activated?
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1305	switch(getConfig('account_activation'))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1306	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1307	case 'none':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1308	default:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1309	$active = '1';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1310	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1311	case 'user':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1312	$active = '0';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1313	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1314	case 'admin':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1315	$active = '0';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1316	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1317	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1318
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1319	// Generate a totally random activation key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1320	$actkey = sha1 ( microtime() . mt_rand() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1321
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1322	// We good, create the user
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1323	$this->sql('INSERT INTO '.table_prefix.'users ( username, password, email, real_name, theme, style, reg_time, account_active, activation_key, user_level ) VALUES ( \''.$username.'\', \''.$password.'\', \''.$email.'\', \''.$real_name.'\', \''.$template->default_theme.'\', \''.$template->default_style.'\', '.time().', '.$active.', \''.$actkey.'\', '.USER_LEVEL_CHPREF.' )');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1324
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1325	// Require the account to be activated?
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1326	switch(getConfig('account_activation'))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1327	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1328	case 'none':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1329	default:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1330	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1331	case 'user':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1332	$a = $this->send_activation_mail($username);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1333	if(!$a)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1334	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1335	$this->admin_activation_request($username);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1336	return 'The activation e-mail could not be sent due to an internal error. This could possibly be due to an incorrect SMTP configuration. A request has been sent to the administrator to activate your account for you. ' . $a;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1337	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1338	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1339	case 'admin':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1340	$this->admin_activation_request($username);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1341	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1342	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1343
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1344	// Leave some data behind for the hook
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1345	$code = $plugins->setHook('user_registered'); // , Array('username'=>$username));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1346	foreach ( $code as $cmd )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1347	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1348	eval($cmd);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1349	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1350
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1351	// $this->register_session($username, $password);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1352	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1353	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1354
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1355	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1356	* Attempts to send an e-mail to the specified user with activation instructions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1357	* @param string $u The usernamd of the user requesting activation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1358	* @return bool true on success, false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1359	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1360
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1361	function send_activation_mail($u, $actkey = false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1362	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1363	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1364	$q = $this->sql('SELECT username,email FROM '.table_prefix.'users WHERE user_id=1 OR user_level=' . USER_LEVEL_ADMIN . ' ORDER BY user_id ASC;');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1365	$un = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1366	$admin_user = $un['username'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1367	$q = $this->sql('SELECT username,activation_key,account_active,email FROM '.table_prefix.'users WHERE username=\''.$db->escape($u).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1368	$r = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1369	if ( empty($r['email']) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1370	$db->_die('BUG: $session->send_activation_mail(): no e-mail address in row');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1371	$message = 'Dear '.$u.',
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1372	Thank you for registering on '.getConfig('site_name').'. Your account creation is almost complete. To complete the registration process, please click the following link or paste it into your web browser:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1373
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1374	';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1375	if(isset($_SERVER['HTTPS'])) $prot = 'https';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1376	else $prot = 'http';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1377	if($_SERVER['SERVER_PORT'] == '80') $p = '';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1378	else $p = ':'.$_SERVER['SERVER_PORT'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1379	$sidbak = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1380	if($this->sid_super)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1381	$sidbak = $this->sid_super;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1382	$this->sid_super = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1383	$aklink = makeUrlNS('Special', 'ActivateAccount/'.str_replace(' ', '_', $u).'/'. ( ( is_string($actkey) ) ? $actkey : $r['activation_key'] ) );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1384	if($sidbak)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1385	$this->sid_super = $sidbak;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1386	unset($sidbak);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1387	$message .= "$prot://".$_SERVER['HTTP_HOST'].$p.$aklink;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1388	$message .= "\n\nSincerely yours, \n$admin_user and the ".$_SERVER['HTTP_HOST']." administration team";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1389	error_reporting(E_ALL);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1390	dc_dump($r, 'session: about to send activation e-mail to '.$r['email']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1391	if(getConfig('smtp_enabled') == '1')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1392	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1393	$result = smtp_send_email($r['email'], getConfig('site_name').' website account activation', preg_replace("#(?<!\r)\n#s", "\n", $message), getConfig('contact_email'));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1394	if($result == 'success') $result = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1395	else { echo $result; $result = false; }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1396	} else {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1397	$result = mail($r['email'], getConfig('site_name').' website account activation', preg_replace("#(?<!\r)\n#s", "\n", $message), 'From: '.getConfig('contact_email'));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1398	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1399	return $result;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1400	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1401
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1402	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1403	* Sends an e-mail to a user so they can reset their password.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1404	* @param int $user The user ID, or username if it's a string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1405	* @return bool true on success, false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1406	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1407
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1408	function mail_password_reset($user)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1409	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1410	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1411	if(is_int($user))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1412	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1413	$q = $this->sql('SELECT user_id,username,email FROM '.table_prefix.'users WHERE user_id='.$user.';'); // This is SAFE! This is only called if $user is an integer
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1414	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1415	elseif(is_string($user))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1416	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1417	$q = $this->sql('SELECT user_id,username,email FROM '.table_prefix.'users WHERE username=\''.$db->escape($user).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1418	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1419	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1420	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1421	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1422	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1423
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1424	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1425	$temp_pass = $this->random_pass();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1426
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1427	$this->register_temp_password($row['user_id'], $temp_pass);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1428
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1429	$site_name = getConfig('site_name');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1430
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1431	$message = "Dear {$row['username']},
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1432
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1433	Someone (hopefully you) on the {$site_name} website requested that a new password be created.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1434
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1435	The request was sent from the IP address {$_SERVER['REMOTE_ADDR']}.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1436
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1437	If you did not request the new password, then you do not need to do anything; the password will be invalidated after 24 hours.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1438
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1439	If you did request this password, then please log in using the password shown below:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1440
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1441	Password: {$temp_pass}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1442
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1443	After you log in using this password, you will be able to reset your real password. You can only log in using this temporary password once.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1444
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1445	Sincerely yours,
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1446	The {$site_name} administration team
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1447	";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1448
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1449	if(getConfig('smtp_enabled') == '1')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1450	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1451	$result = smtp_send_email($row['email'], getConfig('site_name').' password reset', preg_replace("#(?<!\r)\n#s", "\n", $message), getConfig('contact_email'));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1452	if($result == 'success')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1453	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1454	$result = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1455	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1456	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1457	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1458	echo '<p>'.$result.'</p>';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1459	$result = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1460	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1461	} else {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1462	$result = mail($row['email'], getConfig('site_name').' password reset', preg_replace("#(?<!\r)\n#s", "\n", $message), 'From: '.getConfig('contact_email'));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1463	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1464	return $result;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1465	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1466
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1467	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1468	* Sets the temporary password for the specified user to whatever is specified.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1469	* @param int $user_id
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1470	* @param string $password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1471	* @return bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1472	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1473
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1474	function register_temp_password($user_id, $password)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1475	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1476	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1477	$temp_pass = $aes->encrypt($password, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1478	$this->sql('UPDATE '.table_prefix.'users SET temp_password=\'' . $temp_pass . '\',temp_password_time='.time().' WHERE user_id='.intval($user_id).';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1479	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1480
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1481	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1482	* Sends a request to the admin panel to have the username $u activated.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1483	* @param string $u The username of the user requesting activation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1484	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1485
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1486	function admin_activation_request($u)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1487	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1488	global $db;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1489	$this->sql('INSERT INTO '.table_prefix.'logs(log_type, action, time_id, date_string, author, edit_summary) VALUES(\'admin\', \'activ_req\', '.time().', \''.date('d M Y h:i a').'\', \''.$this->username.'\', \''.$db->escape($u).'\');');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1490	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1491
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1492	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1493	* Activates a user account. If the action fails, a report is sent to the admin.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1494	* @param string $user The username of the user requesting activation
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1495	* @param string $key The activation key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1496	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1497
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1498	function activate_account($user, $key)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1499	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1500	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1501	$this->sql('UPDATE '.table_prefix.'users SET account_active=1 WHERE username=\''.$db->escape($user).'\' AND activation_key=\''.$db->escape($key).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1502	$r = mysql_affected_rows();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1503	if ( $r > 0 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1504	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1505	$e = $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'activ_good\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($user).'\', \''.$_SERVER['REMOTE_ADDR'].'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1506	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1507	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1508	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1509	$e = $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'activ_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($user).'\', \''.$_SERVER['REMOTE_ADDR'].'\')');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1510	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1511	return $r;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1512	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1513
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1514	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1515	* For a given user level identifier (USER_LEVEL_*), returns a string describing that user level.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1516	* @param int User level
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1517	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1518	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1519
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1520	function userlevel_to_string($user_level)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1521	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1522	switch ( $user_level )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1523	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1524	case USER_LEVEL_GUEST:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1525	return 'Low - guest privileges';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1526	case USER_LEVEL_MEMBER:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1527	return 'Standard - normal member level';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1528	case USER_LEVEL_CHPREF:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1529	return 'Medium - user can change his/her own e-mail address and password';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1530	case USER_LEVEL_MOD:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1531	return 'High - moderator privileges';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1532	case USER_LEVEL_ADMIN:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1533	return 'Highest - administrative privileges';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1534	default:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1535	return "Unknown ($user_level)";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1536	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1537	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1538
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1539	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1540	* Updates a user's information in the database. Note that any of the values except $user_id can be false if you want to preserve the old values.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1541	* @param int $user_id The user ID of the user to update - this cannot be changed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1542	* @param string $username The new username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1543	* @param string $old_pass The current password - only required if sessionManager::$user_level < USER_LEVEL_ADMIN. This should usually be an UNENCRYPTED string. This can also be an array - if it is, key 0 is treated as data AES-encrypted with key 1
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1544	* @param string $password The new password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1545	* @param string $email The new e-mail address
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1546	* @param string $realname The new real name
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1547	* @param string $signature The updated forum/comment signature
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1548	* @param int $user_level The updated user level
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1549	* @return string 'success' if successful, or array of error strings on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1550	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1551
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1552	function update_user($user_id, $username = false, $old_pass = false, $password = false, $email = false, $realname = false, $signature = false, $user_level = false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1553	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1554	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1555
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1556	// Create some arrays
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1557
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1558	$errors = Array(); // Used to hold error strings
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1559	$strs = Array(); // Sub-query statements
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1560
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1561	// Scan the user ID for problems
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1562	if(intval($user_id) < 1) $errors[] = 'SQL injection attempt';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1563
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1564	// Instanciate the AES encryption class
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1565	$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1566
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1567	// If all of our input vars are false, then we've effectively done our job so get out of here
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1568	if($username === false && $password === false && $email === false && $realname === false && $signature === false && $user_level === false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1569	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1570	// echo 'debug: $session->update_user(): success (no changes requested)';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1571	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1572	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1573
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1574	// Initialize our authentication check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1575	$authed = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1576
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1577	// Verify the inputted password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1578	if(is_string($old_pass))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1579	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1580	$q = $this->sql('SELECT password FROM '.table_prefix.'users WHERE user_id='.$user_id.';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1581	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1582	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1583	$errors[] = 'The password data could not be selected for verification.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1584	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1585	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1586	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1587	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1588	$real = $aes->decrypt($row['password'], $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1589	if($real == $old_pass)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1590	$authed = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1591	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1592	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1593
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1594	elseif(is_array($old_pass))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1595	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1596	$old_pass = $aes->decrypt($old_pass[0], $old_pass[1]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1597	$q = $this->sql('SELECT password FROM '.table_prefix.'users WHERE user_id='.$user_id.';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1598	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1599	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1600	$errors[] = 'The password data could not be selected for verification.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1601	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1602	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1603	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1604	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1605	$real = $aes->decrypt($row['password'], $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1606	if($real == $old_pass)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1607	$authed = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1608	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1609	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1610
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1611	// Initialize our query
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1612	$q = 'UPDATE '.table_prefix.'users SET ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1613
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1614	if($this->auth_level >= USER_LEVEL_ADMIN \|\| $authed) // Need the current password in order to update the e-mail address, change the username, or reset the password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1615	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1616	// Username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1617	if(is_string($username))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1618	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1619	// Check the username for problems
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1620	if(!preg_match('#^'.$this->valid_username.'$#', $username))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1621	$errors[] = 'The username you entered contains invalid characters.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1622	$strs[] = 'username=\''.$db->escape($username).'\'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1623	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1624	// Password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1625	if(is_string($password) && strlen($password) >= 6)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1626	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1627	// Password needs to be encrypted before being stashed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1628	$encpass = $aes->encrypt($password, $this->private_key, ENC_HEX);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1629	if(!$encpass)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1630	$errors[] = 'The password could not be encrypted due to an internal error.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1631	$strs[] = 'password=\''.$encpass.'\'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1632	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1633	// E-mail addy
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1634	if(is_string($email))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1635	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1636	// I didn't write this regex.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1637	if(!preg_match('/^(?:[\w\d]+\.?)+@(?:(?:[\w\d]\-?)+\.)+\w{2,4}$/', $email))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1638	$errors[] = 'The e-mail address you entered is invalid.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1639	$strs[] = 'email=\''.$db->escape($email).'\'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1640	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1641	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1642	// Real name
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1643	if(is_string($realname))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1644	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1645	$strs[] = 'real_name=\''.$db->escape($realname).'\'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1646	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1647	// Forum/comment signature
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1648	if(is_string($signature))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1649	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1650	$strs[] = 'signature=\''.$db->escape($signature).'\'';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1651	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1652	// User level
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1653	if(is_int($user_level))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1654	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1655	$strs[] = 'user_level='.$user_level;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1656	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1657
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1658	// Add our generated query to the query string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1659	$q .= implode(',', $strs);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1660
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1661	// One last error check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1662	if(sizeof($strs) < 1) $errors[] = 'An internal error occured building the SQL query, this is a bug';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1663	if(sizeof($errors) > 0) return $errors;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1664
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1665	// Free our temp arrays
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1666	unset($strs, $errors);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1667
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1668	// Finalize the query and run it
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1669	$q .= ' WHERE user_id='.$user_id.';';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1670	$this->sql($q);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1671
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1672	// We also need to trigger re-activation.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1673	if ( is_string($email) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1674	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1675	switch(getConfig('account_activation'))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1676	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1677	case 'user':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1678	case 'admin':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1679
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1680	if ( $session->user_level >= USER_LEVEL_MOD && getConfig('account_activation') == 'admin' )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1681	// Don't require re-activation by admins for admins
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1682	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1683
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1684	// retrieve username
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1685	if ( !$username )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1686	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1687	$q = $this->sql('SELECT username FROM '.table_prefix.'users WHERE user_id='.$user_id.';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1688	if($db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1689	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1690	$errors[] = 'The username could not be selected.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1691	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1692	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1693	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1694	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1695	$username = $row['username'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1696	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1697	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1698	if ( !$username )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1699	return $errors;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1700
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1701	// Generate a totally random activation key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1702	$actkey = sha1 ( microtime() . mt_rand() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1703	$a = $this->send_activation_mail($username, $actkey);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1704	if(!$a)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1705	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1706	$this->admin_activation_request($username);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1707	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1708	// Deactivate the account until e-mail is confirmed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1709	$q = $db->sql_query('UPDATE '.table_prefix.'users SET account_active=0,activation_key=\'' . $actkey . '\' WHERE user_id=' . $user_id . ';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1710	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1711	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1712	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1713
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1714	// Yay! We're done
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1715	return 'success';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1716	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1717
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1718	#
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1719	# Access Control Lists
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1720	#
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1721
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1722	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1723	* Creates a new permission field in memory. If the permissions are set in the database, they are used. Otherwise, $default_perm is used.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1724	* @param string $acl_type An identifier for this field
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1725	* @param int $default_perm Whether permission should be granted or not if it's not specified in the ACLs.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1726	* @param string $desc A human readable name for the permission type
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1727	* @param array $deps The list of dependencies - this should be an array of ACL types
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1728	* @param string $scope Which namespaces this field should apply to. This should be either a pipe-delimited list of namespace IDs or just "All".
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1729	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1730
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1731	function register_acl_type($acl_type, $default_perm = AUTH_DISALLOW, $desc = false, $deps = Array(), $scope = 'All')
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1732	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1733	if(isset($this->acl_types[$acl_type]))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1734	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1735	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1736	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1737	if(!$desc)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1738	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1739	$desc = capitalize_first_letter(str_replace('_', ' ', $acl_type));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1740	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1741	$this->acl_types[$acl_type] = $default_perm;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1742	$this->acl_descs[$acl_type] = $desc;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1743	$this->acl_deps[$acl_type] = $deps;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1744	$this->acl_scope[$acl_type] = explode('\|', $scope);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1745	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1746	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1747	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1748
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1749	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1750	* Tells us whether permission $type is allowed or not based on the current rules.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1751	* @param string $type The permission identifier ($acl_type passed to sessionManager::register_acl_type())
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1752	* @param bool $no_deps If true, disables dependency checking
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1753	* @return bool True if allowed, false if denied or if an error occured
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1754	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1755
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1756	function get_permissions($type, $no_deps = false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1757	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1758	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1759	if ( isset( $this->perms[$type] ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1760	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1761	if ( $this->perms[$type] == AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1762	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1763	else if ( $this->perms[$type] == AUTH_WIKIMODE && $paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1764	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1765	else if ( $this->perms[$type] == AUTH_WIKIMODE && !$paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1766	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1767	else if ( $this->perms[$type] == AUTH_ALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1768	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1769	else if ( $this->perms[$type] == AUTH_DISALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1770	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1771	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1772	else if(isset($this->acl_types[$type]))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1773	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1774	if ( $this->acl_types[$type] == AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1775	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1776	else if ( $this->acl_types[$type] == AUTH_WIKIMODE && $paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1777	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1778	else if ( $this->acl_types[$type] == AUTH_WIKIMODE && !$paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1779	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1780	else if ( $this->acl_types[$type] == AUTH_ALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1781	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1782	else if ( $this->acl_types[$type] == AUTH_DISALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1783	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1784	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1785	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1786	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1787	// ACL type is undefined
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1788	trigger_error('Unknown access type "' . $type . '"', E_USER_WARNING);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1789	return false; // Be on the safe side and deny access
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1790	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1791	if ( !$no_deps )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1792	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1793	if ( !$this->acl_check_deps($type) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1794	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1795	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1796	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1797	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1798
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1799	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1800	* Fetch the permissions that apply to the current user for the page specified. The object you get will have the get_permissions method
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1801	* and several other abilities.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1802	* @param string $page_id
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1803	* @param string $namespace
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1804	* @return object
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1805	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1806
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1807	function fetch_page_acl($page_id, $namespace)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1808	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1809	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1810
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1811	if ( count ( $this->acl_base_cache ) < 1 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1812	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1813	// Permissions table not yet initialized
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1814	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1815	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1816
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1817	//if ( !isset( $paths->pages[$paths->nslist[$namespace] . $page_id] ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1818	//{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1819	// // Page does not exist
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1820	// return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1821	//}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1822
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1823	$object = new Session_ACLPageInfo( $page_id, $namespace, $this->acl_types, $this->acl_descs, $this->acl_deps, $this->acl_base_cache );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1824
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1825	return $object;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1826
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1827	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1828
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1829	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1830	* Read all of our permissions from the database and process/apply them. This should be called after the page is determined.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1831	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1832	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1833
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1834	function init_permissions()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1835	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1836	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1837	// Initialize the permissions list with some defaults
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1838	$this->perms = $this->acl_types;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1839	$this->acl_defaults_used = $this->perms;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1840
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1841	// Fetch sitewide defaults from the permissions table
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1842	$bs = 'SELECT rules FROM '.table_prefix.'acl WHERE page_id IS NULL AND namespace IS NULL AND ( ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1843
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1844	$q = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1845	$q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$this->user_id.' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1846	if(count($this->groups) > 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1847	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1848	foreach($this->groups as $g_id => $g_name)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1849	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1850	$q[] = '( target_type='.ACL_TYPE_GROUP.' AND target_id='.intval($g_id).' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1851	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1852	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1853	$bs .= implode(' OR ', $q) . ' ) ORDER BY target_type ASC, target_id ASC;';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1854	$q = $this->sql($bs);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1855	if ( $row = $db->fetchrow() )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1856	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1857	do {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1858	$rules = $this->string_to_perm($row['rules']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1859	$is_everyone = ( $row['target_type'] == ACL_TYPE_GROUP && $row['target_id'] == 1 );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1860	$this->acl_merge_with_current($rules, $is_everyone);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1861	} while ( $row = $db->fetchrow() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1862	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1863
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1864	// Eliminate types that don't apply to this namespace
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1865	foreach ( $this->perms AS $i => $perm )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1866	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1867	if ( !in_array ( $paths->namespace, $this->acl_scope[$i] ) && !in_array('All', $this->acl_scope[$i]) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1868	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1869	unset($this->perms[$i]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1870	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1871	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1872
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1873	// Cache the sitewide permissions for later use
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1874	$this->acl_base_cache = $this->perms;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1875
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1876	// Build a query to grab ACL info
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1877	$bs = 'SELECT rules,target_type,target_id FROM '.table_prefix.'acl WHERE ( ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1878	$q = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1879	$q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$this->user_id.' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1880	if(count($this->groups) > 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1881	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1882	foreach($this->groups as $g_id => $g_name)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1883	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1884	$q[] = '( target_type='.ACL_TYPE_GROUP.' AND target_id='.intval($g_id).' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1885	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1886	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1887	// The reason we're using an ORDER BY statement here is because ACL_TYPE_GROUP is less than ACL_TYPE_USER, causing the user's individual
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1888	// permissions to override group permissions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1889	$bs .= implode(' OR ', $q) . ' ) AND ( page_id=\''.$db->escape($paths->cpage['urlname_nons']).'\' AND namespace=\''.$db->escape($paths->namespace).'\' )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1890	ORDER BY target_type ASC, page_id ASC, namespace ASC;';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1891	$q = $this->sql($bs);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1892	if ( $row = $db->fetchrow() )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1893	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1894	do {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1895	$rules = $this->string_to_perm($row['rules']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1896	$is_everyone = ( $row['target_type'] == ACL_TYPE_GROUP && $row['target_id'] == 1 );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1897	$this->acl_merge_with_current($rules, $is_everyone);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1898	} while ( $row = $db->fetchrow() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1899	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1900
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1901	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1902
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1903	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1904	* Extends the scope of a permission type.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1905	* @param string The name of the permission type
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1906	* @param string The namespace(s) that should be covered. This can be either one namespace ID or a pipe-delimited list.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1907	* @param object Optional - the current $paths object, in case we're doing this from the acl_rule_init hook
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1908	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1909
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1910	function acl_extend_scope($perm_type, $namespaces, &$p_in)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1911	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1912	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1913	$p_obj = ( is_object($p_in) ) ? $p_in : $paths;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1914	$nslist = explode('\|', $namespaces);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1915	foreach ( $nslist as $i => $ns )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1916	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1917	if ( !isset($p_obj->nslist[$ns]) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1918	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1919	unset($nslist[$i]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1920	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1921	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1922	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1923	$this->acl_scope[$perm_type][] = $ns;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1924	if ( isset($this->acl_types[$perm_type]) && !isset($this->perms[$perm_type]) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1925	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1926	$this->perms[$perm_type] = $this->acl_types[$perm_type];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1927	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1928	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1929	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1930	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1931
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1932	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1933	* Converts a permissions field into a string for database insertion. Similar in spirit to serialize().
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1934	* @param array $perms An associative array with only integers as values
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1935	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1936	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1937
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1938	function perm_to_string($perms)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1939	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1940	$s = '';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1941	foreach($perms as $perm => $ac)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1942	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1943	$s .= "$perm=$ac;";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1944	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1945	return $s;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1946	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1947
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1948	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1949	* Converts a permissions string back to an array.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1950	* @param string $perms The result from sessionManager::perm_to_string()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1951	* @return array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1952	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1953
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1954	function string_to_perm($perms)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1955	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1956	$ret = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1957	preg_match_all('#([a-z0-9_-]+)=([0-9]+);#i', $perms, $matches);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1958	foreach($matches[1] as $i => $t)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1959	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1960	$ret[$t] = intval($matches[2][$i]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1961	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1962	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1963	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1964
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1965	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1966	* Merges two ACL arrays. Both parameters should be permission list arrays. The second group takes precedence over the first, but AUTH_DENY always prevails.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1967	* @param array $perm1 The first set of permissions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1968	* @param array $perm2 The second set of permissions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1969	* @return array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1970	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1971
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1972	function acl_merge($perm1, $perm2)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1973	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1974	$ret = $perm1;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1975	foreach ( $perm2 as $type => $level )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1976	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1977	if ( isset( $ret[$type] ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1978	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1979	if ( $ret[$type] != AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1980	$ret[$type] = $level;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1981	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1982	// else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1983	// {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1984	// $ret[$type] = $level;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1985	// }
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1986	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1987	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1988	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1989
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1990	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1991	* Merges the ACL array sent with the current permissions table, deciding precedence based on whether defaults are in effect or not.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1992	* @param array The array to merge into the master ACL list
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1993	* @param bool If true, $perm is treated as the "new default"
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1994	* @param int 1 if this is a site-wide ACL, 2 if page-specific. Defaults to 2.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1995	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1996
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1997	function acl_merge_with_current($perm, $is_everyone = false, $scope = 2)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1998	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1999	foreach ( $this->perms as $i => $p )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2000	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2001	if ( isset($perm[$i]) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2002	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2003	if ( $is_everyone && !$this->acl_defaults_used[$i] )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2004	continue;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2005	// Decide precedence
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2006	if ( isset($this->acl_defaults_used[$i]) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2007	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2008	//echo "$i: default in use, overriding to: {$perm[$i]}<br />";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2009	// Defaults are in use, override
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2010	$this->perms[$i] = $perm[$i];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2011	$this->acl_defaults_used[$i] = ( $is_everyone );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2012	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2013	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2014	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2015	//echo "$i: default NOT in use";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2016	// Defaults are not in use, merge as normal
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2017	if ( $this->perms[$i] != AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2018	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2019	//echo ", but overriding";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2020	$this->perms[$i] = $perm[$i];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2021	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2022	//echo "<br />";
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2023	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2024	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2025	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2026	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2027
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2028	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2029	* Merges two ACL arrays. Both parameters should be permission list arrays. The second group takes precedence
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2030	* over the first, without exceptions. This is used to merge the hardcoded defaults with admin-specified
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2031	* defaults, which take precedence.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2032	* @param array $perm1 The first set of permissions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2033	* @param array $perm2 The second set of permissions
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2034	* @return array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2035	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2036
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2037	function acl_merge_complete($perm1, $perm2)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2038	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2039	$ret = $perm1;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2040	foreach ( $perm2 as $type => $level )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2041	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2042	$ret[$type] = $level;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2043	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2044	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2045	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2046
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2047	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2048	* Tell us if the dependencies for a given permission are met.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2049	* @param string The ACL permission ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2050	* @return bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2051	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2052
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2053	function acl_check_deps($type)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2054	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2055	if(!isset($this->acl_deps[$type])) // This will only happen if the permissions table is hacked or improperly accessed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2056	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2057	if(sizeof($this->acl_deps[$type]) < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2058	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2059	$deps = $this->acl_deps[$type];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2060	while(true)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2061	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2062	$full_resolved = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2063	$j = sizeof($deps);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2064	for ( $i = 0; $i < $j; $i++ )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2065	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2066	$b = $deps;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2067	$deps = array_merge($deps, $this->acl_deps[$deps[$i]]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2068	if( $b == $deps )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2069	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2070	break 2;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2071	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2072	$j = sizeof($deps);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2073	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2074	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2075	//die('<pre>'.print_r($deps, true).'</pre>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2076	foreach($deps as $d)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2077	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2078	if ( !$this->get_permissions($d) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2079	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2080	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2081	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2082	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2083	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2084	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2085
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2086	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2087	* Makes a CAPTCHA code and caches the code in the database
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2088	* @param int $len The length of the code, in bytes
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2089	* @return string A unique identifier assigned to the code. This hash should be passed to sessionManager::getCaptcha() to retrieve the code.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2090	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2091
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2092	function make_captcha($len = 7)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2093	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2094	$chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2095	$s = '';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2096	for($i=0;$i<$len;$i++) $s .= $chars[mt_rand(0, count($chars)-1)];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2097	$hash = md5(microtime() . mt_rand());
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2098	$this->sql('INSERT INTO '.table_prefix.'session_keys(session_key,salt,auth_level,source_ip,user_id) VALUES(\''.$hash.'\', \''.$s.'\', -1, \''.ip2hex($_SERVER['REMOTE_ADDR']).'\', -2);');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2099	return $hash;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2100	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2101
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2102	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2103	* For the given code ID, returns the correct CAPTCHA code, or false on failure
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2104	* @param string $hash The unique ID assigned to the code
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2105	* @return string The correct confirmation code
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2106	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2107
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2108	function get_captcha($hash)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2109	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2110	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2111	$s = $this->sql('SELECT salt FROM '.table_prefix.'session_keys WHERE session_key=\''.$db->escape($hash).'\' AND source_ip=\''.ip2hex($_SERVER['REMOTE_ADDR']).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2112	if($db->numrows() < 1) return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2113	$r = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2114	return $r['salt'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2115	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2116
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2117	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2118	* Deletes all CAPTCHA codes cached in the DB for this user.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2119	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2120
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2121	function kill_captcha()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2122	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2123	$this->sql('DELETE FROM '.table_prefix.'session_keys WHERE user_id=-2 AND source_ip=\''.ip2hex($_SERVER['REMOTE_ADDR']).'\';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2124	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2125
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2126	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2127	* Generates a random password.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2128	* @param int $length Optional - length of password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2129	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2130	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2131
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2132	function random_pass($length = 10)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2133	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2134	$valid_chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_+@#%&<>';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2135	$valid_chars = enano_str_split($valid_chars);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2136	$ret = '';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2137	for ( $i = 0; $i < $length; $i++ )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2138	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2139	$ret .= $valid_chars[mt_rand(0, count($valid_chars)-1)];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2140	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2141	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2142	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2143
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2144	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2145	* Generates some Javascript that calls the AES encryption library.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2146	* @param string The name of the form
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2147	* @param string The name of the password field
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2148	* @param string The name of the field that switches encryption on or off
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2149	* @param string The name of the field that contains the encryption key
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2150	* @param string The name of the field that will contain the encrypted password
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2151	* @param string The name of the field that handles MD5 challenge data
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2152	* @return string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2153	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2154
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2155	function aes_javascript($form_name, $pw_field, $use_crypt, $crypt_key, $crypt_data, $challenge)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2156	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2157	$code = '
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2158	<script type="text/javascript">
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2159	disableJSONExts();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2160	str = \'\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2161	for(i=0;i<keySizeInBits/4;i++) str+=\'0\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2162	var key = hexToByteArray(str);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2163	var pt = hexToByteArray(str);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2164	var ct = rijndaelEncrypt(pt, key, \'ECB\');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2165	var ct = byteArrayToHex(ct);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2166	switch(keySizeInBits)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2167	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2168	case 128:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2169	v = \'66e94bd4ef8a2c3b884cfa59ca342b2e\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2170	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2171	case 192:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2172	v = \'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2173	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2174	case 256:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2175	v = \'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2176	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2177	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2178	var testpassed = ' . ( ( isset($_GET['use_crypt']) && $_GET['use_crypt']=='0') ? 'false; // CRYPTO-AUTH DISABLED ON USER REQUEST // ' : '' ) . '( ct == v && md5_vm_test() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2179	var frm = document.forms.'.$form_name.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2180	if(testpassed)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2181	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2182	frm.'.$use_crypt.'.value = \'yes\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2183	var cryptkey = frm.'.$crypt_key.'.value;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2184	frm.'.$crypt_key.'.value = hex_md5(cryptkey);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2185	cryptkey = hexToByteArray(cryptkey);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2186	if(!cryptkey \|\| ( ( typeof cryptkey == \'string\' \|\| typeof cryptkey == \'object\' ) ) && cryptkey.length != keySizeInBits / 8 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2187	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2188	if ( frm._login ) frm._login.disabled = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2189	len = ( typeof cryptkey == \'string\' \|\| typeof cryptkey == \'object\' ) ? \'\\nLen: \'+cryptkey.length : \'\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2190	alert(\'The key is messed up\\nType: \'+typeof(cryptkey)+len);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2191	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2192	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2193	if(frm.username) frm.username.focus();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2194	function runEncryption()
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2195	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2196	if(testpassed)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2197	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2198	pass = frm.'.$pw_field.'.value;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2199	chal = frm.'.$challenge.'.value;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2200	challenge = hex_md5(pass + chal) + chal;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2201	frm.'.$challenge.'.value = challenge;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2202	pass = stringToByteArray(pass);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2203	cryptstring = rijndaelEncrypt(pass, cryptkey, \'ECB\');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2204	if(!cryptstring)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2205	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2206	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2207	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2208	cryptstring = byteArrayToHex(cryptstring);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2209	frm.'.$crypt_data.'.value = cryptstring;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2210	frm.'.$pw_field.'.value = \'\';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2211	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2212	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2213	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2214	</script>
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2215	';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2216	return $code;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2217	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2218
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2219	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2220
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2221	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2222	* Class used to fetch permissions for a specific page. Used internally by SessionManager.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2223	* @package Enano
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2224	* @subpackage Session manager
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2225	* @license http://www.gnu.org/copyleft/gpl.html
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2226	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2227	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2228
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2229	class Session_ACLPageInfo {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2230
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2231	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2232	* The page ID of this ACL info package
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2233	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2234	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2235
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2236	var $page_id;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2237
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2238	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2239	* The namespace of the page being checked
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2240	* @var string
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2241	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2242
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2243	var $namespace;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2244
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2245	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2246	* Our list of permission types.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2247	* @access private
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2248	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2249	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2250
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2251	var $acl_types = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2252
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2253	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2254	* The list of descriptions for the permission types
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2255	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2256	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2257
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2258	var $acl_descs = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2259
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2260	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2261	* A list of dependencies for ACL types.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2262	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2263	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2264
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2265	var $acl_deps = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2266
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2267	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2268	* Our tell-all list of permissions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2269	* @access private - or, preferably, protected...too bad this has to be PHP4 compatible
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2270	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2271	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2272
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2273	var $perms = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2274
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2275	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2276	* Constructor.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2277	* @param string $page_id The ID of the page to check
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2278	* @param string $namespace The namespace of the page to check.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2279	* @param array $acl_types List of ACL types
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2280	* @param array $acl_descs List of human-readable descriptions for permissions (associative)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2281	* @param array $acl_deps List of dependencies for permissions. For example, viewing history/diffs depends on the ability to read the page.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2282	* @param array $base What to start with - this is an attempt to reduce the number of SQL queries.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2283	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2284
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2285	function Session_ACLPageInfo($page_id, $namespace, $acl_types, $acl_descs, $acl_deps, $base)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2286	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2287	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2288
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2289	$this->perms = $session->acl_merge_complete($acl_types, $base);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2290	$this->acl_deps = $acl_deps;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2291	$this->acl_types = $acl_types;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2292	$this->acl_descs = $acl_descs;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2293
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2294	// Build a query to grab ACL info
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2295	$bs = 'SELECT rules FROM '.table_prefix.'acl WHERE ( ';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2296	$q = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2297	$q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$session->user_id.' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2298	if(count($session->groups) > 0)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2299	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2300	foreach($session->groups as $g_id => $g_name)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2301	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2302	$q[] = '( target_type='.ACL_TYPE_GROUP.' AND target_id='.intval($g_id).' )';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2303	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2304	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2305	// The reason we're using an ORDER BY statement here is because ACL_TYPE_GROUP is less than ACL_TYPE_USER, causing the user's individual
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2306	// permissions to override group permissions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2307	$bs .= implode(' OR ', $q) . ' ) AND ( page_id=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\' )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2308	ORDER BY target_type ASC, page_id ASC, namespace ASC;';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2309	$q = $session->sql($bs);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2310	if ( $row = $db->fetchrow() )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2311	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2312	do {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2313	$rules = $session->string_to_perm($row['rules']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2314	$this->perms = $session->acl_merge($this->perms, $rules);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2315	} while ( $row = $db->fetchrow() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2316	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2317
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2318	$this->page_id = $page_id;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2319	$this->namespace = $namespace;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2320	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2321
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2322	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2323	* Tells us whether permission $type is allowed or not based on the current rules.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2324	* @param string $type The permission identifier ($acl_type passed to sessionManager::register_acl_type())
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2325	* @param bool $no_deps If true, disables dependency checking
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2326	* @return bool True if allowed, false if denied or if an error occured
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2327	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2328
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2329	function get_permissions($type, $no_deps = false)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2330	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2331	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2332	if ( isset( $this->perms[$type] ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2333	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2334	if ( $this->perms[$type] == AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2335	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2336	else if ( $this->perms[$type] == AUTH_WIKIMODE &&
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2337	( isset($paths->pages[$paths->nslist[$this->namespace].$this->page_id]) &&
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2338	( $paths->pages[$paths->nslist[$this->namespace].$this->page_id]['wiki_mode'] == '1' \|\|
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2339	( $paths->pages[$paths->nslist[$this->namespace].$this->page_id]['wiki_mode'] == '2'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2340	&& getConfig('wiki_mode') == '1'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2341	) ) ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2342	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2343	else if ( $this->perms[$type] == AUTH_WIKIMODE && (
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2344	!isset($paths->pages[$paths->nslist[$this->namespace].$this->page_id])
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2345	\|\| (
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2346	isset($paths->pages[$paths->nslist[$this->namespace].$this->page_id]) && (
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2347	$paths->pages[$paths->nslist[$this->namespace].$this->page_id]['wiki_mode'] == '0'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2348	\|\| (
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2349	$paths->pages[$paths->nslist[$this->namespace].$this->page_id]['wiki_mode'] == '2' && getConfig('wiki_mode') != '1'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2350	) ) ) ) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2351	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2352	else if ( $this->perms[$type] == AUTH_ALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2353	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2354	else if ( $this->perms[$type] == AUTH_DISALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2355	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2356	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2357	else if(isset($this->acl_types[$type]))
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2358	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2359	if ( $this->acl_types[$type] == AUTH_DENY )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2360	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2361	else if ( $this->acl_types[$type] == AUTH_WIKIMODE && $paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2362	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2363	else if ( $this->acl_types[$type] == AUTH_WIKIMODE && !$paths->wiki_mode )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2364	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2365	else if ( $this->acl_types[$type] == AUTH_ALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2366	$ret = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2367	else if ( $this->acl_types[$type] == AUTH_DISALLOW )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2368	$ret = false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2369	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2370	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2371	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2372	// ACL type is undefined
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2373	trigger_error('Unknown access type "' . $type . '"', E_USER_WARNING);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2374	return false; // Be on the safe side and deny access
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2375	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2376	if ( !$no_deps )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2377	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2378	if ( !$this->acl_check_deps($type) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2379	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2380	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2381	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2382	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2383
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2384	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2385	* Tell us if the dependencies for a given permission are met.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2386	* @param string The ACL permission ID
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2387	* @return bool
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2388	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2389
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2390	function acl_check_deps($type)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2391	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2392	if(!isset($this->acl_deps[$type])) // This will only happen if the permissions table is hacked or improperly accessed
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2393	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2394	if(sizeof($this->acl_deps[$type]) < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2395	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2396	$deps = $this->acl_deps[$type];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2397	while(true)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2398	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2399	$full_resolved = true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2400	$j = sizeof($deps);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2401	for ( $i = 0; $i < $j; $i++ )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2402	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2403	$b = $deps;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2404	$deps = array_merge($deps, $this->acl_deps[$deps[$i]]);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2405	if( $b == $deps )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2406	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2407	break 2;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2408	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2409	$j = sizeof($deps);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2410	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2411	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2412	//die('<pre>'.print_r($deps, true).'</pre>');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2413	foreach($deps as $d)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2414	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2415	if ( !$this->get_permissions($d) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2416	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2417	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2418	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2419	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2420	return true;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2421	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2422
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2423	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2424
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2425	?>

author	dan@scribus.fuhry.local.fuhry.local
	Wed, 13 Jun 2007 16:07:17 -0400
changeset 1	fe660c52c48f
permissions	-rw-r--r--