3 { |
3 { |
4 "Plugin Name" : "plugin_specialuserfuncs_title", |
4 "Plugin Name" : "plugin_specialuserfuncs_title", |
5 "Plugin URI" : "http://enanocms.org/", |
5 "Plugin URI" : "http://enanocms.org/", |
6 "Description" : "plugin_specialuserfuncs_desc", |
6 "Description" : "plugin_specialuserfuncs_desc", |
7 "Author" : "Dan Fuhry", |
7 "Author" : "Dan Fuhry", |
8 "Version" : "1.1.3", |
8 "Version" : "1.1.4", |
9 "Author URI" : "http://enanocms.org/" |
9 "Author URI" : "http://enanocms.org/" |
10 } |
10 } |
11 **!*/ |
11 **!*/ |
12 |
12 |
13 /* |
13 /* |
223 $errstring = $__login_status['error']; |
223 $errstring = $__login_status['error']; |
224 switch($__login_status['error']) |
224 switch($__login_status['error']) |
225 { |
225 { |
226 case 'key_not_found': |
226 case 'key_not_found': |
227 $errstring = $lang->get('user_err_key_not_found'); |
227 $errstring = $lang->get('user_err_key_not_found'); |
|
228 break; |
|
229 case 'ERR_DH_KEY_NOT_FOUND': |
|
230 $errstring = $lang->get('user_err_dh_key_not_found') . " -- {$__login_status['debug']}"; |
|
231 break; |
|
232 case 'ERR_DH_KEY_NOT_INTEGER': |
|
233 $errstring = $lang->get('user_err_dh_key_not_numeric'); |
228 break; |
234 break; |
229 case 'key_wrong_length': |
235 case 'key_wrong_length': |
230 $errstring = $lang->get('user_err_key_wrong_length'); |
236 $errstring = $lang->get('user_err_key_wrong_length'); |
231 break; |
237 break; |
232 case 'too_big_for_britches': |
238 case 'too_big_for_britches': |
250 $attempts = intval($__login_status['lockout_fails']); |
256 $attempts = intval($__login_status['lockout_fails']); |
251 if ( $attempts > $__login_status['lockout_threshold']) |
257 if ( $attempts > $__login_status['lockout_threshold']) |
252 $attempts = $__login_status['lockout_threshold']; |
258 $attempts = $__login_status['lockout_threshold']; |
253 |
259 |
254 $server_time = time(); |
260 $server_time = time(); |
255 $time_rem = ( $__login_status['lockout_last_time'] == time() ) ? $__login_status['lockout_duration'] : $__login_status['lockout_duration'] - round( ( $server_time - $__login_status['lockout_last_time'] ) / 60 ); |
261 $time_rem = ( intval(@$__login_status['lockout_last_time']) == time() ) ? $__login_status['lockout_duration'] : $__login_status['lockout_duration'] - round( ( $server_time - $__login_status['lockout_last_time'] ) / 60 ); |
256 if ( $time_rem < 1 ) |
262 if ( $time_rem < 1 ) |
257 $time_rem = $__login_status['lockout_duration']; |
263 $time_rem = $__login_status['lockout_duration']; |
258 |
264 |
259 $s = ( $time_rem == 1 ) ? '' : $lang->get('meta_plural'); |
265 $s = ( $time_rem == 1 ) ? '' : $lang->get('meta_plural'); |
260 |
266 |
450 $db->close(); |
456 $db->close(); |
451 exit; |
457 exit; |
452 } |
458 } |
453 if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' ) |
459 if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' ) |
454 { |
460 { |
455 die('This version of the Enano LoginAPI is deprecated. Please use the action.json method instead.'); |
461 echo 'This version of the Enano LoginAPI is deprecated. Please use the action.json method instead.'; |
456 $db->close(); |
462 return true; |
457 exit; |
|
458 } |
463 } |
459 if(isset($_POST['login'])) |
464 if(isset($_POST['login'])) |
460 { |
465 { |
461 $captcha_hash = ( isset($_POST['captcha_hash']) ) ? $_POST['captcha_hash'] : false; |
466 $captcha_hash = ( isset($_POST['captcha_hash']) ) ? $_POST['captcha_hash'] : false; |
462 $captcha_code = ( isset($_POST['captcha_code']) ) ? $_POST['captcha_code'] : false; |
467 $captcha_code = ( isset($_POST['captcha_code']) ) ? $_POST['captcha_code'] : false; |
478 |
483 |
479 // Fetch private key |
484 // Fetch private key |
480 $dh_public = $_POST['dh_public_key']; |
485 $dh_public = $_POST['dh_public_key']; |
481 if ( !preg_match('/^[0-9]+$/', $dh_public) ) |
486 if ( !preg_match('/^[0-9]+$/', $dh_public) ) |
482 { |
487 { |
483 die_semicritical('DiffieHellman error', 'Public key not integer: ' . $dh_public); |
488 $__login_status = array( |
|
489 'success' => false, |
|
490 'error' => 'ERR_DH_KEY_NOT_INTEGER', |
|
491 'debug' => "public key: $dh_public" |
|
492 ); |
|
493 return false; |
484 } |
494 } |
485 $q = $db->sql_query('SELECT private_key, key_id FROM ' . table_prefix . "diffiehellman WHERE public_key = '$dh_public';"); |
495 $q = $db->sql_query('SELECT private_key, key_id FROM ' . table_prefix . "diffiehellman WHERE public_key = '$dh_public';"); |
486 if ( !$q ) |
496 if ( !$q ) |
487 $db->die_json(); |
497 $db->die_json(); |
488 |
498 |
489 if ( $db->numrows() < 1 ) |
499 if ( $db->numrows() < 1 ) |
490 { |
500 { |
491 die_semicritical('DiffieHellman error', 'ERR_DH_KEY_NOT_FOUND'); |
501 $__login_status = array( |
|
502 'success' => false, |
|
503 'error' => 'ERR_DH_KEY_NOT_FOUND', |
|
504 'debug' => "public key: $dh_public" |
|
505 ); |
|
506 return false; |
492 } |
507 } |
493 |
508 |
494 list($dh_private, $dh_key_id) = $db->fetchrow_num(); |
509 list($dh_private, $dh_key_id) = $db->fetchrow_num(); |
495 $db->free_result(); |
510 $db->free_result(); |
496 |
511 |
506 // Did we get all our math right? |
521 // Did we get all our math right? |
507 $dh_secret_check = sha1($dh_secret); |
522 $dh_secret_check = sha1($dh_secret); |
508 $dh_hash = $_POST['crypt_key']; |
523 $dh_hash = $_POST['crypt_key']; |
509 if ( $dh_secret_check !== $dh_hash ) |
524 if ( $dh_secret_check !== $dh_hash ) |
510 { |
525 { |
511 die_semicritical('DiffieHellman error', 'ERR_DH_HASH_NO_MATCH'); |
526 $__login_status = array( |
|
527 'success' => false, |
|
528 'error' => 'ERR_DH_HASH_NO_MATCH', |
|
529 'debug' => "dh_secret_check = $dh_secret_check\ndh_hash_input = $dh_hash" |
|
530 ); |
|
531 return false; |
512 } |
532 } |
513 |
533 |
514 // All good! Generate the AES key |
534 // All good! Generate the AES key |
515 $aes_key = substr(sha256($dh_secret), 0, ( AES_BITS / 4 )); |
535 $aes_key = substr(sha256($dh_secret), 0, ( AES_BITS / 4 )); |
516 |
536 |
579 $db->close(); |
599 $db->close(); |
580 |
600 |
581 exit; |
601 exit; |
582 } |
602 } |
583 |
603 |
584 function page_Special_Logout() { |
604 function page_Special_Logout() |
|
605 { |
585 global $db, $session, $paths, $template, $plugins; // Common objects |
606 global $db, $session, $paths, $template, $plugins; // Common objects |
586 global $lang; |
607 global $lang; |
|
608 |
587 if ( !$session->user_logged_in ) |
609 if ( !$session->user_logged_in ) |
588 $paths->main_page(); |
610 $paths->main_page(); |
589 |
611 |
|
612 $token = $paths->getParam(0); |
|
613 if ( $token !== $session->csrf_token ) |
|
614 { |
|
615 csrf_confirm_form(); |
|
616 } |
|
617 |
590 $l = $session->logout(); |
618 $l = $session->logout(); |
591 if ( $l == 'success' ) |
619 if ( $l == 'success' ) |
592 { |
620 { |
593 $url = makeUrl(getConfig('main_page'), false, true); |
621 $url = makeUrl(getConfig('main_page'), false, true); |
594 if ( $pi = $paths->getAllParams() ) |
622 if ( $paths->getParam(1) ) |
595 { |
623 { |
|
624 $pi = explode('/', $paths->getAllParams()); |
|
625 $pi = implode('/', array_values(array_slice($pi, 1))); |
596 list($pid, $ns) = RenderMan::strToPageID($pi); |
626 list($pid, $ns) = RenderMan::strToPageID($pi); |
597 $perms = $session->fetch_page_acl($pid, $ns); |
627 $perms = $session->fetch_page_acl($pid, $ns); |
598 if ( $perms->get_permissions('read') ) |
628 if ( $perms->get_permissions('read') ) |
599 { |
629 { |
600 $url = makeUrl($pi, false, true); |
630 $url = makeUrl($pi, false, true); |
601 } |
631 } |
602 } |
632 } |
603 redirect($url, $lang->get('user_logout_success_title'), $lang->get('user_logout_success_body'), 4); |
633 redirect($url, $lang->get('user_logout_success_title'), $lang->get('user_logout_success_body'), 3); |
604 } |
634 } |
605 $template->header(); |
635 $template->header(); |
606 echo '<h3>' . $lang->get('user_logout_err_title') . '</h3>'; |
636 echo '<h3>' . $lang->get('user_logout_err_title') . '</h3>'; |
607 echo '<p>' . $l . '</p>'; |
637 echo '<p>' . $l . '</p>'; |
608 $template->footer(); |
638 $template->footer(); |
2025 exit(); |
2055 exit(); |
2026 } |
2056 } |
2027 } |
2057 } |
2028 |
2058 |
2029 $timestamp = enano_date('D, j M Y H:i:s T', $lang_local->lang_timestamp); |
2059 $timestamp = enano_date('D, j M Y H:i:s T', $lang_local->lang_timestamp); |
|
2060 // generate expires header |
|
2061 $expires = date('r', mktime(-1, -1, -1, -1, -1, intval(date('y'))+1)); |
|
2062 |
2030 header("Last-Modified: $timestamp"); |
2063 header("Last-Modified: $timestamp"); |
2031 header("Date: $timestamp"); |
2064 header("Date: $timestamp"); |
2032 header("ETag: \"$etag\""); |
2065 header("ETag: \"$etag\""); |
2033 header('Content-type: text/javascript'); |
2066 header('Content-type: text/javascript'); |
|
2067 header("Expires: $expires"); |
2034 |
2068 |
2035 $lang_local->fetch(); |
2069 $lang_local->fetch(); |
2036 echo "if ( typeof(enano_lang) != 'object' ) |
2070 echo "if ( typeof(enano_lang) != 'object' ) |
2037 var enano_lang = new Object(); |
2071 var enano_lang = new Object(); |
2038 |
2072 |