diff -r e53cf8b1d942 -r 75df0b2c596c plugins/SpecialUserFuncs.php --- a/plugins/SpecialUserFuncs.php Sat Jun 07 12:43:57 2008 -0400 +++ b/plugins/SpecialUserFuncs.php Sat Jun 07 12:46:18 2008 -0400 @@ -5,7 +5,7 @@ "Plugin URI" : "http://enanocms.org/", "Description" : "plugin_specialuserfuncs_desc", "Author" : "Dan Fuhry", - "Version" : "1.1.3", + "Version" : "1.1.4", "Author URI" : "http://enanocms.org/" } **!*/ @@ -226,6 +226,12 @@ case 'key_not_found': $errstring = $lang->get('user_err_key_not_found'); break; + case 'ERR_DH_KEY_NOT_FOUND': + $errstring = $lang->get('user_err_dh_key_not_found') . " -- {$__login_status['debug']}"; + break; + case 'ERR_DH_KEY_NOT_INTEGER': + $errstring = $lang->get('user_err_dh_key_not_numeric'); + break; case 'key_wrong_length': $errstring = $lang->get('user_err_key_wrong_length'); break; @@ -252,7 +258,7 @@ $attempts = $__login_status['lockout_threshold']; $server_time = time(); - $time_rem = ( $__login_status['lockout_last_time'] == time() ) ? $__login_status['lockout_duration'] : $__login_status['lockout_duration'] - round( ( $server_time - $__login_status['lockout_last_time'] ) / 60 ); + $time_rem = ( intval(@$__login_status['lockout_last_time']) == time() ) ? $__login_status['lockout_duration'] : $__login_status['lockout_duration'] - round( ( $server_time - $__login_status['lockout_last_time'] ) / 60 ); if ( $time_rem < 1 ) $time_rem = $__login_status['lockout_duration']; @@ -452,9 +458,8 @@ } if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' ) { - die('This version of the Enano LoginAPI is deprecated. Please use the action.json method instead.'); - $db->close(); - exit; + echo 'This version of the Enano LoginAPI is deprecated. Please use the action.json method instead.'; + return true; } if(isset($_POST['login'])) { @@ -480,7 +485,12 @@ $dh_public = $_POST['dh_public_key']; if ( !preg_match('/^[0-9]+$/', $dh_public) ) { - die_semicritical('DiffieHellman error', 'Public key not integer: ' . $dh_public); + $__login_status = array( + 'success' => false, + 'error' => 'ERR_DH_KEY_NOT_INTEGER', + 'debug' => "public key: $dh_public" + ); + return false; } $q = $db->sql_query('SELECT private_key, key_id FROM ' . table_prefix . "diffiehellman WHERE public_key = '$dh_public';"); if ( !$q ) @@ -488,7 +498,12 @@ if ( $db->numrows() < 1 ) { - die_semicritical('DiffieHellman error', 'ERR_DH_KEY_NOT_FOUND'); + $__login_status = array( + 'success' => false, + 'error' => 'ERR_DH_KEY_NOT_FOUND', + 'debug' => "public key: $dh_public" + ); + return false; } list($dh_private, $dh_key_id) = $db->fetchrow_num(); @@ -508,7 +523,12 @@ $dh_hash = $_POST['crypt_key']; if ( $dh_secret_check !== $dh_hash ) { - die_semicritical('DiffieHellman error', 'ERR_DH_HASH_NO_MATCH'); + $__login_status = array( + 'success' => false, + 'error' => 'ERR_DH_HASH_NO_MATCH', + 'debug' => "dh_secret_check = $dh_secret_check\ndh_hash_input = $dh_hash" + ); + return false; } // All good! Generate the AES key @@ -581,18 +601,28 @@ exit; } -function page_Special_Logout() { +function page_Special_Logout() +{ global $db, $session, $paths, $template, $plugins; // Common objects global $lang; + if ( !$session->user_logged_in ) $paths->main_page(); + $token = $paths->getParam(0); + if ( $token !== $session->csrf_token ) + { + csrf_confirm_form(); + } + $l = $session->logout(); if ( $l == 'success' ) { $url = makeUrl(getConfig('main_page'), false, true); - if ( $pi = $paths->getAllParams() ) + if ( $paths->getParam(1) ) { + $pi = explode('/', $paths->getAllParams()); + $pi = implode('/', array_values(array_slice($pi, 1))); list($pid, $ns) = RenderMan::strToPageID($pi); $perms = $session->fetch_page_acl($pid, $ns); if ( $perms->get_permissions('read') ) @@ -600,7 +630,7 @@ $url = makeUrl($pi, false, true); } } - redirect($url, $lang->get('user_logout_success_title'), $lang->get('user_logout_success_body'), 4); + redirect($url, $lang->get('user_logout_success_title'), $lang->get('user_logout_success_body'), 3); } $template->header(); echo '