Beispiel #1
0
 /**
  * @brief Check if the password is correct
  * @param $uid The username
  * @param $password The password
  * @returns true/false
  *
  * Check if the password is correct without logging in the user
  */
 public function checkPassword($uid, $password)
 {
     // Get identity from user and redirect browser to OpenID Server
     $openid = new SimpleOpenID();
     $openid->SetIdentity($uid);
     $openid->SetTrustRoot('http://' . OCP\Util::getServerHost());
     if ($openid->GetOpenIDServer()) {
         $openid->SetApprovedURL('http://' . OCP\Util::getServerHost() . OC::$WEBROOT);
         // Send Response from OpenID server to this script
         $openid->Redirect();
         // This will redirect user to OpenID Server
         exit;
     } else {
         return false;
     }
     exit;
 }
Beispiel #2
0
/**
 * Check validity of user/password/entity
 * If test is ko, reason must be filled into $_SESSION["dol_loginmesg"]
 *
 * @param	string	$usertotest		Login
 * @param	string	$passwordtotest	Password
 * @param   int		$entitytotest   Number of instance (always 1 if module multicompany not enabled)
 * @return	string					Login if OK, '' if KO
 */
function check_user_password_openid($usertotest, $passwordtotest, $entitytotest)
{
    global $_POST, $db, $conf, $langs;
    dol_syslog("functions_openid::check_user_password_openid usertotest=" . $usertotest);
    $login = '';
    // Get identity from user and redirect browser to OpenID Server
    if (isset($_POST['username'])) {
        $openid = new SimpleOpenID();
        $openid->SetIdentity($_POST['username']);
        $protocol = $conf->file->main_force_https ? 'https://' : 'http://';
        $openid->SetTrustRoot($protocol . $_SERVER["HTTP_HOST"]);
        $openid->SetRequiredFields(array('email', 'fullname'));
        $_SESSION['dol_entity'] = $_POST["entity"];
        //$openid->SetOptionalFields(array('dob','gender','postcode','country','language','timezone'));
        if ($openid->sendDiscoveryRequestToGetXRDS()) {
            $openid->SetApprovedURL($protocol . $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"]);
            // Send Response from OpenID server to this script
            $openid->Redirect();
            // This will redirect user to OpenID Server
        } else {
            $error = $openid->GetError();
            return false;
        }
        return false;
    } elseif ($_GET['openid_mode'] == 'id_res') {
        $openid = new SimpleOpenID();
        $openid->SetIdentity($_GET['openid_identity']);
        $openid_validation_result = $openid->ValidateWithServer();
        if ($openid_validation_result == true) {
            // OK HERE KEY IS VALID
            $sql = "SELECT login";
            $sql .= " FROM " . MAIN_DB_PREFIX . "user";
            $sql .= " WHERE openid = '" . $db->escape($_GET['openid_identity']) . "'";
            $sql .= " AND entity IN (0," . ($_SESSION["dol_entity"] ? $_SESSION["dol_entity"] : 1) . ")";
            dol_syslog("functions_openid::check_user_password_openid", LOG_DEBUG);
            $resql = $db->query($sql);
            if ($resql) {
                $obj = $db->fetch_object($resql);
                if ($obj) {
                    $login = $obj->login;
                }
            }
        } else {
            if ($openid->IsError() == true) {
                // ON THE WAY, WE GOT SOME ERROR
                $error = $openid->GetError();
                return false;
            } else {
                // Signature Verification Failed
                //echo "INVALID AUTHORIZATION";
                return false;
            }
        }
    } else {
        if ($_GET['openid_mode'] == 'cancel') {
            // User Canceled your Request
            //echo "USER CANCELED REQUEST";
            return false;
        }
    }
    return $login;
}
Beispiel #3
0
    if (strpos($_SERVER["REQUEST_URI"], '/?')) {
        $userName = substr($_SERVER["REQUEST_URI"], strpos($_SERVER["REQUEST_URI"], '/?') + 2);
    } elseif (strpos($_SERVER["REQUEST_URI"], '.php?')) {
        $userName = substr($_SERVER["REQUEST_URI"], strpos($_SERVER["REQUEST_URI"], '.php?') + 5);
    }
}
OCP\Util::addHeader('link', array('rel' => 'openid.server', 'href' => OCP\Util::linkToAbsolute("user_openid", "user.php") . '/' . $userName));
OCP\Util::addHeader('link', array('rel' => 'openid.delegate', 'href' => OCP\Util::linkToAbsolute("user_openid", "user.php") . '/' . $userName));
OCP\App::registerPersonal('user_openid', 'settings');
require_once 'apps/user_openid/user_openid.php';
//active the openid backend
OC_User::useBackend('openid');
//check for results from openid requests
if (isset($_GET['openid_mode']) and $_GET['openid_mode'] == 'id_res') {
    OCP\Util::writeLog('user_openid', 'openid retured', OCP\Util::DEBUG);
    $openid = new SimpleOpenID();
    $openid->SetIdentity($_GET['openid_identity']);
    $openid_validation_result = $openid->ValidateWithServer();
    if ($openid_validation_result == true) {
        // OK HERE KEY IS VALID
        OCP\Util::writeLog('user_openid', 'auth sucessfull', OCP\Util::DEBUG);
        $identity = $openid->GetIdentity();
        OCP\Util::writeLog('user_openid', 'auth as ' . $identity, OCP\Util::DEBUG);
        $user = OC_USER_OPENID::findUserForIdentity($identity);
        if ($user) {
            $_SESSION['user_id'] = $user;
            header("Location: " . OC::$WEBROOT);
        }
    } else {
        if ($openid->IsError() == true) {
            // ON THE WAY, WE GOT SOME ERROR
 function doOpenIDValidate($openid)
 {
     // use the JanRain php-openid library
     require_once $this->module_path . 'php-openid-1.2.3/Auth/OpenID/URINorm.php';
     $oModuleModel =& getModel('module');
     $config = $oModuleModel->getModuleConfig('member');
     if ($config->enable_openid != 'Y') {
         $this->stop('msg_invalid_request');
     }
     ob_start();
     require $this->module_path . 'openid_lib/class.openid.php';
     require_once $this->module_path . 'openid_lib/libcurlemu.inc.php';
     $openid_ctx = new SimpleOpenID();
     $openid_ctx->SetIdentity(Auth_OpenID_urinorm($openid));
     $openid_ctx->validation_result = $openid_ctx->ValidateWithServer();
     ob_clean();
     return $openid_ctx;
 }
Beispiel #5
0
 public static function attempt_login()
 {
     if (isset($_POST['username'])) {
         // Load the user
         $user = ORM::factory('user', $_POST['username']);
         // If successful login
         if (Auth::instance()->login($user, $_POST['password'])) {
             $user->login();
             return $user;
         } else {
             return 'Your username or password was incorrect, please try again.';
         }
     }
     if (isset($_POST['openid_action']) && $_POST['openid_action'] == "login") {
         // Get identity from user and redirect browser to OpenID Server
         $openid = new SimpleOpenID();
         $openid->SetIdentity($_POST['openid_url']);
         $openid->SetTrustRoot('http://' . $_SERVER["HTTP_HOST"]);
         $openid->SetRequiredFields(array('email', 'fullname'));
         $openid->SetOptionalFields(array('dob', 'gender', 'postcode', 'country', 'language', 'timezone'));
         if ($openid->GetOpenIDServer()) {
             $openid->SetApprovedURL('http://' . $_SERVER["HTTP_HOST"] . url::site() . url::current());
             // Send Response from OpenID server to this script
             $openid->Redirect();
             // This will redirect user to OpenID Server
         } else {
             $error = $openid->GetError();
             echo "ERROR CODE: " . $error['code'] . "<br>";
             echo "ERROR DESCRIPTION: " . $error['description'] . "<br>";
         }
     } else {
         if (isset($_GET['openid_mode']) && $_GET['openid_mode'] == 'id_res') {
             // Perform HTTP Request to OpenID server to validate key
             $openid = new SimpleOpenID();
             $openid->SetIdentity($_GET['openid_identity']);
             $openid_validation_result = $openid->ValidateWithServer();
             if ($openid_validation_result == true) {
                 // OK HERE KEY IS VALID
                 $user = ORM::factory('user', $_GET['openid_identity']);
                 if ($user->id > 0) {
                     $session = Session::instance();
                     $session->set("user", $user);
                     // Login successful, redirect
                     return $user;
                 } else {
                     return 'Your OpenID is not registered with us, please try again.';
                 }
             } else {
                 if ($openid->IsError() == true) {
                     // ON THE WAY, WE GOT SOME ERROR
                     $error = $openid->GetError();
                     echo "ERROR CODE: " . $error['code'] . "<br>";
                     echo "ERROR DESCRIPTION: " . $error['description'] . "<br>";
                 } else {
                     // Signature Verification Failed
                     return 'Verification failed, please try again.';
                 }
             }
         } else {
             if (isset($_GET['openid_mode']) && $_GET['openid_mode'] == 'cancel') {
                 // User Canceled your Request
                 return 'You cancelled the process, please try again.';
             }
         }
     }
 }
Beispiel #6
0
function openid_continue(&$vars)
{
    extract($vars);
    $valid = false;
    if (class_exists('MySQL') && environment('openid_version') > 1 && !isset($_SESSION['openid_degrade'])) {
        global $openid;
        wp_plugin_include(array('wp-openid'));
        $logic = new WordPressOpenID_Logic(null);
        $logic->activate_plugin();
        $consumer = WordPressOpenID_Logic::getConsumer();
        $openid->response = $consumer->complete($_SESSION['oid_return_to']);
        switch ($openid->response->status) {
            case Auth_OpenID_CANCEL:
                trigger_error('The OpenID assertion was cancelled.', E_USER_ERROR);
                break;
            case Auth_OpenID_FAILURE:
                // if we fail OpenID v2 here, we retry once with OpenID v1
                $_SESSION['openid_degrade'] = true;
                $request->set_param('return_url', $request->url_for('openid_continue') . '/');
                $request->set_param('protected_url', $request->base);
                $request->set_param('openid_url', $_SESSION['openid_url']);
                authenticate_with_openid();
                break;
            case Auth_OpenID_SUCCESS:
                $_SESSION['openid_complete'] = true;
                $valid = true;
                break;
        }
    }
    if (!$valid) {
        include $GLOBALS['PATH']['library'] . 'openid.php';
        $openid = new SimpleOpenID();
        $openid->SetIdentity($_SESSION['openid_url']);
        $openid->SetApprovedURL($request->url_for('openid_continue') . '/');
        $openid->SetTrustRoot($request->base);
        $server_url = $_SESSION['openid_server_url'];
        $openid->SetOpenIDServer($server_url);
        $valid = $openid->ValidateWithServer();
    }
    if ($valid) {
        $_SESSION['openid_complete'] = true;
    } else {
        trigger_error("Sorry, the openid server {$server_url} did not validate your identity.", E_USER_ERROR);
    }
    complete_openid_authentication($request);
    if (!empty($_SESSION['requested_url'])) {
        redirect_to($_SESSION['requested_url']);
    } else {
        redirect_to($request->base);
    }
}
Beispiel #7
0
function do_userform($formatter, $options)
{
    global $DBInfo;
    $user =& $DBInfo->user;
    # get cookie
    $id = !empty($options['login_id']) ? $options['login_id'] : '';
    $use_any = 0;
    if (!empty($DBInfo->use_textbrowsers)) {
        if (is_string($DBInfo->use_textbrowsers)) {
            $use_any = preg_match('/' . $DBInfo->use_textbrowsers . '/', $_SERVER['HTTP_USER_AGENT']) ? 1 : 0;
        } else {
            $use_any = preg_match('/Lynx|w3m|links/', $_SERVER['HTTP_USER_AGENT']) ? 1 : 0;
        }
    }
    $options['msg'] = '';
    # e-mail conformation
    if (!empty($options['ticket']) and $id and $id != 'Anonymous') {
        $userdb =& $DBInfo->udb;
        $suspended = false;
        if ($userdb->_exists($id)) {
            $user = $userdb->getUser($id);
        } else {
            if ($userdb->_exists($id, 1)) {
                // suspended user
                $suspended = true;
                $user = $userdb->getUser($id, 1);
            }
        }
        if ($user->id == $id) {
            if ($user->info['eticket'] == $options['ticket']) {
                list($dummy, $email) = explode('.', $options['ticket'], 2);
                $user->info['email'] = $email;
                $user->info['eticket'] = '';
                if ($suspended) {
                    if (empty($DBInfo->register_confirm_admin)) {
                        $userdb->activateUser($id);
                        $userdb->saveUser($user);
                    } else {
                        $userdb->saveUser($user, array('suspended' => 1));
                    }
                } else {
                    $userdb->saveUser($user);
                }
                $title = _("Successfully confirmed");
                $options['msg'] = _("Your e-mail address is confirmed successfully");
                if (!empty($DBInfo->register_confirm_admin)) {
                    $options['msg'] .= "<br />" . _("Your need to wait until your ID activated by admin");
                }
            } else {
                if ($user->info['nticket'] == $options['ticket']) {
                    $title = _("Successfully confirmed");
                    $user->info['nticket'] = '';
                    $user->info['password'] = $user->info['npassword'];
                    $user->info['npassword'] = '';
                    $userdb->saveUser($user);
                    $options['msg'] = _("Your new password is confirmed successfully");
                } else {
                    $title = _("Confirmation missmatched !");
                    $options['msg'] = _("Please try again to register your e-mail address");
                }
            }
        } else {
            if ($suspended) {
                $title = _("Please wait until your ID is confirmed by admin!");
            } else {
                $title = _("ID does not exist !");
            }
            $options['msg'] = _("Please try again to register your e-mail address");
        }
        $formatter->send_header("", $options);
        $formatter->send_title($title, "", $options);
        $formatter->send_footer("", $options);
        return '';
    }
    $title = '';
    if ($user->id == "Anonymous" and !empty($options['emailreset'])) {
        setcookie('MONI_VERIFIED_EMAIL', '', time() - 3600, get_scriptname());
        $options['msg'] .= '<br />' . _("Verification E-mail removed.");
        $options['verifyemail'] = '';
        $user->verified_email = '';
    } else {
        if ($user->id == "Anonymous" and !empty($options['login']) and !empty($options['verify_email'])) {
            $email = base64_decode($options['login']);
            $ticket = base64_encode(getTicket($_SERVER['REMOTE_ADDR'], $email, 10));
            if ($ticket == $options['verify_email']) {
                $options['msg'] .= '<br />' . _("Your email address is successfully verified.");
                $user->verified_email = $email;
                setcookie('MONI_VERIFIED_EMAIL', $email, time() + 60 * 60 * 24 * 30, get_scriptname());
            } else {
                $options['msg'] .= '<br />' . _("Verification missmatched.");
            }
        } else {
            if ($user->id == "Anonymous" and $options['verify'] == _("Verify E-mail address") and !empty($DBInfo->anonymous_friendly) and !empty($options['verifyemail'])) {
                if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['verifyemail'])) {
                    if (($ret = verify_email($options['verifyemail'])) < 0) {
                        $ret = -$ret;
                        $options['msg'] .= '<br />' . 'ERROR Code: ' . $ret;
                        $options['msg'] .= '<br/>' . _("Invalid email address or can't verify it.");
                    } else {
                        if (!empty($DBInfo->verify_email)) {
                            if ($DBInfo->verify_email == 1) {
                                $options['msg'] .= '<br/>' . _("Your email address is successfully verified.");
                                setcookie('MONI_VERIFIED_EMAIL', $options['verifyemail'], time() + 60 * 60 * 24 * 30, get_scriptname());
                            } else {
                                $opts = array();
                                $opts['subject'] = "[{$DBInfo->sitename}] " . _("Verify Email address");
                                $opts['email'] = $options['verifyemail'];
                                $opts['id'] = 'nobody';
                                $ticket = base64_encode(getTicket($_SERVER['REMOTE_ADDR'], $opts['email'], 10));
                                $enc = base64_encode($opts['email']);
                                $body = qualifiedUrl($formatter->link_url('UserPreferences', "?action=userform&login={$enc}&verify_email={$ticket}"));
                                $body = _("Please confirm your e-mail address") . "\n" . $body . "\n";
                                $ret = wiki_sendmail($body, $opts);
                                $options['msg'] .= '<br/>' . _("E-mail verification mail sent");
                            }
                        }
                    }
                } else {
                    $options['msg'] .= '<br/>' . _("Your email address is not valid");
                }
            } else {
                if ($user->id == "Anonymous" and !empty($options['login_id']) and isset($options['password']) and !isset($options['passwordagain'])) {
                    if (method_exists($user, 'login')) {
                        $user->login($formatter, $options);
                        $params = array();
                        $params['value'] = $options['page'];
                        do_goto($formatter, $params);
                        return;
                    }
                    # login
                    $userdb = $DBInfo->udb;
                    if ($userdb->_exists($id)) {
                        $user = $userdb->getUser($id);
                        $login_ok = 0;
                        if (!empty($DBInfo->use_safelogin)) {
                            if (isset($options['challenge']) and $options['_chall'] == $options['challenge']) {
                                #print '<pre>';
                                #print $options['password'].'<br />';
                                #print hmac($options['challenge'],$user->info['password']);
                                #print '</pre>';
                                if (hmac($options['challenge'], $user->info['password']) == $options['password']) {
                                    $login_ok = 1;
                                }
                            } else {
                                # with no javascript browsers
                                $md5pw = md5($options['password']);
                                if ($md5pw == $user->info['password']) {
                                    $login_ok = 1;
                                }
                            }
                        }
                        if ($login_ok or $user->checkPasswd($options['password']) === true) {
                            $options['msg'] = sprintf(_("Successfully login as '%s'"), $id);
                            $options['id'] = $user->id;
                            if ($user->id == 'Anonymous') {
                                // special case. login success but ID is not acceptable
                                $options['msg'] = _("Invalid user ID. Please register again");
                            } else {
                                $formatter->header($user->setCookie());
                                if (!isset($user->info['login_success'])) {
                                    $user->info['login_success'] = 0;
                                }
                                if (!isset($user->info['login_fail'])) {
                                    $user->info['login_fail'] = 0;
                                }
                                $user->info['login_success']++;
                                $user->info['last_login'] = gmdate("Y/m/d H:i:s", time());
                                $user->info['login_fail'] = 0;
                                // reset login
                                $user->info['remote'] = $_SERVER['REMOTE_ADDR'];
                                $userdb->saveUser($user);
                                $use_refresh = 1;
                            }
                            $DBInfo->user = $user;
                        } else {
                            $title = sprintf(_("Invalid password !"));
                            if (!isset($user->info['login_fail'])) {
                                $user->info['login_fail'] = 0;
                            }
                            $user->info['login_fail']++;
                            $user->info['remote'] = $_SERVER['REMOTE_ADDR'];
                            $userdb->saveUser($user);
                            $user->setID('Anonymous');
                        }
                    } else {
                        if (isset($options['login_id'][0])) {
                            if ($userdb->_exists($id, 1)) {
                                // suspended user
                                $title = sprintf(_("\"%s\" is waiting for activated by admin !"), $options['login_id']);
                            } else {
                                $title = sprintf(_("\"%s\" does not exist on this wiki !"), $options['login_id']);
                            }
                            $options['login_id'] = '';
                        } else {
                            $title = _("Make new ID on this wiki");
                        }
                        $form = macro_UserPreferences($formatter, '', $options);
                    }
                } else {
                    if (!empty($options['logout'])) {
                        # logout
                        header($user->unsetCookie(), false);
                        if (session_name() != '') {
                            $path = get_scriptname();
                            // for moniwiki internal
                            header('Set-Cookie: ' . session_name() . '=' . $user->id . '; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=' . $path, false);
                            // for some user plugins
                            $params = session_get_cookie_params();
                            header('Set-Cookie: ' . session_name() . '=' . $user->id . '; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=' . $params['path'], false);
                        }
                        // call logout method
                        if (method_exists($user, 'logout')) {
                            $user->logout($formatter, $options);
                        } else {
                            $options['msg'] = _("Cookie deleted !");
                        }
                        $user->id = 'Anonymous';
                        $DBInfo->user = $user;
                        $use_refresh = 1;
                    } else {
                        if (!empty($DBInfo->use_sendmail) and $options['login'] == _("E-mail new password") and $user->id == "Anonymous" and !empty($options['email']) and !empty($options['login_id'])) {
                            # email new password
                            $title = '';
                            if (!$use_any and $DBInfo->use_ticket) {
                                if ($options['__seed'] and $options['check']) {
                                    $mycheck = getTicket($options['__seed'], $_SERVER['REMOTE_ADDR'], 4);
                                    if ($mycheck == $options['check']) {
                                        $ok_ticket = 1;
                                    } else {
                                        $title = _("Invalid ticket !");
                                    }
                                } else {
                                    $title = _("You need a ticket !");
                                }
                            } else {
                                $ok_ticket = 1;
                            }
                            $userdb =& $DBInfo->udb;
                            if ($userdb->_exists($id)) {
                                $user = $userdb->getUser($id);
                            }
                            if ($ok_ticket and $user->id != "Anonymous") {
                                if ($options['email'] == $user->info['email'] and $user->info['eticket'] == '') {
                                    #make new password
                                    $mypass = base64_encode(getTicket(time(), $_SERVER['REMOTE_ADDR'], 10));
                                    $mypass = substr($mypass, 0, 8);
                                    $options['password'] = $mypass;
                                    $old_passwd = $user->info['password'];
                                    if ($DBInfo->use_safelogin) {
                                        $ret = $user->setPasswd(md5($mypass), md5($mypass), 1);
                                    } else {
                                        $ret = $user->setPasswd($mypass, $mypass);
                                    }
                                    $new_passwd = $user->info['password'];
                                    $user->info['password'] = $old_passwd;
                                    $user->info['npassword'] = $new_passwd;
                                    #make ticket
                                    $ticket = md5(time() . $user->id . $options['email']);
                                    $user->info['nticket'] = $ticket . "." . $options['email'];
                                    // save join agreement
                                    if (!empty($DBInfo->use_agreement) and !empty($options['joinagreement'])) {
                                        $user->info['join_agreement'] = 'agree';
                                        if (!empty($DBInfo->agreement_version)) {
                                            $user->info['join_agreement_version'] = $DBInfo->agreement_version;
                                        }
                                    }
                                    $userdb->saveUser($user);
                                    # XXX
                                    $opts['subject'] = "[{$DBInfo->sitename}] " . _("New password confirmation");
                                    $opts['email'] = $options['email'];
                                    $opts['id'] = 'nobody';
                                    $body = qualifiedUrl($formatter->link_url('', "?action=userform&login_id={$user->id}&ticket={$ticket}.{$options['email']}"));
                                    $body = _("Please confirm your new password") . "\n" . $body . "\n";
                                    $body .= sprintf(_("Your new password is %s"), $mypass) . "\n\n";
                                    $body .= _("Please change your password later") . "\n";
                                    $ret = wiki_sendmail($body, $opts);
                                    if (is_array($ret)) {
                                        $title = _("Fail to e-mail notification !");
                                        $options['msg'] = $ret['msg'];
                                    } else {
                                        $title = _("New password is sent to your e-mail !");
                                        $options['msg'] = _("Please check your e-mail");
                                    }
                                } else {
                                    if ($options['email'] != $user->info['email']) {
                                        $title = _("Fail to e-mail notification !");
                                        $options['msg'] = _("E-mail mismatch !");
                                    } else {
                                        $title = _("Invalid request");
                                        $options['msg'] = _("Please confirm your e-mail address first !");
                                    }
                                }
                            } else {
                                if (!$ok_ticket) {
                                    $title = _("Invalid ticket !");
                                } else {
                                    $title = _("ID and e-mail mismatch !");
                                }
                                $options['msg'] = _("Please try again or make a new profile");
                            }
                            $formatter->send_header("", $options);
                            $formatter->send_title($title, "", $options);
                            $formatter->send_footer("", $options);
                            return;
                        } else {
                            if ($user->id == "Anonymous" and !empty($options['login_id']) and ($options['password'] and $options['passwordagain'] or $DBInfo->use_safelogin and $options['email'])) {
                                # create profile
                                $title = '';
                                if (!$use_any and !empty($DBInfo->use_ticket)) {
                                    if ($options['__seed'] and $options['check']) {
                                        $mycheck = getTicket($options['__seed'], $_SERVER['REMOTE_ADDR'], 4);
                                        if ($mycheck == $options['check']) {
                                            $ok_ticket = 1;
                                        } else {
                                            $title = _("Invalid ticket !");
                                        }
                                    } else {
                                        $title = _("You need a ticket !");
                                    }
                                } else {
                                    $ok_ticket = 1;
                                }
                                $id = $user->getID($options['login_id']);
                                if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $id)) {
                                    if (($ret = verify_email($id)) < 0) {
                                        $ret = -$ret;
                                        $options['msg'] .= '<br />' . 'ERROR Code: ' . $ret;
                                        $options['msg'] .= '<br/>' . _("Invalid email address or can't verify it.");
                                    } else {
                                        $options['email'] = $id;
                                        $user->setID($id);
                                    }
                                } else {
                                    if (!preg_match("/\\//", $id)) {
                                        $user->setID($id);
                                    }
                                }
                                // protect http:// style id
                                if (!empty($DBInfo->use_agreement) and empty($options['joinagreement'])) {
                                    $title = _("Please check join agreement.");
                                } else {
                                    if ($ok_ticket and $user->id != "Anonymous") {
                                        if (!empty($DBInfo->use_safelogin)) {
                                            $mypass = base64_encode(getTicket(time(), $_SERVER['REMOTE_ADDR'], 10));
                                            $mypass = substr($mypass, 0, 8);
                                            $options['password'] = $mypass;
                                            $ret = $user->setPasswd(md5($mypass), md5($mypass), 1);
                                        } else {
                                            $ret = $user->setPasswd($options['password'], $options['passwordagain']);
                                        }
                                        if (!empty($DBInfo->password_length) and strlen($options['password']) < $DBInfo->password_length) {
                                            $ret = 0;
                                        }
                                        if ($ret <= 0) {
                                            if ($ret == 0) {
                                                $title = _("too short password!");
                                            } else {
                                                if ($ret == -1) {
                                                    $title = _("mismatch password!");
                                                } else {
                                                    if ($ret == -2) {
                                                        $title = _("not acceptable character found in the password!");
                                                    }
                                                }
                                            }
                                        } else {
                                            if ($ret < 8 and empty($DBInfo->use_safelogin)) {
                                                $options['msg'] = _("Your password is too simple to use as a password !");
                                            }
                                            $udb = $DBInfo->udb;
                                            if ($options['email']) {
                                                if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['email'])) {
                                                    if (($ret = verify_email($options['email'])) < 0) {
                                                        $options['email'] = '';
                                                        // reset email address
                                                        $ret = -$ret;
                                                        $options['msg'] .= '<br />' . 'ERROR Code: ' . $ret;
                                                        $options['msg'] .= '<br/>' . _("Can't verify E-mail address! Please check your email address.");
                                                    }
                                                } else {
                                                    $options['msg'] .= '<br/>' . _("Your email address is not valid");
                                                }
                                            }
                                            if ($udb->isNotUser($user)) {
                                                if (!empty($DBInfo->no_register)) {
                                                    $options['msg'] = _("Fail to register");
                                                    $options['err'] = _("You are not allowed to register on this wiki");
                                                    $options['err'] .= "\n" . _("Please contact WikiMasters");
                                                    do_invalid($formatter, $options);
                                                    return;
                                                }
                                                $title = sprintf(_("Successfully added as '%s'"), _html_escape($user->id));
                                                $options['id'] = $user->id;
                                                $ticket = md5(time() . $user->id . $options['email']);
                                                $user->info['eticket'] = $ticket . "." . $options['email'];
                                                if (!empty($DBInfo->use_safelogin)) {
                                                    $options['msg'] = sprintf(_("Successfully added as '%s'"), $user->id);
                                                    $options['msg'] .= '<br />' . _("Please check your mailbox");
                                                }
                                                $args = array();
                                                if ($options['email'] == $id or !empty($DBInfo->register_confirm_email)) {
                                                    $args = array('suspended' => 1);
                                                }
                                                if (!empty($DBInfo->register_confirm_admin)) {
                                                    $args = array('suspended' => 1);
                                                }
                                                if (!empty($DBInfo->register_confirm_admin)) {
                                                    if (!empty($options['msg'])) {
                                                        $options['msg'] .= '<br />';
                                                    }
                                                    $options['msg'] .= _("Your need to wait until your ID activated by admin");
                                                }
                                                // save join agreement
                                                if (!empty($DBInfo->use_agreement) and !empty($options['joinagreement'])) {
                                                    $user->info['join_agreement'] = 'agree';
                                                    if (!empty($DBInfo->agreement_version)) {
                                                        $user->info['join_agreement_version'] = $DBInfo->agreement_version;
                                                    }
                                                }
                                                if (empty($DBInfo->use_safelogin) && empty($args['suspended'])) {
                                                    $formatter->header($user->setCookie());
                                                }
                                                $ret = $udb->addUser($user, $args);
                                                # XXX
                                                if (!empty($options['email']) and preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['email'])) {
                                                    $options['subject'] = "[{$DBInfo->sitename}] " . _("E-mail confirmation");
                                                    $body = '';
                                                    if (!empty($DBInfo->email_register_header) and file_exists($DBInfo->email_register_header)) {
                                                        $body = file_get_contents($DBInfo->email_register_header);
                                                        $body = str_replace(array('@sitename@'), array($DBInfo->sitename), $body);
                                                    }
                                                    $body .= _("Please confirm your email address") . "\n\n";
                                                    $body .= qualifiedUrl($formatter->link_url('', "?action=userform&login_id={$user->id}&ticket={$ticket}.{$options['email']}"));
                                                    $body .= "\n";
                                                    if (!empty($DBInfo->use_safelogin)) {
                                                        $body .= "\n" . sprintf(_("Your initial password is %s"), $mypass) . "\n\n";
                                                        $body .= _("Please change your password later") . "\n";
                                                    }
                                                    $ret = wiki_sendmail($body, $options);
                                                    if (is_array($ret)) {
                                                        $options['msg'] .= $ret['msg'];
                                                    } else {
                                                        $options['msg'] .= '<br/>' . _("Confirmation E-mail sent");
                                                    }
                                                }
                                            } else {
                                                # already exist user
                                                $user = $udb->getUser($user->id);
                                                if ($user->checkPasswd($options['password']) === true) {
                                                    $options['msg'] .= sprintf(_("Successfully login as '%s'"), $id);
                                                    $options['id'] = $user->id;
                                                    $formatter->header($user->setCookie());
                                                    $udb->saveUser($user);
                                                    # XXX
                                                } else {
                                                    $title = _("Invalid password !");
                                                }
                                            }
                                        }
                                    } else {
                                        if (empty($title)) {
                                            $title = _("Invalid username !");
                                        }
                                    }
                                }
                            } else {
                                if ($user->id != "Anonymous") {
                                    # save profile
                                    $udb =& $DBInfo->udb;
                                    $userinfo = $udb->getUser($user->id);
                                    if (!empty($options['password']) and !empty($options['passwordagain'])) {
                                        $chall = 0;
                                        if (!empty($DBInfo->use_safelogin)) {
                                            if (isset($options['_chall'])) {
                                                $chall = $options['challenge'];
                                            } else {
                                                $chall = rand(100000);
                                                $options['password'] = hmac($chall, $options['password']);
                                            }
                                        }
                                        //echo 'chall=',$chall,' ',$options['password'];
                                        if ($userinfo->checkPasswd($options['password'], $chall) === true) {
                                            if ($DBInfo->use_safelogin) {
                                                $mypass = md5($options['passwordagain']);
                                                // XXX
                                                $ret = $userinfo->setPasswd($mypass, $mypass, 1);
                                            } else {
                                                $ret = $userinfo->setPasswd($options['passwordagain']);
                                            }
                                            if ($ret <= 0) {
                                                if ($ret == 0) {
                                                    $title = _("too short password!");
                                                } else {
                                                    if ($ret == -1) {
                                                        $title = _("mismatch password !");
                                                    } else {
                                                        if ($ret == -2) {
                                                            $title = _("not acceptable character found in the password!");
                                                        }
                                                    }
                                                }
                                                $options['msg'] = _("Password is not changed !");
                                            } else {
                                                $title = _("Password is changed !");
                                                if ($ret < 8) {
                                                    $options['msg'] = _("Password is too simple to use as a password !");
                                                }
                                            }
                                        } else {
                                            $title = _("Invalid password !");
                                            $options['msg'] = _("Password is not changed !");
                                        }
                                    }
                                    if (isset($options['user_css'])) {
                                        $userinfo->info['css_url'] = $options['user_css'];
                                    }
                                    if (isset($options['timezone'])) {
                                        list($hour, $min) = explode(':', $options['timezone']);
                                        $min = $min * 60;
                                        $min = $hour < 0 ? -1 * $min : $min;
                                        $tz_offset = $hour * 3600 + $min;
                                        $userinfo->info['tz_offset'] = $tz_offset;
                                    }
                                    if (!empty($DBInfo->use_agreement) and !empty($options['joinagreement'])) {
                                        $userinfo->info['join_agreement'] = 'agree';
                                        if (!empty($DBInfo->agreement_version)) {
                                            $userinfo->info['join_agreement_version'] = $DBInfo->agreement_version;
                                        }
                                    }
                                    $button_check_email_again = !empty($options['button_check_email_again']) ? 1 : 0;
                                    if ($button_check_email_again and !empty($userinfo->info['eticket'])) {
                                        list($dummy, $email) = explode('.', $userinfo->info['eticket'], 2);
                                        if (!empty($email)) {
                                            $options['email'] = $email;
                                        }
                                    }
                                    if (!empty($options['email']) and $options['email'] != $userinfo->info['email']) {
                                        if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['email'])) {
                                            if (($ret = verify_email($options['email'])) < 0) {
                                                $ret = -$ret;
                                                $options['msg'] .= '<br />' . 'ERROR Code: ' . $ret;
                                                $options['msg'] .= '<br />' . _("Invalid email address or can't verify it.");
                                            } else {
                                                $ticket = md5(time() . $userinfo->info['id'] . $options['email']);
                                                $userinfo->info['eticket'] = $ticket . "." . $options['email'];
                                                $options['subject'] = "[{$DBInfo->sitename}] " . _("E-mail confirmation");
                                                $body = qualifiedUrl($formatter->link_url('', "?action=userform&login_id={$user->id}&ticket={$ticket}.{$options['email']}"));
                                                $body = _("Please confirm your email address") . "\n" . $body;
                                                $ret = wiki_sendmail($body, $options);
                                                if (is_array($ret)) {
                                                    $options['msg'] = $ret['msg'];
                                                } else {
                                                    $options['msg'] = _("E-mail confirmation mail sent");
                                                }
                                            }
                                        } else {
                                            $options['msg'] = _("Your email address is not valid");
                                        }
                                    }
                                    if (!empty($userinfo->info['idtype']) and $userinfo->info['idtype'] == 'openid' and isset($options['nick']) and $options['nick'] != $userinfo->info['nick']) {
                                        $nick = $userinfo->getID($options['nick']);
                                        // nickname check XXX
                                        if (!$udb->_exists($nick)) {
                                            $userinfo->info['nick'] = $nick;
                                        } else {
                                            $options['msg'] = _("Your Nickname already used as ID in this wiki");
                                        }
                                    }
                                    $udb->saveUser($userinfo);
                                    #$options['css_url']=$options['user_css'];
                                    if (!isset($options['msg'])) {
                                        $options['msg'] = _("Profiles are saved successfully !");
                                    }
                                } else {
                                    if ($user->id == "Anonymous" and isset($options['openid_url'])) {
                                        # login with openid
                                        include_once 'lib/openid.php';
                                        session_start();
                                        $process_url = qualifiedUrl($formatter->link_url("UserPreferences", "?action=userform"));
                                        $trust_root = qualifiedUrl($formatter->link_url(""));
                                        $openid = new SimpleOpenID();
                                        $openid->SetIdentity($options['openid_url']);
                                        $openid->SetTrustRoot($trust_root);
                                        $openid->SetRequiredFields(array('nickname', 'email', 'fullname'));
                                        $openid->SetOptionalFields(array('language', 'timezone'));
                                        if ($openid->GetOpenIDServer()) {
                                            $openid->SetApprovedURL($process_url);
                                            // Send Response from OpenID server to this script
                                            $openid->Redirect();
                                            // This will redirect user to OpenID Server
                                            return;
                                        } else {
                                            $error = $openid->GetError();
                                            #echo "ERROR CODE: " . $error['code'] . "<br>";
                                            #echo "ERROR DESCRIPTION: " . $error['description'] . "<br>";
                                            $options["msg"] = sprintf(_("Authentication request was failed: %s"), $error['description']);
                                        }
                                    } else {
                                        if (!empty($options['openid_mode']) and $options['openid_mode'] == 'id_res') {
                                            // OpenID result
                                            include_once 'lib/openid.php';
                                            if (!preg_match('/utf-?8/i', $DBInfo->charset)) {
                                                $options['openid_sreg_nickname'] = iconv('utf-8', $DBInfo->charset, $options['openid_sreg_nickname']);
                                                $options['openid_sreg_fullname'] = iconv('utf-8', $DBInfo->charset, $options['openid_sreg_fullname']);
                                            }
                                            $openid = new SimpleOpenID();
                                            $openid->SetIdentity($options['openid_identity']);
                                            $openid_validation_result = $openid->ValidateWithServer();
                                            if ($openid_validation_result == true) {
                                                // OK HERE KEY IS VALID
                                                $userdb =& $DBInfo->udb;
                                                // XXX
                                                $user->setID($options['openid_identity']);
                                                // XXX
                                                if (!empty($options['openid_language'])) {
                                                    $user->info['language'] = strtolower($options['openid_sreg_language']);
                                                }
                                                //$user->info['tz_offset']=$options['openid_timezone'];
                                                if ($userdb->_exists($options['openid_identity'])) {
                                                    $user = $userdb->getUser($options['openid_identity']);
                                                    $user->info['idtype'] = 'openid';
                                                    $options['msg'] .= sprintf(_("Successfully login as '%s' via OpenID."), $options['openid_identity']);
                                                    $formatter->header($user->setCookie());
                                                    $userdb->saveUser($user);
                                                    // always save
                                                } else {
                                                    if (!empty($DBInfo->no_register) and $DBInfo->no_register == 1) {
                                                        $options['msg'] = _("Fail to register");
                                                        $options['err'] = _("You are not allowed to register on this wiki");
                                                        $options['err'] .= "\n" . _("Please contact WikiMasters");
                                                        do_invalid($formatter, $options);
                                                        return;
                                                    }
                                                    if ($options['openid_sreg_nickname']) {
                                                        $nick = $user->getID($options['openid_sreg_nickname']);
                                                        if (!$userdb->_exists($nick)) {
                                                            $user->info['nick'] = $nick;
                                                        } else {
                                                            $options['msg'] = sprintf(_("Your Nickname %s already used as ID in this Wiki."), $nick);
                                                        }
                                                    }
                                                    $user->info['email'] = $options['openid_sreg_email'];
                                                    $user->info['idtype'] = 'openid';
                                                    $userdb->addUser($user);
                                                    $formatter->header($user->setCookie());
                                                    $userdb->saveUser($user);
                                                    $options["msg"] .= sprintf(_("OpenID Authentication successful and saved as %s."), $options['openid_identity']);
                                                }
                                                $options['id'] = $user->id;
                                            } else {
                                                if ($openid->IsError() == true) {
                                                    // ON THE WAY, WE GOT SOME ERROR
                                                    $error = $openid->GetError();
                                                    $options["msg"] = sprintf(_("Authentication request was failed: %s"), $error['description']);
                                                } else {
                                                    // Signature Verification Failed
                                                    $options["msg"] = _("Invalid OpenID Authentication request");
                                                    echo "INVALID AUTHORIZATION";
                                                }
                                            }
                                        } else {
                                            if (!empty($DBInfo->use_agreement) and $options['login'] == _("Make profile")) {
                                                $options['agreement'] = 1;
                                                $form = macro_UserPreferences($formatter, '', $options);
                                            } else {
                                                $options["msg"] = _("Invalid request");
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }
    $myrefresh = '';
    if (!empty($DBInfo->use_refresh) and !empty($use_refresh)) {
        $sec = $DBInfo->use_refresh - 1;
        if (!empty($options['return_url'])) {
            $lnk = $options['return_url'];
        } else {
            $lnk = $formatter->link_url($formatter->page->urlname, '?action=show');
        }
        $myrefresh = 'Refresh: ' . $sec . '; url=' . qualifiedURL($lnk);
    }
    $formatter->send_header($myrefresh, $options);
    $formatter->send_title($title, "", $options);
    if (!$title && (empty($DBInfo->control_read) or $DBInfo->security->is_allowed('read', $options))) {
        $lnk = $formatter->link_to('?action=show');
        if (empty($form)) {
            echo sprintf(_("return to %s"), $lnk);
        } else {
            echo $form;
        }
    } else {
        if (!empty($form)) {
            print $form;
        }
        #    else $formatter->send_page("Goto UserPreferences");
    }
    $formatter->send_footer("", $options);
}
Beispiel #8
0
         require 'header.php';
         $legend = 'Вы авторизованы на сайте';
         $text = 'Вы авторизованы на сайте. Если у вас отключена переадресация нажмите <a href="/">сюда</a>';
         require 'themes/' . $theme . '/templates/fieldset.tpl.php';
         die('<meta http-equiv="Refresh" content="0; URL=http://' . $_SERVER['HTTP_HOST'] . '">');
     } else {
         $security->log_action('login');
         require 'header.php';
         $legend = 'Логин или пароль не верны';
         $text = 'Вы ввели неправильный логин или пароль. Попробуйте ещё раз.';
         require 'themes/' . $theme . '/templates/fieldset.tpl.php';
         die;
     }
 } else {
     if ($_POST['openid_action'] == "login") {
         $openid = new SimpleOpenID();
         $openid->SetIdentity($_POST['openid_url']);
         $openid->SetTrustRoot('http://' . $_SERVER["HTTP_HOST"]);
         $openid->SetRequiredFields(array('email', 'fullname'));
         $openid->SetOptionalFields(array('dob', 'gender', 'postcode', 'country', 'language', 'timezone'));
         if ($openid->GetOpenIDServer()) {
             $openid->SetApprovedURL('http://' . $_SERVER["HTTP_HOST"] . '/login.php');
             $openid->Redirect();
         } else {
             $error = $openid->GetError();
             echo "ERROR CODE: " . $error['code'] . "<br>";
             echo "ERROR DESCRIPTION: " . $error['description'] . "<br>";
         }
         exit;
     }
 }