function plugin_login_action()
{
global $vars, $auth_type, $auth_users, $realm;
$api = empty($vars['api']) ? 'plus' : $vars['api'];
if ($api != 'plus') {
if (!exist_plugin($vars['api'])) {
return;
}
$call_api = 'plugin_' . $vars['api'] . '_jump_url';
header('Location: ' . $call_api());
die;
}
// NTLM, Negotiate 認証 (IIS 4.0/5.0)
$srv_soft = defined('SERVER_SOFTWARE') ? SERVER_SOFTWARE : $_SERVER['SERVER_SOFTWARE'];
if (substr($srv_soft, 0, 9) == 'Microsoft') {
auth::auth_ntlm();
login_return_page();
}
switch ($auth_type) {
case 1:
if (!auth::auth_pw($auth_users)) {
unset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
header('HTTP/1.0 401 Unauthorized');
header('WWW-Authenticate: Basic realm="' . $realm . '"');
} else {
// FIXME
// 認証成功時は、もともとのページに戻れる
// 下に記述すると認証すら行えないなぁ
login_return_page();
}
break;
case 2:
if (!auth::auth_digest($auth_users)) {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="' . $realm . '", qop="auth", nonce="' . uniqid() . '", opaque="' . md5($realm) . '"');
} else {
login_return_page();
}
break;
}
}
/**
* ユーザ名の取得
* @static
*/
function get_username_digest()
{
global $realm, $auth_users;
if (auth::auth_digest($realm, $auth_users)) {
return auth::get_username_digest();
}
return '';
}
function check_auth_digest()
{
global $auth_users;
if (!auth::auth_digest($auth_users)) {
return '';
}
$data = auth::http_digest_parse($_SERVER['PHP_AUTH_DIGEST']);
if (!empty($data['username'])) {
return $data['username'];
}
return '';
}
function digest_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot)
{
global $auth_users, $auth_method_type, $auth_type;
global $realm;
if (auth::is_page_auth($page, $auth_flag, $auth_pages, '', '')) {
return true;
}
// No limit
//$user_list = get_auth_page_users($page, $auth_pages);
//if (empty($user_list)) return true; // No limit
if (!auth::check_role('role_adm_contents')) {
return true;
}
// 既にコンテンツ管理者
if (auth::auth_digest($auth_users)) {
return true;
}
// Auth failed
if ($auth_flag || $exit_flag) {
pkwk_common_headers();
}
if ($auth_flag) {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="' . $realm . '", qop="auth", nonce="' . uniqid() . '", opaque="' . md5($realm) . '"');
}
if ($exit_flag) {
$body = $title = str_replace('$1', htmlspecialchars(strip_bracket($page)), $title_cannot);
$page = str_replace('$1', make_search($page), $title_cannot);
catbody($title, $page, $body);
exit;
}
return false;
}
function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot)
{
global $auth_users, $auth_method_type, $auth_type;
global $realm;
// Checked by:
$target_str = '';
if ($auth_method_type == 'pagename') {
$target_str = $page;
// Page name
} else {
if ($auth_method_type == 'contents') {
$target_str = get_source($page, TRUE, TRUE);
// Its contents
}
}
$user_list = array();
foreach ($auth_pages as $key => $val) {
if (preg_match($key, $target_str)) {
$user_list = array_merge($user_list, explode(',', $val));
}
}
if (empty($user_list)) {
return TRUE;
}
// No limit
if (!auth::check_role('role_adm_contents')) {
return TRUE;
}
// 既にコンテンツ管理者
// Digest
if ($auth_type == 2) {
if (auth::auth_digest($realm, $auth_users)) {
return TRUE;
}
// Auth failed
if ($auth_flag || $exit_flag) {
pkwk_common_headers();
}
if ($exit_flag) {
$body = $title = str_replace('$1', htmlspecialchars(strip_bracket($page)), $title_cannot);
$page = str_replace('$1', make_search($page), $title_cannot);
catbody($title, $page, $body);
exit;
}
return FALSE;
}
$matches = array();
if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/^Basic (.*)$/', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
// Basic-auth with $_SERVER['HTTP_AUTHORIZATION']
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode($matches[1]));
}
// if (PKWK_READONLY ||
// if (auth::check_role('readonly') ||
// ! isset($_SERVER['PHP_AUTH_USER']) ||
if (!isset($_SERVER['PHP_AUTH_USER']) || !in_array($_SERVER['PHP_AUTH_USER'], $user_list) || !isset($auth_users[$_SERVER['PHP_AUTH_USER']]) || pkwk_hash_compute($_SERVER['PHP_AUTH_PW'], $auth_users[$_SERVER['PHP_AUTH_USER']][0]) !== $auth_users[$_SERVER['PHP_AUTH_USER']][0]) {
// Auth failed
if ($auth_flag || $exit_flag) {
pkwk_common_headers();
}
if ($auth_flag) {
header('WWW-Authenticate: Basic realm="' . $realm . '"');
header('HTTP/1.0 401 Unauthorized');
}
if ($exit_flag) {
$body = $title = str_replace('$1', htmlspecialchars(strip_bracket($page)), $title_cannot);
$page = str_replace('$1', make_search($page), $title_cannot);
catbody($title, $page, $body);
exit;
}
return FALSE;
} else {
return TRUE;
}
}