/** * API Login via basic-auth or OAuth */ function api_login(&$a) { $record = null; require_once 'include/oauth.php'; // login with oauth try { $oauth = new ZotOAuth1(); $req = OAuth1Request::from_request(); list($consumer, $token) = $oauth->verify_request($req); if (!is_null($token)) { $oauth->loginUser($token->uid); App::set_oauth_key($consumer->key); call_hooks('logged_in', App::$user); return; } killme(); } catch (Exception $e) { logger($e->getMessage()); } // workarounds for HTTP-auth in CGI mode if (x($_SERVER, 'REDIRECT_REMOTE_USER')) { $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)); if (strlen($userpass)) { list($name, $password) = explode(':', $userpass); $_SERVER['PHP_AUTH_USER'] = $name; $_SERVER['PHP_AUTH_PW'] = $password; } } if (x($_SERVER, 'HTTP_AUTHORIZATION')) { $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)); if (strlen($userpass)) { list($name, $password) = explode(':', $userpass); $_SERVER['PHP_AUTH_USER'] = $name; $_SERVER['PHP_AUTH_PW'] = $password; } } require_once 'include/auth.php'; require_once 'include/security.php'; // process normal login request if (isset($_SERVER['PHP_AUTH_USER'])) { $channel_login = 0; $record = account_verify_password($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); if ($record && $record['channel']) { $channel_login = $record['channel']['channel_id']; } } if ($record['account']) { authenticate_success($record['account']); if ($channel_login) { change_channel($channel_login); } $_SESSION['allow_api'] = true; return true; } else { $_SERVER['PHP_AUTH_PW'] = '*****'; logger('API_login failure: ' . print_r($_SERVER, true), LOGGER_DEBUG); log_failed_login('API login failure'); retry_basic_auth(); } }
function manage_post(&$a) { if (!local_user()) { return; } $uid = local_user(); $orig_record = $a->user; if (x($_SESSION, 'submanage') && intval($_SESSION['submanage'])) { $r = q("select * from user where uid = %d limit 1", intval($_SESSION['submanage'])); if (count($r)) { $uid = intval($r[0]['uid']); $orig_record = $r[0]; } } $r = q("select * from manage where uid = %d", intval($uid)); $submanage = $r; $identity = x($_POST['identity']) ? intval($_POST['identity']) : 0; if (!$identity) { return; } $limited_id = 0; $original_id = $uid; if (count($submanage)) { foreach ($submanage as $m) { if ($identity == $m['mid']) { $limited_id = $m['mid']; break; } } } if ($limited_id) { $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", intval($limited_id)); } else { $r = q("SELECT * FROM `user` WHERE `uid` = %d AND `email` = '%s' AND `password` = '%s' LIMIT 1", intval($identity), dbesc($orig_record['email']), dbesc($orig_record['password'])); } if (!count($r)) { return; } unset($_SESSION['authenticated']); unset($_SESSION['uid']); unset($_SESSION['visitor_id']); unset($_SESSION['administrator']); unset($_SESSION['cid']); unset($_SESSION['theme']); unset($_SESSION['page_flags']); unset($_SESSION['return_url']); if (x($_SESSION, 'submanage')) { unset($_SESSION['submanage']); } require_once 'include/security.php'; authenticate_success($r[0], true, true); if ($limited_id) { $_SESSION['submanage'] = $original_id; } goaway($a->get_baseurl(true) . '/profile/' . $a->user['nickname']); // NOTREACHED }
/** * Simple HTTP Login */ function api_login(&$a) { // login with oauth try { $oauth = new FKOAuth1(); list($consumer, $token) = $oauth->verify_request(OAuthRequest::from_request()); if (!is_null($token)) { $oauth->loginUser($token->uid); call_hooks('logged_in', $a->user); return; } echo __FILE__ . __LINE__ . __FUNCTION__ . "<pre>"; var_dump($consumer, $token); die; } catch (Exception $e) { logger(__FILE__ . __LINE__ . __FUNCTION__ . "\n" . $e); //die(__file__.__line__.__function__."<pre>".$e); die(); } // workaround for HTTP-auth in CGI mode if (x($_SERVER, 'REDIRECT_REMOTE_USER')) { $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)); if (strlen($userpass)) { list($name, $password) = explode(':', $userpass); $_SERVER['PHP_AUTH_USER'] = $name; $_SERVER['PHP_AUTH_PW'] = $password; } } if (!isset($_SERVER['PHP_AUTH_USER'])) { logger('API_login: '******'WWW-Authenticate: Basic realm="Friendica"'); header('HTTP/1.0 401 Unauthorized'); die('This api requires login'); } $user = $_SERVER['PHP_AUTH_USER']; $encrypted = hash('whirlpool', trim($_SERVER['PHP_AUTH_PW'])); /** * next code from mod/auth.php. needs better solution */ // process normal login request $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) \n\t\t\tAND `password` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", dbesc(trim($user)), dbesc(trim($user)), dbesc($encrypted)); if (count($r)) { $record = $r[0]; } else { logger('API_login failure: ' . print_r($_SERVER, true), LOGGER_DEBUG); header('WWW-Authenticate: Basic realm="Friendika"'); header('HTTP/1.0 401 Unauthorized'); die('This api requires login'); } require_once 'include/security.php'; authenticate_success($record); call_hooks('logged_in', $a->user); }
// to expire after one year (the default is when the browser is closed). // If the user did not specify to remember, change the cookie to expire when the // browser is closed. The reason this is necessary is because if the user // specifies to remember, then logs out and logs back in without specifying to // remember, the old "remember" cookie may remain and prevent the session from // expiring when the browser is closed. // // It seems like I should be able to test for the old cookie, but for some reason when // I read the lifetime value from session_get_cookie_params(), I always get '0' // (i.e. expire when the browser is closed), even when there's a time expiration // on the cookie if ($_POST['remember']) { new_cookie(31449600); // one year } else { new_cookie(0); // 0 means delete on browser exit } // if we haven't failed up this point, log them in. $_SESSION['last_login_date'] = datetime_convert(); authenticate_success($record, true, true); } } function match_openid($authid) { $r = q("select * from pconfig where cat = 'system' and k = 'openid' and v = '%s' limit 1", dbesc($authid)); if ($r) { return $r[0]['uid']; } return false; }
function get() { $noid = get_config('system', 'disable_openid'); if ($noid) { goaway(z_root()); } logger('mod_openid ' . print_r($_REQUEST, true), LOGGER_DATA); if (x($_REQUEST, 'openid_mode')) { $openid = new LightOpenID(z_root()); if ($openid->validate()) { logger('openid: validate'); $authid = normalise_openid($_REQUEST['openid_identity']); if (!strlen($authid)) { logger(t('OpenID protocol error. No ID returned.') . EOL); goaway(z_root()); } $x = match_openid($authid); if ($x) { $r = q("select * from channel where channel_id = %d limit 1", intval($x)); if ($r) { $y = q("select * from account where account_id = %d limit 1", intval($r[0]['channel_account_id'])); if ($y) { foreach ($y as $record) { if ($record['account_flags'] == ACCOUNT_OK || $record['account_flags'] == ACCOUNT_UNVERIFIED) { logger('mod_openid: openid success for ' . $x[0]['channel_name']); $_SESSION['uid'] = $r[0]['channel_id']; $_SESSION['account_id'] = $r[0]['channel_account_id']; $_SESSION['authenticated'] = true; authenticate_success($record, $r[0], true, true, true, true); goaway(z_root()); } } } } } // Successful OpenID login - but we can't match it to an existing account. // See if they've got an xchan $r = q("select * from xconfig left join xchan on xchan_hash = xconfig.xchan where cat = 'system' and k = 'openid' and v = '%s' limit 1", dbesc($authid)); if ($r) { $_SESSION['authenticated'] = 1; $_SESSION['visitor_id'] = $r[0]['xchan_hash']; $_SESSION['my_url'] = $r[0]['xchan_url']; $_SESSION['my_address'] = $r[0]['xchan_addr']; $arr = array('xchan' => $r[0], 'session' => $_SESSION); call_hooks('magic_auth_openid_success', $arr); \App::set_observer($r[0]); require_once 'include/security.php'; \App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); info(sprintf(t('Welcome %s. Remote authentication successful.'), $r[0]['xchan_name'])); logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']); if ($_SESSION['return_url']) { goaway($_SESSION['return_url']); } goaway(z_root()); } // no xchan... // create one. // We should probably probe the openid url and figure out if they have any kind of // social presence we might be able to scrape some identifying info from. $name = $authid; $url = trim($_REQUEST['openid_identity'], '/'); if (strpos($url, 'http') === false) { $url = 'https://' . $url; } $pphoto = z_root() . '/' . get_default_profile_photo(); $parsed = @parse_url($url); if ($parsed) { $host = $parsed['host']; } $attr = $openid->getAttributes(); if (is_array($attr) && count($attr)) { foreach ($attr as $k => $v) { if ($k === 'namePerson/friendly') { $nick = notags(trim($v)); } if ($k === 'namePerson/first') { $first = notags(trim($v)); } if ($k === 'namePerson') { $name = notags(trim($v)); } if ($k === 'contact/email') { $addr = notags(trim($v)); } if ($k === 'media/image/aspect11') { $photosq = trim($v); } if ($k === 'media/image/default') { $photo_other = trim($v); } } } if (!$nick) { if ($first) { $nick = $first; } else { $nick = $name; } } require_once 'library/urlify/URLify.php'; $x = strtolower(\URLify::transliterate($nick)); if ($nick & $host) { $addr = $nick . '@' . $host; } $network = 'unknown'; if ($photosq) { $pphoto = $photosq; } elseif ($photo_other) { $pphoto = $photo_other; } $mimetype = guess_image_type($pphoto); $x = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_mimetype,\n\t xchan_photo_l, xchan_addr, xchan_url, xchan_connurl, xchan_follow, xchan_connpage, xchan_name, xchan_network, xchan_photo_date, \n\t\t\t\t\txchan_name_date, xchan_hidden)\n\t values ( '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 1) ", dbesc($url), dbesc(''), dbesc(''), dbesc(''), dbesc($mimetype), dbesc($pphoto), dbesc($addr), dbesc($url), dbesc(''), dbesc(''), dbesc(''), dbesc($name), dbesc($network), dbesc(datetime_convert()), dbesc(datetime_convert())); if ($x) { $r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($url)); if ($r) { $photos = import_xchan_photo($pphoto, $url); if ($photos) { $z = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', \n\t\t\t\t\t\t\t\txchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", dbesc(datetime_convert()), dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), dbesc($photos[3]), dbesc($url)); } set_xconfig($url, 'system', 'openid', $authid); $_SESSION['authenticated'] = 1; $_SESSION['visitor_id'] = $r[0]['xchan_hash']; $_SESSION['my_url'] = $r[0]['xchan_url']; $_SESSION['my_address'] = $r[0]['xchan_addr']; $arr = array('xchan' => $r[0], 'session' => $_SESSION); call_hooks('magic_auth_openid_success', $arr); \App::set_observer($r[0]); info(sprintf(t('Welcome %s. Remote authentication successful.'), $r[0]['xchan_name'])); logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']); if ($_SESSION['return_url']) { goaway($_SESSION['return_url']); } goaway(z_root()); } } } } notice(t('Login failed.') . EOL); goaway(z_root()); // NOTREACHED }
/** * Simple HTTP Login */ function api_login(&$a) { // login with oauth try { $oauth = new FKOAuth1(); list($consumer, $token) = $oauth->verify_request(OAuthRequest::from_request()); if (!is_null($token)) { $oauth->loginUser($token->uid); call_hooks('logged_in', $a->user); return; } echo __FILE__ . __LINE__ . __FUNCTION__ . "<pre>"; var_dump($consumer, $token); die; } catch (Exception $e) { logger(__FILE__ . __LINE__ . __FUNCTION__ . "\n" . $e); //die(__file__.__line__.__function__."<pre>".$e); die(); } // workaround for HTTP-auth in CGI mode if (x($_SERVER, 'REDIRECT_REMOTE_USER')) { $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)); if (strlen($userpass)) { list($name, $password) = explode(':', $userpass); $_SERVER['PHP_AUTH_USER'] = $name; $_SERVER['PHP_AUTH_PW'] = $password; } } if (!isset($_SERVER['PHP_AUTH_USER'])) { logger('API_login: '******'WWW-Authenticate: Basic realm="Friendica"'); header('HTTP/1.0 401 Unauthorized'); die(api_error($a, 'json', "This api requires login")); //die('This api requires login'); } $user = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; $encrypted = hash('whirlpool', trim($password)); // allow "user@server" login (but ignore 'server' part) $at = strstr($user, "@", true); if ($at) { $user = $at; } /** * next code from mod/auth.php. needs better solution */ $record = null; $addon_auth = array('username' => trim($user), 'password' => trim($password), 'authenticated' => 0, 'user_record' => null); /** * * A plugin indicates successful login by setting 'authenticated' to non-zero value and returning a user record * Plugins should never set 'authenticated' except to indicate success - as hooks may be chained * and later plugins should not interfere with an earlier one that succeeded. * */ call_hooks('authenticate', $addon_auth); if ($addon_auth['authenticated'] && count($addon_auth['user_record'])) { $record = $addon_auth['user_record']; } else { // process normal login request $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' )\n\t\t\t\tAND `password` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 LIMIT 1", dbesc(trim($user)), dbesc(trim($user)), dbesc($encrypted)); if (count($r)) { $record = $r[0]; } } if (!$record || !count($record)) { logger('API_login failure: ' . print_r($_SERVER, true), LOGGER_DEBUG); header('WWW-Authenticate: Basic realm="Friendica"'); header('HTTP/1.0 401 Unauthorized'); die('This api requires login'); } authenticate_success($record); $_SESSION["allow_api"] = true; call_hooks('logged_in', $a->user); }
function post() { $max_dailies = intval(get_config('system', 'max_daily_registrations')); if ($max_dailies) { $r = q("select count(account_id) as total from account where account_created > %s - INTERVAL %s", db_utcnow(), db_quoteinterval('1 day')); if ($r && $r[0]['total'] >= $max_dailies) { notice(t('Maximum daily site registrations exceeded. Please try again tomorrow.') . EOL); return; } } if (!x($_POST, 'tos')) { notice(t('Please indicate acceptance of the Terms of Service. Registration failed.') . EOL); return; } $policy = get_config('system', 'register_policy'); $email_verify = get_config('system', 'verify_email'); switch ($policy) { case REGISTER_OPEN: $flags = ACCOUNT_OK; break; case REGISTER_APPROVE: $flags = ACCOUNT_BLOCKED | ACCOUNT_PENDING; break; default: case REGISTER_CLOSED: if (!is_site_admin()) { notice(t('Permission denied.') . EOL); return; } $flags = ACCOUNT_BLOCKED; break; } if ($email_verify && $policy == REGISTER_OPEN) { $flags = $flags | ACCOUNT_UNVERIFIED; } if (!$_POST['password'] || $_POST['password'] !== $_POST['password2']) { notice(t('Passwords do not match.') . EOL); return; } $arr = $_POST; $arr['account_flags'] = $flags; $result = create_account($arr); if (!$result['success']) { notice($result['message']); return; } require_once 'include/security.php'; if ($_REQUEST['name']) { set_aconfig($result['account']['account_id'], 'register', 'channel_name', $_REQUEST['name']); } if ($_REQUEST['nickname']) { set_aconfig($result['account']['account_id'], 'register', 'channel_address', $_REQUEST['nickname']); } if ($_REQUEST['permissions_role']) { set_aconfig($result['account']['account_id'], 'register', 'permissions_role', $_REQUEST['permissions_role']); } $using_invites = intval(get_config('system', 'invitation_only')); $num_invites = intval(get_config('system', 'number_invites')); $invite_code = x($_POST, 'invite_code') ? notags(trim($_POST['invite_code'])) : ''; if ($using_invites && $invite_code) { q("delete * from register where hash = '%s'", dbesc($invite_code)); // @FIXME - this also needs to be considered when using 'invites_remaining' in mod/invite.php set_aconfig($result['account']['account_id'], 'system', 'invites_remaining', $num_invites); } if ($policy == REGISTER_OPEN) { if ($email_verify) { $res = verify_email_address($result); } else { $res = send_register_success_email($result['email'], $result['password']); } if ($res) { info(t('Registration successful. Please check your email for validation instructions.') . EOL); } } elseif ($policy == REGISTER_APPROVE) { $res = send_reg_approval_email($result); if ($res) { info(t('Your registration is pending approval by the site owner.') . EOL); } else { notice(t('Your registration can not be processed.') . EOL); } goaway(z_root()); } if ($email_verify) { goaway(z_root()); } authenticate_success($result['account'], null, true, false, true); $new_channel = false; $next_page = 'new_channel'; if (get_config('system', 'auto_channel_create') || UNO) { $new_channel = auto_channel_create($result['account']['account_id']); if ($new_channel['success']) { $channel_id = $new_channel['channel']['channel_id']; change_channel($channel_id); $next_page = '~'; } else { $new_channel = false; } } $x = get_config('system', 'workflow_register_next'); if ($x) { $next_page = $x; $_SESSION['workflow'] = true; } goaway(z_root() . '/' . $next_page); }
function account_approve($hash) { $ret = array('success' => false); // Note: when the password in the register table is 'verify', the uid actually contains the account_id $register = q("SELECT * FROM `register` WHERE `hash` = '%s' and password = '******' LIMIT 1", dbesc($hash)); if (!$register) { return $ret; } $account = q("SELECT * FROM account WHERE account_id = %d LIMIT 1", intval($register[0]['uid'])); if (!$account) { return $ret; } $r = q("DELETE FROM register WHERE hash = '%s' and password = '******'", dbesc($register[0]['hash'])); $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_BLOCKED), intval(ACCOUNT_BLOCKED), intval($register[0]['uid'])); $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_PENDING), intval(ACCOUNT_PENDING), intval($register[0]['uid'])); $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_UNVERIFIED), intval(ACCOUNT_UNVERIFIED), intval($register[0]['uid'])); // get a fresh copy after we've modified it. $account = q("SELECT * FROM account WHERE account_id = %d LIMIT 1", intval($register[0]['uid'])); if (!$account) { return $ret; } if (get_config('system', 'auto_channel_create') || get_config('system', 'server_role') === 'basic') { auto_channel_create($register[0]['uid']); } else { $_SESSION['login_return_url'] = 'new_channel'; authenticate_success($account[0], null, true, true, false, true); } // info( t('Account verified. Please login.') . EOL ); return true; }
function loginUser($uid) { logger("ZotOAuth1::loginUser {$uid}"); $r = q("SELECT * FROM channel WHERE channel_id = %d LIMIT 1", intval($uid)); if (count($r)) { $record = $r[0]; } else { logger('ZotOAuth1::loginUser failure: ' . print_r($_SERVER, true), LOGGER_DEBUG); header('HTTP/1.0 401 Unauthorized'); echo 'This api requires login'; killme(); } $_SESSION['uid'] = $record['channel_id']; $_SESSION['addr'] = $_SERVER['REMOTE_ADDR']; $x = q("select * from account where account_id = %d limit 1", intval($record['channel_account_id'])); if ($x) { require_once 'include/security.php'; authenticate_success($x[0], true, false, true, true); $_SESSION['allow_api'] = true; } }
/** * Simple HTTP Login */ function api_login(&$a) { // login with oauth try { $oauth = new FKOAuth1(); $req = OAuthRequest::from_request(); list($consumer, $token) = $oauth->verify_request($req); // list($consumer,$token) = $oauth->verify_request(OAuthRequest::from_request()); if (!is_null($token)) { $oauth->loginUser($token->uid); $a->set_oauth_key($consumer->key); call_hooks('logged_in', $a->user); return; } echo __FILE__ . __LINE__ . __FUNCTION__ . "<pre>"; // var_dump($consumer, $token); die; } catch (Exception $e) { logger(__FILE__ . __LINE__ . __FUNCTION__ . "\n" . $e); } // workaround for HTTP-auth in CGI mode if (x($_SERVER, 'REDIRECT_REMOTE_USER')) { $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)); if (strlen($userpass)) { list($name, $password) = explode(':', $userpass); $_SERVER['PHP_AUTH_USER'] = $name; $_SERVER['PHP_AUTH_PW'] = $password; } } if (x($_SERVER, 'HTTP_AUTHORIZATION')) { $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)); if (strlen($userpass)) { list($name, $password) = explode(':', $userpass); $_SERVER['PHP_AUTH_USER'] = $name; $_SERVER['PHP_AUTH_PW'] = $password; } } if (!isset($_SERVER['PHP_AUTH_USER'])) { logger('API_login: '******'WWW-Authenticate: Basic realm="Red"'); header('HTTP/1.0 401 Unauthorized'); die('This api requires login'); } // process normal login request require_once 'include/auth.php'; $channel_login = 0; $record = account_verify_password($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); if (!$record) { $r = q("select * from channel where channel_address = '%s' limit 1", dbesc($_SERVER['PHP_AUTH_USER'])); if ($r) { $x = q("select * from account where account_id = %d limit 1", intval($r[0]['channel_account_id'])); if ($x) { $record = account_verify_password($x[0]['account_email'], $_SERVER['PHP_AUTH_PW']); if ($record) { $channel_login = $r[0]['channel_id']; } } } if (!$record) { logger('API_login failure: ' . print_r($_SERVER, true), LOGGER_DEBUG); header('WWW-Authenticate: Basic realm="Red"'); header('HTTP/1.0 401 Unauthorized'); die('This api requires login'); } } require_once 'include/security.php'; authenticate_success($record); if ($channel_login) { change_channel($channel_login); } $_SESSION['allow_api'] = true; }
function register_post(&$a) { $max_dailies = intval(get_config('system', 'max_daily_registrations')); if ($max_dailies) { $r = q("select count(account_id) as total from account where account_created > UTC_TIMESTAMP() - INTERVAL 1 day"); if ($r && $r[0]['total'] >= $max_dailies) { notice(t('Maximum daily site registrations exceeded. Please try again tomorrow.') . EOL); return; } } if (!x($_POST, 'tos')) { notice(t('Please indicate acceptance of the Terms of Service. Registration failed.') . EOL); return; } $policy = get_config('system', 'register_policy'); $email_verify = get_config('system', 'verify_email'); switch ($policy) { case REGISTER_OPEN: $flags = ACCOUNT_OK; break; case REGISTER_APPROVE: $flags = ACCOUNT_BLOCKED | ACCOUNT_PENDING; break; default: case REGISTER_CLOSED: if (!is_site_admin()) { notice(t('Permission denied.') . EOL); return; } $flags = ACCOUNT_BLOCKED; break; } if ($email_verify && $policy == REGISTER_OPEN) { $flags = $flags | ACCOUNT_UNVERIFIED; } if (!$_POST['password'] || $_POST['password'] !== $_POST['password2']) { notice(t('Passwords do not match.') . EOL); return; } $arr = $_POST; $arr['account_flags'] = $flags; $result = create_account($arr); if (!$result['success']) { notice($result['message']); return; } require_once 'include/security.php'; $using_invites = intval(get_config('system', 'invitation_only')); $num_invites = intval(get_config('system', 'number_invites')); $invite_code = x($_POST, 'invite_code') ? notags(trim($_POST['invite_code'])) : ''; if ($using_invites && $invite_code) { q("delete * from register where hash = '%s' limit 1", dbesc($invite_code)); set_pconfig($result['account']['account_id'], 'system', 'invites_remaining', $num_invites); } if ($policy == REGISTER_OPEN) { if ($email_verify) { $res = verify_email_address($result); } else { $res = send_verification_email($result['email'], $result['password']); } if ($res) { info(t('Registration successful. Please check your email for validation instructions.') . EOL); } } elseif ($policy == REGISTER_APPROVE) { $res = send_reg_approval_email($result); if ($res) { info(t('Your registration is pending approval by the site owner.') . EOL); } else { notice(t('Your registration can not be processed.') . EOL); } goaway(z_root()); } if ($email_verify) { goaway(z_root()); } authenticate_success($result['account'], true, false, true); if (!strlen($next_page = get_config('system', 'workflow_register_next'))) { $next_page = 'new_channel'; } $_SESSION['workflow'] = true; goaway(z_root() . '/' . $next_page); }
// I read the lifetime value from session_get_cookie_params(), I always get '0' // (i.e. expire when the browser is closed), even when there's a time expiration // on the cookie if ($_POST['remember_me']) { $_SESSION['remember_me'] = 1; App::$session->new_cookie(31449600); // one year } else { $_SESSION['remember_me'] = 0; App::$session->new_cookie(0); // 0 means delete on browser exit } // if we haven't failed up this point, log them in. $_SESSION['last_login_date'] = datetime_convert(); if (!$atoken) { authenticate_success($account, $channel, true, true); } } } /** * @brief Returns the channel_id for a given openid_identity. * * Queries the values from pconfig configuration for the given openid_identity * and returns the corresponding channel_id. * * @fixme How do we prevent that an OpenID identity is used more than once? * * @param string $authid * The given openid_identity * @return int|bool * Return channel_id from pconfig or false.
function openid_content(&$a) { $noid = get_config('system', 'no_openid'); if ($noid) { goaway(z_root()); } if (x($_GET, 'openid_mode') && x($_SESSION, 'openid')) { $openid = new LightOpenID(); if ($openid->validate()) { if (x($_SESSION, 'register')) { unset($_SESSION['register']); $args = ''; $attr = $openid->getAttributes(); if (is_array($attr) && count($attr)) { foreach ($attr as $k => $v) { if ($k === 'namePerson/friendly') { $nick = notags(trim($v)); } if ($k === 'namePerson/first') { $first = notags(trim($v)); } if ($k === 'namePerson') { $args .= '&username='******'contact/email') { $args .= '&email=' . notags(trim($v)); } if ($k === 'media/image/aspect11') { $photosq = bin2hex(trim($v)); } if ($k === 'media/image/default') { $photo = bin2hex(trim($v)); } } } if ($nick) { $args .= '&nickname=' . $nick; } elseif ($first) { $args .= '&nickname=' . $first; } if ($photosq) { $args .= '&photo=' . $photosq; } elseif ($photo) { $args .= '&photo=' . $photo; } $args .= '&openid_url=' . notags(trim($_SESSION['openid'])); if ($a->config['register_policy'] != REGISTER_CLOSED) { goaway($a->get_baseurl() . '/register' . $args); } else { goaway(z_root()); } // NOTREACHED } $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` \n\t\t\t\tFROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", dbesc($_SESSION['openid'])); if (!count($r)) { notice(t('Login failed.') . EOL); goaway(z_root()); } unset($_SESSION['openid']); require_once 'include/security.php'; authenticate_success($r[0], true, true); // just in case there was no return url set // and we fell through goaway(z_root()); } } notice(t('Login failed.') . EOL); goaway(z_root()); // NOTREACHED }
function openid_content(&$a) { $noid = get_config('system', 'no_openid'); if ($noid) { goaway(z_root()); } logger('mod_openid ' . print_r($_REQUEST, true), LOGGER_DATA); if (x($_GET, 'openid_mode') && x($_SESSION, 'openid')) { $openid = new LightOpenID(); if ($openid->validate()) { $authid = normalise_openid($_REQUEST['openid_identity']); if (!strlen($authid)) { logger(t('OpenID protocol error. No ID returned.') . EOL); goaway(z_root()); } $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` \n\t\t\t\tFROM `user` WHERE `openid` = '%s' AND `blocked` = 0 \n\t\t\t\tAND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 LIMIT 1", dbesc($authid)); if ($r && count($r)) { // successful OpenID login unset($_SESSION['openid']); require_once 'include/security.php'; authenticate_success($r[0], true, true); // just in case there was no return url set // and we fell through goaway(z_root()); } // Successful OpenID login - but we can't match it to an existing account. // New registration? if ($a->config['register_policy'] == REGISTER_CLOSED) { notice(t('Account not found and OpenID registration is not permitted on this site.') . EOL); goaway(z_root()); } unset($_SESSION['register']); $args = ''; $attr = $openid->getAttributes(); if (is_array($attr) && count($attr)) { foreach ($attr as $k => $v) { if ($k === 'namePerson/friendly') { $nick = notags(trim($v)); } if ($k === 'namePerson/first') { $first = notags(trim($v)); } if ($k === 'namePerson') { $args .= '&username='******'contact/email') { $args .= '&email=' . notags(trim($v)); } if ($k === 'media/image/aspect11') { $photosq = bin2hex(trim($v)); } if ($k === 'media/image/default') { $photo = bin2hex(trim($v)); } } } if ($nick) { $args .= '&nickname=' . $nick; } elseif ($first) { $args .= '&nickname=' . $first; } if ($photosq) { $args .= '&photo=' . $photosq; } elseif ($photo) { $args .= '&photo=' . $photo; } $args .= '&openid_url=' . notags(trim($authid)); goaway($a->get_baseurl() . '/register' . $args); // NOTREACHED } } notice(t('Login failed.') . EOL); goaway(z_root()); // NOTREACHED }
function windowsphonepush_login() { if (!isset($_SERVER['PHP_AUTH_USER'])) { logger('API_login: '******'WWW-Authenticate: Basic realm="Friendica"'); header('HTTP/1.0 401 Unauthorized'); die('This api requires login'); } $user = $_SERVER['PHP_AUTH_USER']; $encrypted = hash('whirlpool', trim($_SERVER['PHP_AUTH_PW'])); // check if user specified by app is available in the user table $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' )\n\t AND `password` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 LIMIT 1", dbesc(trim($user)), dbesc(trim($user)), dbesc($encrypted)); if (count($r)) { $record = $r[0]; } else { logger('API_login failure: ' . print_r($_SERVER, true), LOGGER_DEBUG); header('WWW-Authenticate: Basic realm="Friendica"'); header('HTTP/1.0 401 Unauthorized'); die('This api requires login'); } require_once 'include/security.php'; authenticate_success($record); $_SESSION["allow_api"] = true; call_hooks('logged_in', $a->user); }