Example #1
2
/**
 * API Login via basic-auth or OAuth
 */
function api_login(&$a)
{
    $record = null;
    require_once 'include/oauth.php';
    // login with oauth
    try {
        $oauth = new ZotOAuth1();
        $req = OAuth1Request::from_request();
        list($consumer, $token) = $oauth->verify_request($req);
        if (!is_null($token)) {
            $oauth->loginUser($token->uid);
            App::set_oauth_key($consumer->key);
            call_hooks('logged_in', App::$user);
            return;
        }
        killme();
    } catch (Exception $e) {
        logger($e->getMessage());
    }
    // workarounds for HTTP-auth in CGI mode
    if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
        $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6));
        if (strlen($userpass)) {
            list($name, $password) = explode(':', $userpass);
            $_SERVER['PHP_AUTH_USER'] = $name;
            $_SERVER['PHP_AUTH_PW'] = $password;
        }
    }
    if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
        $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6));
        if (strlen($userpass)) {
            list($name, $password) = explode(':', $userpass);
            $_SERVER['PHP_AUTH_USER'] = $name;
            $_SERVER['PHP_AUTH_PW'] = $password;
        }
    }
    require_once 'include/auth.php';
    require_once 'include/security.php';
    // process normal login request
    if (isset($_SERVER['PHP_AUTH_USER'])) {
        $channel_login = 0;
        $record = account_verify_password($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
        if ($record && $record['channel']) {
            $channel_login = $record['channel']['channel_id'];
        }
    }
    if ($record['account']) {
        authenticate_success($record['account']);
        if ($channel_login) {
            change_channel($channel_login);
        }
        $_SESSION['allow_api'] = true;
        return true;
    } else {
        $_SERVER['PHP_AUTH_PW'] = '*****';
        logger('API_login failure: ' . print_r($_SERVER, true), LOGGER_DEBUG);
        log_failed_login('API login failure');
        retry_basic_auth();
    }
}
Example #2
0
function manage_post(&$a)
{
    if (!local_user()) {
        return;
    }
    $uid = local_user();
    $orig_record = $a->user;
    if (x($_SESSION, 'submanage') && intval($_SESSION['submanage'])) {
        $r = q("select * from user where uid = %d limit 1", intval($_SESSION['submanage']));
        if (count($r)) {
            $uid = intval($r[0]['uid']);
            $orig_record = $r[0];
        }
    }
    $r = q("select * from manage where uid = %d", intval($uid));
    $submanage = $r;
    $identity = x($_POST['identity']) ? intval($_POST['identity']) : 0;
    if (!$identity) {
        return;
    }
    $limited_id = 0;
    $original_id = $uid;
    if (count($submanage)) {
        foreach ($submanage as $m) {
            if ($identity == $m['mid']) {
                $limited_id = $m['mid'];
                break;
            }
        }
    }
    if ($limited_id) {
        $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", intval($limited_id));
    } else {
        $r = q("SELECT * FROM `user` WHERE `uid` = %d AND `email` = '%s' AND `password` = '%s' LIMIT 1", intval($identity), dbesc($orig_record['email']), dbesc($orig_record['password']));
    }
    if (!count($r)) {
        return;
    }
    unset($_SESSION['authenticated']);
    unset($_SESSION['uid']);
    unset($_SESSION['visitor_id']);
    unset($_SESSION['administrator']);
    unset($_SESSION['cid']);
    unset($_SESSION['theme']);
    unset($_SESSION['page_flags']);
    unset($_SESSION['return_url']);
    if (x($_SESSION, 'submanage')) {
        unset($_SESSION['submanage']);
    }
    require_once 'include/security.php';
    authenticate_success($r[0], true, true);
    if ($limited_id) {
        $_SESSION['submanage'] = $original_id;
    }
    goaway($a->get_baseurl(true) . '/profile/' . $a->user['nickname']);
    // NOTREACHED
}
Example #3
0
/**
 * Simple HTTP Login
 */
function api_login(&$a)
{
    // login with oauth
    try {
        $oauth = new FKOAuth1();
        list($consumer, $token) = $oauth->verify_request(OAuthRequest::from_request());
        if (!is_null($token)) {
            $oauth->loginUser($token->uid);
            call_hooks('logged_in', $a->user);
            return;
        }
        echo __FILE__ . __LINE__ . __FUNCTION__ . "<pre>";
        var_dump($consumer, $token);
        die;
    } catch (Exception $e) {
        logger(__FILE__ . __LINE__ . __FUNCTION__ . "\n" . $e);
        //die(__file__.__line__.__function__."<pre>".$e); die();
    }
    // workaround for HTTP-auth in CGI mode
    if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
        $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6));
        if (strlen($userpass)) {
            list($name, $password) = explode(':', $userpass);
            $_SERVER['PHP_AUTH_USER'] = $name;
            $_SERVER['PHP_AUTH_PW'] = $password;
        }
    }
    if (!isset($_SERVER['PHP_AUTH_USER'])) {
        logger('API_login: '******'WWW-Authenticate: Basic realm="Friendica"');
        header('HTTP/1.0 401 Unauthorized');
        die('This api requires login');
    }
    $user = $_SERVER['PHP_AUTH_USER'];
    $encrypted = hash('whirlpool', trim($_SERVER['PHP_AUTH_PW']));
    /**
     *  next code from mod/auth.php. needs better solution
     */
    // process normal login request
    $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) \n\t\t\tAND `password` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", dbesc(trim($user)), dbesc(trim($user)), dbesc($encrypted));
    if (count($r)) {
        $record = $r[0];
    } else {
        logger('API_login failure: ' . print_r($_SERVER, true), LOGGER_DEBUG);
        header('WWW-Authenticate: Basic realm="Friendika"');
        header('HTTP/1.0 401 Unauthorized');
        die('This api requires login');
    }
    require_once 'include/security.php';
    authenticate_success($record);
    call_hooks('logged_in', $a->user);
}
Example #4
0
File: auth.php Project: Mauru/red
        // to expire after one year (the default is when the browser is closed).
        // If the user did not specify to remember, change the cookie to expire when the
        // browser is closed. The reason this is necessary is because if the user
        // specifies to remember, then logs out and logs back in without specifying to
        // remember, the old "remember" cookie may remain and prevent the session from
        // expiring when the browser is closed.
        //
        // It seems like I should be able to test for the old cookie, but for some reason when
        // I read the lifetime value from session_get_cookie_params(), I always get '0'
        // (i.e. expire when the browser is closed), even when there's a time expiration
        // on the cookie
        if ($_POST['remember']) {
            new_cookie(31449600);
            // one year
        } else {
            new_cookie(0);
            // 0 means delete on browser exit
        }
        // if we haven't failed up this point, log them in.
        $_SESSION['last_login_date'] = datetime_convert();
        authenticate_success($record, true, true);
    }
}
function match_openid($authid)
{
    $r = q("select * from pconfig where cat = 'system' and k = 'openid' and v = '%s' limit 1", dbesc($authid));
    if ($r) {
        return $r[0]['uid'];
    }
    return false;
}
Example #5
0
 function get()
 {
     $noid = get_config('system', 'disable_openid');
     if ($noid) {
         goaway(z_root());
     }
     logger('mod_openid ' . print_r($_REQUEST, true), LOGGER_DATA);
     if (x($_REQUEST, 'openid_mode')) {
         $openid = new LightOpenID(z_root());
         if ($openid->validate()) {
             logger('openid: validate');
             $authid = normalise_openid($_REQUEST['openid_identity']);
             if (!strlen($authid)) {
                 logger(t('OpenID protocol error. No ID returned.') . EOL);
                 goaway(z_root());
             }
             $x = match_openid($authid);
             if ($x) {
                 $r = q("select * from channel where channel_id = %d limit 1", intval($x));
                 if ($r) {
                     $y = q("select * from account where account_id = %d limit 1", intval($r[0]['channel_account_id']));
                     if ($y) {
                         foreach ($y as $record) {
                             if ($record['account_flags'] == ACCOUNT_OK || $record['account_flags'] == ACCOUNT_UNVERIFIED) {
                                 logger('mod_openid: openid success for ' . $x[0]['channel_name']);
                                 $_SESSION['uid'] = $r[0]['channel_id'];
                                 $_SESSION['account_id'] = $r[0]['channel_account_id'];
                                 $_SESSION['authenticated'] = true;
                                 authenticate_success($record, $r[0], true, true, true, true);
                                 goaway(z_root());
                             }
                         }
                     }
                 }
             }
             // Successful OpenID login - but we can't match it to an existing account.
             // See if they've got an xchan
             $r = q("select * from xconfig left join xchan on xchan_hash = xconfig.xchan where cat = 'system' and k = 'openid' and v = '%s' limit 1", dbesc($authid));
             if ($r) {
                 $_SESSION['authenticated'] = 1;
                 $_SESSION['visitor_id'] = $r[0]['xchan_hash'];
                 $_SESSION['my_url'] = $r[0]['xchan_url'];
                 $_SESSION['my_address'] = $r[0]['xchan_addr'];
                 $arr = array('xchan' => $r[0], 'session' => $_SESSION);
                 call_hooks('magic_auth_openid_success', $arr);
                 \App::set_observer($r[0]);
                 require_once 'include/security.php';
                 \App::set_groups(init_groups_visitor($_SESSION['visitor_id']));
                 info(sprintf(t('Welcome %s. Remote authentication successful.'), $r[0]['xchan_name']));
                 logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']);
                 if ($_SESSION['return_url']) {
                     goaway($_SESSION['return_url']);
                 }
                 goaway(z_root());
             }
             // no xchan...
             // create one.
             // We should probably probe the openid url and figure out if they have any kind of
             // social presence we might be able to scrape some identifying info from.
             $name = $authid;
             $url = trim($_REQUEST['openid_identity'], '/');
             if (strpos($url, 'http') === false) {
                 $url = 'https://' . $url;
             }
             $pphoto = z_root() . '/' . get_default_profile_photo();
             $parsed = @parse_url($url);
             if ($parsed) {
                 $host = $parsed['host'];
             }
             $attr = $openid->getAttributes();
             if (is_array($attr) && count($attr)) {
                 foreach ($attr as $k => $v) {
                     if ($k === 'namePerson/friendly') {
                         $nick = notags(trim($v));
                     }
                     if ($k === 'namePerson/first') {
                         $first = notags(trim($v));
                     }
                     if ($k === 'namePerson') {
                         $name = notags(trim($v));
                     }
                     if ($k === 'contact/email') {
                         $addr = notags(trim($v));
                     }
                     if ($k === 'media/image/aspect11') {
                         $photosq = trim($v);
                     }
                     if ($k === 'media/image/default') {
                         $photo_other = trim($v);
                     }
                 }
             }
             if (!$nick) {
                 if ($first) {
                     $nick = $first;
                 } else {
                     $nick = $name;
                 }
             }
             require_once 'library/urlify/URLify.php';
             $x = strtolower(\URLify::transliterate($nick));
             if ($nick & $host) {
                 $addr = $nick . '@' . $host;
             }
             $network = 'unknown';
             if ($photosq) {
                 $pphoto = $photosq;
             } elseif ($photo_other) {
                 $pphoto = $photo_other;
             }
             $mimetype = guess_image_type($pphoto);
             $x = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_mimetype,\n\t                xchan_photo_l, xchan_addr, xchan_url, xchan_connurl, xchan_follow, xchan_connpage, xchan_name, xchan_network, xchan_photo_date, \n\t\t\t\t\txchan_name_date, xchan_hidden)\n\t                values ( '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 1) ", dbesc($url), dbesc(''), dbesc(''), dbesc(''), dbesc($mimetype), dbesc($pphoto), dbesc($addr), dbesc($url), dbesc(''), dbesc(''), dbesc(''), dbesc($name), dbesc($network), dbesc(datetime_convert()), dbesc(datetime_convert()));
             if ($x) {
                 $r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($url));
                 if ($r) {
                     $photos = import_xchan_photo($pphoto, $url);
                     if ($photos) {
                         $z = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', \n\t\t\t\t\t\t\t\txchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", dbesc(datetime_convert()), dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), dbesc($photos[3]), dbesc($url));
                     }
                     set_xconfig($url, 'system', 'openid', $authid);
                     $_SESSION['authenticated'] = 1;
                     $_SESSION['visitor_id'] = $r[0]['xchan_hash'];
                     $_SESSION['my_url'] = $r[0]['xchan_url'];
                     $_SESSION['my_address'] = $r[0]['xchan_addr'];
                     $arr = array('xchan' => $r[0], 'session' => $_SESSION);
                     call_hooks('magic_auth_openid_success', $arr);
                     \App::set_observer($r[0]);
                     info(sprintf(t('Welcome %s. Remote authentication successful.'), $r[0]['xchan_name']));
                     logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']);
                     if ($_SESSION['return_url']) {
                         goaway($_SESSION['return_url']);
                     }
                     goaway(z_root());
                 }
             }
         }
     }
     notice(t('Login failed.') . EOL);
     goaway(z_root());
     // NOTREACHED
 }
Example #6
0
/**
 * Simple HTTP Login
 */
function api_login(&$a)
{
    // login with oauth
    try {
        $oauth = new FKOAuth1();
        list($consumer, $token) = $oauth->verify_request(OAuthRequest::from_request());
        if (!is_null($token)) {
            $oauth->loginUser($token->uid);
            call_hooks('logged_in', $a->user);
            return;
        }
        echo __FILE__ . __LINE__ . __FUNCTION__ . "<pre>";
        var_dump($consumer, $token);
        die;
    } catch (Exception $e) {
        logger(__FILE__ . __LINE__ . __FUNCTION__ . "\n" . $e);
        //die(__file__.__line__.__function__."<pre>".$e); die();
    }
    // workaround for HTTP-auth in CGI mode
    if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
        $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6));
        if (strlen($userpass)) {
            list($name, $password) = explode(':', $userpass);
            $_SERVER['PHP_AUTH_USER'] = $name;
            $_SERVER['PHP_AUTH_PW'] = $password;
        }
    }
    if (!isset($_SERVER['PHP_AUTH_USER'])) {
        logger('API_login: '******'WWW-Authenticate: Basic realm="Friendica"');
        header('HTTP/1.0 401 Unauthorized');
        die(api_error($a, 'json', "This api requires login"));
        //die('This api requires login');
    }
    $user = $_SERVER['PHP_AUTH_USER'];
    $password = $_SERVER['PHP_AUTH_PW'];
    $encrypted = hash('whirlpool', trim($password));
    // allow "user@server" login (but ignore 'server' part)
    $at = strstr($user, "@", true);
    if ($at) {
        $user = $at;
    }
    /**
     *  next code from mod/auth.php. needs better solution
     */
    $record = null;
    $addon_auth = array('username' => trim($user), 'password' => trim($password), 'authenticated' => 0, 'user_record' => null);
    /**
     *
     * A plugin indicates successful login by setting 'authenticated' to non-zero value and returning a user record
     * Plugins should never set 'authenticated' except to indicate success - as hooks may be chained
     * and later plugins should not interfere with an earlier one that succeeded.
     *
     */
    call_hooks('authenticate', $addon_auth);
    if ($addon_auth['authenticated'] && count($addon_auth['user_record'])) {
        $record = $addon_auth['user_record'];
    } else {
        // process normal login request
        $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' )\n\t\t\t\tAND `password` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 LIMIT 1", dbesc(trim($user)), dbesc(trim($user)), dbesc($encrypted));
        if (count($r)) {
            $record = $r[0];
        }
    }
    if (!$record || !count($record)) {
        logger('API_login failure: ' . print_r($_SERVER, true), LOGGER_DEBUG);
        header('WWW-Authenticate: Basic realm="Friendica"');
        header('HTTP/1.0 401 Unauthorized');
        die('This api requires login');
    }
    authenticate_success($record);
    $_SESSION["allow_api"] = true;
    call_hooks('logged_in', $a->user);
}
Example #7
0
 function post()
 {
     $max_dailies = intval(get_config('system', 'max_daily_registrations'));
     if ($max_dailies) {
         $r = q("select count(account_id) as total from account where account_created > %s - INTERVAL %s", db_utcnow(), db_quoteinterval('1 day'));
         if ($r && $r[0]['total'] >= $max_dailies) {
             notice(t('Maximum daily site registrations exceeded. Please try again tomorrow.') . EOL);
             return;
         }
     }
     if (!x($_POST, 'tos')) {
         notice(t('Please indicate acceptance of the Terms of Service. Registration failed.') . EOL);
         return;
     }
     $policy = get_config('system', 'register_policy');
     $email_verify = get_config('system', 'verify_email');
     switch ($policy) {
         case REGISTER_OPEN:
             $flags = ACCOUNT_OK;
             break;
         case REGISTER_APPROVE:
             $flags = ACCOUNT_BLOCKED | ACCOUNT_PENDING;
             break;
         default:
         case REGISTER_CLOSED:
             if (!is_site_admin()) {
                 notice(t('Permission denied.') . EOL);
                 return;
             }
             $flags = ACCOUNT_BLOCKED;
             break;
     }
     if ($email_verify && $policy == REGISTER_OPEN) {
         $flags = $flags | ACCOUNT_UNVERIFIED;
     }
     if (!$_POST['password'] || $_POST['password'] !== $_POST['password2']) {
         notice(t('Passwords do not match.') . EOL);
         return;
     }
     $arr = $_POST;
     $arr['account_flags'] = $flags;
     $result = create_account($arr);
     if (!$result['success']) {
         notice($result['message']);
         return;
     }
     require_once 'include/security.php';
     if ($_REQUEST['name']) {
         set_aconfig($result['account']['account_id'], 'register', 'channel_name', $_REQUEST['name']);
     }
     if ($_REQUEST['nickname']) {
         set_aconfig($result['account']['account_id'], 'register', 'channel_address', $_REQUEST['nickname']);
     }
     if ($_REQUEST['permissions_role']) {
         set_aconfig($result['account']['account_id'], 'register', 'permissions_role', $_REQUEST['permissions_role']);
     }
     $using_invites = intval(get_config('system', 'invitation_only'));
     $num_invites = intval(get_config('system', 'number_invites'));
     $invite_code = x($_POST, 'invite_code') ? notags(trim($_POST['invite_code'])) : '';
     if ($using_invites && $invite_code) {
         q("delete * from register where hash = '%s'", dbesc($invite_code));
         // @FIXME - this also needs to be considered when using 'invites_remaining' in mod/invite.php
         set_aconfig($result['account']['account_id'], 'system', 'invites_remaining', $num_invites);
     }
     if ($policy == REGISTER_OPEN) {
         if ($email_verify) {
             $res = verify_email_address($result);
         } else {
             $res = send_register_success_email($result['email'], $result['password']);
         }
         if ($res) {
             info(t('Registration successful. Please check your email for validation instructions.') . EOL);
         }
     } elseif ($policy == REGISTER_APPROVE) {
         $res = send_reg_approval_email($result);
         if ($res) {
             info(t('Your registration is pending approval by the site owner.') . EOL);
         } else {
             notice(t('Your registration can not be processed.') . EOL);
         }
         goaway(z_root());
     }
     if ($email_verify) {
         goaway(z_root());
     }
     authenticate_success($result['account'], null, true, false, true);
     $new_channel = false;
     $next_page = 'new_channel';
     if (get_config('system', 'auto_channel_create') || UNO) {
         $new_channel = auto_channel_create($result['account']['account_id']);
         if ($new_channel['success']) {
             $channel_id = $new_channel['channel']['channel_id'];
             change_channel($channel_id);
             $next_page = '~';
         } else {
             $new_channel = false;
         }
     }
     $x = get_config('system', 'workflow_register_next');
     if ($x) {
         $next_page = $x;
         $_SESSION['workflow'] = true;
     }
     goaway(z_root() . '/' . $next_page);
 }
Example #8
0
function account_approve($hash)
{
    $ret = array('success' => false);
    // Note: when the password in the register table is 'verify', the uid actually contains the account_id
    $register = q("SELECT * FROM `register` WHERE `hash` = '%s' and password = '******' LIMIT 1", dbesc($hash));
    if (!$register) {
        return $ret;
    }
    $account = q("SELECT * FROM account WHERE account_id = %d LIMIT 1", intval($register[0]['uid']));
    if (!$account) {
        return $ret;
    }
    $r = q("DELETE FROM register WHERE hash = '%s' and password = '******'", dbesc($register[0]['hash']));
    $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_BLOCKED), intval(ACCOUNT_BLOCKED), intval($register[0]['uid']));
    $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_PENDING), intval(ACCOUNT_PENDING), intval($register[0]['uid']));
    $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_UNVERIFIED), intval(ACCOUNT_UNVERIFIED), intval($register[0]['uid']));
    // get a fresh copy after we've modified it.
    $account = q("SELECT * FROM account WHERE account_id = %d LIMIT 1", intval($register[0]['uid']));
    if (!$account) {
        return $ret;
    }
    if (get_config('system', 'auto_channel_create') || get_config('system', 'server_role') === 'basic') {
        auto_channel_create($register[0]['uid']);
    } else {
        $_SESSION['login_return_url'] = 'new_channel';
        authenticate_success($account[0], null, true, true, false, true);
    }
    // info( t('Account verified. Please login.') . EOL );
    return true;
}
Example #9
0
 function loginUser($uid)
 {
     logger("ZotOAuth1::loginUser {$uid}");
     $r = q("SELECT * FROM channel WHERE channel_id = %d LIMIT 1", intval($uid));
     if (count($r)) {
         $record = $r[0];
     } else {
         logger('ZotOAuth1::loginUser failure: ' . print_r($_SERVER, true), LOGGER_DEBUG);
         header('HTTP/1.0 401 Unauthorized');
         echo 'This api requires login';
         killme();
     }
     $_SESSION['uid'] = $record['channel_id'];
     $_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
     $x = q("select * from account where account_id = %d limit 1", intval($record['channel_account_id']));
     if ($x) {
         require_once 'include/security.php';
         authenticate_success($x[0], true, false, true, true);
         $_SESSION['allow_api'] = true;
     }
 }
Example #10
0
/**
 * Simple HTTP Login
 */
function api_login(&$a)
{
    // login with oauth
    try {
        $oauth = new FKOAuth1();
        $req = OAuthRequest::from_request();
        list($consumer, $token) = $oauth->verify_request($req);
        //			list($consumer,$token) = $oauth->verify_request(OAuthRequest::from_request());
        if (!is_null($token)) {
            $oauth->loginUser($token->uid);
            $a->set_oauth_key($consumer->key);
            call_hooks('logged_in', $a->user);
            return;
        }
        echo __FILE__ . __LINE__ . __FUNCTION__ . "<pre>";
        //			var_dump($consumer, $token);
        die;
    } catch (Exception $e) {
        logger(__FILE__ . __LINE__ . __FUNCTION__ . "\n" . $e);
    }
    // workaround for HTTP-auth in CGI mode
    if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
        $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6));
        if (strlen($userpass)) {
            list($name, $password) = explode(':', $userpass);
            $_SERVER['PHP_AUTH_USER'] = $name;
            $_SERVER['PHP_AUTH_PW'] = $password;
        }
    }
    if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
        $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6));
        if (strlen($userpass)) {
            list($name, $password) = explode(':', $userpass);
            $_SERVER['PHP_AUTH_USER'] = $name;
            $_SERVER['PHP_AUTH_PW'] = $password;
        }
    }
    if (!isset($_SERVER['PHP_AUTH_USER'])) {
        logger('API_login: '******'WWW-Authenticate: Basic realm="Red"');
        header('HTTP/1.0 401 Unauthorized');
        die('This api requires login');
    }
    // process normal login request
    require_once 'include/auth.php';
    $channel_login = 0;
    $record = account_verify_password($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
    if (!$record) {
        $r = q("select * from channel where channel_address = '%s' limit 1", dbesc($_SERVER['PHP_AUTH_USER']));
        if ($r) {
            $x = q("select * from account where account_id = %d limit 1", intval($r[0]['channel_account_id']));
            if ($x) {
                $record = account_verify_password($x[0]['account_email'], $_SERVER['PHP_AUTH_PW']);
                if ($record) {
                    $channel_login = $r[0]['channel_id'];
                }
            }
        }
        if (!$record) {
            logger('API_login failure: ' . print_r($_SERVER, true), LOGGER_DEBUG);
            header('WWW-Authenticate: Basic realm="Red"');
            header('HTTP/1.0 401 Unauthorized');
            die('This api requires login');
        }
    }
    require_once 'include/security.php';
    authenticate_success($record);
    if ($channel_login) {
        change_channel($channel_login);
    }
    $_SESSION['allow_api'] = true;
}
Example #11
0
function register_post(&$a)
{
    $max_dailies = intval(get_config('system', 'max_daily_registrations'));
    if ($max_dailies) {
        $r = q("select count(account_id) as total from account where account_created > UTC_TIMESTAMP() - INTERVAL 1 day");
        if ($r && $r[0]['total'] >= $max_dailies) {
            notice(t('Maximum daily site registrations exceeded. Please try again tomorrow.') . EOL);
            return;
        }
    }
    if (!x($_POST, 'tos')) {
        notice(t('Please indicate acceptance of the Terms of Service. Registration failed.') . EOL);
        return;
    }
    $policy = get_config('system', 'register_policy');
    $email_verify = get_config('system', 'verify_email');
    switch ($policy) {
        case REGISTER_OPEN:
            $flags = ACCOUNT_OK;
            break;
        case REGISTER_APPROVE:
            $flags = ACCOUNT_BLOCKED | ACCOUNT_PENDING;
            break;
        default:
        case REGISTER_CLOSED:
            if (!is_site_admin()) {
                notice(t('Permission denied.') . EOL);
                return;
            }
            $flags = ACCOUNT_BLOCKED;
            break;
    }
    if ($email_verify && $policy == REGISTER_OPEN) {
        $flags = $flags | ACCOUNT_UNVERIFIED;
    }
    if (!$_POST['password'] || $_POST['password'] !== $_POST['password2']) {
        notice(t('Passwords do not match.') . EOL);
        return;
    }
    $arr = $_POST;
    $arr['account_flags'] = $flags;
    $result = create_account($arr);
    if (!$result['success']) {
        notice($result['message']);
        return;
    }
    require_once 'include/security.php';
    $using_invites = intval(get_config('system', 'invitation_only'));
    $num_invites = intval(get_config('system', 'number_invites'));
    $invite_code = x($_POST, 'invite_code') ? notags(trim($_POST['invite_code'])) : '';
    if ($using_invites && $invite_code) {
        q("delete * from register where hash = '%s' limit 1", dbesc($invite_code));
        set_pconfig($result['account']['account_id'], 'system', 'invites_remaining', $num_invites);
    }
    if ($policy == REGISTER_OPEN) {
        if ($email_verify) {
            $res = verify_email_address($result);
        } else {
            $res = send_verification_email($result['email'], $result['password']);
        }
        if ($res) {
            info(t('Registration successful. Please check your email for validation instructions.') . EOL);
        }
    } elseif ($policy == REGISTER_APPROVE) {
        $res = send_reg_approval_email($result);
        if ($res) {
            info(t('Your registration is pending approval by the site owner.') . EOL);
        } else {
            notice(t('Your registration can not be processed.') . EOL);
        }
        goaway(z_root());
    }
    if ($email_verify) {
        goaway(z_root());
    }
    authenticate_success($result['account'], true, false, true);
    if (!strlen($next_page = get_config('system', 'workflow_register_next'))) {
        $next_page = 'new_channel';
    }
    $_SESSION['workflow'] = true;
    goaway(z_root() . '/' . $next_page);
}
Example #12
0
        // I read the lifetime value from session_get_cookie_params(), I always get '0'
        // (i.e. expire when the browser is closed), even when there's a time expiration
        // on the cookie
        if ($_POST['remember_me']) {
            $_SESSION['remember_me'] = 1;
            App::$session->new_cookie(31449600);
            // one year
        } else {
            $_SESSION['remember_me'] = 0;
            App::$session->new_cookie(0);
            // 0 means delete on browser exit
        }
        // if we haven't failed up this point, log them in.
        $_SESSION['last_login_date'] = datetime_convert();
        if (!$atoken) {
            authenticate_success($account, $channel, true, true);
        }
    }
}
/**
 * @brief Returns the channel_id for a given openid_identity.
 *
 * Queries the values from pconfig configuration for the given openid_identity
 * and returns the corresponding channel_id.
 *
 * @fixme How do we prevent that an OpenID identity is used more than once?
 * 
 * @param string $authid
 *  The given openid_identity
 * @return int|bool
 *  Return channel_id from pconfig or false.
Example #13
0
function openid_content(&$a)
{
    $noid = get_config('system', 'no_openid');
    if ($noid) {
        goaway(z_root());
    }
    if (x($_GET, 'openid_mode') && x($_SESSION, 'openid')) {
        $openid = new LightOpenID();
        if ($openid->validate()) {
            if (x($_SESSION, 'register')) {
                unset($_SESSION['register']);
                $args = '';
                $attr = $openid->getAttributes();
                if (is_array($attr) && count($attr)) {
                    foreach ($attr as $k => $v) {
                        if ($k === 'namePerson/friendly') {
                            $nick = notags(trim($v));
                        }
                        if ($k === 'namePerson/first') {
                            $first = notags(trim($v));
                        }
                        if ($k === 'namePerson') {
                            $args .= '&username='******'contact/email') {
                            $args .= '&email=' . notags(trim($v));
                        }
                        if ($k === 'media/image/aspect11') {
                            $photosq = bin2hex(trim($v));
                        }
                        if ($k === 'media/image/default') {
                            $photo = bin2hex(trim($v));
                        }
                    }
                }
                if ($nick) {
                    $args .= '&nickname=' . $nick;
                } elseif ($first) {
                    $args .= '&nickname=' . $first;
                }
                if ($photosq) {
                    $args .= '&photo=' . $photosq;
                } elseif ($photo) {
                    $args .= '&photo=' . $photo;
                }
                $args .= '&openid_url=' . notags(trim($_SESSION['openid']));
                if ($a->config['register_policy'] != REGISTER_CLOSED) {
                    goaway($a->get_baseurl() . '/register' . $args);
                } else {
                    goaway(z_root());
                }
                // NOTREACHED
            }
            $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` \n\t\t\t\tFROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", dbesc($_SESSION['openid']));
            if (!count($r)) {
                notice(t('Login failed.') . EOL);
                goaway(z_root());
            }
            unset($_SESSION['openid']);
            require_once 'include/security.php';
            authenticate_success($r[0], true, true);
            // just in case there was no return url set
            // and we fell through
            goaway(z_root());
        }
    }
    notice(t('Login failed.') . EOL);
    goaway(z_root());
    // NOTREACHED
}
Example #14
0
function openid_content(&$a)
{
    $noid = get_config('system', 'no_openid');
    if ($noid) {
        goaway(z_root());
    }
    logger('mod_openid ' . print_r($_REQUEST, true), LOGGER_DATA);
    if (x($_GET, 'openid_mode') && x($_SESSION, 'openid')) {
        $openid = new LightOpenID();
        if ($openid->validate()) {
            $authid = normalise_openid($_REQUEST['openid_identity']);
            if (!strlen($authid)) {
                logger(t('OpenID protocol error. No ID returned.') . EOL);
                goaway(z_root());
            }
            $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` \n\t\t\t\tFROM `user` WHERE `openid` = '%s' AND `blocked` = 0 \n\t\t\t\tAND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 LIMIT 1", dbesc($authid));
            if ($r && count($r)) {
                // successful OpenID login
                unset($_SESSION['openid']);
                require_once 'include/security.php';
                authenticate_success($r[0], true, true);
                // just in case there was no return url set
                // and we fell through
                goaway(z_root());
            }
            // Successful OpenID login - but we can't match it to an existing account.
            // New registration?
            if ($a->config['register_policy'] == REGISTER_CLOSED) {
                notice(t('Account not found and OpenID registration is not permitted on this site.') . EOL);
                goaway(z_root());
            }
            unset($_SESSION['register']);
            $args = '';
            $attr = $openid->getAttributes();
            if (is_array($attr) && count($attr)) {
                foreach ($attr as $k => $v) {
                    if ($k === 'namePerson/friendly') {
                        $nick = notags(trim($v));
                    }
                    if ($k === 'namePerson/first') {
                        $first = notags(trim($v));
                    }
                    if ($k === 'namePerson') {
                        $args .= '&username='******'contact/email') {
                        $args .= '&email=' . notags(trim($v));
                    }
                    if ($k === 'media/image/aspect11') {
                        $photosq = bin2hex(trim($v));
                    }
                    if ($k === 'media/image/default') {
                        $photo = bin2hex(trim($v));
                    }
                }
            }
            if ($nick) {
                $args .= '&nickname=' . $nick;
            } elseif ($first) {
                $args .= '&nickname=' . $first;
            }
            if ($photosq) {
                $args .= '&photo=' . $photosq;
            } elseif ($photo) {
                $args .= '&photo=' . $photo;
            }
            $args .= '&openid_url=' . notags(trim($authid));
            goaway($a->get_baseurl() . '/register' . $args);
            // NOTREACHED
        }
    }
    notice(t('Login failed.') . EOL);
    goaway(z_root());
    // NOTREACHED
}
function windowsphonepush_login()
{
    if (!isset($_SERVER['PHP_AUTH_USER'])) {
        logger('API_login: '******'WWW-Authenticate: Basic realm="Friendica"');
        header('HTTP/1.0 401 Unauthorized');
        die('This api requires login');
    }
    $user = $_SERVER['PHP_AUTH_USER'];
    $encrypted = hash('whirlpool', trim($_SERVER['PHP_AUTH_PW']));
    // check if user specified by app is available in the user table
    $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' )\n\t    AND `password` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 LIMIT 1", dbesc(trim($user)), dbesc(trim($user)), dbesc($encrypted));
    if (count($r)) {
        $record = $r[0];
    } else {
        logger('API_login failure: ' . print_r($_SERVER, true), LOGGER_DEBUG);
        header('WWW-Authenticate: Basic realm="Friendica"');
        header('HTTP/1.0 401 Unauthorized');
        die('This api requires login');
    }
    require_once 'include/security.php';
    authenticate_success($record);
    $_SESSION["allow_api"] = true;
    call_hooks('logged_in', $a->user);
}