Example #1
0
/**
 * @param mysqli $db
 * @param string $user
 * @param string $requestip
 * @param int $keyid
 * @return string;
 */
function getauthtoken($db, $user, $requestip, $keyid = NULL)
{
    $epoch = time();
    cleanTokens($db, $epoch);
    $token = str_replace("=", "", base64_encode(openssl_random_pseudo_bytes(32)));
    $token = str_replace("+", "-", str_replace("/", "_", $token));
    if ($stmt = $db->prepare('INSERT INTO tokens (`user`, `ip`, `keyid`, `token`, `epoch`) VALUES (?,?,?,?,?)')) {
        $stmt->bind_param("ssisi", $user, $requestip, $keyid, $token, $epoch);
        if ($stmt->execute()) {
            $db->commit();
            $stmt->close();
            return $token;
        } else {
            $db->rollback();
        }
    }
    $stmt->close();
    $db->close();
    handleError("Could not get auth token: " . $stmt->error);
    return NULL;
}
Example #2
0
/**
 * Quickly find out what moderation authority this user has
 * - builds the moderator, group and board level querys for the user
 * - stores the information on the current users moderation powers in $user_info['mod_cache'] and $_SESSION['mc']
 */
function rebuildModCache()
{
    global $user_info, $smcFunc;
    // What groups can they moderate?
    $group_query = allowedTo('manage_membergroups') ? '1=1' : '0=1';
    if ($group_query == '0=1') {
        $request = $smcFunc['db_query']('', '
			SELECT id_group
			FROM {db_prefix}group_moderators
			WHERE id_member = {int:current_member}', array('current_member' => $user_info['id']));
        $groups = array();
        while ($row = $smcFunc['db_fetch_assoc']($request)) {
            $groups[] = $row['id_group'];
        }
        $smcFunc['db_free_result']($request);
        if (empty($groups)) {
            $group_query = '0=1';
        } else {
            $group_query = 'id_group IN (' . implode(',', $groups) . ')';
        }
    }
    // Then, same again, just the boards this time!
    $board_query = allowedTo('moderate_forum') ? '1=1' : '0=1';
    if ($board_query == '0=1') {
        $boards = boardsAllowedTo('moderate_board', true);
        if (empty($boards)) {
            $board_query = '0=1';
        } else {
            $board_query = 'id_board IN (' . implode(',', $boards) . ')';
        }
    }
    // What boards are they the moderator of?
    $boards_mod = array();
    if (!$user_info['is_guest']) {
        $request = $smcFunc['db_query']('', '
			SELECT id_board
			FROM {db_prefix}moderators
			WHERE id_member = {int:current_member}', array('current_member' => $user_info['id']));
        while ($row = $smcFunc['db_fetch_assoc']($request)) {
            $boards_mod[] = $row['id_board'];
        }
        $smcFunc['db_free_result']($request);
    }
    $mod_query = empty($boards_mod) ? '0=1' : 'b.id_board IN (' . implode(',', $boards_mod) . ')';
    $_SESSION['mc'] = array('time' => time(), 'id' => $user_info['id'] && $user_info['name'] ? $user_info['id'] : 0, 'gq' => $group_query, 'bq' => $board_query, 'ap' => boardsAllowedTo('approve_posts'), 'mb' => $boards_mod, 'mq' => $mod_query);
    call_integration_hook('integrate_mod_cache');
    $user_info['mod_cache'] = $_SESSION['mc'];
    // Might as well clean up some tokens while we are at it.
    cleanTokens();
}
Example #3
0
     }
 } else {
     $host = 'darwin.bournemouth.ac.uk';
     $secure = TRUE;
 }
 // Actually unset the cookie
 setrawcookie($DARWINCOOKIENAME, '', $cookieexpire, '/', $host, $secure);
 if (isset($authtoken)) {
     $db = getAuthDb();
     $requestip = $_SERVER["REMOTE_ADDR"];
     $stmt = checkPrepare($db, 'DELETE FROM `tokens` WHERE `ip`=? AND `token`=?');
     checkBindParam($db, $stmt, "ss", $requestip, $authtoken);
     checkExecute($db, $stmt);
     $stmt->close();
     $db->commit();
     cleanTokens($db);
     $db->close();
 }
 // Whatever happens set the user for the rest of the page to null.
 setDarwinUser(NULL);
 if (isset($_REQUEST['redirect'])) {
     header('Location: ' . $_REQUEST['redirect']);
     exit;
     // Finished
 } else {
     if ($htmloutput) {
         showSuccessScreen();
     } else {
         echo "logout:{$user}";
     }
 }
Example #4
0
 /**
  * This ends a admin session, requiring authentication to access the ACP again.
  */
 public function action_endsession()
 {
     // This is so easy!
     unset($_SESSION['admin_time']);
     // Clean any admin tokens as well.
     cleanTokens(false, '-admin');
     if (isset($_GET['redir']) && isset($_SERVER['HTTP_REFERER'])) {
         redirectexit($_SERVER['HTTP_REFERER']);
     } else {
         redirectexit();
     }
 }
 /**
  * This ends a moderator session, requiring authentication to access the MCP again.
  */
 public function action_modEndSession()
 {
     // This is so easy!
     unset($_SESSION['moderate_time']);
     // Clean any moderator tokens as well.
     cleanTokens(false, '-mod');
     redirectexit('action=moderate');
 }
Example #6
0
    } else {
        $host = 'darwin.bournemouth.ac.uk';
        $secure = TRUE;
    }
    setrawcookie($DARWINCOOKIENAME, $authtoken, $cookieexpire, '/', $host, $secure);
    error_log(__FILE__ . ": Cookie set.");
    if (isset($_REQUEST['redirect'])) {
        error_log(__FILE__ . ": redirecting");
        header('Location: ' . $_REQUEST['redirect']);
        echo "Redirect!\n";
    } else {
        if ($htmloutput) {
            error_log(__FILE__ . ": Showing success screen");
            showSuccessScreen($_REQUEST['newuser']);
        } else {
            error_log(__FILE__ . ": Setting success");
            echo "login:"******"\n";
            for ($x = 0; $x < 0; $x++) {
                echo "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n";
            }
        }
    }
    error_log(__FILE__ . ": Cleaning tokens");
    $epoch = time();
    cleanTokens($db, $epoch);
    error_log(__FILE__ . ": Closing database");
    $db->close();
} else {
    error_log("Could not get database connection");
    handleError("Could not connect to the database");
}
Example #7
0
/**
 * Only patrons with valid tokens can ride this ride.
 *
 * @param string $action
 * @param string $type = 'post' (get, request, or post)
 * @param bool $reset = true
 * @param bool $fatal if true a fatal_lang_error is issued for invalid tokens, otherwise false is returned
 * @return boolean except for $action == 'login' where the token is returned
 */
function validateToken($action, $type = 'post', $reset = true, $fatal = true)
{
    $type = $type == 'get' || $type == 'request' ? $type : 'post';
    $token_index = $type . '-' . $action;
    // Logins are special: the token is used to has the password with javascript before POST it
    if ($action == 'login') {
        if (isset($_SESSION['token'][$token_index])) {
            $return = $_SESSION['token'][$token_index][3];
            unset($_SESSION['token'][$token_index]);
            return $return;
        } else {
            return '';
        }
    }
    // This nasty piece of code validates a token.
    // 1. The token exists in session.
    // 2. The {$type} variable should exist.
    // 3. We concatenate the variable we received with the user agent
    // 4. Match that result against what is in the session.
    // 5. If it matches, success, otherwise we fallout.
    // we use user agent
    $req = request();
    if (isset($_SESSION['token'][$token_index], $GLOBALS['_' . strtoupper($type)][$_SESSION['token'][$token_index][0]]) && md5($GLOBALS['_' . strtoupper($type)][$_SESSION['token'][$token_index][0]] . $req->user_agent()) === $_SESSION['token'][$token_index][1]) {
        // Invalidate this token now.
        unset($_SESSION['token'][$token_index]);
        return true;
    }
    // Patrons with invalid tokens get the boot.
    if ($reset) {
        // Might as well do some cleanup on this.
        cleanTokens();
        // I'm back baby.
        createToken($action, $type);
        if ($fatal) {
            fatal_lang_error('token_verify_fail', false);
        } else {
            return false;
        }
    } else {
        unset($_SESSION['token'][$token_index]);
    }
    // Randomly check if we should remove some older tokens.
    if (mt_rand(0, 138) == 23) {
        cleanTokens();
    }
    return false;
}