function main() {
global $auth;
if ($_REQUEST['action'] == 'delete' && $auth){
delete();
}
elseif ($_REQUEST['action'] == 'list' && $auth){
view_list();
}
elseif ($_REQUEST['action'] == 'banip' && $auth){
banip();
}
elseif ($_REQUEST['action'] == 'search' && $auth){
search();
}
elseif ($_REQUEST['action'] == 'bannedlist' && $auth){
bannedlist();
}
elseif ($_REQUEST['action'] == 'unbanip' && $auth){
unbanip();
}
elseif ($_REQUEST['action'] == 'logout'){
logout();
}
elseif (1) {
login_screen();
}
}
echo html_scrub($name);
?>
" SIZE="40" MAXLENGTH="50">
<P>
<B>Someone who believes that...</B><BR>
<textarea name="description" rows="6" cols="80"><?php
echo html_scrub($description);
?>
</textarea></p>
<p><span class="ptitle">Privacy notes:</span>
By creating a policy you are making your user name
<b><?php
echo user_getname();
?>
</b> and the policy's voting record public.
<p><INPUT TYPE="SUBMIT" NAME="submit" VALUE="Make Policy">
</FORM>
<p>If you like you can <a href="/forum/viewforum.php?f=1">discuss policies on our forum</a>.
<?php
}
pw_footer();
} else {
login_screen();
}
?>
function foaf_password($config, $realm, $authreqissuer)
{
/*
print "<pre>";
print_r($_SERVER);
print "</pre>";
*/
if (empty($_SERVER['HTTP_AUTHORIZATION'])) {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="' . $realm . '",qop="auth,auth-int",nonce="' . uniqid() . '",opaque="' . md5($realm) . '"');
// failed_password_check('Authentication was cancelled', $authreqissuer);
die;
}
// analyze the PHP_AUTH_DIGEST variable
if (!($data = http_digest_parse($_SERVER['HTTP_AUTHORIZATION']))) {
failed_password_check('HTTP Digest was incomplete', $authreqissuer);
}
//$uri = 'http://'. $data['username'];
$uri = $data['username'];
$uri = urldecode($uri);
if (!is_valid_url($uri)) {
// $errmsg = "Authentication Failed - $uri is not a valid username for this service";
// failed_password_check($errmsg, $authreqissuer);
$agent = NULL;
} else {
$agent = get_agent($uri);
}
// set up db
$db = new db_class();
$db->connect('localhost', $config['db_user'], $config['db_pwd'], $config['db_name']);
$webid = isset($agent) ? $agent['agent']['webid'] : '';
// $sql ='select password from passwords where webid="'. $webid . '" or mbox = "' . $data['username'] . '" and active = 1 and verified_mbox = 1 ';
$sql = 'select password from passwords where webid="' . $webid . '" and active = 1 and verified_mbox = 1 ';
// print $sql . "<br/>";
$results = $db->select($sql);
if ($row = mysql_fetch_assoc($results)) {
$pin = $row['password'];
// generate the valid response
$A1 = md5($data['username'] . ':' . $realm . ':' . $pin);
$A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $data['uri']);
$valid_response = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $A2);
/*
print "<br/>A1 = md5 ( username= "******" :realm= " . $realm . " :password/pin= ". $pin . ")<br/>";
print "A2 = md5 ( request_method = " . $_SERVER['REQUEST_METHOD']. " uri = " . $data['uri'] . ")<br/>";
print "valid = md5 ( A1 : nonce= " . $data['nonce'] . " :nc= " . $data['nc'] . " :cnonce= " . $data['cnonce'] . " :qop= " . $data['qop'] . ")<br/>";
print "valid response = " . $valid_response . "<br/><br/>";
print "http digest response = " . $data['response'] . "<br/><br/>";
*/
if ($valid_response == $data['response']) {
// print "auth " . $authreqissuer . "<br/><br/>";
// print "webid " . $agent['agent']['webid'] . "<br/><br/>";
if (isset($authreqissuer)) {
webid_redirect($authreqissuer, $agent['agent']['webid']);
} else {
login_screen($agent['agent']['webid']);
}
} else {
failed_password_check('FOAF Password doesnot match', $authreqissuer);
}
} else {
failed_password_check('FOAF Password doesnot match', $authreqissuer);
}
}
}
// All match, set login variable and store username in cookie
$_SESSION["login_username"] = $http_username;
$_SESSION["valid_login"] = TRUE;
header("Location: index.php?menu=home");
exit;
}
}
// Log invalid attempts
write_log("Invalid Login from IP: " . $_SERVER['REMOTE_ADDR'] . " trying Username:[" . filter_sql($http_username) . "] with Password:[" . filter_sql($http_password) . "]", "GU");
}
log_ip("GU", 100);
// Avoid flood-brute password guessing
sleep(1);
// One second delay to help prevent brute force attack
login_screen("Login Failed");
exit;
}
if ($_SESSION["valid_login"] == TRUE) {
//****************************************************************************
if (mysql_connect(MYSQL_IP, MYSQL_USERNAME, MYSQL_PASSWORD) == FALSE) {
home_screen('ERROR', '<font color="red"><strong>Could Not Connect To Database</strong></font>', '', '');
exit;
}
if (mysql_select_db(MYSQL_DATABASE) == FALSE) {
home_screen('ERROR', '<font color="red"><strong>Could Not Select Database</strong></font>', '', '');
exit;
}
//****************************************************************************
if ($_GET["menu"] == "home" || empty($_GET["menu"]) == TRUE) {
$my_public_key = my_public_key();
$m_name = $u_data[1];
$m_email = $u_data[3];
$m_pass = PasswordGenerator(7) . rand(1, 99);
$u_lines .= $u_data[0] . DELIMITER . $u_data[1] . DELIMITER . sha1($m_pass) . DELIMITER . $u_data[3] . DELIMITER . $u_data[4] . DELIMITER . $u_data[5] . DELIMITER . $u_data[6] . DELIMITER . $u_data[7] . DELIMITER . $_SERVER['REMOTE_ADDR'] . DELIMITER . $u_data[9] . DELIMITER . $u_data[10] . DELIMITER . $u_data[11] . DELIMITER . $u_data[12] . DELIMITER . $u_data[13] . DELIMITER . $u_data[14] . DELIMITER . $u_data[15] . DELIMITER . $u_data[16] . DELIMITER . $u_data[17] . DELIMITER . $u_data[18] . DELIMITER . $u_data[19] . DELIMITER . $u_data[20] . DELIMITER . $u_data[21] . DELIMITER . $u_data[22] . DELIMITER . $u_data[23] . DELIMITER . $u_data[24] . DELIMITER . $u_data[25] . DELIMITER . $u_data[26] . DELIMITER . $u_data[27] . DELIMITER . trim($u_data[28]) . DELIMITER . $u_data[29] . DELIMITER . $u_data[30] . DELIMITER . $u_data[31] . DELIMITER . $u_data[32] . DELIMITER . trim($u_data[33]) . "\n";
} else {
$continue = false;
$status_error = $u_data[5];
}
} else {
$u_lines .= $single_line;
}
}
if ($continue) {
if (@mail($m_email, $lang['login_lost_pass_mail_subject'], str_replace('%link%', $conf['admin_url'] . '/', $lang['login_lost_pass_mail_text']) . ' ' . $m_pass, "From: robot@mnewscms.com") && mn_put_contents($file['users'], $u_lines)) {
header('location: ./mn-login.php?back=pass-sent');
exit;
} else {
login_screen($lang['login_msg_pass_not_sent'], $lang['login_msg_pass_not_sent'], 'error');
}
} else {
login_screen($lang['login_lost_pass_wrong_values'], $lang['login_lost_pass_wrong_values'], 'error');
}
} elseif (isset($_GET['back']) && $_GET['back'] == 'loggedout') {
login_screen($lang['login_login'], $lang['login_msg_logged_out'], 'info');
} elseif (isset($_GET['back']) && $_GET['back'] == 'auto-loggedout') {
login_screen($lang['login_login'], $lang['login_msg_auto_logged_out'], 'info');
} elseif (isset($_GET['back']) && $_GET['back'] == 'pass-sent') {
login_screen($lang['login_msg_pass_sent'], $lang['login_msg_pass_sent'], 'ok');
} else {
login_screen($lang['login_login']);
}
