$base =& $defaultpage; } } $title = htmlsc(strip_bracket($base)); $page = make_search($base); if (isset($retvars['msg']) && $retvars['msg'] != '') { $title = str_replace('$1', $title, $retvars['msg']); $page = str_replace('$1', $page, $retvars['msg']); } if (isset($retvars['body']) && $retvars['body'] != '') { $body =& $retvars['body']; } else { if ($base == '' || !is_page($base)) { $base =& $defaultpage; $title = htmlsc(strip_bracket($base)); $page = make_search($base); } $vars['cmd'] = 'read'; $vars['page'] =& $base; $body = convert_html(get_source($base)); if ($trackback) { $body .= tb_get_rdf($base); } // Add TrackBack-Ping URI if ($referer) { ref_save($base); } } // Output catbody($title, $page, $body); exit;
function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot) { global $auth_method_type, $auth_users, $_msg_auth; // Checked by: $target_str = ''; if ($auth_method_type == 'pagename') { $target_str = $page; // Page name } elseif ($auth_method_type == 'contents') { $target_str = join('', get_source($page)); // Its contents } $user_list = array(); foreach ($auth_pages as $key => $val) { if (preg_match($key, $target_str)) { $user_list = array_merge($user_list, explode(',', $val)); } } if (empty($user_list)) { return true; } // No limit $matches = array(); if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/^Basic (.*)$/', $_SERVER['HTTP_AUTHORIZATION'], $matches)) { // Basic-auth with $_SERVER['HTTP_AUTHORIZATION'] list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode($matches[1])); } if (PKWK_READONLY || !isset($_SERVER['PHP_AUTH_USER']) || !in_array($_SERVER['PHP_AUTH_USER'], $user_list) || !isset($auth_users[$_SERVER['PHP_AUTH_USER']]) || pkwk_hash_compute($_SERVER['PHP_AUTH_PW'], $auth_users[$_SERVER['PHP_AUTH_USER']]) !== $auth_users[$_SERVER['PHP_AUTH_USER']]) { // Auth failed pkwk_common_headers(); if ($auth_flag) { header('WWW-Authenticate: Basic realm="' . $_msg_auth . '"'); header('HTTP/1.0 401 Unauthorized'); } if ($exit_flag) { $body = $title = str_replace('$1', htmlsc(strip_bracket($page)), $title_cannot); $page = str_replace('$1', make_search($page), $title_cannot); catbody($title, $page, $body); exit; } return false; } else { return true; } }
function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot) { global $auth_users, $auth_method_type, $auth_type; global $realm; // Checked by: $target_str = ''; if ($auth_method_type == 'pagename') { $target_str = $page; // Page name } else { if ($auth_method_type == 'contents') { $target_str = get_source($page, TRUE, TRUE); // Its contents } } $user_list = array(); foreach ($auth_pages as $key => $val) { if (preg_match($key, $target_str)) { $user_list = array_merge($user_list, explode(',', $val)); } } if (empty($user_list)) { return TRUE; } // No limit if (!auth::check_role('role_adm_contents')) { return TRUE; } // 既にコンテンツ管理者 // Digest if ($auth_type == 2) { if (auth::auth_digest($realm, $auth_users)) { return TRUE; } // Auth failed if ($auth_flag || $exit_flag) { pkwk_common_headers(); } if ($exit_flag) { $body = $title = str_replace('$1', htmlspecialchars(strip_bracket($page)), $title_cannot); $page = str_replace('$1', make_search($page), $title_cannot); catbody($title, $page, $body); exit; } return FALSE; } $matches = array(); if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/^Basic (.*)$/', $_SERVER['HTTP_AUTHORIZATION'], $matches)) { // Basic-auth with $_SERVER['HTTP_AUTHORIZATION'] list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode($matches[1])); } // if (PKWK_READONLY || // if (auth::check_role('readonly') || // ! isset($_SERVER['PHP_AUTH_USER']) || if (!isset($_SERVER['PHP_AUTH_USER']) || !in_array($_SERVER['PHP_AUTH_USER'], $user_list) || !isset($auth_users[$_SERVER['PHP_AUTH_USER']]) || pkwk_hash_compute($_SERVER['PHP_AUTH_PW'], $auth_users[$_SERVER['PHP_AUTH_USER']][0]) !== $auth_users[$_SERVER['PHP_AUTH_USER']][0]) { // Auth failed if ($auth_flag || $exit_flag) { pkwk_common_headers(); } if ($auth_flag) { header('WWW-Authenticate: Basic realm="' . $realm . '"'); header('HTTP/1.0 401 Unauthorized'); } if ($exit_flag) { $body = $title = str_replace('$1', htmlspecialchars(strip_bracket($page)), $title_cannot); $page = str_replace('$1', make_search($page), $title_cannot); catbody($title, $page, $body); exit; } return FALSE; } else { return TRUE; } }
function digest_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot) { global $auth_users, $auth_method_type, $auth_type; global $realm; if (auth::is_page_auth($page, $auth_flag, $auth_pages, '', '')) { return true; } // No limit //$user_list = get_auth_page_users($page, $auth_pages); //if (empty($user_list)) return true; // No limit if (!auth::check_role('role_adm_contents')) { return true; } // 既にコンテンツ管理者 if (auth::auth_digest($auth_users)) { return true; } // Auth failed if ($auth_flag || $exit_flag) { pkwk_common_headers(); } if ($auth_flag) { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Digest realm="' . $realm . '", qop="auth", nonce="' . uniqid() . '", opaque="' . md5($realm) . '"'); } if ($exit_flag) { $body = $title = str_replace('$1', htmlspecialchars(strip_bracket($page)), $title_cannot); $page = str_replace('$1', make_search($page), $title_cannot); catbody($title, $page, $body); exit; } return false; }
function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot) { global $auth_method_type, $auth_users, $_msg_auth; // Checked by: $target_str = ''; if ($auth_method_type == 'pagename') { $target_str = $page; // Page name } else { if ($auth_method_type == 'contents') { $target_str = join('', get_source($page)); // Its contents } } $user_list = array(); foreach ($auth_pages as $key => $val) { if (preg_match($key, $target_str)) { $user_list = array_merge($user_list, explode(',', $val)); } } if (empty($user_list)) { return TRUE; } // No limit //-------------------------------------------- //Customize from here //Session Auth instead of Basic Auth //Thanks & Refer SiteDev + AT by AKKO if (in_array($_SESSION['usr'], $user_list)) { return TRUE; } $fg = FALSE; if ($auth_flag) { $arr_temp = array(); foreach ($user_list as $val) { foreach ($auth_users as $user => $pass) { if ($val == $user) { $auth_temp[$user] = $pass; } } } $qm = get_qm(); $fg = ss_chkusr($qm->m['auth']['ss_chkusr'], $auth_temp); if ($fg) { $_SESSION['usr'] = $_POST['username']; return TRUE; } } if ($exit_flag) { $body = $title = str_replace('$1', htmlspecialchars(strip_bracket($page)), $title_cannot); $page = str_replace('$1', make_search($page), $title_cannot); auth_catbody($title, $body); exit; } return FALSE; }