function ewiki_auth_query_http(&$data, $force_query = 0)
{
global $ewiki_plugins, $ewiki_errmsg, $ewiki_author, $ewiki_ring;
#-- fetch user:password
if ($uu = trim($_SERVER["HTTP_AUTHORIZATION"])) {
$auth_method = strtolower(strtok($uu, " "));
if ($auth_method == "basic") {
$uu = strtok(" ;,");
$uu = base64_decode($uu);
list($_a_u, $_a_p) = explode(":", $uu, 2);
} else {
#-- invalid response, ignore
}
} elseif (strlen($_a_u = trim($_SERVER["PHP_AUTH_USER"]))) {
$_a_p = trim($_SERVER["PHP_AUTH_PW"]);
}
#-- check password
$_success = ewiki_auth_user($_a_u, $_a_p);
#-- request HTTP Basic authentication otherwise
if (!$_success && $force_query || $force_query >= 2) {
$realm = ewiki_t("RESTRICTED_ACCESS");
$addmethod = "";
if ($uu = $ewiki_config["login_notice"]) {
$realm .= " " . $uu;
}
if ($uu = $ewiki_config["http_auth_add"]) {
$addmethod = ", {$uu} realm=\"{$realm}\"";
}
header('HTTP/1.1 401 Authentication Required');
header('Status: 401 Authentication Required');
header('WWW-Authenticate: Basic realm="' . $realm . '"' . $addmethod);
}
#-- fin
return $_success;
}
function ewiki_auth_query_form(&$data, $force_query = 0)
{
global $ewiki_plugins, $ewiki_config, $ewiki_errmsg, $ewiki_id, $ewiki_action, $ewiki_author, $ewiki_ring;
$o =& $ewiki_errmsg;
#-- get user/pw from POST or COOKIE
if ($_POST["login_user"]) {
$_user = $_REQUEST["login_user"];
$_pw = $_REQUEST["login_pw"];
} elseif ($_COOKIE["ewiki_login"]) {
list($_user, $_pw) = explode(":", base64_decode($_COOKIE["ewiki_login"]));
}
#-- check password
$_success = 0;
if (strlen($_user) && strlen($_pw)) {
$_success = ewiki_auth_user($_user, $_pw);
}
#-- store login data as Cookie
if ($_success && $_POST["login_user"]) {
setcookie("ewiki_login", base64_encode("{$_user}:{$_pw}"), time() + 7 * 24 * 3600);
}
#-- login form
if ($force_query && !$_success || $force_query >= 2) {
#-- it's safe to call this plugin for interception of running submits
$_REPOST = "";
if (defined("EWIKI_AUTH_QUERY_SAFE")) {
foreach ($_POST as $i => $v) {
if ($i == "login_name" || $i == "login_pw") {
continue;
}
$_REPOST .= '<input type="hidden" name="' . $i . '" value="' . preg_replace('/([^\\w\\d\\260-\\377])/e', '"&#".ord("$1").";"', $v) . '">' . "\n";
}
$_REPOST = '<!-- $_REPOST -->' . "\n" . $_REPOST . '<!-- $_END -->' . "\n";
}
#-- print
$o = '<div class="login-form auth-login">' . ewiki_make_title($ewiki_id, "Login", $_title_class = 4, $ewiki_action, $_go_action = "info") . ewiki_t("LOGIN_QUERY") . "\n<br /><br />\n" . '<form action="' . $_SERVER["REQUEST_URI"] . '" method="POST">' . "\n" . ewiki_t('_{user} <input type="text" size="14" name="login_user"><br />' . "\n" . '_{password} <input type="password" size="10" maxsize="12" name="login_pw"><br /><br />' . "\n" . '<input type="submit" value="_{login}"><br /><br />' . "\n") . $_REPOST . "</form><br /><br />\n" . ewiki_t("LOGIN_QUERY_2") . '</div>';
}
#-- end
return $_success;
}
function ewiki_page_userregistry($id, &$data, $action)
{
global $ewiki_plugins, $ewiki_config, $ewiki_auth_user;
$o = ewiki_make_title($id, $id, 2, $action);
$url = ewiki_script("", $id);
#-- auto-login
if ($ewiki_auth_user && empty($_REQUEST["userreg_name"])) {
$user = $ewiki_auth_user;
$uu = ewiki_auth_userdb_userregistry($ewiki_auth_user);
$pw = $uu[0];
$_REQUEST["userreg_login"] = 1;
} else {
$user = trim($_REQUEST["userreg_name"]);
$pw = $_REQUEST["userreg_pw"];
}
#-- try to get user entry
$ue = ewiki_auth_userdb_userregistry($user);
#-- account creation ---------------------------------------------------
if ($_REQUEST["userreg_register"] && empty($ue)) {
$o .= ewiki_t(<<<END
<h4>_{New Account}</h4>
<form action="{$url}" method="POST" enctype="multipart/form-data" accept-encoding="ISO-8859-1">
_{user/login name} <input type="text" size="14" name="userreg_name" value="{$user}"> <br />
<input type="hidden" name="userreg_pw" value="">
<br />
_{password} <input type="password" name="new_pw" size="10" maxsize="12" value="{$pw}"> <br />
_{retype} <input type="password" name="new_pw2" size="10" maxsize="12" value=""> <br />
<br />
<input type="submit" name="userreg_store" value="_{create account}">
</form><br /><br />
END
);
return $o;
// finished here, prevent fallthrough-display of login-form
}
#-- check password
if ($ue && $user && !ewiki_auth_user($user, $pw)) {
$o .= $_REQUEST["userreg_register"] ? ewiki_t("USERNAME_ALREADY_USED") : ewiki_t("WRONG_PW") . "\n" . ewiki_t("PLEASE_RETRY");
return $o;
}
#-- set fallback settings for account creation
if (empty($ue) && $_REQUEST["userreg_store"]) {
$ue = $_REQUEST["userreg_ue"] = array($pw, EWIKI_REGISTERED_LEVEL, "", "", "");
}
#-- check username
if (preg_match("/[^" . EWIKI_CHARS_U . EWIKI_CHARS_L . "]/", $user . $pw)) {
$o .= ewiki_t("PW_ONLY_LETTERS") . "\n" . ewiki_t("PLEASE_RETRY");
return $o;
} elseif ($name && strlen($user) < 3) {
return $o . ewiki_t("USERNAME_MIN");
}
#-- save changes -------------------------------------------------------
if ($_REQUEST["userreg_store"] && $user) {
#-- new user entry
$new_ue = $_REQUEST["userreg_ue"] or $new_ue = array();
$new_ue[0] = $pw;
$new_ue[1] = $ue[1] or $new_ue[1] = EWIKI_REGISTERED_LEVEL;
if ($new_pw = $_REQUEST["new_pw"]) {
if ($new_pw == $_REQUEST["new_pw2"]) {
$new_ue[0] = md5($new_pw);
} else {
$o .= ewiki_t("RETYPE_PW") . "\n<br />";
return $o;
}
}
foreach ($new_ue as $i => $v) {
$new_ue[$i] = preg_replace("/[^-@._ \\w\\d" . EWIKI_CHARS_L . EWIKI_CHARS_U . "]/", " ", $v);
}
#-- get user db page
$data = ewiki_db::GET(EWIKI_USERDB_USERREGISTRY) or $data = array("id" => EWIKI_USERDB_USERREGISTRY, "version" => 1, flags => 0, "created" => time(), "lastmodified" => time(), "content" => "nobody:*:3::", "meta" => "", "author" => ewiki_author("{$user}@{$id}"));
$data["flags"] |= EWIKI_DB_F_SYSTEM;
$list = explode("\n", $data["content"]);
#-- update entry
ksort($new_ue);
$new_ue = $user . ":" . implode(":", $new_ue);
$found = 0;
foreach ($list as $i => $line) {
$line = trim($line);
if (strtok($line, ":") == $user) {
$list[$i] = $new_ue;
$found = 1;
}
}
if (!$found) {
$list[] = $new_ue;
}
#-- save back
$data["content"] = implode("\n", $list);
$retry = 3;
while ($retry--) {
$data["version"]++;
if ($ok = ewiki_db::WRITE($data)) {
break;
}
}
if ($ok) {
$o .= ewiki_t("Data saved") . "\n<br />";
} else {
$o .= ewiki_t("Error saving") . "\n<br />";
ewiki_log("_userdb_userregistry: failed to update db for user {$user}, retries={$retry}", 2);
}
#-- fallthru to view_settings
$_REQUEST["userreg_login"] = 1;
$ue = ewiki_auth_userdb_userregistry($user);
}
#-- view settings ----------------------------------------------------
if ($_REQUEST["userreg_login"]) {
#-- edit <form>
$o .= ewiki_t(<<<END
<h4>_{Account Settings}</h4>
<form action="{$url}" method="POST" enctype="multipart/form-data" accept-encoding="ISO-8859-1">
<input type="hidden" name="userreg_name" value="{$user}">
<input type="hidden" name="userreg_pw" value="{$pw}">
<b>_{change password}</b><br />
_{new password} <input type="password" size="10" maxsize="12" name="new_pw" value=""> <br />
_{retype} <input type="password" size="10" maxsize="12" name="new_pw2" value=""> <br />
<br />
<b>_{optional infos}</b><br />
_{personal WikiPage} <input type="text" name="userreg_ue[2]" value="{$ue[2]}"><br />
_{email address} <input type="text" name="userreg_ue[3]" value="{$ue[3]}"><br />
<!--
opt string <input type="text" name="userreg_ue[4]" value="{$ue[4]}"><br />
opt string <input type="text" name="userreg_ue[5]" value="{$ue[5]}"><br />
opt string <input type="text" name="userreg_ue[6]" value="{$ue[6]}"><br />
-->
<br />
<input type="submit" name="userreg_store" value="_{save}">
</form><br /><br />
END
);
} else {
$url = ewiki_script("", $id);
$o .= ewiki_t(<<<END
<form action="{$url}" method="POST" enctype="multipart/form-data" accept-encoding="ISO-8859-1">
<div class="userreg-form-settings">
<div class="userreg-form-register">
_{name} <input type="text" size="14" name="userreg_name">
<input type="submit" name="userreg_register" value="_{create account}"><br />
</div>
<br />
_{password} <input type="password" size="10" maxsize="12" name="userreg_pw"><br />
<br />
<input type="submit" name="userreg_login" value="_{change settings}">
</div>
</form><br /><br />
END
);
}
return $o;
}