public function do_login($redirect, $force_retry = false) { global $config, $user; // If user is already logged in and granted our application, we don't need to redirect him to facebook $user_fb_id = $this->client->getUser(); if (!empty($user_fb_id)) { return $this->retrieve_user_basic_data($user_fb_id); } $confirm = request_get_var('confirm', 0); if ($confirm != 1 || $force_retry) { // Build the social network return url $current_page = extract_current_page(IP_ROOT_PATH); $return_url = (!empty($_SERVER['HTTPS']) ? 'https' : 'http') . '://'; $return_url .= extract_current_hostname() . $current_page['script_path'] . $current_page['page']; $return_url .= (strpos($return_url, '?') ? '&' : '?') . 'redirect=' . $redirect . '&confirm=1'; $return_url .= !empty($_GET['admin']) ? '&admin=1' : ''; $params = array('scope' => $this->scope, 'redirect_uri' => $return_url); $login_url = $this->client->getLoginUrl($params); header('Location: ' . $login_url); exit; } else { $token = ''; $user_fb_data = array(); try { $token = $this->client->getAccessToken(); $user_fb_data = $this->client->api('/me'); } catch (OAuthException $e) { // Retry on failure return $this->do_login(true); } return $this->retrieve_user_id($user_fb_data['id']); } }
function generate_smilies_row() { global $db, $cache, $config, $template; $max_smilies = !empty($config['smilie_single_row']) ? intval($config['smilie_single_row']) : 20; $sql = "SELECT emoticon, code, smile_url FROM " . SMILIES_TABLE . " GROUP BY smile_url ORDER BY smilies_order LIMIT " . $max_smilies; $result = $db->sql_query($sql, 0, 'smileys_'); $host = extract_current_hostname(); $orig = array(); $repl = array(); while ($row = $db->sql_fetchrow($result)) { $template->assign_block_vars('smilies', array('CODE' => $row['code'], 'URL' => 'http://' . $host . $config['script_path'] . $config['smilies_path'] . '/' . $row['smile_url'], 'DESC' => htmlspecialchars($row['emoticon']))); } $db->sql_freeresult($result); }
function smilies_news($message) { static $orig, $repl; if (!isset($orig)) { global $db, $config; $orig = $repl = array(); //$sql = "SELECT * FROM " . SMILIES_TABLE; $sql = "SELECT code, smile_url FROM " . SMILIES_TABLE . " ORDER BY smilies_order"; $result = $db->sql_query($sql, 0, 'smileys_'); $host = extract_current_hostname(); $orig = array(); $repl = array(); while ($row = $db->sql_fetchrow($result)) { $orig[] = "/(?<=.\\W|\\W.|^\\W)" . phpbb_preg_quote($row['code'], "/") . "(?=.\\W|\\W.|\\W\$)/"; $repl[] = '<img src="http://' . $host . $config['script_path'] . $config['smilies_path'] . '/' . $row['smile_url'] . '" alt="" />'; } } if (sizeof($orig)) { $message = preg_replace($orig, $repl, ' ' . $message . ' '); $message = substr($message, 1, -1); } return $message; }
if (empty($host)) { if (!empty($config['server_name'])) { $host = $config['server_name']; } else { if (!empty($config['cookie_domain'])) { $host = strpos($config['cookie_domain'], '.') === 0 ? substr($config['cookie_domain'], 1) : $config['cookie_domain']; } else { // Set to OS hostname or localhost $host = function_exists('php_uname') ? php_uname('n') : 'localhost'; } } } // It may be still no valid host, but for sure only a hostname (we may further expand on the cookie domain... if set) return $host; } echo 'Domain name: ' . extract_current_hostname() . '<br />'; $server_port = $request->server('SERVER_PORT', 0); echo 'Server port: ' . $server_port . '<br />'; // The script path from the webroot to the current directory (for example: /phpBB3/adm/) : // always prefixed with / and ends in / $script_path = $symfony_request->getBasePath(); // The script path from the webroot to the phpBB root (for example: /phpBB3/) $script_dirs = explode('/', $script_path); array_splice($script_dirs, -sizeof($page_dirs)); $root_script_path = implode('/', $script_dirs) . (sizeof($root_dirs) ? '/' . implode('/', $root_dirs) : ''); // We are on the base level (phpBB root == webroot), lets adjust the variables a bit... if (!$root_script_path) { $root_script_path = $page_dir ? str_replace($page_dir, '', $script_path) : $script_path; } $script_path .= substr($script_path, -1, 1) == '/' ? '' : '/'; $root_script_path .= substr($root_script_path, -1, 1) == '/' ? '' : '/';
// echo "#".$all_smilies[$i]['smile_url']."#"; preg_match_all($match_regexp, ' ' . $message . ' ', $matches); // echo "<br />-" . sizeof($matches[0]) . "-<br />"; $all_smilies[$i]['count'] = $all_smilies[$i]['count'] + sizeof($matches[0]); } } } for ($i = 0; $i < sizeof($all_smilies); $i++) { $total_smilies = $total_smilies + $all_smilies[$i]['count']; } // Sort array $all_smilies = smilies_sort_multi_array_attachment($all_smilies, 'count', 'DESC'); $limit = $return_limit > sizeof($all_smilies) ? sizeof($all_smilies) : $return_limit; $firstcount = $all_smilies[0]['count']; $template->_tpldata['stats_row.'] = array(); $host = extract_current_hostname(); for ($i = 0; $i < $limit; $i++) { $class = $i % 2 ? $theme['td_class2'] : $theme['td_class1']; $statistics->do_math($firstcount, $all_smilies[$i]['count'], $total_smilies); if ($all_smilies[$i]['count'] != 0) { $template->assign_block_vars('stats_row', array('RANK' => $i + 1, 'CLASS' => $class, 'CODE' => $all_smilies[$i]['code'], 'USES' => $all_smilies[$i]['count'], 'PERCENTAGE' => $statistics->percentage, 'BAR' => $statistics->bar_percent, 'URL' => '<img src="http://' . $host . $config['script_path'] . $config['smilies_path'] . '/' . $all_smilies[$i]['smile_url'] . '" alt="' . $all_smilies[$i]['smile_url'] . '" />')); } //$result_cache->assign_template_block_vars('topsmilies'); $result_cache->assign_template_block_vars('topsmilies', 'stats_row'); } } } } else { // Now use the result cache, with block_num_vars we are getting the number of variables within the block for ($i = 0; $i < $result_cache->block_num_vars('topsmilies'); $i++) { $template->assign_block_vars('stats_row', $result_cache->get_block_array('topsmilies', $i));
/** * Start session management * * This is where all session activity begins. We gather various pieces of * information from the client and server. We test to see if a session already * exists. If it does, fine and dandy. If it doesn't we'll go on to create a * new one ... pretty logical heh? We also examine the system load (if we're * running on a system which makes such information readily available) and * halt if it's above an admin definable limit. * * @param bool $update_session_page if true the session page gets updated. * This can be set to circumvent certain scripts to update the users last visited page. */ function session_begin($update_session_page = true) { global $SID, $_SID, $_EXTRA_URL, $db, $config; // ICY PHOENIX - BEGIN global $lang; // ICY PHOENIX - END // Give us some basic information $this->time_now = time(); $this->cookie_data = array('u' => 0, 'k' => ''); $this->cookie_expire = $this->time_now + ($config['max_autologin_time'] ? 86400 * (int) $config['max_autologin_time'] : 31536000); $this->update_session_page = empty($update_session_page) || defined('IMG_THUMB') ? false : true; //$this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : ''; $this->browser = !empty($_SERVER['HTTP_USER_AGENT']) ? (string) $_SERVER['HTTP_USER_AGENT'] : ''; $this->referer = !empty($_SERVER['HTTP_REFERER']) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : ''; $this->forwarded_for = !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? htmlspecialchars((string) $_SERVER['HTTP_X_FORWARDED_FOR']) : ''; $this->host = extract_current_hostname(); $this->page = extract_current_page(IP_ROOT_PATH); $session_cookie_empty = empty($_COOKIE[$config['cookie_name'] . '_sid']) ? true : false; $session_get_empty = empty($_GET['sid']) ? true : false; $session_empty = true; if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u'])) { $this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true); $this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '', false, true); $this->session_id = request_var($config['cookie_name'] . '_sid', '', false, true); // Mighty Gorgon: I'm still not sure if I want to keep 'sid=' in Icy Phoenix as well... maybe better removing it!!! //$SID = (defined('NEED_SID')) ? ('sid=' . $this->session_id) : 'sid='; $SID = defined('NEED_SID') ? 'sid=' . $this->session_id : ''; $_SID = defined('NEED_SID') ? $this->session_id : ''; $session_empty = empty($this->session_id) ? true : false; } // Mighty Gorgon: moved here this IF block... why it was so down in the code??? // if no session id is set, redirect to index.php //if (defined('NEED_SID') && ($cookie_empty || (!isset($_GET['sid']) || ($this->session_id !== $_GET['sid'])))) if (defined('NEED_SID') && !defined('IN_LOGIN') && ($session_cookie_empty || $session_empty || !isset($_GET['sid']) || isset($_GET['sid']) && $this->session_id !== $_GET['sid'])) { // Mighty Gorgon: I don't know why it isn't working properly, returning blank page!!! //send_status_line(401, 'Not authorized'); // Mighty Gorgon: removed append_sid as it seems the user doesn't have a valid SID! redirect(IP_ROOT_PATH . 'index.' . PHP_EXT); } if ($session_empty) { $this->session_id = request_var('sid', ''); $_SID = $this->session_id; $SID = 'sid=' . $this->session_id; $this->cookie_data = array('u' => 0, 'k' => ''); } $_EXTRA_URL = array(); // Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests // it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip. $this->ip = !empty($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : (!empty($_ENV['REMOTE_ADDR']) ? $_ENV['REMOTE_ADDR'] : getenv('REMOTE_ADDR')); $this->ip = preg_replace('#[ ]{2,}#', ' ', str_replace(array(',', ' '), ' ', $this->ip)); // split the list of IPs $ips = explode(' ', $this->ip); // Default IP if REMOTE_ADDR is invalid $this->ip = '127.0.0.1'; $format_ipv4 = get_preg_expression('ipv4'); $format_ipv6 = get_preg_expression('ipv6'); foreach ($ips as $ip) { if (preg_match($format_ipv4, $ip)) { $this->ip = $ip; } elseif (preg_match($format_ipv6, $ip)) { // Quick check for IPv4-mapped address in IPv6 if (stripos($ip, '::ffff:') === 0) { $ipv4 = substr($ip, 7); if (preg_match($format_ipv4, $ipv4)) { $ip = $ipv4; } } $this->ip = $ip; } else { // We want to use the last valid address in the chain // Leave foreach loop when address is invalid break; } } $this->load = false; // Load limit check (if applicable) if ($config['limit_load'] || $config['limit_search_load']) { if (function_exists('sys_getloadavg') && ($load = sys_getloadavg()) || ($load = explode(' ', @file_get_contents('/proc/loadavg')))) { $this->load = array_slice($load, 0, 1); $this->load = floatval($this->load[0]); } else { set_config('limit_load', '0'); set_config('limit_search_load', '0'); } } // if session id is set if (!empty($this->session_id)) { $sql = "SELECT u.*, s.*\n\t\t\t\tFROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u\n\t\t\t\tWHERE s.session_id = '" . $db->sql_escape($this->session_id) . "'\n\t\t\t\t\tAND u.user_id = s.session_user_id"; $result = $db->sql_query($sql); $this->data = $db->sql_fetchrow($result); $db->sql_freeresult($result); // Did the session exist in the DB? if (isset($this->data['user_id'])) { if (strpos($this->ip, ':') !== false && strpos($this->data['session_ip'], ':') !== false) { $s_ip = short_ipv6($this->data['session_ip'], $config['ip_check']); $u_ip = short_ipv6($this->ip, $config['ip_check']); } else { $s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check'])); $u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check'])); } $s_browser = $config['browser_check'] ? trim(strtolower(substr($this->data['session_browser'], 0, 254))) : ''; $u_browser = $config['browser_check'] ? trim(strtolower(substr($this->browser, 0, 254))) : ''; // referer checks // The @ before $config['referer_validation'] suppresses notices present while running the updater $check_referer_path = @$config['referer_validation'] == REFERER_VALIDATE_PATH; $referer_valid = true; // we assume HEAD and TRACE to be foul play and thus only whitelist GET if (@$config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get') { $referer_valid = $this->validate_referer($check_referer_path); } if ($u_ip === $s_ip && $s_browser === $u_browser && $referer_valid) { // Some useful boolean checks... defined here for future easy of use $session_expired = false; $session_refresh_time = (int) SESSION_REFRESH; $autologin_expired = !empty($config['max_autologin_time']) && $this->data['session_time'] < $this->time_now - 86400 * (int) $config['max_autologin_time'] + $session_refresh_time ? true : false; $session_time_expired = $this->data['session_time'] < $this->time_now - ((int) $config['session_length'] + $session_refresh_time) ? true : false; $session_refresh = $this->data['session_time'] < $this->time_now - $session_refresh_time ? true : false; if (!$session_expired) { // Check the session length timeframe if autologin is not enabled. // Else check the autologin length... and also removing those having autologin enabled but no longer allowed site-wide. if (empty($this->data['session_autologin'])) { if ($session_time_expired) { $session_expired = true; } } elseif (empty($config['allow_autologin']) || $autologin_expired) { $session_expired = true; } } // ICY PHOENIX - BEGIN // This portion of code needs to stay here (after isset($this->data['user_id']) )... otherwise we are potentially going to instantiate some $user->data even if $user->data is still empty $this->bots_process(); if (isset($this->data['user_id']) && $this->data['user_id'] != ANONYMOUS && isset($this->data['user_level']) && $this->data['user_level'] == JUNIOR_ADMIN) { define('IS_JUNIOR_ADMIN', true); $this->data['user_level'] = !defined('IN_ADMIN') && !defined('IN_CMS') ? ADMIN : MOD; } // Refresh last visit time for those users having autologin enabled or those users with session time expired (only if config for this has been set) if ($this->data['user_id'] != ANONYMOUS && (!empty($config['session_last_visit_reset']) && $session_time_expired || !empty($config['allow_autologin']) && $autologin_expired || empty($this->data['user_lastvisit']))) { $sql = "UPDATE " . USERS_TABLE . "\n\t\t\t\t\t\t\tSET user_lastvisit = " . (int) $this->data['session_time'] . "\n\t\t\t\t\t\t\tWHERE user_id = " . (int) $this->data['user_id']; $db->sql_query($sql); } // ICY PHOENIX - END if (!$session_expired) { // Only update session DB a minute or so after last update or if page changes // Mighty Gorgon: in Icy Phoenix we give maximum priority to $this->update_session_page, because we don't want the session to be updated for thumbnails or other special features! if ($this->update_session_page && ($session_refresh || $this->data['session_page'] != $this->page['page']) && empty($_REQUEST['explain'])) { $sql_ary = array(); // ICY PHOENIX - BEGIN // Update $user->data $this->data['user_session_time'] = $this->time_now; $this->data['user_session_page'] = (string) substr($this->page['page'], 0, 254); $this->data['user_browser'] = (string) substr($this->browser, 0, 254); $this->data['user_totalpages'] = (int) $this->data['user_totalpages'] + 1; $this->data['user_totaltime'] = (int) $this->data['user_totaltime'] + $this->time_now - $this->data['session_time']; // ICY PHOENIX - END // A little trick to reset session_admin on session re-usage if (!defined('IN_ADMIN') && !defined('IN_CMS') && $session_time_expired) { $sql_ary['session_admin'] = 0; } $sql_ary['session_time'] = $this->time_now; $sql_ary['session_page'] = $this->data['user_session_page']; $sql_ary['session_browser'] = $this->data['user_browser']; $sql_ary['session_forum_id'] = $this->page['forum']; $sql_ary['session_topic_id'] = $this->page['topic']; $db->sql_return_on_error(true); $sql = "UPDATE " . SESSIONS_TABLE . " SET " . $db->sql_build_array('UPDATE', $sql_ary) . "\n\t\t\t\t\t\t\t\tWHERE session_id = '" . $db->sql_escape($this->session_id) . "'"; $result = $db->sql_query($sql); // ICY PHOENIX - BEGIN if ($this->data['user_id'] != ANONYMOUS) { $sql_ary = array(); $sql_ary['user_ip'] = $this->ip; $sql_ary['user_session_time'] = $this->data['user_session_time']; $sql_ary['user_session_page'] = $this->data['user_session_page']; $sql_ary['user_browser'] = $this->data['user_browser']; $sql_ary['user_totalpages'] = $this->data['user_totalpages']; $sql_ary['user_totaltime'] = $this->data['user_totaltime']; $sql = "UPDATE " . USERS_TABLE . " SET " . $db->sql_build_array('UPDATE', $sql_ary) . "\n\t\t\t\t\t\t\t\t\tWHERE user_id = " . $this->data['user_id']; $result = $db->sql_query($sql); } // ICY PHOENIX - END $db->sql_return_on_error(false); } $this->data['is_registered'] = empty($this->data['is_bot']) && $this->data['user_id'] != ANONYMOUS && !empty($this->data['user_active']) ? true : false; $this->data['session_logged_in'] = $this->data['is_registered']; $this->data['user_lang'] = basename($this->data['user_lang']); $this->upi2db(); return true; } } else { // Added logging temporarily to help debug bugs... if (defined('DEBUG_EXTRA') && $this->data['user_id'] != ANONYMOUS) { if ($referer_valid) { add_log('critical', 'LOG_IP_BROWSER_FORWARDED_CHECK', $u_ip, $s_ip, $u_browser, $s_browser); } else { add_log('critical', 'LOG_REFERER_INVALID', $this->referer); } } } } } // If we reach here then no (valid) session exists. So we'll create a new one return $this->session_create(); }
function generate_smilies($mode) { global $db, $cache, $config, $auth, $user, $lang, $template, $images, $theme; global $starttime, $gen_simple_header; $inline_columns = $config['smilie_columns']; $inline_rows = $config['smilie_rows']; $window_columns = $config['smilie_window_columns']; $window_rows = $config['smilie_window_rows']; $smilies_per_page = $window_columns * $window_rows; $start = request_var('start', 0); $start = $start < 0 ? 0 : $start; $smilies_per_page = request_var('smilies_per_page', $smilies_per_page); if ($mode == 'window') { // Start session management $user->session_begin(); $auth->acl($user->data); $user->setup(); // End session management $gen_simple_header = true; $meta_content['page_title'] = $lang['Emoticons']; $meta_content['description'] = ''; $meta_content['keywords'] = ''; page_header($meta_content['page_title'], true); $template->set_filenames(array('smiliesbody' => 'posting_smilies.tpl')); } // Smilies Order Replace // ORDER BY smilies_id"; $sql = "SELECT emoticon, code, smile_url FROM " . SMILIES_TABLE . " ORDER BY smilies_order"; $db->sql_return_on_error(true); $result = $db->sql_query($sql, 0, 'smileys_'); $db->sql_return_on_error(false); if ($result !== false) { $num_smilies = 0; $rowset = array(); $rowset2 = array(); while ($row = $db->sql_fetchrow($result)) { if (empty($rowset2[$row['smile_url']])) { $rowset2[$row['smile_url']] = $row['smile_url']; $rowset[$num_smilies]['smile_url'] = $row['smile_url']; $rowset[$num_smilies]['code'] = str_replace("'", "\\'", str_replace('\\', '\\\\', $row['code'])); $rowset[$num_smilies]['emoticon'] = $row['emoticon']; $num_smilies++; } } unset($rowset2); $db->sql_freeresult($result); if ($num_smilies) { if ($mode == 'inline' || $smilies_per_page == 0) { $per_page = $num_smilies; $smiley_start = 0; $smiley_stop = $num_smilies; } else { $per_page = $smilies_per_page > $num_smilies ? $num_smilies : $smilies_per_page; $page_num = $start <= 0 ? 1 : $start / $per_page + 1; $smiley_start = $per_page * $page_num - $per_page; $smiley_stop = $per_page * $page_num > $num_smilies ? $num_smilies : $smiley_start + $per_page; } $smilies_count = $mode == 'inline' ? min($inline_columns * $inline_rows - 1, $num_smilies) : $num_smilies; $smilies_split_row = $mode == 'inline' ? $inline_columns - 1 : $window_columns - 1; $s_colspan = 0; $row = 0; $col = 0; $host = extract_current_hostname(); for ($i = $smiley_start; $i < $smiley_stop; $i++) { if (!$col) { $template->assign_block_vars('smilies_row', array()); } $template->assign_block_vars('smilies_row.smilies_col', array('SMILEY_CODE' => $rowset[$i]['code'], 'SMILEY_IMG' => 'http://' . $host . $config['script_path'] . $config['smilies_path'] . '/' . $rowset[$i]['smile_url'], 'SMILEY_DESC' => $rowset[$i]['emoticon'])); $s_colspan = max($s_colspan, $col + 1); if ($col == $smilies_split_row) { if ($mode == 'inline' && $row == $inline_rows - 1 || empty($inline) && $row == $per_page) { break; } $col = 0; $row++; } else { $col++; } } if ($mode == 'inline' && $num_smilies > $inline_rows * $inline_columns) { $template->assign_vars(array('L_MORE_SMILIES' => $lang['More_emoticons'], 'U_MORE_SMILIES' => append_sid('posting.' . PHP_EXT . '?mode=smilies'))); $template->assign_block_vars('switch_smilies_extra', array()); } $select_smileys_pp = '<select name="smilies_per_page" onchange="SetSmileysPerPage();" class="gensmall">'; $select_smileys_pp .= '<option value="' . $window_columns * $window_rows . '"' . ($smilies_per_page == $window_columns * $window_rows ? ' selected="selected"' : '') . '>' . $window_columns * $window_rows . '</option>'; $select_smileys_pp .= '<option value="50"' . ($smilies_per_page == 50 ? ' selected="selected"' : '') . '>50</option>'; $select_smileys_pp .= '<option value="100"' . ($smilies_per_page == 100 ? ' selected="selected"' : '') . '>100</option>'; $select_smileys_pp .= '<option value="150"' . ($smilies_per_page == 150 ? ' selected="selected"' : '') . '>150</option>'; $select_smileys_pp .= '<option value="250"' . ($smilies_per_page == 250 ? ' selected="selected"' : '') . '>250</option>'; $select_smileys_pp .= '<option value="500"' . ($smilies_per_page == 500 ? ' selected="selected"' : '') . '>500</option>'; $select_smileys_pp .= '<option value="1000"' . ($smilies_per_page == 1000 ? ' selected="selected"' : '') . '>1000</option>'; $select_smileys_pp .= '<option value="5000"' . ($smilies_per_page == 5000 ? ' selected="selected"' : '') . '>5000</option>'; $select_smileys_pp .= '</select>'; $template->assign_vars(array('L_EMOTICONS' => $lang['Emoticons'], 'L_CLOSE_WINDOW' => $lang['Close_window'], 'L_SMILEYS_PER_PAGE' => $lang['Smileys_Per_Page'], 'REQUEST_URI' => append_sid('posting.' . PHP_EXT . '?mode=smilies'), 'U_SMILEYS_GALLERY' => append_sid('smileys.' . PHP_EXT), 'DEFAULT_SMILEYS_PER_PAGE' => $window_columns * $window_rows, 'SELECT_SMILEYS_PP' => $select_smileys_pp, 'PAGINATION' => generate_pagination('posting.' . PHP_EXT . '?mode=smilies&smilies_per_page=' . $smilies_per_page, $num_smilies, $per_page, $start, false), 'S_SMILIES_COLSPAN' => $s_colspan)); } } $template->assign_vars(array('DISPLAY_MODE' => $mode == 'window' ? 'window' : 'inline')); if ($mode == 'window') { $template->pparse('smiliesbody'); page_footer(true, '', true); } }
/** * digest_md5 authentication method * A real pain in the *** */ function digest_md5($username, $password) { global $config, $lang; $this->server_send('AUTH DIGEST-MD5'); if ($err_msg = $this->server_parse('334', __LINE__)) { return $this->numeric_response_code == 503 ? false : $err_msg; } $md5_challenge = base64_decode($this->responses[0]); // Parse the md5 challenge - from AUTH_SASL (PEAR) $tokens = array(); while (preg_match('/^([a-z-]+)=("[^"]+(?<!\\\\)"|[^,]+)/i', $md5_challenge, $matches)) { // Ignore these as per rfc2831 if ($matches[1] == 'opaque' || $matches[1] == 'domain') { $md5_challenge = substr($md5_challenge, strlen($matches[0]) + 1); continue; } // Allowed multiple "realm" and "auth-param" if (!empty($tokens[$matches[1]]) && ($matches[1] == 'realm' || $matches[1] == 'auth-param')) { if (is_array($tokens[$matches[1]])) { $tokens[$matches[1]][] = preg_replace('/^"(.*)"$/', '\\1', $matches[2]); } else { $tokens[$matches[1]] = array($tokens[$matches[1]], preg_replace('/^"(.*)"$/', '\\1', $matches[2])); } } elseif (!empty($tokens[$matches[1]])) { $tokens = array(); break; } else { $tokens[$matches[1]] = preg_replace('/^"(.*)"$/', '\\1', $matches[2]); } // Remove the just parsed directive from the challenge $md5_challenge = substr($md5_challenge, strlen($matches[0]) + 1); } // Realm if (empty($tokens['realm'])) { $tokens['realm'] = function_exists('php_uname') ? php_uname('n') : extract_current_hostname(); } // Maxbuf if (empty($tokens['maxbuf'])) { $tokens['maxbuf'] = 65536; } // Required: nonce, algorithm if (empty($tokens['nonce']) || empty($tokens['algorithm'])) { $tokens = array(); } $md5_challenge = $tokens; if (!empty($md5_challenge)) { $str = ''; for ($i = 0; $i < 32; $i++) { $str .= chr(mt_rand(0, 255)); } $cnonce = base64_encode($str); $digest_uri = 'smtp/' . $config['smtp_host']; $auth_1 = sprintf('%s:%s:%s', pack('H32', md5(sprintf('%s:%s:%s', $username, $md5_challenge['realm'], $password))), $md5_challenge['nonce'], $cnonce); $auth_2 = 'AUTHENTICATE:' . $digest_uri; $response_value = md5(sprintf('%s:%s:00000001:%s:auth:%s', md5($auth_1), $md5_challenge['nonce'], $cnonce, md5($auth_2))); $input_string = sprintf('username="******",realm="%s",nonce="%s",cnonce="%s",nc="00000001",qop=auth,digest-uri="%s",response=%s,%d', $username, $md5_challenge['realm'], $md5_challenge['nonce'], $cnonce, $digest_uri, $response_value, $md5_challenge['maxbuf']); } else { return isset($lang['INVALID_DIGEST_CHALLENGE']) ? $lang['INVALID_DIGEST_CHALLENGE'] : 'Invalid digest challenge'; } $base64_method_digest_md5 = base64_encode($input_string); $this->server_send($base64_method_digest_md5, true); if ($err_msg = $this->server_parse('334', __LINE__)) { return $err_msg; } $this->server_send(' '); if ($err_msg = $this->server_parse('235', __LINE__)) { return $err_msg; } return false; }