Exemple #1
0
function HandleCrypt($pagename, $auth='read') {
  global $ScriptUrl,$HTMLStartFmt,$HTMLEndFmt;
  PrintFmt($pagename,$HTMLStartFmt);
  $passwd = stripmagic(@$_POST["passwd"]);
  echo FmtPageName(
    "<form action='{\$ScriptUrl}' method='POST'><p>
      Enter password to encrypt: 
      <input type='text' name='passwd' value='"
      . PHSC($passwd, ENT_QUOTES) ."' />
      <input type='submit' />
      <input type='hidden' name='n' value='{\$FullName}' />
      <input type='hidden' name='action' value='crypt' /></p></form>",
    $pagename);
  if ($passwd) { 
    $crypt = pmcrypt($passwd);
    echo "<p class='vspace'>Encrypted password = $crypt</p>"; 
    echo "<p class='vspace'>To set a site-wide password, insert the line below
      in your <i>config.php</i> file, <br />replacing <tt>'type'</tt> with
      one of <tt>'admin'</tt>, <tt>'read'</tt>, <tt>'edit'</tt>,
      or <tt>'attr'</tt>.  <br />See <a 
      href='$ScriptUrl?n=PmWiki.PasswordsAdmin'>PasswordsAdmin</a> for more
      details.</p>
      <pre class='vspace'>  \$DefaultPasswords['type']='$crypt';</pre>";
  }
  PrintFmt($pagename,$HTMLEndFmt);
}
Exemple #2
0
function _crypt($plain, $salt = null)
{
    if (strncmp($salt, '{SHA}', 5) == 0) {
        return '{SHA}' . base64_encode(pack('H*', sha1($plain)));
    }
    if (strncmp($salt, '$apr1$', 6) == 0) {
        preg_match('/^\\$apr1\\$([^$]+)/', $salt, $match);
        $salt = $match[1];
        $length = strlen($plain);
        $context = $plain . '$apr1$' . $salt;
        $binary = pack('H32', md5($plain . $salt . $plain));
        for ($i = $length; $i > 0; $i -= 16) {
            $context .= substr($binary, 0, min(16, $i));
        }
        for ($i = $length; $i > 0; $i >>= 1) {
            $context .= $i & 1 ? chr(0) : $plain[0];
        }
        $binary = pack('H32', md5($context));
        for ($i = 0; $i < 1000; $i++) {
            $new = $i & 1 ? $plain : $binary;
            if ($i % 3) {
                $new .= $salt;
            }
            if ($i % 7) {
                $new .= $plain;
            }
            $new .= $i & 1 ? $binary : $plain;
            $binary = pack('H32', md5($new));
        }
        $q = '';
        for ($i = 0; $i < 5; $i++) {
            $k = $i + 6;
            $j = $i + 12;
            if ($j == 16) {
                $j = 5;
            }
            $q = $binary[$i] . $binary[$k] . $binary[$j] . $q;
        }
        $q = chr(0) . chr(0) . $binary[11] . $q;
        $q = strtr(strrev(substr(base64_encode($q), 2)), 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/', './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz');
        return "\$apr1\${$salt}\${$q}";
    }
    if (md5($plain) == $salt) {
        return $salt;
    }
    return pmcrypt($plain, $salt);
}
Exemple #3
0
function HandlePostAttr($pagename, $auth = 'attr') {
  global $PageAttributes, $EnablePostAttrClearSession;
  Lock(2);
  $page = RetrieveAuthPage($pagename, $auth, true);
  if (!$page) { Abort("?unable to read $pagename"); }
  foreach($PageAttributes as $attr=>$p) {
    $v = stripmagic(@$_POST[$attr]);
    if ($v == '') continue;
    if ($v=='clear') unset($page[$attr]);
    else if (strncmp($attr, 'passwd', 6) != 0) $page[$attr] = $v;
    else {
      $a = array();
      preg_match_all('/"[^"]*"|\'[^\']*\'|\\S+/', $v, $match);
      foreach($match[0] as $pw) 
        $a[] = preg_match('/^(@|\\w+:)/', $pw) ? $pw 
                   : pmcrypt(preg_replace('/^([\'"])(.*)\\1$/', '$2', $pw));
      if ($a) $page[$attr] = implode(' ',$a);
    }
  }
  WritePage($pagename,$page);
  Lock(0);
  if (IsEnabled($EnablePostAttrClearSession, 1)) {
    @session_start();
    unset($_SESSION['authid']);
    unset($_SESSION['authlist']);
    $_SESSION['authpw'] = array();
  }
  Redirect($pagename);
  exit;
}