public function switchAction($action, $httpVars, $fileVars) { if (!isset($this->actions[$action])) { return; } $mess = ConfService::getMessages(); switch ($action) { //------------------------------------ // CHANGE USER PASSWORD //------------------------------------ case "pass_change": $userObject = AuthService::getLoggedUser(); if ($userObject == null || $userObject->getId() == "guest") { header("Content-Type:text/plain"); print "SUCCESS"; } $oldPass = $httpVars["old_pass"]; $newPass = $httpVars["new_pass"]; $passSeed = $httpVars["pass_seed"]; if (AuthService::checkPassword($userObject->getId(), $oldPass, false, $passSeed)) { AuthService::updatePassword($userObject->getId(), $newPass); } else { header("Content-Type:text/plain"); print "PASS_ERROR"; } header("Content-Type:text/plain"); print "SUCCESS"; break; default: break; } return ""; }
public function switchAction($action, $httpVars, $fileVars) { if (!isset($this->actions[$action])) { return; } switch ($action) { case "get_secure_token": HTMLWriter::charsetHeader("text/plain"); print AuthService::generateSecureToken(); //exit(0); break; //------------------------------------ // CHANGE USER PASSWORD //------------------------------------ //------------------------------------ // CHANGE USER PASSWORD //------------------------------------ case "pass_change": $userObject = AuthService::getLoggedUser(); if ($userObject == null || $userObject->getId() == "guest") { header("Content-Type:text/plain"); print "SUCCESS"; break; } $oldPass = $httpVars["old_pass"]; $newPass = $httpVars["new_pass"]; $passSeed = $httpVars["pass_seed"]; if (strlen($newPass) < ConfService::getCoreConf("PASSWORD_MINLENGTH", "auth")) { header("Content-Type:text/plain"); print "PASS_ERROR"; break; } if (AuthService::checkPassword($userObject->getId(), $oldPass, false, $passSeed)) { AuthService::updatePassword($userObject->getId(), $newPass); if ($userObject->getLock() == "pass_change") { $userObject->removeLock(); $userObject->save("superuser"); } } else { header("Content-Type:text/plain"); print "PASS_ERROR"; break; } header("Content-Type:text/plain"); print "SUCCESS"; break; default: break; } return ""; }
/** * Log the user from its credentials * @static * @param string $user_id The user id * @param string $pwd The password * @param bool $bypass_pwd Ignore password or not * @param bool $cookieLogin Is it a logging from the remember me cookie? * @param string $returnSeed The unique seed * @return int */ static function logUser($user_id, $pwd, $bypass_pwd = false, $cookieLogin = false, $returnSeed = "") { $user_id = self::filterUserSensitivity($user_id); if ($cookieLogin && !isset($_COOKIE["AjaXplorer-remember"])) { return -5; // SILENT IGNORE } if ($cookieLogin) { list($user_id, $pwd) = explode(":", $_COOKIE["AjaXplorer-remember"]); } $confDriver = ConfService::getConfStorageImpl(); if ($user_id == null) { if (isset($_SESSION["AJXP_USER"]) && is_object($_SESSION["AJXP_USER"])) { return 1; } if (ConfService::getCoreConf("ALLOW_GUEST_BROWSING", "auth")) { $authDriver = ConfService::getAuthDriverImpl(); if (!$authDriver->userExists("guest")) { AuthService::createUser("guest", ""); $guest = $confDriver->createUserObject("guest"); $guest->save("superuser"); } AuthService::logUser("guest", null); return 1; } return 0; } $authDriver = ConfService::getAuthDriverImpl(); // CHECK USER PASSWORD HERE! $loginAttempt = AuthService::getBruteForceLoginArray(); $bruteForceLogin = AuthService::checkBruteForceLogin($loginAttempt); AuthService::setBruteForceLoginArray($loginAttempt); if (!$authDriver->userExists($user_id)) { if ($bruteForceLogin === FALSE) { return -4; } else { return 0; } } if (!$bypass_pwd) { if (!AuthService::checkPassword($user_id, $pwd, $cookieLogin, $returnSeed)) { if ($bruteForceLogin === FALSE) { return -4; } else { if ($cookieLogin) { return -5; } return -1; } } } // Successful login attempt unset($loginAttempt[$_SERVER["REMOTE_ADDR"]]); AuthService::setBruteForceLoginArray($loginAttempt); // Setting session credentials if asked in config if (ConfService::getCoreConf("SESSION_SET_CREDENTIALS", "auth")) { list($authId, $authPwd) = $authDriver->filterCredentials($user_id, $pwd); AJXP_Safe::storeCredentials($authId, $authPwd); } $user = $confDriver->createUserObject($user_id); if ($authDriver->isAjxpAdmin($user_id)) { $user->setAdmin(true); } if ($user->isAdmin()) { $user = AuthService::updateAdminRights($user); } else { if (!$user->hasParent() && $user_id != "guest") { //$user->setRight("ajxp_shared", "rw"); } } $_SESSION["AJXP_USER"] = $user; if ($authDriver->autoCreateUser() && !$user->storageExists()) { $user->save("superuser"); // make sure update rights now } AJXP_Logger::logAction("Log In"); return 1; }
function switchAction($action, $httpVars, $fileVars) { if (!isset($this->actions[$action])) { return; } $xmlBuffer = ""; foreach ($httpVars as $getName => $getValue) { ${$getName} = Utils::securePath($getValue); } if (isset($dir) && $action != "upload") { $dir = SystemTextEncoding::fromUTF8($dir); } $mess = ConfService::getMessages(); switch ($action) { //------------------------------------ // SWITCH THE ROOT REPOSITORY //------------------------------------ case "switch_root_dir": if (!isset($root_dir_index)) { break; } $dirList = ConfService::getRootDirsList(); if (!isset($dirList[$root_dir_index])) { $errorMessage = "Trying to switch to an unkown folder!"; break; } ConfService::switchRootDir($root_dir_index); $logMessage = "Successfully Switched!"; AJXP_Logger::logAction("Switch Repository", array("rep. id" => $root_dir_index)); break; //------------------------------------ // GET AN HTML TEMPLATE //------------------------------------ //------------------------------------ // GET AN HTML TEMPLATE //------------------------------------ case "get_template": header("Content-type:text/html; charset:UTF-8"); if (isset($template_name) && is_file(CLIENT_RESOURCES_FOLDER . "/html/" . $template_name)) { if ($template_name == "gui_tpl.html") { include CLIENT_RESOURCES_FOLDER . "/html/usertemplate_top.html"; } include CLIENT_RESOURCES_FOLDER . "/html/" . $template_name; if ($template_name == "gui_tpl.html") { include CLIENT_RESOURCES_FOLDER . "/html/usertemplate_bottom.html"; } } exit(0); break; //------------------------------------ // GET I18N MESSAGES //------------------------------------ //------------------------------------ // GET I18N MESSAGES //------------------------------------ case "get_i18n_messages": header("Content-type:text/javascript"); HTMLWriter::writeI18nMessagesClass(ConfService::getMessages()); exit(0); break; //------------------------------------ // BOOKMARK BAR //------------------------------------ //------------------------------------ // BOOKMARK BAR //------------------------------------ case "get_bookmarks": $bmUser = null; if (AuthService::usersEnabled() && AuthService::getLoggedUser() != null) { $bmUser = AuthService::getLoggedUser(); } else { if (!AuthService::usersEnabled()) { $confStorage = ConfService::getConfStorageImpl(); $bmUser = $confStorage->createUserObject("shared"); } } if ($bmUser == null) { exit(1); } if (isset($_GET["bm_action"]) && isset($_GET["bm_path"])) { if ($_GET["bm_action"] == "add_bookmark") { $title = ""; if (isset($_GET["title"])) { $title = $_GET["title"]; } if ($title == "" && $_GET["bm_path"] == "/") { $title = ConfService::getCurrentRootDirDisplay(); } $bmUser->addBookMark($_GET["bm_path"], $title); } else { if ($_GET["bm_action"] == "delete_bookmark") { $bmUser->removeBookmark($_GET["bm_path"]); } else { if ($_GET["bm_action"] == "rename_bookmark" && isset($_GET["bm_title"])) { $bmUser->renameBookmark($_GET["bm_path"], $_GET["bm_title"]); } } } } if (AuthService::usersEnabled() && AuthService::getLoggedUser() != null) { $bmUser->save(); AuthService::updateUser($bmUser); } else { if (!AuthService::usersEnabled()) { $bmUser->save(); } } AJXP_XMLWriter::header(); AJXP_XMLWriter::writeBookmarks($bmUser->getBookmarks()); AJXP_XMLWriter::close(); exit(1); break; //------------------------------------ // SAVE USER PREFERENCE //------------------------------------ //------------------------------------ // SAVE USER PREFERENCE //------------------------------------ case "save_user_pref": $userObject = AuthService::getLoggedUser(); if ($userObject == null) { exit(1); } $i = 0; while (isset($_GET["pref_name_" . $i]) && isset($_GET["pref_value_" . $i])) { $prefName = $_GET["pref_name_" . $i]; $prefValue = $_GET["pref_value_" . $i]; if ($prefName != "password") { $userObject->setPref($prefName, $prefValue); $userObject->save(); AuthService::updateUser($userObject); setcookie("AJXP_{$prefName}", $prefValue); } else { if (isset($_GET["crt"]) && AuthService::checkPassword($userObject->getId(), $_GET["crt"], false, $_GET["pass_seed"])) { AuthService::updatePassword($userObject->getId(), $prefValue); } else { //$errorMessage = "Wrong password!"; header("Content-Type:text/plain"); print "PASS_ERROR"; exit(1); } } $i++; } header("Content-Type:text/plain"); print "SUCCESS"; exit(1); break; //------------------------------------ // DISPLAY DOC //------------------------------------ //------------------------------------ // DISPLAY DOC //------------------------------------ case "display_doc": header("Content-type:text/html; charset:UTF-8"); echo HTMLWriter::getDocFile(htmlentities($_GET["doc_file"])); exit(1); break; default: break; } if (isset($logMessage) || isset($errorMessage)) { $xmlBuffer .= AJXP_XMLWriter::sendMessage(isset($logMessage) ? $logMessage : null, isset($errorMessage) ? $errorMessage : null, false); } if (isset($requireAuth)) { $xmlBuffer .= AJXP_XMLWriter::requireAuth(false); } if (isset($reload_current_node) && $reload_current_node == "true") { $xmlBuffer .= AJXP_XMLWriter::reloadCurrentNode(false); } if (isset($reload_dest_node) && $reload_dest_node != "") { $xmlBuffer .= AJXP_XMLWriter::reloadNode($reload_dest_node, false); } if (isset($reload_file_list)) { $xmlBuffer .= AJXP_XMLWriter::reloadFileList($reload_file_list, false); } return $xmlBuffer; }
function logUser($user_id, $pwd, $bypass_pwd = false, $cookieLogin = false, $returnSeed = "") { $confDriver = ConfService::getConfStorageImpl(); if ($user_id == null) { if (isset($_SESSION["AJXP_USER"]) && is_object($_SESSION["AJXP_USER"])) { return 1; } if (ALLOW_GUEST_BROWSING) { $authDriver = ConfService::getAuthDriverImpl(); if (!$authDriver->userExists("guest")) { AuthService::createUser("guest", ""); $guest = $confDriver->createUserObject("guest"); $guest->save(); } AuthService::logUser("guest", null); return 1; } return 0; } $authDriver = ConfService::getAuthDriverImpl(); // CHECK USER PASSWORD HERE! $loginAttempt = AuthService::getBruteForceLoginArray(); $bruteForceLogin = AuthService::checkBruteForceLogin($loginAttempt); AuthService::setBruteForceLoginArray($loginAttempt); if ($bruteForceLogin === FALSE) { return -1; } if (!$authDriver->userExists($user_id)) { return 0; } if (!$bypass_pwd) { if (!AuthService::checkPassword($user_id, $pwd, $cookieLogin, $returnSeed)) { return -1; } } // Successful login attempt unset($loginAttempt[$_SERVER["REMOTE_ADDR"]]); AuthService::setBruteForceLoginArray($loginAttempt); $user = $confDriver->createUserObject($user_id); if ($authDriver->isAjxpAdmin($user_id)) { $user->setAdmin(true); } if ($user->isAdmin()) { $user = AuthService::updateAdminRights($user); } $_SESSION["AJXP_USER"] = $user; if ($authDriver->autoCreateUser() && !$user->storageExists()) { $user->save(); } AJXP_Logger::logAction("Log In"); return 1; }
public function switchAction($action, $httpVars, $fileVars) { if (!isset($this->actions[$action])) { return; } $mess = ConfService::getMessages(); switch ($action) { case "login": if (!AuthService::usersEnabled()) { return; } $rememberLogin = ""; $rememberPass = ""; $secureToken = ""; $loggedUser = null; include_once AJXP_BIN_FOLDER . "/class.CaptchaProvider.php"; if (AuthService::suspectBruteForceLogin() && (!isset($httpVars["captcha_code"]) || !CaptchaProvider::checkCaptchaResult($httpVars["captcha_code"]))) { $loggingResult = -4; } else { $userId = isset($httpVars["userid"]) ? trim($httpVars["userid"]) : null; $userPass = isset($httpVars["password"]) ? trim($httpVars["password"]) : null; $rememberMe = isset($httpVars["remember_me"]) && $httpVars["remember_me"] == "true" ? true : false; $cookieLogin = isset($httpVars["cookie_login"]) ? true : false; $loggingResult = AuthService::logUser($userId, $userPass, false, $cookieLogin, $httpVars["login_seed"]); if ($rememberMe && $loggingResult == 1) { $rememberLogin = "******"; $rememberPass = "******"; $loggedUser = AuthService::getLoggedUser(); } if ($loggingResult == 1) { session_regenerate_id(true); $secureToken = AuthService::generateSecureToken(); } if ($loggingResult < 1 && AuthService::suspectBruteForceLogin()) { $loggingResult = -4; // Force captcha reload } } $loggedUser = AuthService::getLoggedUser(); if ($loggedUser != null) { $force = $loggedUser->mergedRole->filterParameterValue("core.conf", "DEFAULT_START_REPOSITORY", AJXP_REPO_SCOPE_ALL, -1); $passId = -1; if (isset($httpVars["tmp_repository_id"])) { $passId = $httpVars["tmp_repository_id"]; } else { if ($force != "" && $loggedUser->canSwitchTo($force) && !isset($httpVars["tmp_repository_id"]) && !isset($_SESSION["PENDING_REPOSITORY_ID"])) { $passId = $force; } } $res = ConfService::switchUserToActiveRepository($loggedUser, $passId); if (!$res) { AuthService::disconnect(); $loggingResult = -3; } } if ($loggedUser != null && (AuthService::hasRememberCookie() || isset($rememberMe) && $rememberMe == true)) { AuthService::refreshRememberCookie($loggedUser); } AJXP_XMLWriter::header(); AJXP_XMLWriter::loggingResult($loggingResult, $rememberLogin, $rememberPass, $secureToken); AJXP_XMLWriter::close(); break; //------------------------------------ // CHANGE USER PASSWORD //------------------------------------ //------------------------------------ // CHANGE USER PASSWORD //------------------------------------ case "pass_change": $userObject = AuthService::getLoggedUser(); if ($userObject == null || $userObject->getId() == "guest") { header("Content-Type:text/plain"); print "SUCCESS"; break; } $oldPass = $httpVars["old_pass"]; $newPass = $httpVars["new_pass"]; $passSeed = $httpVars["pass_seed"]; if (strlen($newPass) < ConfService::getCoreConf("PASSWORD_MINLENGTH", "auth")) { header("Content-Type:text/plain"); print "PASS_ERROR"; break; } if (AuthService::checkPassword($userObject->getId(), $oldPass, false, $passSeed)) { AuthService::updatePassword($userObject->getId(), $newPass); if ($userObject->getLock() == "pass_change") { $userObject->removeLock(); $userObject->save("superuser"); } } else { header("Content-Type:text/plain"); print "PASS_ERROR"; break; } header("Content-Type:text/plain"); print "SUCCESS"; break; case "logout": AuthService::disconnect(); $loggingResult = 2; session_destroy(); AJXP_XMLWriter::header(); AJXP_XMLWriter::loggingResult($loggingResult, null, null, null); AJXP_XMLWriter::close(); break; case "get_seed": $seed = AuthService::generateSeed(); if (AuthService::suspectBruteForceLogin()) { HTMLWriter::charsetHeader('application/json'); print json_encode(array("seed" => $seed, "captcha" => true)); } else { HTMLWriter::charsetHeader("text/plain"); print $seed; } //exit(0); break; case "get_secure_token": HTMLWriter::charsetHeader("text/plain"); print AuthService::generateSecureToken(); //exit(0); break; case "get_captcha": include_once AJXP_BIN_FOLDER . "/class.CaptchaProvider.php"; CaptchaProvider::sendCaptcha(); //exit(0) ; break; case "back": AJXP_XMLWriter::header("url"); echo AuthService::getLogoutAddress(false); AJXP_XMLWriter::close("url"); //exit(1); break; default: break; } return ""; }
protected function validateUserPass($username, $password) { // Warning, this can only work if TRANSMIT_CLEAR_PASS is true; return AuthService::checkPassword($username, $password, false, -1); }
function switchAction($action, $httpVars, $fileVars) { if (!isset($this->actions[$action])) { return; } $xmlBuffer = ""; foreach ($httpVars as $getName => $getValue) { ${$getName} = AJXP_Utils::securePath($getValue); } if (isset($dir) && $action != "upload") { $dir = SystemTextEncoding::fromUTF8($dir); } $mess = ConfService::getMessages(); switch ($action) { //------------------------------------ // SWITCH THE ROOT REPOSITORY //------------------------------------ case "switch_repository": if (!isset($repository_id)) { break; } $dirList = ConfService::getRootDirsList(); if (!isset($dirList[$repository_id])) { $errorMessage = "Trying to switch to an unkown repository!"; break; } ConfService::switchRootDir($repository_id); // Load try to init the driver now, to trigger an exception // if it's not loading right. ConfService::loadRepositoryDriver(); if (AuthService::usersEnabled() && AuthService::getLoggedUser() != null) { $user = AuthService::getLoggedUser(); $activeRepId = ConfService::getCurrentRootDirIndex(); $user->setArrayPref("history", "last_repository", $activeRepId); $user->save(); } //$logMessage = "Successfully Switched!"; AJXP_Logger::logAction("Switch Repository", array("rep. id" => $repository_id)); break; //------------------------------------ // BOOKMARK BAR //------------------------------------ //------------------------------------ // BOOKMARK BAR //------------------------------------ case "get_bookmarks": $bmUser = null; if (AuthService::usersEnabled() && AuthService::getLoggedUser() != null) { $bmUser = AuthService::getLoggedUser(); } else { if (!AuthService::usersEnabled()) { $confStorage = ConfService::getConfStorageImpl(); $bmUser = $confStorage->createUserObject("shared"); } } if ($bmUser == null) { exit(1); } if (isset($_GET["bm_action"]) && isset($_GET["bm_path"])) { if ($_GET["bm_action"] == "add_bookmark") { $title = ""; if (isset($_GET["title"])) { $title = $_GET["title"]; } if ($title == "" && $_GET["bm_path"] == "/") { $title = ConfService::getCurrentRootDirDisplay(); } $bmUser->addBookMark($_GET["bm_path"], $title); } else { if ($_GET["bm_action"] == "delete_bookmark") { $bmUser->removeBookmark($_GET["bm_path"]); } else { if ($_GET["bm_action"] == "rename_bookmark" && isset($_GET["bm_title"])) { $bmUser->renameBookmark($_GET["bm_path"], $_GET["bm_title"]); } } } } if (AuthService::usersEnabled() && AuthService::getLoggedUser() != null) { $bmUser->save(); AuthService::updateUser($bmUser); } else { if (!AuthService::usersEnabled()) { $bmUser->save(); } } AJXP_XMLWriter::header(); AJXP_XMLWriter::writeBookmarks($bmUser->getBookmarks()); AJXP_XMLWriter::close(); exit(1); break; //------------------------------------ // SAVE USER PREFERENCE //------------------------------------ //------------------------------------ // SAVE USER PREFERENCE //------------------------------------ case "save_user_pref": $userObject = AuthService::getLoggedUser(); if ($userObject == null) { exit(1); } $i = 0; while (isset($_GET["pref_name_" . $i]) && isset($_GET["pref_value_" . $i])) { $prefName = $_GET["pref_name_" . $i]; $prefValue = stripslashes($_GET["pref_value_" . $i]); if ($prefName != "password") { $userObject->setPref($prefName, $prefValue); $userObject->save(); AuthService::updateUser($userObject); setcookie("AJXP_{$prefName}", $prefValue); } else { if (isset($_GET["crt"]) && AuthService::checkPassword($userObject->getId(), $_GET["crt"], false, $_GET["pass_seed"])) { AuthService::updatePassword($userObject->getId(), $prefValue); } else { //$errorMessage = "Wrong password!"; header("Content-Type:text/plain"); print "PASS_ERROR"; exit(1); } } $i++; } header("Content-Type:text/plain"); print "SUCCESS"; exit(1); break; default: break; } if (isset($logMessage) || isset($errorMessage)) { $xmlBuffer .= AJXP_XMLWriter::sendMessage(isset($logMessage) ? $logMessage : null, isset($errorMessage) ? $errorMessage : null, false); } if (isset($requireAuth)) { $xmlBuffer .= AJXP_XMLWriter::requireAuth(false); } return $xmlBuffer; }