Esempio n. 1
0
 /** A BogoLoginUser requires no password at all
  *  But if there's one stored, we override it with the PersonalPagePassUser instead
  */
 function checkPass($submitted_password)
 {
     if ($this->_prefs->get('passwd')) {
         if (isset($this->_prefs->_method) and $this->_prefs->_method == 'HomePage') {
             $user = new _PersonalPagePassUser($this->_userid, $this->_prefs);
             if ($user->checkPass($submitted_password)) {
                 if (!check_php_version(5)) {
                     eval("\$this = \$user;");
                 }
                 // /*PHP5 patch*/$this = $user;
                 $user = UpgradeUser($this, $user);
                 $this->_level = WIKIAUTH_USER;
                 return $this->_level;
             } else {
                 $this->_level = WIKIAUTH_ANON;
                 return $this->_level;
             }
         } else {
             $stored_password = $this->_prefs->get('passwd');
             if ($this->_checkPass($submitted_password, $stored_password)) {
                 $this->_level = WIKIAUTH_USER;
                 return $this->_level;
             } elseif (USER_AUTH_POLICY === 'strict') {
                 $this->_level = WIKIAUTH_FORBIDDEN;
                 return $this->_level;
             } else {
                 return $this->_tryNextPass($submitted_password);
             }
         }
     }
     if (isWikiWord($this->_userid)) {
         $this->_level = WIKIAUTH_BOGO;
     } else {
         $this->_level = WIKIAUTH_ANON;
     }
     return $this->_level;
 }
Esempio n. 2
0
 function _tryNextUser()
 {
     if (DEBUG & _DEBUG_LOGIN) {
         $class = strtolower(get_class($this));
         if (substr($class, -10) == "dbpassuser") {
             $class = "_dbpassuser";
         }
         $GLOBALS['USER_AUTH_ERROR'][$class] = 'nosuchuser';
     }
     if (USER_AUTH_POLICY === 'strict' or USER_AUTH_POLICY === 'stacked') {
         $class = $this->nextClass();
         while ($user = new $class($this->_userid, $this->_prefs)) {
             if (!check_php_version(5)) {
                 eval("\$this = \$user;");
             }
             $user = UpgradeUser($this, $user);
             if ($user->userExists()) {
                 $user = UpgradeUser($this, $user);
                 return true;
             }
             if ($class == "_ForbiddenPassUser") {
                 return false;
             }
             $class = $this->nextClass();
         }
     }
     return false;
 }
Esempio n. 3
0
 function WikiRequest()
 {
     $this->_dbi = WikiDB::open($GLOBALS['DBParams']);
     // first mysql request costs [958ms]! [670ms] is mysql_connect()
     if (in_array('File', $this->_dbi->getAuthParam('USER_AUTH_ORDER'))) {
         // force our local copy, until the pear version is fixed.
         include_once dirname(__FILE__) . "/pear/File_Passwd.php";
     }
     if (ENABLE_USER_NEW) {
         // Preload all necessary userclasses. Otherwise session => __PHP_Incomplete_Class_Name
         // There's no way to demand-load it later. This way it's much slower, but needs slightly
         // less memory than loading all.
         if (ALLOW_BOGO_LOGIN) {
             include_once "lib/WikiUser/BogoLogin.php";
         }
         // UserPreferences POST Update doesn't reach this.
         foreach ($GLOBALS['USER_AUTH_ORDER'] as $method) {
             include_once "lib/WikiUser/{$method}.php";
             if ($method == 'Db') {
                 switch (DATABASE_TYPE) {
                     case 'SQL':
                         include_once "lib/WikiUser/PearDb.php";
                         break;
                     case 'ADODB':
                         include_once "lib/WikiUser/AdoDb.php";
                         break;
                     case 'PDO':
                         include_once "lib/WikiUser/PdoDb.php";
                         break;
                 }
             }
         }
         unset($method);
     }
     if (USE_DB_SESSION) {
         include_once 'lib/DbSession.php';
         $dbi =& $this->_dbi;
         $this->_dbsession = new DbSession($dbi, $dbi->getParam('prefix') . $dbi->getParam('db_session_table'));
     }
     // Fixme: Does pear reset the error mask to 1? We have to find the culprit
     //$x = error_reporting();
     $this->version = phpwiki_version();
     $this->Request();
     // [90ms]
     // Normalize args...
     $this->setArg('pagename', $this->_deducePagename());
     $this->setArg('action', $this->_deduceAction());
     if (DEBUG & _DEBUG_SQL or DATABASE_OPTIMISE_FREQUENCY > 0 and time() % DATABASE_OPTIMISE_FREQUENCY == 0) {
         if ($this->_dbi->_backend->optimize()) {
             trigger_error(_("Optimizing database"), E_USER_NOTICE);
         }
     }
     // Restore auth state. This doesn't check for proper authorization!
     $userid = $this->_deduceUsername();
     if (ENABLE_USER_NEW) {
         if (isset($this->_user) and !empty($this->_user->_authhow) and $this->_user->_authhow == 'session') {
             // users might switch in a session between the two objects.
             // restore old auth level here or in updateAuthAndPrefs?
             //$user = $this->getSessionVar('wiki_user');
             // revive db handle, because these don't survive sessions
             if (isset($this->_user) and (!isa($this->_user, WikiUserClassname()) or strtolower(get_class($this->_user)) == '_passuser')) {
                 $this->_user = WikiUser($userid, $this->_user->_prefs);
             }
             // revive other db handle
             if (isset($this->_user->_prefs->_method) and ($this->_user->_prefs->_method == 'SQL' or $this->_user->_prefs->_method == 'ADODB' or $this->_user->_prefs->_method == 'PDO' or $this->_user->_prefs->_method == 'HomePage')) {
                 $this->_user->_HomePagehandle = $this->getPage($userid);
             }
             // need to update the lockfile filehandle
             if (isa($this->_user, '_FilePassUser') and $this->_user->_file->lockfile and !$this->_user->_file->fplock) {
                 //$level = $this->_user->_level;
                 $this->_user = UpgradeUser($this->_user, new _FilePassUser($userid, $this->_user->_prefs, $this->_user->_file->filename));
                 //$this->_user->_level = $level;
             }
             $this->_prefs =& $this->_user->_prefs;
         } else {
             $user = WikiUser($userid);
             $this->_user =& $user;
             $this->_prefs =& $this->_user->_prefs;
         }
     } else {
         $this->_user = new WikiUser($this, $userid);
         $this->_prefs = $this->_user->getPreferences();
     }
 }
Esempio n. 4
0
 function userExists()
 {
     //if ($this->_HomePagehandle) return true;
     $class = $this->nextClass();
     while ($user = new $class($this->_userid, $this->_prefs)) {
         if (!check_php_version(5)) {
             eval("\$this = \$user;");
         }
         // /*PHP5 patch*/$this = $user;
         UpgradeUser($this, $user);
         if ($user->userExists()) {
             return true;
         }
         // prevent endless loop. does this work on all PHP's?
         // it just has to set the classname, what it correctly does.
         $class = $user->nextClass();
         if ($class == "_ForbiddenPassUser") {
             return false;
         }
     }
     return false;
 }
Esempio n. 5
0
 function userExists()
 {
     $this->_userid = trim($this->_userid);
     $userid = $this->_userid;
     if (strstr($userid, '*')) {
         trigger_error(fmt("Invalid username '%s' for LDAP Auth", $userid), E_USER_WARNING);
         return false;
     }
     if ($ldap = $this->_init()) {
         // Need to set the right root search information. see ../index.php
         $st_search = $this->_searchparam($userid);
         if (!($this->_sr = ldap_search($ldap, LDAP_BASE_DN, $st_search))) {
             $this->_free();
             return $this->_tryNextUser();
         }
         $info = ldap_get_entries($ldap, $this->_sr);
         if ($info["count"] > 0) {
             $this->_free();
             UpgradeUser($GLOBALS['ForbiddenUser'], $this);
             return true;
         }
     }
     $this->_free();
     return $this->_tryNextUser();
 }