function plugin_md5_action()
{
global $get, $post;
if (PKWK_SAFE_MODE || PKWK_READONLY) {
die_message('Prohibited by admin');
}
// Wait POST
$phrase = isset($post['phrase']) ? $post['phrase'] : '';
if ($phrase == '') {
// Show the form
// If plugin=md5&md5=password, only set it (Don't compute)
$value = isset($get['md5']) ? $get['md5'] : '';
return array('msg' => 'Compute userPassword', 'body' => plugin_md5_show_form(isset($post['phrase']), $value));
} else {
// Compute (Don't show its $phrase at the same time)
$prefix = isset($post['prefix']);
$salt = isset($post['salt']) ? $post['salt'] : '';
// With scheme-prefix or not
if (!preg_match('/^\\{.+\\}.*$/', $salt)) {
$scheme = isset($post['scheme']) ? '{' . $post['scheme'] . '}' : '';
$salt = $scheme . $salt;
}
return array('msg' => 'Result', 'body' => pkwk_hash_compute($phrase, $salt, $prefix, true));
}
}
function check_passwd($pass, $storedhash)
{
$scheme = '';
if (preg_match('/^(\\{.+\\})(.*)$/', $storedhash, $matches)) {
$scheme =& $matches[1];
$hash =& $matches[2];
}
if ($scheme === '{PHPASS}') {
require_once LIB_DIR . 'PasswordHash.php';
$t_hasher = new PasswordHash(8, TRUE);
return $t_hasher->CheckPassword($pass, $hash);
} else {
return pkwk_hash_compute($pass, $storedhash) == $storedhash;
}
}
function plugin_monobook_login_action()
{
global $vars, $auth_users, $_msg_auth, $_monobook_login_messages;
if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['HTTP_AUTHORIZATION'])) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
}
if (auth::check_role('readonly') || !isset($_SERVER['PHP_AUTH_USER']) || !isset($auth_users[$_SERVER['PHP_AUTH_USER']]) || !isset($_SERVER['PHP_AUTH_PW']) || pkwk_hash_compute($_SERVER['PHP_AUTH_PW'], $auth_users[$_SERVER['PHP_AUTH_USER']]) !== $auth_users[$_SERVER['PHP_AUTH_USER']]) {
pkwk_common_headers();
header('WWW-Authenticate: Basic realm="' . $_msg_auth . '"');
header('HTTP/1.0 401 Unauthorized');
$msg = $_monobook_login_messages['auth_failed'];
return array('msg' => $msg, 'body' => '<p>' . $msg . '</p>');
} elseif (isset($vars['refer']) && is_page($vars['refer'])) {
header('Location: ' . get_script_uri() . '?' . rawurlencode($vars['refer']));
}
return;
}
function plugin_qhmsetting_admin_confirm()
{
global $vars, $script;
global $auth_users, $username, $passwd;
// --------------------------------------------
// 直接のアクセスを拒否する
if (!isset($vars['from']) || $vars['from'] != 'admin_form') {
return 'このページへの直接アクセスは、無効です。';
}
// -----------------------------------
// validation check
// -----------------------------------
$error = '';
//ユーザーの重複を探すために
unset($auth_users[$username]);
if (isset($auth_users[$vars['qhmsetting']['username']])) {
$error .= '他のユーザーと名前が重複しています<br />';
}
if ($passwd != pkwk_hash_compute($vars['qhmsetting']['password'])) {
$error .= '現在のパスワードと、一致しません<br />';
}
if (!ctype_alnum($vars['qhmsetting']['username'])) {
$error .= 'ユーザー名は、半角英数のみで入力してください<br />';
}
if ($vars['qhmsetting']['password1'] != $vars['qhmsetting']['password2']) {
$error .= '新パスワードが一致しません<br />';
}
if (!preg_match(PLUGIN_QHMSETTING_ALLOW_PASSWD_PATTERN, $vars['qhmsetting']['password1'])) {
$error .= 'パスワードは、英数半角と一部の記号のみ(スペース不可)で入力してください<br />';
}
if (strlen($vars['qhmsetting']['password1']) < 6) {
$error .= 'パスワードは、6文字以上を設定してください<br />';
}
$email_match = '/^([a-z0-9_]|\\-|\\.|\\+)+@(([a-z0-9_]|\\-)+\\.)+[a-z]{2,6}$/i';
if (!preg_match($email_match, $vars['qhmsetting']['admin_email'])) {
$error .= 'メールアドレスを正しく、入力してください<br />';
}
if ($error != '') {
return plugin_qhmsetting_admin_form($error);
}
// -----------------------------------
// process from here
// -----------------------------------
// $password = md5($vars['qhmsetting']['password1']);
$password = $vars['qhmsetting']['password1'];
$body = <<<EOD
<h2>ユーザー設定の確認</h2>
<p>以下の内容でよろしいでしょうか?</p>
<ul class="nav nav-stacked">
\t<li><label>ユーザー名 : </label><span style="font-size:24px">{$vars['qhmsetting']['username']}</span></li>
\t<li><label>パスワード : </label>***********</li>
\t<li><label>メールアドレス : </label><span style="font-size:24px">{$vars['qhmsetting']['admin_email']}</span></li>
</ul>
<form method="post" action="{$script}">
<p style="text-align:center"><input type="button" value="戻る" onclick="history.back();" class="btn btn-default" /> <input type="submit" value="設定する" class="btn btn-primary" /></p>
<input type="hidden" name="phase" value="admin" />
<input type="hidden" name="mode" value="msg" />
<input type="hidden" name="plugin" value="qhmsetting" />
<input type="hidden" name="from" value="admin_form" />
<input type="hidden" name="qhmsetting[username]" value="{$vars['qhmsetting']['username']}" />
<input type="hidden" name="qhmsetting[password]" value="{$password}" />
<input type="hidden" name="qhmsetting[admin_email]" value="{$vars['qhmsetting']['admin_email']}" />
<input type="hidden" name="qhmsetting[old_password]" value="{$vars['qhmsetting']['password']}" />
</form>
EOD;
return $body;
}
/**
* 認証 (PukiWikiの設定に準ずる)
* @static
*/
function auth_pw($auth_users)
{
$user = '';
foreach (array('PHP_AUTH_USER', 'AUTH_USER') as $x) {
if (isset($_SERVER[$x])) {
$ms = explode('\\', $_SERVER[$x]);
if (count($ms) == 3) {
$user = $ms[2];
// DOMAIN\\USERID
} else {
$user = $_SERVER[$x];
}
break;
}
}
$pass = '';
foreach (array('PHP_AUTH_PW', 'AUTH_PASSWORD', 'HTTP_AUTHORIZATION') as $x) {
if (!empty($_SERVER[$x])) {
if ($x == 'HTTP_AUTHORIZATION') {
// NTLM対応 (domain, login, host, pass)
$tmp_ntlm = auth::ntlm_decode();
if ($tmp_ntlm[3] == '') {
continue;
}
if (empty($user)) {
$user = $tmp_ntlm[1];
}
$pass = $tmp_ntlm[3];
unset($tmp_ntml);
break;
}
$pass = $_SERVER[$x];
break;
}
}
if (empty($user) && empty($pass)) {
return 0;
}
if (empty($auth_users[$user][0])) {
return 0;
}
if (pkwk_hash_compute($pass, $auth_users[$user][0]) !== $auth_users[$user][0]) {
return 0;
}
return 1;
}
function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot)
{
global $auth_method_type, $auth_users, $_msg_auth;
// Checked by:
$target_str = '';
if ($auth_method_type == 'pagename') {
$target_str = $page;
// Page name
} elseif ($auth_method_type == 'contents') {
$target_str = join('', get_source($page));
// Its contents
}
$user_list = array();
foreach ($auth_pages as $key => $val) {
if (preg_match($key, $target_str)) {
$user_list = array_merge($user_list, explode(',', $val));
}
}
if (empty($user_list)) {
return true;
}
// No limit
$matches = array();
if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/^Basic (.*)$/', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
// Basic-auth with $_SERVER['HTTP_AUTHORIZATION']
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode($matches[1]));
}
if (PKWK_READONLY || !isset($_SERVER['PHP_AUTH_USER']) || !in_array($_SERVER['PHP_AUTH_USER'], $user_list) || !isset($auth_users[$_SERVER['PHP_AUTH_USER']]) || pkwk_hash_compute($_SERVER['PHP_AUTH_PW'], $auth_users[$_SERVER['PHP_AUTH_USER']]) !== $auth_users[$_SERVER['PHP_AUTH_USER']]) {
// Auth failed
pkwk_common_headers();
if ($auth_flag) {
header('WWW-Authenticate: Basic realm="' . $_msg_auth . '"');
header('HTTP/1.0 401 Unauthorized');
}
if ($exit_flag) {
$body = $title = str_replace('$1', htmlsc(strip_bracket($page)), $title_cannot);
$page = str_replace('$1', make_search($page), $title_cannot);
catbody($title, $page, $body);
exit;
}
return false;
} else {
return true;
}
}
function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot)
{
global $auth_users, $auth_method_type;
global $realm;
if (auth::is_page_auth($page, $auth_flag, $auth_pages, '', '')) {
return true;
}
// No limit
$user_list = $auth_users;
//$user_list = get_auth_page_users($page, $auth_pages);
// if (empty($user_list)) return TRUE; // No limit
if (!auth::check_role('role_adm_contents')) {
return TRUE;
}
// 既にコンテンツ管理者
$matches = array();
if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/^Basic (.*)$/', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
// Basic-auth with $_SERVER['HTTP_AUTHORIZATION']
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode($matches[1]));
}
// if (PKWK_READONLY ||
// if (auth::check_role('readonly') ||
// ! isset($_SERVER['PHP_AUTH_USER']) ||
if (!isset($_SERVER['PHP_AUTH_USER']) || !in_array($_SERVER['PHP_AUTH_USER'], $user_list) || !isset($auth_users[$_SERVER['PHP_AUTH_USER']]) || pkwk_hash_compute($_SERVER['PHP_AUTH_PW'], $auth_users[$_SERVER['PHP_AUTH_USER']][0]) !== $auth_users[$_SERVER['PHP_AUTH_USER']][0]) {
// Auth failed
if ($auth_flag || $exit_flag) {
pkwk_common_headers();
}
if ($auth_flag) {
header('WWW-Authenticate: Basic realm="' . $realm . '"');
header('HTTP/1.0 401 Unauthorized');
}
if ($exit_flag) {
$body = $title = str_replace('$1', htmlspecialchars(strip_bracket($page)), $title_cannot);
$page = str_replace('$1', make_search($page), $title_cannot);
catbody($title, $page, $body);
exit;
}
return FALSE;
} else {
return TRUE;
}
}
/**
* QHM Check Login Plugin
* -------------------------------------------
* check_login.inc.php
*
* Copyright (c) 2010 hokuken
* http://hokuken.com/
*
* created : 2010-12-15
* modified :
*
* Description
*
* Usage :
*
*/
function plugin_check_login_action()
{
global $vars, $script, $auth_users;
$qt = get_qt();
//Ajax
if (isset($_SERVER['HTTP_X_REQUESTED_WITH'])) {
$mode = isset($vars['mode']) ? $vars['mode'] : 'check';
$res = array('status' => 0, 'message' => '', 'data' => null);
//チェック
if ($mode == 'check') {
// login OK
if (isset($_SESSION['usr']) && array_key_exists($_SESSION['usr'], $auth_users)) {
$res['status'] = 1;
$res['message'] = 'login';
} else {
$res['status'] = 0;
$res['message'] = 'logout';
}
} else {
if ($mode == 'auth') {
$username = isset($vars['username']) ? $vars['username'] : '';
$password = isset($vars['password']) ? $vars['password'] : '';
//OK
if (isset($auth_users[$username]) && $auth_users[$username] == pkwk_hash_compute($password)) {
$_SESSION['usr'] = $username;
if (ss_admin_check()) {
$d = dir(CACHEQHM_DIR);
while (false !== ($entry = $d->read())) {
if ($entry != '.' && $entry != '..') {
$entry = CACHEQHM_DIR . $entry;
if (file_exists($entry)) {
// cacheqhmディレクトリにある3日前の一時ファイルを削除
if (mktime(date("H"), date("i"), date("s"), date("n"), date("j") - 3, date("Y")) > time(fileatime($entry))) {
unlink($entry);
}
}
}
}
$d->close();
}
$res['status'] = 1;
$res['message'] = 'Login Success';
} else {
$res['status'] = 2;
$res['message'] = 'Invalid Username or Password';
}
} else {
if ($mode == 'destroy') {
ss_auth_logout();
$res['status'] = 0;
$res['message'] = 'logout';
} else {
$res['status'] = 2;
$res['message'] = 'request error';
$res['data'] = $vars;
}
}
}
header("Content-Type: application/json; charset=UTF-8");
$json = json_encode($res);
echo $json;
exit;
} else {
$to = $script . '?cmd=qhmauth';
header("Location: {$to}");
exit;
}
}
function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot)
{
global $auth_users, $auth_method_type, $auth_type;
global $realm;
// Checked by:
$target_str = '';
if ($auth_method_type == 'pagename') {
$target_str = $page;
// Page name
} else {
if ($auth_method_type == 'contents') {
$target_str = get_source($page, TRUE, TRUE);
// Its contents
}
}
$user_list = array();
foreach ($auth_pages as $key => $val) {
if (preg_match($key, $target_str)) {
$user_list = array_merge($user_list, explode(',', $val));
}
}
if (empty($user_list)) {
return TRUE;
}
// No limit
if (!auth::check_role('role_adm_contents')) {
return TRUE;
}
// 既にコンテンツ管理者
// Digest
if ($auth_type == 2) {
if (auth::auth_digest($realm, $auth_users)) {
return TRUE;
}
// Auth failed
if ($auth_flag || $exit_flag) {
pkwk_common_headers();
}
if ($exit_flag) {
$body = $title = str_replace('$1', htmlspecialchars(strip_bracket($page)), $title_cannot);
$page = str_replace('$1', make_search($page), $title_cannot);
catbody($title, $page, $body);
exit;
}
return FALSE;
}
$matches = array();
if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/^Basic (.*)$/', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
// Basic-auth with $_SERVER['HTTP_AUTHORIZATION']
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode($matches[1]));
}
// if (PKWK_READONLY ||
// if (auth::check_role('readonly') ||
// ! isset($_SERVER['PHP_AUTH_USER']) ||
if (!isset($_SERVER['PHP_AUTH_USER']) || !in_array($_SERVER['PHP_AUTH_USER'], $user_list) || !isset($auth_users[$_SERVER['PHP_AUTH_USER']]) || pkwk_hash_compute($_SERVER['PHP_AUTH_PW'], $auth_users[$_SERVER['PHP_AUTH_USER']][0]) !== $auth_users[$_SERVER['PHP_AUTH_USER']][0]) {
// Auth failed
if ($auth_flag || $exit_flag) {
pkwk_common_headers();
}
if ($auth_flag) {
header('WWW-Authenticate: Basic realm="' . $realm . '"');
header('HTTP/1.0 401 Unauthorized');
}
if ($exit_flag) {
$body = $title = str_replace('$1', htmlspecialchars(strip_bracket($page)), $title_cannot);
$page = str_replace('$1', make_search($page), $title_cannot);
catbody($title, $page, $body);
exit;
}
return FALSE;
} else {
return TRUE;
}
}