Esempio n. 1
0
function plugin_md5_action()
{
    global $get, $post;
    if (PKWK_SAFE_MODE || PKWK_READONLY) {
        die_message('Prohibited by admin');
    }
    // Wait POST
    $phrase = isset($post['phrase']) ? $post['phrase'] : '';
    if ($phrase == '') {
        // Show the form
        // If plugin=md5&md5=password, only set it (Don't compute)
        $value = isset($get['md5']) ? $get['md5'] : '';
        return array('msg' => 'Compute userPassword', 'body' => plugin_md5_show_form(isset($post['phrase']), $value));
    } else {
        // Compute (Don't show its $phrase at the same time)
        $prefix = isset($post['prefix']);
        $salt = isset($post['salt']) ? $post['salt'] : '';
        // With scheme-prefix or not
        if (!preg_match('/^\\{.+\\}.*$/', $salt)) {
            $scheme = isset($post['scheme']) ? '{' . $post['scheme'] . '}' : '';
            $salt = $scheme . $salt;
        }
        return array('msg' => 'Result', 'body' => pkwk_hash_compute($phrase, $salt, $prefix, true));
    }
}
Esempio n. 2
0
File: auth.php Progetto: big2men/qhm
function check_passwd($pass, $storedhash)
{
    $scheme = '';
    if (preg_match('/^(\\{.+\\})(.*)$/', $storedhash, $matches)) {
        $scheme =& $matches[1];
        $hash =& $matches[2];
    }
    if ($scheme === '{PHPASS}') {
        require_once LIB_DIR . 'PasswordHash.php';
        $t_hasher = new PasswordHash(8, TRUE);
        return $t_hasher->CheckPassword($pass, $hash);
    } else {
        return pkwk_hash_compute($pass, $storedhash) == $storedhash;
    }
}
function plugin_monobook_login_action()
{
    global $vars, $auth_users, $_msg_auth, $_monobook_login_messages;
    if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['HTTP_AUTHORIZATION'])) {
        list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
    }
    if (auth::check_role('readonly') || !isset($_SERVER['PHP_AUTH_USER']) || !isset($auth_users[$_SERVER['PHP_AUTH_USER']]) || !isset($_SERVER['PHP_AUTH_PW']) || pkwk_hash_compute($_SERVER['PHP_AUTH_PW'], $auth_users[$_SERVER['PHP_AUTH_USER']]) !== $auth_users[$_SERVER['PHP_AUTH_USER']]) {
        pkwk_common_headers();
        header('WWW-Authenticate: Basic realm="' . $_msg_auth . '"');
        header('HTTP/1.0 401 Unauthorized');
        $msg = $_monobook_login_messages['auth_failed'];
        return array('msg' => $msg, 'body' => '<p>' . $msg . '</p>');
    } elseif (isset($vars['refer']) && is_page($vars['refer'])) {
        header('Location: ' . get_script_uri() . '?' . rawurlencode($vars['refer']));
    }
    return;
}
Esempio n. 4
0
function plugin_qhmsetting_admin_confirm()
{
    global $vars, $script;
    global $auth_users, $username, $passwd;
    // --------------------------------------------
    // 直接のアクセスを拒否する
    if (!isset($vars['from']) || $vars['from'] != 'admin_form') {
        return 'このページへの直接アクセスは、無効です。';
    }
    // -----------------------------------
    // validation check
    // -----------------------------------
    $error = '';
    //ユーザーの重複を探すために
    unset($auth_users[$username]);
    if (isset($auth_users[$vars['qhmsetting']['username']])) {
        $error .= '他のユーザーと名前が重複しています<br />';
    }
    if ($passwd != pkwk_hash_compute($vars['qhmsetting']['password'])) {
        $error .= '現在のパスワードと、一致しません<br />';
    }
    if (!ctype_alnum($vars['qhmsetting']['username'])) {
        $error .= 'ユーザー名は、半角英数のみで入力してください<br />';
    }
    if ($vars['qhmsetting']['password1'] != $vars['qhmsetting']['password2']) {
        $error .= '新パスワードが一致しません<br />';
    }
    if (!preg_match(PLUGIN_QHMSETTING_ALLOW_PASSWD_PATTERN, $vars['qhmsetting']['password1'])) {
        $error .= 'パスワードは、英数半角と一部の記号のみ(スペース不可)で入力してください<br />';
    }
    if (strlen($vars['qhmsetting']['password1']) < 6) {
        $error .= 'パスワードは、6文字以上を設定してください<br />';
    }
    $email_match = '/^([a-z0-9_]|\\-|\\.|\\+)+@(([a-z0-9_]|\\-)+\\.)+[a-z]{2,6}$/i';
    if (!preg_match($email_match, $vars['qhmsetting']['admin_email'])) {
        $error .= 'メールアドレスを正しく、入力してください<br />';
    }
    if ($error != '') {
        return plugin_qhmsetting_admin_form($error);
    }
    // -----------------------------------
    // process from here
    // -----------------------------------
    //	$password = md5($vars['qhmsetting']['password1']);
    $password = $vars['qhmsetting']['password1'];
    $body = <<<EOD
<h2>ユーザー設定の確認</h2>
<p>以下の内容でよろしいでしょうか?</p>
<ul class="nav nav-stacked">
\t<li><label>ユーザー名   : </label><span style="font-size:24px">{$vars['qhmsetting']['username']}</span></li>
\t<li><label>パスワード   : </label>***********</li>
\t<li><label>メールアドレス : </label><span style="font-size:24px">{$vars['qhmsetting']['admin_email']}</span></li>
</ul>
<form method="post" action="{$script}">
<p style="text-align:center"><input type="button" value="戻る" onclick="history.back();" class="btn btn-default" /> <input type="submit" value="設定する" class="btn btn-primary" /></p>
<input type="hidden" name="phase" value="admin" />
<input type="hidden" name="mode" value="msg" />
<input type="hidden" name="plugin" value="qhmsetting" />
<input type="hidden" name="from" value="admin_form" />
<input type="hidden" name="qhmsetting[username]" value="{$vars['qhmsetting']['username']}" />
<input type="hidden" name="qhmsetting[password]" value="{$password}" />
<input type="hidden" name="qhmsetting[admin_email]" value="{$vars['qhmsetting']['admin_email']}" />
<input type="hidden" name="qhmsetting[old_password]" value="{$vars['qhmsetting']['password']}" />
</form>
EOD;
    return $body;
}
Esempio n. 5
0
 /**
  * 認証 (PukiWikiの設定に準ずる)
  * @static
  */
 function auth_pw($auth_users)
 {
     $user = '';
     foreach (array('PHP_AUTH_USER', 'AUTH_USER') as $x) {
         if (isset($_SERVER[$x])) {
             $ms = explode('\\', $_SERVER[$x]);
             if (count($ms) == 3) {
                 $user = $ms[2];
                 // DOMAIN\\USERID
             } else {
                 $user = $_SERVER[$x];
             }
             break;
         }
     }
     $pass = '';
     foreach (array('PHP_AUTH_PW', 'AUTH_PASSWORD', 'HTTP_AUTHORIZATION') as $x) {
         if (!empty($_SERVER[$x])) {
             if ($x == 'HTTP_AUTHORIZATION') {
                 // NTLM対応 (domain, login, host, pass)
                 $tmp_ntlm = auth::ntlm_decode();
                 if ($tmp_ntlm[3] == '') {
                     continue;
                 }
                 if (empty($user)) {
                     $user = $tmp_ntlm[1];
                 }
                 $pass = $tmp_ntlm[3];
                 unset($tmp_ntml);
                 break;
             }
             $pass = $_SERVER[$x];
             break;
         }
     }
     if (empty($user) && empty($pass)) {
         return 0;
     }
     if (empty($auth_users[$user][0])) {
         return 0;
     }
     if (pkwk_hash_compute($pass, $auth_users[$user][0]) !== $auth_users[$user][0]) {
         return 0;
     }
     return 1;
 }
Esempio n. 6
0
function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot)
{
    global $auth_method_type, $auth_users, $_msg_auth;
    // Checked by:
    $target_str = '';
    if ($auth_method_type == 'pagename') {
        $target_str = $page;
        // Page name
    } elseif ($auth_method_type == 'contents') {
        $target_str = join('', get_source($page));
        // Its contents
    }
    $user_list = array();
    foreach ($auth_pages as $key => $val) {
        if (preg_match($key, $target_str)) {
            $user_list = array_merge($user_list, explode(',', $val));
        }
    }
    if (empty($user_list)) {
        return true;
    }
    // No limit
    $matches = array();
    if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/^Basic (.*)$/', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
        // Basic-auth with $_SERVER['HTTP_AUTHORIZATION']
        list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode($matches[1]));
    }
    if (PKWK_READONLY || !isset($_SERVER['PHP_AUTH_USER']) || !in_array($_SERVER['PHP_AUTH_USER'], $user_list) || !isset($auth_users[$_SERVER['PHP_AUTH_USER']]) || pkwk_hash_compute($_SERVER['PHP_AUTH_PW'], $auth_users[$_SERVER['PHP_AUTH_USER']]) !== $auth_users[$_SERVER['PHP_AUTH_USER']]) {
        // Auth failed
        pkwk_common_headers();
        if ($auth_flag) {
            header('WWW-Authenticate: Basic realm="' . $_msg_auth . '"');
            header('HTTP/1.0 401 Unauthorized');
        }
        if ($exit_flag) {
            $body = $title = str_replace('$1', htmlsc(strip_bracket($page)), $title_cannot);
            $page = str_replace('$1', make_search($page), $title_cannot);
            catbody($title, $page, $body);
            exit;
        }
        return false;
    } else {
        return true;
    }
}
Esempio n. 7
0
function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot)
{
    global $auth_users, $auth_method_type;
    global $realm;
    if (auth::is_page_auth($page, $auth_flag, $auth_pages, '', '')) {
        return true;
    }
    // No limit
    $user_list = $auth_users;
    //$user_list = get_auth_page_users($page, $auth_pages);
    // if (empty($user_list)) return TRUE; // No limit
    if (!auth::check_role('role_adm_contents')) {
        return TRUE;
    }
    // 既にコンテンツ管理者
    $matches = array();
    if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/^Basic (.*)$/', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
        // Basic-auth with $_SERVER['HTTP_AUTHORIZATION']
        list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode($matches[1]));
    }
    // if (PKWK_READONLY ||
    // if (auth::check_role('readonly') ||
    //	! isset($_SERVER['PHP_AUTH_USER']) ||
    if (!isset($_SERVER['PHP_AUTH_USER']) || !in_array($_SERVER['PHP_AUTH_USER'], $user_list) || !isset($auth_users[$_SERVER['PHP_AUTH_USER']]) || pkwk_hash_compute($_SERVER['PHP_AUTH_PW'], $auth_users[$_SERVER['PHP_AUTH_USER']][0]) !== $auth_users[$_SERVER['PHP_AUTH_USER']][0]) {
        // Auth failed
        if ($auth_flag || $exit_flag) {
            pkwk_common_headers();
        }
        if ($auth_flag) {
            header('WWW-Authenticate: Basic realm="' . $realm . '"');
            header('HTTP/1.0 401 Unauthorized');
        }
        if ($exit_flag) {
            $body = $title = str_replace('$1', htmlspecialchars(strip_bracket($page)), $title_cannot);
            $page = str_replace('$1', make_search($page), $title_cannot);
            catbody($title, $page, $body);
            exit;
        }
        return FALSE;
    } else {
        return TRUE;
    }
}
Esempio n. 8
0
/**
 *   QHM Check Login Plugin
 *   -------------------------------------------
 *   check_login.inc.php
 *   
 *   Copyright (c) 2010 hokuken
 *   http://hokuken.com/
 *   
 *   created  : 2010-12-15
 *   modified :
 *   
 *   Description
 *   
 *   Usage :
 *   
 */
function plugin_check_login_action()
{
    global $vars, $script, $auth_users;
    $qt = get_qt();
    //Ajax
    if (isset($_SERVER['HTTP_X_REQUESTED_WITH'])) {
        $mode = isset($vars['mode']) ? $vars['mode'] : 'check';
        $res = array('status' => 0, 'message' => '', 'data' => null);
        //チェック
        if ($mode == 'check') {
            // login OK
            if (isset($_SESSION['usr']) && array_key_exists($_SESSION['usr'], $auth_users)) {
                $res['status'] = 1;
                $res['message'] = 'login';
            } else {
                $res['status'] = 0;
                $res['message'] = 'logout';
            }
        } else {
            if ($mode == 'auth') {
                $username = isset($vars['username']) ? $vars['username'] : '';
                $password = isset($vars['password']) ? $vars['password'] : '';
                //OK
                if (isset($auth_users[$username]) && $auth_users[$username] == pkwk_hash_compute($password)) {
                    $_SESSION['usr'] = $username;
                    if (ss_admin_check()) {
                        $d = dir(CACHEQHM_DIR);
                        while (false !== ($entry = $d->read())) {
                            if ($entry != '.' && $entry != '..') {
                                $entry = CACHEQHM_DIR . $entry;
                                if (file_exists($entry)) {
                                    // cacheqhmディレクトリにある3日前の一時ファイルを削除
                                    if (mktime(date("H"), date("i"), date("s"), date("n"), date("j") - 3, date("Y")) > time(fileatime($entry))) {
                                        unlink($entry);
                                    }
                                }
                            }
                        }
                        $d->close();
                    }
                    $res['status'] = 1;
                    $res['message'] = 'Login Success';
                } else {
                    $res['status'] = 2;
                    $res['message'] = 'Invalid Username or Password';
                }
            } else {
                if ($mode == 'destroy') {
                    ss_auth_logout();
                    $res['status'] = 0;
                    $res['message'] = 'logout';
                } else {
                    $res['status'] = 2;
                    $res['message'] = 'request error';
                    $res['data'] = $vars;
                }
            }
        }
        header("Content-Type: application/json; charset=UTF-8");
        $json = json_encode($res);
        echo $json;
        exit;
    } else {
        $to = $script . '?cmd=qhmauth';
        header("Location: {$to}");
        exit;
    }
}
Esempio n. 9
0
function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot)
{
    global $auth_users, $auth_method_type, $auth_type;
    global $realm;
    // Checked by:
    $target_str = '';
    if ($auth_method_type == 'pagename') {
        $target_str = $page;
        // Page name
    } else {
        if ($auth_method_type == 'contents') {
            $target_str = get_source($page, TRUE, TRUE);
            // Its contents
        }
    }
    $user_list = array();
    foreach ($auth_pages as $key => $val) {
        if (preg_match($key, $target_str)) {
            $user_list = array_merge($user_list, explode(',', $val));
        }
    }
    if (empty($user_list)) {
        return TRUE;
    }
    // No limit
    if (!auth::check_role('role_adm_contents')) {
        return TRUE;
    }
    // 既にコンテンツ管理者
    // Digest
    if ($auth_type == 2) {
        if (auth::auth_digest($realm, $auth_users)) {
            return TRUE;
        }
        // Auth failed
        if ($auth_flag || $exit_flag) {
            pkwk_common_headers();
        }
        if ($exit_flag) {
            $body = $title = str_replace('$1', htmlspecialchars(strip_bracket($page)), $title_cannot);
            $page = str_replace('$1', make_search($page), $title_cannot);
            catbody($title, $page, $body);
            exit;
        }
        return FALSE;
    }
    $matches = array();
    if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/^Basic (.*)$/', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
        // Basic-auth with $_SERVER['HTTP_AUTHORIZATION']
        list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode($matches[1]));
    }
    // if (PKWK_READONLY ||
    // if (auth::check_role('readonly') ||
    //	! isset($_SERVER['PHP_AUTH_USER']) ||
    if (!isset($_SERVER['PHP_AUTH_USER']) || !in_array($_SERVER['PHP_AUTH_USER'], $user_list) || !isset($auth_users[$_SERVER['PHP_AUTH_USER']]) || pkwk_hash_compute($_SERVER['PHP_AUTH_PW'], $auth_users[$_SERVER['PHP_AUTH_USER']][0]) !== $auth_users[$_SERVER['PHP_AUTH_USER']][0]) {
        // Auth failed
        if ($auth_flag || $exit_flag) {
            pkwk_common_headers();
        }
        if ($auth_flag) {
            header('WWW-Authenticate: Basic realm="' . $realm . '"');
            header('HTTP/1.0 401 Unauthorized');
        }
        if ($exit_flag) {
            $body = $title = str_replace('$1', htmlspecialchars(strip_bracket($page)), $title_cannot);
            $page = str_replace('$1', make_search($page), $title_cannot);
            catbody($title, $page, $body);
            exit;
        }
        return FALSE;
    } else {
        return TRUE;
    }
}