/**
* Called on an auth_args POST request, such as login, logout or signin.
* TODO: Check BogoLogin users with empty password. (self-signed users)
*/
function AuthCheck($postargs)
{
// Normalize args, and extract.
$keys = array('userid', 'passwd', 'require_level', 'login', 'logout', 'cancel');
foreach ($keys as $key) {
$args[$key] = isset($postargs[$key]) ? $postargs[$key] : false;
}
extract($args);
$require_level = max(0, min(WIKIAUTH_ADMIN, (int) $require_level));
if ($logout) {
// Log out
if (LOGIN_LOG and is_writeable(LOGIN_LOG)) {
global $request;
$zone_offset = Request_AccessLogEntry::_zone_offset();
$ncsa_time = date("d/M/Y:H:i:s", time());
$entry = sprintf('%s - %s - [%s %s] "%s" %s - "%s" "%s"', (string) $request->get('REMOTE_HOST'), (string) $request->_user->_userid, $ncsa_time, $zone_offset, "logout " . get_class($request->_user), "401", (string) $request->get('HTTP_REFERER'), (string) $request->get('HTTP_USER_AGENT'));
if ($fp = fopen(LOGIN_LOG, "a")) {
flock($fp, LOCK_EX);
fputs($fp, "{$entry}\n");
fclose($fp);
}
//error_log("$entry\n", 3, LOGIN_LOG);
}
if (method_exists($GLOBALS['request']->_user, "logout")) {
//_HttpAuthPassUser
$GLOBALS['request']->_user->logout();
}
$user = new _AnonUser();
$user->_userid = '';
$user->_level = WIKIAUTH_ANON;
return $user;
} elseif ($cancel) {
return false;
} elseif (!$login && !$userid) {
return false;
}
// Nothing to do?
if (!$this->isValidName($userid)) {
return _("Invalid username.");
}
$authlevel = $this->checkPass($passwd === false ? '' : $passwd);
if (LOGIN_LOG and is_writeable(LOGIN_LOG)) {
global $request;
$zone_offset = Request_AccessLogEntry::_zone_offset();
$ncsa_time = date("d/M/Y:H:i:s", time());
$manglepasswd = $passwd;
for ($i = 0; $i < strlen($manglepasswd); $i++) {
$c = substr($manglepasswd, $i, 1);
if (ord($c) < 32) {
$manglepasswd[$i] = "<";
} elseif ($c == '*') {
$manglepasswd[$i] = "*";
} elseif ($c == '?') {
$manglepasswd[$i] = "?";
} elseif ($c == '(') {
$manglepasswd[$i] = "(";
} elseif ($c == ')') {
$manglepasswd[$i] = ")";
} elseif ($c == "\\") {
$manglepasswd[$i] = "\\";
} elseif (ord($c) < 127) {
$manglepasswd[$i] = "x";
} elseif (ord($c) >= 127) {
$manglepasswd[$i] = ">";
}
}
if (DEBUG & _DEBUG_LOGIN and $authlevel <= 0) {
$manglepasswd = $passwd;
}
$entry = sprintf('%s - %s - [%s %s] "%s" %s - "%s" "%s"', $request->get('REMOTE_HOST'), (string) $request->_user->_userid, $ncsa_time, $zone_offset, "login {$userid}/{$manglepasswd} => {$authlevel} " . get_class($request->_user), $authlevel > 0 ? "200" : "403", (string) $request->get('HTTP_REFERER'), (string) $request->get('HTTP_USER_AGENT'));
if ($fp = fopen(LOGIN_LOG, "a")) {
flock($fp, LOCK_EX);
fputs($fp, "{$entry}\n");
fclose($fp);
}
//error_log("$entry\n", 3, LOGIN_LOG);
}
if ($authlevel <= 0) {
// anon or forbidden
if ($passwd) {
return _("Invalid password.");
} else {
return _("Invalid password or userid.");
}
} elseif ($authlevel < $require_level) {
// auth ok, but not enough
if (!empty($this->_current_method) and strtolower(get_class($this)) == '_passuser') {
// upgrade class
$class = "_" . $this->_current_method . "PassUser";
include_once "lib/WikiUser/" . $this->_current_method . ".php";
$user = new $class($userid, $this->_prefs);
if (!check_php_version(5)) {
eval("\$this = \$user;");
}
// /*PHP5 patch*/$this = $user;
$this->_level = $authlevel;
return $user;
}
$this->_userid = $userid;
$this->_level = $authlevel;
return _("Insufficient permissions.");
}
// Successful login.
//$user = $GLOBALS['request']->_user;
if (!empty($this->_current_method) and strtolower(get_class($this)) == '_passuser') {
// upgrade class
$class = "_" . $this->_current_method . "PassUser";
include_once "lib/WikiUser/" . $this->_current_method . ".php";
$user = new $class($userid, $this->_prefs);
if (!check_php_version(5)) {
eval("\$this = \$user;");
}
// /*PHP5 patch*/$this = $user;
$user->_level = $authlevel;
return $user;
}
$this->_userid = $userid;
$this->_level = $authlevel;
return $this;
}
/**
* Return iterator of matching host items reverse sorted (latest first).
*/
function get_host($host, $since_minutes = 20)
{
if ($this->logtable) {
// mysql specific only:
return $this->read_sql("request_host=" . $this->_dbi->quote($host) . " AND time_stamp > " . (time() - $since_minutes * 60) . " ORDER BY time_stamp DESC");
} else {
$iter = new WikiDB_Array_generic_iter();
$logs =& $iter->_array;
$logentry = new Request_AccessLogEntry($this);
while ($logentry->read_file()) {
if (!empty($logentry->referer)) {
$iter->_array[] = $logentry;
if ($limit and count($logs) > $limit) {
array_shift($logs);
}
$logentry = new Request_AccessLogEntry($this);
}
}
$logs = array_reverse($logs);
$logs = array_slice($logs, 0, min($limit, count($logs)));
return $iter;
}
}
