예제 #1
0
 function create_user($username, $password)
 {
     log_error("Create User - Username: "******"|" . $password);
     try {
         $create_statement = "insert into users values (:username, :md5)";
         $sth = $this->_dbh->prepare($create_statement);
         $hash = WeaveHashFactory::factory();
         $password = $hash->hash($password);
         $sth->bindParam(':username', $username);
         $sth->bindParam(':md5', $password);
         $sth->execute();
     } catch (PDOException $exception) {
         log_error("create_user:"******"create_user:" . $exception->getMessage());
         return 0;
     }
     return 1;
 }
예제 #2
0
 } else {
     if ($_SERVER['REQUEST_METHOD'] == 'POST') {
         if ($username == '') {
             log_error("user.php : Post no username");
             report_problem(WEAVE_ERROR_INVALID_USERNAME, 400);
         }
         $db = new WeaveStorage($username);
         log_error("user.php: POST");
         if ($function == "password") {
             #Auth the user
             verify_user($username, $db);
             $new_pwd = get_phpinput();
             log_error("user.php: POST password ");
             //to do
             // change pw in db
             $hash = WeaveHashFactory::factory();
             if ($db->change_password($hash->hash($new_pwd))) {
                 exit("success");
             } else {
                 report_problem(WEAVE_ERROR_INVALID_PROTOCOL, 503);
             }
             //server db messed up somehow
             // return success
             // report_problem(7, 400);
         } else {
             if ($function == "email") {
                 //change email adr
             } else {
                 report_problem(WEAVE_ERROR_INVALID_PROTOCOL, 400);
             }
         }
예제 #3
0
function verify_user($url_user, $db)
{
    if (!$url_user || !preg_match('/^[A-Z0-9._-]+$/i', $url_user)) {
        report_problem(WEAVE_ERROR_INVALID_USERNAME, 400);
    }
    $auth_user = array_key_exists('PHP_AUTH_USER', $_SERVER) ? $_SERVER['PHP_AUTH_USER'] : null;
    $auth_pw = array_key_exists('PHP_AUTH_PW', $_SERVER) ? $_SERVER['PHP_AUTH_PW'] : null;
    if (is_null($auth_user) || is_null($auth_pw)) {
        /* CGI/FCGI auth workarounds */
        $auth_str = null;
        if (array_key_exists('Authorization', $_SERVER)) {
            /* Standard fastcgi configuration */
            $auth_str = $_SERVER['Authorization'];
        } else {
            if (array_key_exists('AUTHORIZATION', $_SERVER)) {
                /* Alternate fastcgi configuration */
                $auth_str = $_SERVER['AUTHORIZATION'];
            } else {
                if (array_key_exists('HTTP_AUTHORIZATION', $_SERVER)) {
                    /* IIS/ISAPI and newer (yet to be released) fastcgi */
                    $auth_str = $_SERVER['HTTP_AUTHORIZATION'];
                } else {
                    if (array_key_exists('REDIRECT_HTTP_AUTHORIZATION', $_SERVER)) {
                        /* mod_rewrite - per-directory internal redirect */
                        $auth_str = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
                    }
                }
            }
        }
        if (!is_null($auth_str)) {
            /* Basic base64 auth string */
            if (preg_match('/Basic\\s+(.*)$/', $auth_str)) {
                $auth_str = substr($auth_str, 6);
                $auth_str = base64_decode($auth_str, true);
                if ($auth_str != FALSE) {
                    $tmp = explode(':', $auth_str);
                    if (count($tmp) == 2) {
                        $auth_user = $tmp[0];
                        $auth_pw = $tmp[1];
                    }
                }
            }
        }
    }
    if (!$auth_user || !$auth_pw) {
        log_error("Auth failed 1 {");
        log_error(" User pw: " . $auth_user . " | " . $auth_pw);
        log_error(" Url_user: "******"}");
        report_problem('Authentication failed', '401');
    }
    $url_user = strtolower($url_user);
    if (strtolower($auth_user) != $url_user) {
        log_error("(140) Missmatch:" . strtolower($auth_user) . "|" . $url_user);
        report_problem(WEAVE_ERROR_USERID_PATH_MISMATCH, 400);
    }
    try {
        $existingHash = $db->get_password_hash();
        $hash = WeaveHashFactory::factory();
        if (!$hash->verify(fix_utf8_encoding($auth_pw), $existingHash)) {
            log_error("Auth failed 2 {");
            log_error(" User pw: " . $auth_user . "|" . $auth_pw . "|md5:" . md5($auth_pw) . "|fix:" . fix_utf8_encoding($auth_pw) . "|fix md5 " . md5(fix_utf8_encoding($auth_pw)));
            log_error(" Url_user: "******" Existing hash: " . $existingHash);
            log_error("}");
            report_problem('Authentication failed', '401');
        } else {
            if ($hash->needsUpdate($existingHash)) {
                $db->change_password($hash->hash(fix_utf8_encoding($auth_pw)));
            }
        }
    } catch (Exception $e) {
        header("X-Weave-Backoff: 1800");
        log_error($e->getMessage(), $e->getCode());
        report_problem($e->getMessage(), $e->getCode());
    }
    return true;
}