function plugin_qhmauth_action() { global $script, $auth_method_type, $auth_users, $edit_auth_pages; $qm = get_qm(); $page = isset($vars['page']) ? $vars['page'] : ''; $msg = $qm->m['plg_qhmauth']['title']; // Checked by: $target_str = ''; if ($auth_method_type == 'pagename') { $target_str = $page; // Page name } else { if ($auth_method_type == 'contents') { $target_str = join('', get_source($page)); // Its contents } } $user_list = array(); foreach ($edit_auth_pages as $key => $val) { if (preg_match($key, $target_str)) { $user_list = array_merge($user_list, explode(',', $val)); } } if (empty($user_list)) { return array('msg' => $msg, 'body' => "<p>{$qm->m['plg_qhmauth']['err_pkwk_ini']}</p>"); } //TRUE; // No limit //-------------------------------------------- //Customize from here //Session Auth instead of Basic Auth //Thanks & Refer SiteDev + AT by AKKO if (array_key_exists($_SESSION['usr'], $auth_users)) { return array('msg' => $msg, 'body' => "<p>" . $qm->replace('plg_qhmauth.err_has_auth', $_SESSION['usr'], $script) . "</p>"); //return TRUE; } $fg = FALSE; $fg = ss_chkusr($qm->m['plg_qhmauth']['title'], $auth_users); if ($fg) { $_SESSION['usr'] = $_POST['username']; header('Location: ' . $script); exit; } auth_catbody($msg, $qm->replace('plg_qhmauth.err_deny', $script)); exit; }
/** * * 使い方 : * &dwrite(passcode){表示する文言}; * * インラインプラグイン : * 通常の場合 -- 単に、return しただけ * 編集モード -- 書き換え用フォームへのリンクを出力 * * アクションプラグイン : * * */ function plugin_dwrite_action() { global $vars, $script; $qm = get_qm(); //error if ($vars['page'] == '') { return array('msg' => $qm->m['plg_dwrite']['title_err'], 'body' => '<p>' . $qm->m['plg_dwrite']['err_invalid_url'] . '</p>'); } if ($vars['mode'] == 'make') { //create mode $template = $script . '?plugin=dwrite&page=' . rawurlencode($vars['page']) . '&mode=write&code=' . $vars['code']; $template_s = htmlspecialchars($template); $title = $qm->m['plg_dwrite']['title']; $contents = <<<EOD <script type="text/javascript"> function gen_dwrite_code(val){ \tvar el = document.getElementById('dwrite_url'); \tel.value = '{$template}&value='+encodeURIComponent(val); } </script> <p style="text-align:left;font-weight:bold;">{$qm->m['plg_dwrite']['note']}<br /> <input type="text" size="40" id="dwrite_data" onkeyup="gen_dwrite_code(this.value);return false;" style="background-color:#ffc;" /></p> <p style="text-align:left;">{$qm->m['plg_dwrite']['url']}<br /> <input type="text" size="40" id="dwrite_url" readonly="readonly" onclick="this.select();" /> </p> <p style="text-align:left;">{$qm->m['plg_dwrite']['edit_url']}<br /> <input type="text" size="40" id="dwrite_url" readonly="readonly" value="{$template_s}" onclick="this.select();" /> </p> EOD; auth_catbody($title, $contents); exit; } else { if ($vars['mode'] == 'write') { $code = $vars['code']; $rep = array(); $cnt = 0; foreach (get_source($vars['page']) as $line) { if ($res = plugin_dwrite_getContent($code, $line)) { $rep[$cnt] = $res; $cnt++; } } //error if ($cnt == 0) { return array('msg' => $qm->m['plg_dwrite']['title_err'], 'body' => '<p>' . $qm->m['plg_dwrite']['err_cannot_found'] . '</p>'); } $title = $qm->m['plg_dwrite']['title_confirm']; if (!isset($vars['value'])) { $s_page = htmlspecialchars($vars['page']); $s_code = htmlspecialchars($vars['code']); $contents = <<<EOD <p>{$qm->m['plg_dwrite']['note2']}</p> <form method="post" action="{$script}"> <input type="hidden" name="plugin" value="dwrite" /> <input type="hidden" name="page" value="{$s_page}" /> <input type="hidden" name="mode" value="write" /> <input type="hidden" name="code" value="{$s_code}" /> <input type="text" name="value" size="40" /> <input type="submit" name="ok" value="{$qm->m['plg_dwrite']['btn_confirm']}" /> </form> EOD; } else { $s_page = htmlspecialchars($vars['page']); $s_code = htmlspecialchars($vars['code']); $s_value = htmlspecialchars($vars['value']); $tmp_str = ''; foreach ($rep as $v) { $tmp_str .= '「' . $v . '」'; } $contents = $qm->replace('plg_dwrite.ntc_confirm', h($tmp_str), h($vars['value'])); $contents .= <<<EOD <form method="post" action="{$script}"> <input type="hidden" name="plugin" value="dwrite" /> <input type="hidden" name="page" value="{$s_page}" /> <input type="hidden" name="mode" value="do_write" /> <input type="hidden" name="code" value="{$s_code}" /> <input type="hidden" name="value" value="{$s_value}" /> <input type="submit" name="ok" value="{$qm->m['plg_dwrite']['btn_exec']}" /> </form> EOD; } auth_catbody($title, $contents); exit; } else { if ($vars['mode'] == 'do_write') { $code = $vars['code']; $ms = array(); $new_data = ''; foreach (get_source($vars['page']) as $line) { if ($res = plugin_dwrite_getContent($code, $line)) { $s = '&dwrite(' . $code . '){' . $res . '};'; $r = '&dwrite(' . $code . '){' . $vars['value'] . '};'; $new_data .= str_replace($s, $r, $line); } else { $new_data .= $line; } } page_write($vars['page'], $new_data); $title = $qm->replace('plg_dwrite.title_result', $vars['page']); $url = $script . '?' . rawurlencode($vars['page']); $contents = $qm->replace('plg_dwrite.result', $url); auth_catbody($title, $contents); exit; } } } return array('msg' => $title, 'body' => $body); }
function ss_auth_loginform($title) { global $vars, $script, $script_ssl, $reg_exp_host, $session_save_path; $title .= isset($_SESSION['usr']) ? ' : ' . $_SESSION['usr'] : ''; $qm = get_qm(); $qt = get_qt(); // Output Form $tmp = $vars['page']; $vars['page'] = "Page Edit Authorization"; $addjs = ' <script type="text/javascript"> var usr = document.getElementById("username"); usr.focus(); usr.select(); </script> '; $contents = <<<EOD <form method="post"> <div class="box"> <label for="username">{$qm->m['username']}</label> <input type="text" name="username" tabindex="1" id="username" style="" /><br /> <label for="password">{$qm->m['password']}</label> <input type="password" name="password" tabindex="2" id="password" style="" /><br /> <input type="hidden" name="keep" value="0" /> <input type="submit" name="send" value="{$qm->m['ss_authform']['btn_login']}" tabindex="3" /> </div> </form> {$addjs} EOD; //セッションの書き込み権限のチェック $sspath = session_save_path(); $sspath = $sspath == '' ? '/tmp' : $sspath; $ss_write = is_writable($sspath); $error_ss = ''; if ($session_save_path != '') { $error_ss = '<div id="sessionerror" style="border:2px solid #66AACC;background-color:#EEEEFF;margin:5px 0;"><p>' . $qm->replace('ss_authform.ntc_session_save_path', $script . '?plugin=qhmsetting&phase=sssavepath&mode=form') . '</p></div>'; } if ($ss_write != true) { if (!isset($vars['chksession'])) { //セッションチェックのために、sessionをセットして移動させる。 $t = time(); $_SESSION['chksession'] = $t; $cur_url = $_SERVER['REQUEST_URI']; $url = $cur_url . (strpos($cur_url, '?') ? '&' : '?FrontPage&') . 'chksession=' . $t; header('Content-Type: text/html;charset=utf-8'); echo '<html><head><meta http-equiv="Refresh" content="0;url=' . $url . '"/></head><body><p><a href="' . $url . '">please click here</a></p></body></html>'; exit; } else { if ($vars['chksession'] == $_SESSION['chksession']) { //session OK! } else { $error_ss = '<div id="sessionerror" style="border:2px solid #FF3300;background-color:#FFEEEE;margin:5px 0;"><p style="color:red">' . $qm->replace('ss_authform.err_session_writable', $script . '?plugin=qhmsetting&phase=sssavepath&mode=form') . '</p></div>'; } } } $error_path = ''; // catbody("Page Edit Authorization","Page Edit Authorization",$body); auth_catbody($qm->m['ss_authform']['page_title'], $contents . $error_path . $error_ss); $vars['page'] = $tmp; }
function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot) { global $auth_method_type, $auth_users, $_msg_auth; // Checked by: $target_str = ''; if ($auth_method_type == 'pagename') { $target_str = $page; // Page name } else { if ($auth_method_type == 'contents') { $target_str = join('', get_source($page)); // Its contents } } $user_list = array(); foreach ($auth_pages as $key => $val) { if (preg_match($key, $target_str)) { $user_list = array_merge($user_list, explode(',', $val)); } } if (empty($user_list)) { return TRUE; } // No limit //-------------------------------------------- //Customize from here //Session Auth instead of Basic Auth //Thanks & Refer SiteDev + AT by AKKO if (in_array($_SESSION['usr'], $user_list)) { return TRUE; } $fg = FALSE; if ($auth_flag) { $arr_temp = array(); foreach ($user_list as $val) { foreach ($auth_users as $user => $pass) { if ($val == $user) { $auth_temp[$user] = $pass; } } } $qm = get_qm(); $fg = ss_chkusr($qm->m['auth']['ss_chkusr'], $auth_temp); if ($fg) { $_SESSION['usr'] = $_POST['username']; return TRUE; } } if ($exit_flag) { $body = $title = str_replace('$1', htmlspecialchars(strip_bracket($page)), $title_cannot); $page = str_replace('$1', make_search($page), $title_cannot); auth_catbody($title, $body); exit; } return FALSE; }