function deduceUsername() { global $request, $HTTP_SERVER_VARS, $HTTP_ENV_VARS; if (!empty($request->args['auth']) and !empty($request->args['auth']['userid'])) { return $request->args['auth']['userid']; } if (!empty($HTTP_SERVER_VARS['PHP_AUTH_USER'])) { return $HTTP_SERVER_VARS['PHP_AUTH_USER']; } if (!empty($HTTP_ENV_VARS['REMOTE_USER'])) { return $HTTP_ENV_VARS['REMOTE_USER']; } if ($user = $request->getSessionVar('wiki_user')) { $request->_user = $user; $request->_user->_authhow = 'session'; return ENABLE_USER_NEW ? $user->UserName() : $request->_user; } if ($userid = $request->getCookieVar(getCookieName())) { if (!empty($userid) and substr($userid, 0, 2) != 's:') { $request->_user->authhow = 'cookie'; return $userid; } } return false; }
/** _AnonUser::setPreferences(): Save prefs in a cookie and session and update all global vars * * Allow for multiple wikis in same domain. Encode only the * _prefs array of the UserPreference object. Ideally the * prefs array should just be imploded into a single string or * something so it is completely human readable by the end * user. In that case stricter error checking will be needed * when loading the cookie. */ function setPreferences($prefs, $id_only = false) { if (!is_object($prefs)) { if (is_object($this->_prefs)) { $updated = $this->_prefs->updatePrefs($prefs); $prefs =& $this->_prefs; } else { // update the prefs values from scratch. This could leed to unnecessary // side-effects: duplicate emailVerified, ... $this->_prefs = new UserPreferences($prefs); $updated = true; } } else { if (!isset($this->_prefs)) { $this->_prefs =& $prefs; } else { $updated = $this->_prefs->isChanged($prefs); } } if ($updated) { if ($id_only and !headers_sent()) { global $request; // new 1.3.8 policy: no array cookies, only plain userid string as in // the pre 1.3.x versions. // prefs should be stored besides the session in the homepagehandle or in a db. $request->setCookieVar(getCookieName(), $this->_userid, COOKIE_EXPIRATION_DAYS, COOKIE_DOMAIN); //$request->setCookieVar(WIKI_NAME, array('userid' => $prefs->get('userid')), // COOKIE_EXPIRATION_DAYS, COOKIE_DOMAIN); } } if (is_object($prefs)) { $packed = $prefs->store(); $unpacked = $prefs->unpack($packed); if (count($unpacked)) { foreach (array('_method', '_select', '_update', '_insert') as $param) { if (!empty($this->_prefs->{$param})) { $prefs->{$param} = $this->_prefs->{$param}; } } $this->_prefs = $prefs; } } return $updated; }
function _deduceUsername() { global $HTTP_SERVER_VARS, $HTTP_ENV_VARS; if (!empty($this->args['auth']) and !empty($this->args['auth']['userid'])) { return $this->args['auth']['userid']; } // Disable session vars (seems problematic) // if (0 && $user = $this->getSessionVar('wiki_user')) { if (0 && ($user = $this->getSessionVar('wiki_user'))) { // switched auth between sessions. // Note: There's no way to demandload a missing class-definition // afterwards! (Stupid php) if (isa($user, WikiUserClassname())) { $this->_user = $user; $this->_user->_authhow = 'session'; return ENABLE_USER_NEW ? $user->UserName() : $this->_user; } } // Sessions override http auth if (!empty($HTTP_SERVER_VARS['PHP_AUTH_USER'])) { return $HTTP_SERVER_VARS['PHP_AUTH_USER']; } // pubcookie et al if (!empty($HTTP_SERVER_VARS['REMOTE_USER'])) { return $HTTP_SERVER_VARS['REMOTE_USER']; } if (!empty($HTTP_ENV_VARS['REMOTE_USER'])) { return $HTTP_ENV_VARS['REMOTE_USER']; } if ($userid = $this->getCookieVar(getCookieName())) { if (!empty($userid) and substr($userid, 0, 2) != 's:') { $this->_user->authhow = 'cookie'; return $userid; } } if ($this->getArg('action') == 'xmlrpc') { // how about SOAP? // wiki.putPage has special otional userid/passwd arguments. check that later. $userid = ''; if (isset($HTTP_SERVER_VARS['REMOTE_USER'])) { $userid = $HTTP_SERVER_VARS['REMOTE_USER']; } elseif (isset($HTTP_SERVER_VARS['REMOTE_ADDR'])) { $userid = $HTTP_SERVER_VARS['REMOTE_ADDR']; } elseif (isset($HTTP_ENV_VARS['REMOTE_ADDR'])) { $userid = $HTTP_ENV_VARS['REMOTE_ADDR']; } elseif (isset($GLOBALS['REMOTE_ADDR'])) { $userid = $GLOBALS['REMOTE_ADDR']; } return $userid; } return false; }
function set($key, $val, $persist_days = false, $path = false) { // if already defined, ignore if (defined('MAIN_setUser') and $key = getCookieName()) { return; } if (defined('WIKI_XMLRPC') and WIKI_XMLRPC) { return; } $vars =& $GLOBALS['HTTP_COOKIE_VARS']; if (is_numeric($persist_days)) { $expires = time() + 24 * 3600 * $persist_days; } else { $expires = 0; } if (is_array($val) or is_object($val)) { $packedval = base64_encode(serialize($val)); } else { $packedval = urlencode($val); } $vars[$key] = $packedval; @($_COOKIE[$key] = $packedval); if ($path) { @setcookie($key, $packedval, $expires, $path); } else { @setcookie($key, $packedval, $expires); } }
function setPreferences($prefs, $id_only = false) { if (!is_object($prefs)) { $prefs = new UserPreferences($prefs); } // update the session and id $this->_request->setSessionVar('wiki_prefs', $prefs); // $this->_request->setCookieVar('WIKI_PREFS2', $this->_prefs, 365); // simple unpacked cookie if ($this->_userid) { setcookie(getCookieName(), $this->_userid, 365, '/'); } // We must ensure that any password is encrypted. // We don't need any plaintext password. if (!$id_only) { if ($this->isSignedIn()) { if ($this->isAdmin()) { $prefs->set('passwd', ''); } // already stored in config/config.ini, and it might be // plaintext! well oh well if ($homepage = $this->homePage()) { // check for page revision 0 if (!$this->_dbi->isWikiPage($this->_userid)) { trigger_error(_("Your home page has not been created yet so your preferences cannot not be saved."), E_USER_WARNING); } else { if ($this->isAdmin() || !$homepage->get('locked')) { $homepage->set('pref', serialize($prefs->_prefs)); return sizeof($prefs->_prefs); } else { // An "empty" page could still be // intentionally locked by admin to // prevent its creation. // // FIXME: This permission situation should // probably be handled by the DB backend, // once the new WikiUser code has been // implemented. trigger_error(_("Your home page is locked so your preferences cannot not be saved.") . " " . _("Please contact your PhpWiki administrator for assistance."), E_USER_WARNING); } } } else { trigger_error("No homepage for user found. Creating one...", E_USER_WARNING); $this->createHomepage($prefs); //$homepage->set('pref', serialize($prefs->_prefs)); return sizeof($prefs->_prefs); } } else { trigger_error("you must be signed in", E_USER_WARNING); } } return 0; }
function _deduceUsername() { global $HTTP_SERVER_VARS, $HTTP_ENV_VARS; if (!empty($this->args['auth']) and !empty($this->args['auth']['userid'])) { return $this->args['auth']['userid']; } if ($user = $this->getSessionVar('wiki_user')) { // Switched auth between sessions. // Note: There's no way to demandload a missing class-definition // afterwards! Stupid php. if (defined('FUSIONFORGE') and FUSIONFORGE) { if (empty($HTTP_SERVER_VARS['PHP_AUTH_USER'])) { return false; } } else { if (isa($user, WikiUserClassname())) { $this->_user = $user; $this->_user->_authhow = 'session'; return ENABLE_USER_NEW ? $user->UserName() : $this->_user; } } } // Sessions override http auth if (!empty($HTTP_SERVER_VARS['PHP_AUTH_USER'])) { return $HTTP_SERVER_VARS['PHP_AUTH_USER']; } // pubcookie et al if (!empty($HTTP_SERVER_VARS['REMOTE_USER'])) { return $HTTP_SERVER_VARS['REMOTE_USER']; } if (!empty($HTTP_ENV_VARS['REMOTE_USER'])) { return $HTTP_ENV_VARS['REMOTE_USER']; } if ($userid = $this->getCookieVar(getCookieName())) { if (!empty($userid) and substr($userid, 0, 2) != 's:') { $this->_user->authhow = 'cookie'; return $userid; } } if ($this->getArg('action') == 'xmlrpc') { // how about SOAP? if (empty($GLOBALS['HTTP_RAW_POST_DATA'])) { trigger_error("Wrong always_populate_raw_post_data = Off setting in your php.ini\nCannot use xmlrpc!", E_USER_ERROR); } // wiki.putPage has special otional userid/passwd arguments. check that later. $userid = ''; if (isset($HTTP_SERVER_VARS['REMOTE_USER'])) { $userid = $HTTP_SERVER_VARS['REMOTE_USER']; } elseif (isset($HTTP_SERVER_VARS['REMOTE_ADDR'])) { $userid = $HTTP_SERVER_VARS['REMOTE_ADDR']; } elseif (isset($HTTP_ENV_VARS['REMOTE_ADDR'])) { $userid = $HTTP_ENV_VARS['REMOTE_ADDR']; } elseif (isset($GLOBALS['REMOTE_ADDR'])) { $userid = $GLOBALS['REMOTE_ADDR']; } return $userid; } return false; }