function checkCredentials(&$server, &$credentials, $access, $pagename) { // check the "Authorization: Basic '.base64_encode("$this->username:$this->password").'\r\n'" header if (isset($server->header['Authorization'])) { $line = base64_decode(str_replace("Basic ", "", trim($server->header['Authorization']))); list($credentials['username'], $credentials['password']) = explode(':', $line); } else { if (!isset($_SERVER)) { $_SERVER =& $GLOBALS['HTTP_SERVER_VARS']; } // TODO: where in the header is the client IP if (!isset($credentials['username'])) { if (isset($_SERVER['REMOTE_ADDR'])) { $credentials['username'] = $_SERVER['REMOTE_ADDR']; } elseif (isset($GLOBALS['REMOTE_ADDR'])) { $credentials['username'] = $GLOBALS['REMOTE_ADDR']; } else { $credentials['username'] = $server->host; } } } if (!isset($credentials['password'])) { $credentials['password'] = ''; } global $request; if (ENABLE_USER_NEW) { $request->_user = WikiUser($credentials['username']); } else { $request->_user = new WikiUser($request, $credentials['username']); } $request->_user->AuthCheck(array('userid' => $credentials['username'], 'passwd' => $credentials['password'])); if (!mayAccessPage($access, $pagename)) { $server->fault(401, '', "no permission"); } }
/** * Probably not needed, since we use the various user objects methods so far. * Anyway, here it is, looping through all available objects. */ function UserExists($UserName) { global $request; if (!($user = $request->getUser())) { $user = WikiUser($UserName); } if (!$user) { return false; } if ($user->userExists($UserName)) { $request->_user = $user; return true; } if (isa($user, '_BogoUser')) { $user = new _PassUser($UserName, $user->_prefs); } $class = $user->nextClass(); if ($user = new $class($UserName, $user->_prefs)) { return $user->userExists($UserName); } $request->_user = $GLOBALS['ForbiddenUser']; return false; }
function WikiRequest() { $this->_dbi = WikiDB::open($GLOBALS['DBParams']); // first mysql request costs [958ms]! [670ms] is mysql_connect() if (in_array('File', $this->_dbi->getAuthParam('USER_AUTH_ORDER'))) { // force our local copy, until the pear version is fixed. include_once dirname(__FILE__) . "/pear/File_Passwd.php"; } if (ENABLE_USER_NEW) { // Preload all necessary userclasses. Otherwise session => __PHP_Incomplete_Class_Name // There's no way to demand-load it later. This way it's much slower, but needs slightly // less memory than loading all. if (ALLOW_BOGO_LOGIN) { include_once "lib/WikiUser/BogoLogin.php"; } // UserPreferences POST Update doesn't reach this. foreach ($GLOBALS['USER_AUTH_ORDER'] as $method) { include_once "lib/WikiUser/{$method}.php"; if ($method == 'Db') { switch (DATABASE_TYPE) { case 'SQL': include_once "lib/WikiUser/PearDb.php"; break; case 'ADODB': include_once "lib/WikiUser/AdoDb.php"; break; case 'PDO': include_once "lib/WikiUser/PdoDb.php"; break; } } } unset($method); } if (USE_DB_SESSION) { include_once 'lib/DbSession.php'; $dbi =& $this->_dbi; $this->_dbsession = new DbSession($dbi, $dbi->getParam('prefix') . $dbi->getParam('db_session_table')); } // Fixme: Does pear reset the error mask to 1? We have to find the culprit //$x = error_reporting(); $this->version = phpwiki_version(); $this->Request(); // [90ms] // Normalize args... $this->setArg('pagename', $this->_deducePagename()); $this->setArg('action', $this->_deduceAction()); if (DEBUG & _DEBUG_SQL or DATABASE_OPTIMISE_FREQUENCY > 0 and time() % DATABASE_OPTIMISE_FREQUENCY == 0) { if ($this->_dbi->_backend->optimize()) { trigger_error(_("Optimizing database"), E_USER_NOTICE); } } // Restore auth state. This doesn't check for proper authorization! $userid = $this->_deduceUsername(); if (ENABLE_USER_NEW) { if (isset($this->_user) and !empty($this->_user->_authhow) and $this->_user->_authhow == 'session') { // users might switch in a session between the two objects. // restore old auth level here or in updateAuthAndPrefs? //$user = $this->getSessionVar('wiki_user'); // revive db handle, because these don't survive sessions if (isset($this->_user) and (!isa($this->_user, WikiUserClassname()) or strtolower(get_class($this->_user)) == '_passuser')) { $this->_user = WikiUser($userid, $this->_user->_prefs); } // revive other db handle if (isset($this->_user->_prefs->_method) and ($this->_user->_prefs->_method == 'SQL' or $this->_user->_prefs->_method == 'ADODB' or $this->_user->_prefs->_method == 'PDO' or $this->_user->_prefs->_method == 'HomePage')) { $this->_user->_HomePagehandle = $this->getPage($userid); } // need to update the lockfile filehandle if (isa($this->_user, '_FilePassUser') and $this->_user->_file->lockfile and !$this->_user->_file->fplock) { //$level = $this->_user->_level; $this->_user = UpgradeUser($this->_user, new _FilePassUser($userid, $this->_user->_prefs, $this->_user->_file->filename)); //$this->_user->_level = $level; } $this->_prefs =& $this->_user->_prefs; } else { $user = WikiUser($userid); $this->_user =& $user; $this->_prefs =& $this->_user->_prefs; } } else { $this->_user = new WikiUser($this, $userid); $this->_prefs = $this->_user->getPreferences(); } }
function checkEmailConfirmation() { global $request; $wikidb = $request->getDbh(); $data = $wikidb->get('ConfirmEmail'); $id = $request->getArg('id'); if (empty($data[$id])) { // id not found return HTML(HTML::h1("Confirm E-mail address"), HTML::h1("Sorry! Wrong URL")); } // upgrade the user $userid = $data['userid']; $email = $data['email']; $u = $request->getUser(); if ($u->UserName() == $userid) { // lucky: current user (session) $prefs = $u->getPreferences(); $request->_user->_level = WIKIAUTH_USER; $request->_prefs->set('emailVerified', true); } else { // not current user if (ENABLE_USER_NEW) { $u = WikiUser($userid); $u->getPreferences(); $prefs =& $u->_prefs; } else { $u = new WikiUser($request, $userid); $prefs = $u->getPreferences(); } $u->_level = WIKIAUTH_USER; $request->setUser($u); $request->_prefs->set('emailVerified', true); } unset($data[$id]); $wikidb->set('ConfirmEmail', $data); return HTML(HTML::h1("Confirm E-mail address"), HTML::p("Your e-mail address has now been confirmed.")); }
function getPageChangeEmails($notify) { $emails = array(); $userids = array(); foreach ($notify as $page => $users) { if (glob_match($page, $this->_pagename)) { foreach ($users as $userid => $user) { $um = UserManager::instance(); $dbUser = $um->getUserByUserName($userid); $wiki = new Wiki($_REQUEST['group_id']); $wp = new WikiPage($_REQUEST['group_id'], $_REQUEST['pagename']); if ($dbUser && ($dbUser->isActive() || $dbUser->isRestricted()) && $wiki->isAutorized($dbUser->getId()) && $wp->isAutorized($dbUser->getId())) { if (!$user) { // handle the case for ModeratePage: no prefs, just userid's. global $request; $u = $request->getUser(); if ($u->UserName() == $userid) { $prefs = $u->getPreferences(); } else { // not current user if (ENABLE_USER_NEW) { $u = WikiUser($userid); $u->getPreferences(); $prefs =& $u->_prefs; } else { $u = new WikiUser($GLOBALS['request'], $userid); $prefs = $u->getPreferences(); } } $emails[] = user_getemail_from_unix($userid); $userids[] = $userid; } else { if (!empty($user['verified']) and !empty($user['email'])) { $emails[] = user_getemail_from_unix($userid); $userids[] = $userid; } elseif (!empty($user['email'])) { global $request; // do a dynamic emailVerified check update $u = $request->getUser(); if ($u->UserName() == $userid) { if ($request->_prefs->get('emailVerified')) { $emails[] = user_getemail_from_unix($userid); $userids[] = $userid; $notify[$page][$userid]['verified'] = 1; $request->_dbi->set('notify', $notify); } } else { // not current user if (ENABLE_USER_NEW) { $u = WikiUser($userid); $u->getPreferences(); $prefs =& $u->_prefs; } else { $u = new WikiUser($GLOBALS['request'], $userid); $prefs = $u->getPreferences(); } if ($prefs->get('emailVerified')) { $emails[] = user_getemail_from_unix($userid); $userids[] = $userid; $notify[$page][$userid]['verified'] = 1; $request->_dbi->set('notify', $notify); } } // ignore verification /* if (DEBUG) { if (!in_array($user['email'],$emails)) $emails[] = $user['email']; } */ } } } } } } $emails = array_unique($emails); $userids = array_unique($userids); return array($emails, $userids); }
function getSpecialMembersOf($group) { //$request = &$this->request; $all = $this->_allUsers(); $users = array(); switch ($group) { case GROUP_EVERY: return $all; case GROUP_ANONYMOUS: return $users; case GROUP_BOGOUSER: foreach ($all as $u) { if (isWikiWord($u)) { $users[] = $u; } } return $users; case GROUP_SIGNED: foreach ($all as $u) { $user = WikiUser($u); if ($user->isSignedIn()) { $users[] = $u; } } return $users; case GROUP_AUTHENTICATED: foreach ($all as $u) { $user = WikiUser($u); if ($user->isAuthenticated()) { $users[] = $u; } } return $users; case GROUP_ADMIN: foreach ($all as $u) { $user = WikiUser($u); if (isset($user->_level) and $user->_level == WIKIAUTH_ADMIN) { $users[] = $u; } } return $users; case GROUP_OWNER: case GROUP_CREATOR: // this could get complex so just return an empty array return false; default: trigger_error(__sprintf("Unknown special group '%s'", $group), E_USER_WARNING); } }
function _do_email_verification(&$request, &$args) { $dbi = $request->getDbh(); $pagelist = new PageList('pagename', 0, $args); //$args['return_url'] = 'action=email-verification-verified'; $email = new _PageList_Column_email('email', _("E-Mail"), 'left'); $emailVerified = new _PageList_Column_emailVerified('emailVerified', _("Verification Status"), 'center'); $pagelist->_columns[] = $email; $pagelist->_columns[] = $emailVerified; //This is the best method to find all users (Db and PersonalPage) $current_user = $request->_user; if (empty($args['verify'])) { $group = $request->getGroup(); $allusers = $group->_allUsers(); } else { $allusers = array_keys($args['user']); } foreach ($allusers as $username) { if (ENABLE_USER_NEW) { $user = WikiUser($username); } else { $user = new WikiUser($request, $username); } $prefs = $user->getPreferences(); if ($prefs->get('email')) { if (!$prefs->get('userid')) { $prefs->set('userid', $username); } if (!empty($pagelist->_rows)) { $group = (int) (count($pagelist->_rows) / $pagelist->_group_rows); } else { $group = 0; } $class = $group % 2 ? 'oddrow' : 'evenrow'; $row = HTML::tr(array('class' => $class)); $page_handle = $dbi->getPage($username); $row->pushContent($pagelist->_columns[0]->format($pagelist, $page_handle, $page_handle)); $row->pushContent($email->format($pagelist, $prefs, $page_handle)); if (!empty($args['verify'])) { $prefs->_prefs['email']->set('emailVerified', empty($args['verified'][$username]) ? 0 : 2); $user->setPreferences($prefs); } $row->pushContent($emailVerified->format($pagelist, $prefs, $args['verify'])); $pagelist->_rows[] = $row; } } $request->_user = $current_user; if (!empty($args['verify'])) { return HTML($pagelist->_generateTable(false)); } else { $args['verify'] = 1; $args['return_url'] = $request->getURLtoSelf(); return HTML::form(array('action' => $request->getPostURL(), 'method' => 'post'), HiddenInputs($args, 'wikiadminutils'), HiddenInputs(array('require_authority_for_post' => WIKIAUTH_ADMIN)), HiddenInputs($request->getArgs()), $pagelist->_generateTable(false), HTML::p(Button('submit:', _("Change Verification Status"), 'wikiadmin'), HTML::Raw(' '), Button('cancel', _("Cancel")))); } }
function run($dbi, $argstr, &$request, $basepage) { $args = $this->getArgs($argstr, $request); if (isa($request, 'MockRequest')) { return ''; } $user =& $request->_user; $post_args = $request->getArg('admin_reset'); $userid = $request->getArg('user'); $isadmin = $user->isAdmin(); if ($request->isPost()) { if (!$userid) { $alert = new Alert(_("Warning:"), _("You need to specify the userid!")); $alert->show(); return $this->doForm($request); } @($reset = $post_args['reset']); if ($reset and $userid and !empty($post_args['verify'])) { if ($user->isAdmin()) { return $this->doReset($userid); } else { return $this->doEmail($request, $userid); } } elseif ($reset and empty($post_args['verify'])) { $buttons = HTML::p(Button('submit:admin_reset[reset]', $isadmin ? _("Yes") : _("Send email"), $isadmin ? 'wikiadmin' : 'button'), HTML::Raw(' '), Button('submit:admin_reset[cancel]', _("Cancel"), 'button')); $header = HTML::strong("Verify"); if (!$user->isAdmin()) { // check for email if ($userid == $user->UserName() and $user->isAuthenticated()) { $alert = new Alert(_("Already logged in"), HTML(fmt("Changing passwords is done at "), WikiLink(_("UserPreferences")))); $alert->show(); return; } $thisuser = WikiUser($userid); $prefs = $thisuser->getPreferences(); $email = $prefs->get('email'); if (!$email) { $alert = new Alert(_("Error"), HTML(fmt("No email stored for user %s.", $userid), HTML::br(), fmt("You need to ask an Administrator to reset this password. See below: "), HTML::br(), WikiLink(ADMIN_USER))); $alert->show(); return; } $verified = $thisuser->_prefs->_prefs['email']->getraw('emailVerified'); if (!$verified) { $header->pushContent(HTML::br(), "Warning: This users email address is unverified!"); } } return $this->doForm($request, $header, HTML(HTML::hr(), fmt("Do you really want to reset the password of user %s?", $userid), $isadmin ? '' : _("An email will be sent."), HiddenInputs(array('admin_reset[verify]' => 1, 'user' => $userid)), $buttons)); } else { return $this->doForm($request); } } else { return $this->doForm($request); } }
function getPageChangeEmails($notify) { $emails = array(); $userids = array(); foreach ($notify as $page => $users) { if (glob_match($page, $this->_pagename)) { foreach ($users as $userid => $user) { if (!$user) { // handle the case for ModeratePage: no prefs, just userid's. global $request; $u = $request->getUser(); if ($u->UserName() == $userid) { $prefs = $u->getPreferences(); } else { // not current user if (ENABLE_USER_NEW) { $u = WikiUser($userid); $u->getPreferences(); $prefs =& $u->_prefs; } else { $u = new WikiUser($GLOBALS['request'], $userid); $prefs = $u->getPreferences(); } } $emails[] = $prefs->get('email'); $userids[] = $userid; } else { if (!empty($user['verified']) and !empty($user['email'])) { $emails[] = $user['email']; $userids[] = $userid; } elseif (!empty($user['email'])) { global $request; // do a dynamic emailVerified check update $u = $request->getUser(); if ($u->UserName() == $userid) { if ($request->_prefs->get('emailVerified')) { $emails[] = $user['email']; $userids[] = $userid; $notify[$page][$userid]['verified'] = 1; $request->_dbi->set('notify', $notify); } } else { // not current user if (ENABLE_USER_NEW) { $u = WikiUser($userid); $u->getPreferences(); $prefs =& $u->_prefs; } else { $u = new WikiUser($GLOBALS['request'], $userid); $prefs = $u->getPreferences(); } if ($prefs->get('emailVerified')) { $emails[] = $user['email']; $userids[] = $userid; $notify[$page][$userid]['verified'] = 1; $request->_dbi->set('notify', $notify); } } // ignore verification /* if (DEBUG) { if (!in_array($user['email'],$emails)) $emails[] = $user['email']; } */ } } } } } $emails = array_unique($emails); $userids = array_unique($userids); return array($emails, $userids); }
function run($dbi, $argstr, &$request, $basepage) { $args = $this->getArgs($argstr, $request); extract($args); if (empty($userid) or $userid == $request->_user->UserName()) { $user =& $request->_user; $userid = $user->UserName(); } else { $user = WikiUser($userid); } if (!$user->isAdmin() and !(DEBUG && _DEBUG_LOGIN)) { $request->_notAuthorized(WIKIAUTH_ADMIN); $this->disabled("! user->isAdmin"); } $html = HTML(HTML::h3(fmt("General Auth Settings"))); $table = HTML::table(array('border' => 1, 'cellpadding' => 2, 'cellspacing' => 0)); $table->pushContent($this->_showhash("AUTH DEFINES", $this->_buildConstHash(array("ENABLE_USER_NEW", "ALLOW_ANON_USER", "ALLOW_ANON_EDIT", "ALLOW_BOGO_LOGIN", "REQUIRE_SIGNIN_BEFORE_EDIT", "ALLOW_USER_PASSWORDS", "PASSWORD_LENGTH_MINIMUM", "USE_DB_SESSION")))); if (defined('ALLOW_LDAP_LOGIN') && ALLOW_LDAP_LOGIN or in_array("LDAP", $GLOBALS['USER_AUTH_ORDER'])) { $table->pushContent($this->_showhash("LDAP DEFINES", $this->_buildConstHash(array("LDAP_AUTH_HOST", "LDAP_BASE_DN")))); } if (defined('ALLOW_IMAP_LOGIN') && ALLOW_IMAP_LOGIN or in_array("IMAP", $GLOBALS['USER_AUTH_ORDER'])) { $table->pushContent($this->_showhash("IMAP DEFINES", array("IMAP_AUTH_HOST" => IMAP_AUTH_HOST))); } if (defined('AUTH_USER_FILE') or in_array("File", $GLOBALS['USER_AUTH_ORDER'])) { $table->pushContent($this->_showhash("AUTH_USER_FILE", $this->_buildConstHash(array("AUTH_USER_FILE", "AUTH_USER_FILE_STORABLE")))); } if (defined('GROUP_METHOD')) { $table->pushContent($this->_showhash("GROUP_METHOD", $this->_buildConstHash(array("GROUP_METHOD", "AUTH_GROUP_FILE", "GROUP_LDAP_QUERY")))); } $table->pushContent($this->_showhash("\$USER_AUTH_ORDER[]", $GLOBALS['USER_AUTH_ORDER'])); $table->pushContent($this->_showhash("USER_AUTH_POLICY", array("USER_AUTH_POLICY" => USER_AUTH_POLICY))); $DBParams = $GLOBALS['DBParams']; $DBParams['dsn'] = class_exists('WikiDB_SQL') ? WikiDB_SQL::view_dsn($DBParams['dsn']) : ''; $table->pushContent($this->_showhash("\$DBParams[]", $DBParams)); $DBAuthParams = $GLOBALS['DBAuthParams']; if (isset($DBAuthParams['auth_dsn']) and class_exists('WikiDB_SQL')) { $DBAuthParams['auth_dsn'] = WikiDB_SQL::view_dsn($DBAuthParams['auth_dsn']); } else { $DBAuthParams['auth_dsn'] = ''; } unset($DBAuthParams['dummy']); $table->pushContent($this->_showhash("\$DBAuthParams[]", $DBAuthParams)); $html->pushContent($table); $html->pushContent(HTML(HTML::h3(fmt("Personal Auth Settings for '%s'", $userid)))); if (!$user) { $html->pushContent(HTML::p(fmt("No userid"))); } else { $table = HTML::table(array('border' => 1, 'cellpadding' => 2, 'cellspacing' => 0)); //$table->pushContent(HTML::tr(HTML::td(array('colspan' => 2)))); $userdata = obj2hash($user, array('_dbi', '_request', 'password', 'passwd')); $table->pushContent($this->_showhash("User: Object of " . get_class($user), $userdata)); if (ENABLE_USER_NEW) { $group =& $request->getGroup(); $groups = $group->getAllGroupsIn(); $groupdata = obj2hash($group, array('_dbi', '_request', 'password', 'passwd')); unset($groupdata['request']); $table->pushContent($this->_showhash("Group: Object of " . get_class($group), $groupdata)); $groups = $group->getAllGroupsIn(); $groupdata = array('getAllGroupsIn' => $groups); foreach ($groups as $g) { $groupdata["getMembersOf({$g})"] = $group->getMembersOf($g); $groupdata["isMember({$g})"] = $group->isMember($g); } $table->pushContent($this->_showhash("Group Methods: ", $groupdata)); } $html->pushContent($table); } return $html; }
function _getUser($userid = '') { global $request; if (!$userid) { if (!isset($_SERVER)) { $_SERVER =& $GLOBALS['HTTP_SERVER_VARS']; } if (!isset($_ENV)) { $_ENV =& $GLOBALS['HTTP_ENV_VARS']; } if (isset($_SERVER['REMOTE_USER'])) { $userid = $_SERVER['REMOTE_USER']; } elseif (isset($_ENV['REMOTE_USER'])) { $userid = $_ENV['REMOTE_USER']; } elseif (isset($_SERVER['REMOTE_ADDR'])) { $userid = $_SERVER['REMOTE_ADDR']; } elseif (isset($_ENV['REMOTE_ADDR'])) { $userid = $_ENV['REMOTE_ADDR']; } elseif (isset($GLOBALS['REMOTE_ADDR'])) { $userid = $GLOBALS['REMOTE_ADDR']; } } if (ENABLE_USER_NEW) { return WikiUser($userid); } else { return new WikiUser($request, $userid); } }