/** * @param mysqli $db * @param string $user * @param string $requestip * @param int $keyid * @return string; */ function getauthtoken($db, $user, $requestip, $keyid = NULL) { $epoch = time(); cleanTokens($db, $epoch); $token = str_replace("=", "", base64_encode(openssl_random_pseudo_bytes(32))); $token = str_replace("+", "-", str_replace("/", "_", $token)); if ($stmt = $db->prepare('INSERT INTO tokens (`user`, `ip`, `keyid`, `token`, `epoch`) VALUES (?,?,?,?,?)')) { $stmt->bind_param("ssisi", $user, $requestip, $keyid, $token, $epoch); if ($stmt->execute()) { $db->commit(); $stmt->close(); return $token; } else { $db->rollback(); } } $stmt->close(); $db->close(); handleError("Could not get auth token: " . $stmt->error); return NULL; }
/** * Quickly find out what moderation authority this user has * - builds the moderator, group and board level querys for the user * - stores the information on the current users moderation powers in $user_info['mod_cache'] and $_SESSION['mc'] */ function rebuildModCache() { global $user_info, $smcFunc; // What groups can they moderate? $group_query = allowedTo('manage_membergroups') ? '1=1' : '0=1'; if ($group_query == '0=1') { $request = $smcFunc['db_query']('', ' SELECT id_group FROM {db_prefix}group_moderators WHERE id_member = {int:current_member}', array('current_member' => $user_info['id'])); $groups = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { $groups[] = $row['id_group']; } $smcFunc['db_free_result']($request); if (empty($groups)) { $group_query = '0=1'; } else { $group_query = 'id_group IN (' . implode(',', $groups) . ')'; } } // Then, same again, just the boards this time! $board_query = allowedTo('moderate_forum') ? '1=1' : '0=1'; if ($board_query == '0=1') { $boards = boardsAllowedTo('moderate_board', true); if (empty($boards)) { $board_query = '0=1'; } else { $board_query = 'id_board IN (' . implode(',', $boards) . ')'; } } // What boards are they the moderator of? $boards_mod = array(); if (!$user_info['is_guest']) { $request = $smcFunc['db_query']('', ' SELECT id_board FROM {db_prefix}moderators WHERE id_member = {int:current_member}', array('current_member' => $user_info['id'])); while ($row = $smcFunc['db_fetch_assoc']($request)) { $boards_mod[] = $row['id_board']; } $smcFunc['db_free_result']($request); } $mod_query = empty($boards_mod) ? '0=1' : 'b.id_board IN (' . implode(',', $boards_mod) . ')'; $_SESSION['mc'] = array('time' => time(), 'id' => $user_info['id'] && $user_info['name'] ? $user_info['id'] : 0, 'gq' => $group_query, 'bq' => $board_query, 'ap' => boardsAllowedTo('approve_posts'), 'mb' => $boards_mod, 'mq' => $mod_query); call_integration_hook('integrate_mod_cache'); $user_info['mod_cache'] = $_SESSION['mc']; // Might as well clean up some tokens while we are at it. cleanTokens(); }
} } else { $host = 'darwin.bournemouth.ac.uk'; $secure = TRUE; } // Actually unset the cookie setrawcookie($DARWINCOOKIENAME, '', $cookieexpire, '/', $host, $secure); if (isset($authtoken)) { $db = getAuthDb(); $requestip = $_SERVER["REMOTE_ADDR"]; $stmt = checkPrepare($db, 'DELETE FROM `tokens` WHERE `ip`=? AND `token`=?'); checkBindParam($db, $stmt, "ss", $requestip, $authtoken); checkExecute($db, $stmt); $stmt->close(); $db->commit(); cleanTokens($db); $db->close(); } // Whatever happens set the user for the rest of the page to null. setDarwinUser(NULL); if (isset($_REQUEST['redirect'])) { header('Location: ' . $_REQUEST['redirect']); exit; // Finished } else { if ($htmloutput) { showSuccessScreen(); } else { echo "logout:{$user}"; } }
/** * This ends a admin session, requiring authentication to access the ACP again. */ public function action_endsession() { // This is so easy! unset($_SESSION['admin_time']); // Clean any admin tokens as well. cleanTokens(false, '-admin'); if (isset($_GET['redir']) && isset($_SERVER['HTTP_REFERER'])) { redirectexit($_SERVER['HTTP_REFERER']); } else { redirectexit(); } }
/** * This ends a moderator session, requiring authentication to access the MCP again. */ public function action_modEndSession() { // This is so easy! unset($_SESSION['moderate_time']); // Clean any moderator tokens as well. cleanTokens(false, '-mod'); redirectexit('action=moderate'); }
} else { $host = 'darwin.bournemouth.ac.uk'; $secure = TRUE; } setrawcookie($DARWINCOOKIENAME, $authtoken, $cookieexpire, '/', $host, $secure); error_log(__FILE__ . ": Cookie set."); if (isset($_REQUEST['redirect'])) { error_log(__FILE__ . ": redirecting"); header('Location: ' . $_REQUEST['redirect']); echo "Redirect!\n"; } else { if ($htmloutput) { error_log(__FILE__ . ": Showing success screen"); showSuccessScreen($_REQUEST['newuser']); } else { error_log(__FILE__ . ": Setting success"); echo "login:"******"\n"; for ($x = 0; $x < 0; $x++) { echo "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"; } } } error_log(__FILE__ . ": Cleaning tokens"); $epoch = time(); cleanTokens($db, $epoch); error_log(__FILE__ . ": Closing database"); $db->close(); } else { error_log("Could not get database connection"); handleError("Could not connect to the database"); }
/** * Only patrons with valid tokens can ride this ride. * * @param string $action * @param string $type = 'post' (get, request, or post) * @param bool $reset = true * @param bool $fatal if true a fatal_lang_error is issued for invalid tokens, otherwise false is returned * @return boolean except for $action == 'login' where the token is returned */ function validateToken($action, $type = 'post', $reset = true, $fatal = true) { $type = $type == 'get' || $type == 'request' ? $type : 'post'; $token_index = $type . '-' . $action; // Logins are special: the token is used to has the password with javascript before POST it if ($action == 'login') { if (isset($_SESSION['token'][$token_index])) { $return = $_SESSION['token'][$token_index][3]; unset($_SESSION['token'][$token_index]); return $return; } else { return ''; } } // This nasty piece of code validates a token. // 1. The token exists in session. // 2. The {$type} variable should exist. // 3. We concatenate the variable we received with the user agent // 4. Match that result against what is in the session. // 5. If it matches, success, otherwise we fallout. // we use user agent $req = request(); if (isset($_SESSION['token'][$token_index], $GLOBALS['_' . strtoupper($type)][$_SESSION['token'][$token_index][0]]) && md5($GLOBALS['_' . strtoupper($type)][$_SESSION['token'][$token_index][0]] . $req->user_agent()) === $_SESSION['token'][$token_index][1]) { // Invalidate this token now. unset($_SESSION['token'][$token_index]); return true; } // Patrons with invalid tokens get the boot. if ($reset) { // Might as well do some cleanup on this. cleanTokens(); // I'm back baby. createToken($action, $type); if ($fatal) { fatal_lang_error('token_verify_fail', false); } else { return false; } } else { unset($_SESSION['token'][$token_index]); } // Randomly check if we should remove some older tokens. if (mt_rand(0, 138) == 23) { cleanTokens(); } return false; }