/** * Initialize the auth system. * * This function is automatically called at the end of init.php * * This used to be the main() of the auth.php * * @todo backend loading maybe should be handled by the class autoloader * @todo maybe split into multiple functions at the XXX marked positions * @triggers AUTH_LOGIN_CHECK * @return bool */ function auth_setup() { global $conf; /* @var DokuWiki_Auth_Plugin $auth */ global $auth; /* @var Input $INPUT */ global $INPUT; global $AUTH_ACL; global $lang; /* @var Doku_Plugin_Controller $plugin_controller */ global $plugin_controller; $AUTH_ACL = array(); if (!$conf['useacl']) { return false; } // try to load auth backend from plugins foreach ($plugin_controller->getList('auth') as $plugin) { if ($conf['authtype'] === $plugin) { $auth = $plugin_controller->load('auth', $plugin); break; } elseif ('auth' . $conf['authtype'] === $plugin) { // matches old auth backends (pre-Weatherwax) $auth = $plugin_controller->load('auth', $plugin); msg('Your authtype setting is deprecated. You must set $conf[\'authtype\'] = "auth' . $conf['authtype'] . '"' . ' in your configuration (see <a href="https://www.dokuwiki.org/auth">Authentication Backends</a>)', -1, '', '', MSG_ADMINS_ONLY); } } if (!isset($auth) || !$auth) { msg($lang['authtempfail'], -1); return false; } if ($auth->success == false) { // degrade to unauthenticated user unset($auth); auth_logoff(); msg($lang['authtempfail'], -1); return false; } // do the login either by cookie or provided credentials XXX $INPUT->set('http_credentials', false); if (!$conf['rememberme']) { $INPUT->set('r', false); } // handle renamed HTTP_AUTHORIZATION variable (can happen when a fix like // the one presented at // http://www.besthostratings.com/articles/http-auth-php-cgi.html is used // for enabling HTTP authentication with CGI/SuExec) if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; } // streamline HTTP auth credentials (IIS/rewrite -> mod_php) if (isset($_SERVER['HTTP_AUTHORIZATION'])) { list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); } // if no credentials were given try to use HTTP auth (for SSO) if (!$INPUT->str('u') && empty($_COOKIE[DOKU_COOKIE]) && !empty($_SERVER['PHP_AUTH_USER'])) { $INPUT->set('u', $_SERVER['PHP_AUTH_USER']); $INPUT->set('p', $_SERVER['PHP_AUTH_PW']); $INPUT->set('http_credentials', true); } // apply cleaning (auth specific user names, remove control chars) if (true === $auth->success) { $INPUT->set('u', $auth->cleanUser(stripctl($INPUT->str('u')))); $INPUT->set('p', stripctl($INPUT->str('p'))); } if ($INPUT->str('authtok')) { // when an authentication token is given, trust the session auth_validateToken($INPUT->str('authtok')); } elseif (!is_null($auth) && $auth->canDo('external')) { // external trust mechanism in place $auth->trustExternal($INPUT->str('u'), $INPUT->str('p'), $INPUT->bool('r')); } else { $evdata = array('user' => $INPUT->str('u'), 'password' => $INPUT->str('p'), 'sticky' => $INPUT->bool('r'), 'silent' => $INPUT->bool('http_credentials')); trigger_event('AUTH_LOGIN_CHECK', $evdata, 'auth_login_wrapper'); } //load ACL into a global array XXX $AUTH_ACL = auth_loadACL(); return true; }
/** * Send a HTTP redirect to the browser * * Works arround Microsoft IIS cookie sending bug. Exits the script. * * @link http://support.microsoft.com/kb/q176113/ * @author Andreas Gohr <*****@*****.**> * * @param string $url url being directed to */ function send_redirect($url) { $url = stripctl($url); // defend against HTTP Response Splitting /* @var Input $INPUT */ global $INPUT; //are there any undisplayed messages? keep them in session for display global $MSG; if (isset($MSG) && count($MSG) && !defined('NOSESSION')) { //reopen session, store data and close session again @session_start(); $_SESSION[DOKU_COOKIE]['msg'] = $MSG; } // always close the session session_write_close(); // check if running on IIS < 6 with CGI-PHP if ($INPUT->server->has('SERVER_SOFTWARE') && $INPUT->server->has('GATEWAY_INTERFACE') && strpos($INPUT->server->str('GATEWAY_INTERFACE'), 'CGI') !== false && preg_match('|^Microsoft-IIS/(\\d)\\.\\d$|', trim($INPUT->server->str('SERVER_SOFTWARE')), $matches) && $matches[1] < 6) { header('Refresh: 0;url=' . $url); } else { header('Location: ' . $url); } if (defined('DOKU_UNITTEST')) { return; } // no exits during unit tests exit; }
/** * DokuWiki media passthrough file * * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) * @author Andreas Gohr <*****@*****.**> */ if (!defined('DOKU_INC')) { define('DOKU_INC', dirname(__FILE__) . '/../../'); } define('DOKU_DISABLE_GZIP_OUTPUT', 1); require_once DOKU_INC . 'inc/init.php'; //close session session_write_close(); $mimetypes = getMimeTypes(); //get input $MEDIA = stripctl(getID('media', false)); // no cleaning except control chars - maybe external $CACHE = calc_cache($_REQUEST['cache']); $WIDTH = (int) $_REQUEST['w']; $HEIGHT = (int) $_REQUEST['h']; list($EXT, $MIME, $DL) = mimetype($MEDIA, false); if ($EXT === false) { $EXT = 'unknown'; $MIME = 'application/octet-stream'; $DL = true; } // check for permissions, preconditions and cache external files list($STATUS, $STATUSMESSAGE) = checkFileStatus($MEDIA, $FILE); // prepare data for plugin events $data = array('media' => $MEDIA, 'file' => $FILE, 'orig' => $FILE, 'mime' => $MIME, 'download' => $DL, 'cache' => $CACHE, 'ext' => $EXT, 'width' => $WIDTH, 'height' => $HEIGHT, 'status' => $STATUS, 'statusmessage' => $STATUSMESSAGE); // handle the file status
/** * This is an extension hook provided by BB2, we use it to do our * own logging. */ function bb2_banned_callback($settings, $package, $key) { global $conf; $data = array(); $data[] = time(); $data[] = stripctl($package['ip']); $data[] = stripctl($package['request_method']); $data[] = stripctl($package['request_uri']); $data[] = stripctl($package['server_protocol']); $data[] = stripctl($package['user_agent']); $data[] = stripctl($key); io_saveFile($conf['cachedir'] . '/badbehaviour.log', join("\t", $data) . "\n", true); }