示例#1
0
function plugin_edit_action()
{
    // global $vars, $_title_edit, $load_template_func;
    global $vars, $load_template_func;
    // if (PKWK_READONLY) die_message( _('PKWK_READONLY prohibits editing') );
    if (auth::check_role('readonly')) {
        die_message(_('PKWK_READONLY prohibits editing'));
    }
    if (PKWK_READONLY == ROLE_AUTH && auth::get_role_level() > ROLE_AUTH) {
        die_message(_('PKWK_READONLY prohibits editing'));
    }
    if (isset($vars['realview'])) {
        return plugin_edit_realview();
    }
    $page = isset($vars['page']) ? $vars['page'] : '';
    check_editable($page, true, true);
    if (!is_page($page) && auth::is_check_role(PKWK_CREATE_PAGE)) {
        die_message(_('PKWK_CREATE_PAGE prohibits editing'));
    }
    if (isset($vars['preview']) || $load_template_func && isset($vars['template'])) {
        return plugin_edit_preview();
    } else {
        if (isset($vars['write'])) {
            return plugin_edit_write();
        } else {
            if (isset($vars['cancel'])) {
                return plugin_edit_cancel();
            }
        }
    }
    $source = get_source($page);
    auth::is_role_page($source);
    $postdata = $vars['original'] = join('', $source);
    if (!empty($vars['id'])) {
        $postdata = plugin_edit_parts($vars['id'], $source);
        if ($postdata === FALSE) {
            unset($vars['id']);
            // なかったことに :)
            $postdata = $vars['original'];
        }
    }
    if ($postdata == '') {
        $postdata = auto_template($page);
    }
    return array('msg' => _('Edit of  $1'), 'body' => edit_form($page, $postdata));
}
示例#2
0
function plugin_role_convert()
{
    global $_role_msg;
    $role = auth::get_role_level();
    if ($role == 0) {
        return '';
    }
    $argv = func_get_args();
    $i = count($argv);
    if ($i < 2) {
        return role_list($role);
    }
    $msg = $argv[$i - 1];
    if (!auth::is_check_role($argv[0])) {
        return convert_html(str_replace("\r", "\n", $msg));
    }
    return '';
}
function plugin_commentx_get_nick()
{
    global $vars;
    $name = empty($vars['name']) ? '' : $vars['name'];
    if (PKWK_READONLY != ROLE_AUTH) {
        return array($name, $name, '');
    }
    list($role, $name, $nick, $url) = auth::get_user_name();
    if (empty($nick)) {
        return array($name, $name, '');
    }
    if (auth::get_role_level() < ROLE_AUTH) {
        return array($name, $name, '');
    }
    $link = empty($url) ? $nick : $nick . '>' . $url;
    return array($nick, $link, "disabled=\"disabled\"");
}
示例#4
0
function passwd_menu($msg = '&nbsp;')
{
    global $script, $head_tags, $_passwd_msg, $auth_type, $realm, $vars;
    $head_tags[] = ' <script type="text/javascript" src="' . SKIN_URI . 'crypt/md5.js"></script>';
    $head_tags[] = ' <script type="text/javascript" src="' . SKIN_URI . 'crypt/sha1.js"></script>';
    $head_tags[] = ' <script type="text/javascript" src="' . SKIN_URI . 'crypt/des.js"></script>';
    $head_tags[] = ' <script type="text/javascript" src="' . SKIN_URI . 'crypt/base64.js"></script>';
    $func = 'save';
    $role_level = auth::get_role_level();
    $old_algorithm = '';
    $r_realm = rawurlencode($realm);
    $checked_md5 = 'checked="checked"';
    $checked_sha1 = '';
    // adminpass を求める処理の場合か?
    $is_adminpass = isset($vars['adminpass']);
    if ($is_adminpass) {
        $use_pkwk_write_func = false;
        $auth_type = 1;
    } else {
        $use_pkwk_write_func = USE_PKWK_WRITE_FUNC;
    }
    // 役割に応じた設定
    if ($role_level == 2) {
        // 管理者
        $disabled_user = $user = '';
        $msg_pass = $_passwd_msg['msg_pass_admin'];
        $a1_des = "a1 = objForm.key.value;\n";
        $msg_role = <<<EOD
    <tr>
      <th>{$_passwd_msg['role']}</th>
      <td>
        <select name="role">
          <option value="">{$_passwd_msg['role_4']}</option>
          <option value="3">{$_passwd_msg['role_3']}</option>
          <option value="2">{$_passwd_msg['role_2']}</option>
        </select>
      </td>
    </tr>

EOD;
    } else {
        // 一般ユーザ
        $disabled_user = '******';
        // ゲスト時は、admin として一律生成できるようにしておく
        // $user = ($role_level == 0) ? 'admin' :  auth::check_auth();
        if ($role_level == 0) {
            $user = '******';
            $msg_pass = $_passwd_msg['msg_pass_none'];
            $a1_des = "a1 = objForm.key.value;\n";
        } else {
            $user = auth::check_auth();
            $msg_pass = $_passwd_msg['msg_pass_old'];
            $old_algorithm = passwd_get_scheme($user);
            switch ($old_algorithm) {
                case 'md5':
                    $checked_md5 = 'checked="checked"';
                    $checked_sha1 = '';
                    break;
                case 'sha1':
                    $checked_md5 = '';
                    $checked_sha1 = 'checked="checked"';
                    break;
            }
            // $a1_des = 'a1 = objForm.username.value+\':' . $realm . ":'+objForm.key.value;\n";
            $a1_des = 'a1 = objForm.username.value+\':\'+decodeURIComponent(objForm.realm.value)+\':\'+objForm.key.value;' . "\n";
        }
        $func = 'update';
        $msg_role = <<<EOD
    <tr>
      <th>{$_passwd_msg['role']}</th>
      <td>

EOD;
        $msg_role .= passwd_get_role_name($role_level) . ' (' . $role_level . ')';
        $msg_role .= <<<EOD
      </td>
    </tr>

EOD;
    }
    $msg_username = <<<EOD
    <tr>
      <th>{$_passwd_msg['UserName']}</th>
      <td><input type="text" name="username" size="10" value="{$user}" {$disabled_user} /></td>
    </tr>

EOD;
    switch ($auth_type) {
        case 1:
            // basic
            $pref = 'php';
            $submit_sha1 = "objForm.submit.disabled = false;\n";
            $a1 = "a1 = objForm.passwd.value;\n";
            // basic の場合は上書きする
            $a1_des = "a1 = objForm.key.value;\n";
            $disabled_sha1 = '';
            // 書き込み禁止 または ゲスト時は、ユーザ名不要
            if (!$use_pkwk_write_func || $role_level == 0) {
                $msg_username = '';
            }
            break;
        case 2:
        default:
            // digest
            $pref = 'digest';
            $submit_sha1 = '';
            // $a1 = 'a1 = objForm.username.value+\':' . $realm . ":'+objForm.passwd.value;\n";
            $a1 = 'a1 = objForm.username.value+\':\'+decodeURIComponent(objForm.realm.value)+\':\'+objForm.passwd.value;' . "\n";
            $checked_md5 = 'checked="checked"';
            $checked_sha1 = '';
            $disabled_sha1 = 'disabled="disabled"';
    }
    // プラグインによる書き込み制限の場合
    // 使用する場合は、変更させることもコピーさせることも不要なので、抑止する
    // 更新ボタンすら表示しない
    if (!$use_pkwk_write_func || $role_level == 0) {
        $submit_sha1 = $submit_false = $submit_true = '';
        $disabled_result = $msg_submit = $msg_role = '';
    } else {
        // $submit_sha1
        $submit_false = "objForm.submit.disabled = false;\n";
        $submit_true = "objForm.submit.disabled = true;\n";
        $disabled_result = 'disabled="disabled"';
        $msg_submit = <<<EOD
    <tr>
      <td><input type="submit" name="submit" value="{$_passwd_msg['Update']}" disabled="disabled" /></td>
    </tr>

EOD;
    }
    $x = <<<EOD
<script type="text/javascript">
<!-- <![CDATA[

function set_hash()
{
 var a1,ctr,pref,hash,des_key,hash_view,algorithm;
 var fn = function(){
   switch(algorithm) {
   case 'sha1':
     {$submit_sha1}
     hash = hex_sha1(a1);
     pref = "{x-{$pref}-sha1}";
     break;
   default:
     {$submit_false}
     hash = hex_md5(a1);
     pref = "{x-{$pref}-md5}";
   }
 };

 var objForm = eval("document.passwd");
 {$submit_true}

 if (objForm.passwd.value == "") {
   objForm.hash.value = "";
   objForm.algorithm.value = "";
   objForm.key.value = "";
 } else {

   ctr = objForm.scheme.length;
   for (i=0; i<ctr; i++) {
     if (objForm.scheme[i].checked) {
       objForm.algorithm.value = objForm.scheme[i].value;
       break;
     }
   }

   if (objForm.old_algorithm.value == "") {
     algorithm = objForm.algorithm.value;
   } else {
     algorithm = objForm.old_algorithm.value;
   }
   {$a1_des}
   fn();
   des_key = hash;

   algorithm = objForm.algorithm.value;
   {$a1}
   fn();
   hash_view = hash;

   objForm.hash.value = base64encode( des(des_key, hash, 1, 0) );
   objForm.passwd.value = "";
   objForm.key.value = "";
 }

 if (objForm.hash.value == "") {
   objForm.hash_view.value = "";
 } else {
   objForm.hash_view.value = pref+hash_view;
 }

}

//]]>-->
</script>

<h2>passwd</h2>

<div>{$msg}</div>

<form name="passwd" action="{$script}" method="post">
  <input type="hidden" name="plugin" value="passwd" />
  <input type="hidden" name="func" value="{$func}" />
  <input type="hidden" name="algorithm" />
  <input type="hidden" name="old_algorithm" value="{$old_algorithm}"/>
  <input type="hidden" name="hash" />
  <input type="hidden" name="realm" value="{$r_realm}"/>
  <table class="indented">
{$msg_username}
    <tr>
      <th>{$_passwd_msg['Passwd']}</th>
      <td><input type="password" name="passwd" size="10" />&nbsp;{$_passwd_msg['msg_pass_new']}</td>
    </tr>
    <tr>
     <th>{$_passwd_msg['Crypt']}</th>
     <td><input type="password" name="key" size="10" />&nbsp;{$msg_pass}</td>
    </tr>
{$msg_role}
    <tr>
      <th>{$_passwd_msg['Calculate']}</th>
      <td>
        <input type="radio" name="scheme" value="md5" {$checked_md5} /> <label>MD5</label>
        <input type="radio" name="scheme" value="sha1" {$checked_sha1} {$disabled_sha1} /> <label>SHA-1</label>
        &nbsp;
        <input type="button" onclick="set_hash()" value="{$_passwd_msg['CALC']}" />
      </td>
    </tr>
    <tr>
      <th>{$_passwd_msg['Result']}</th>
      <td><input type="text" name="hash_view" size="80" {$disabled_result} /></td>
    </tr>
{$msg_submit}
  </table>
</form>

EOD;
    return $x;
}
示例#5
0
 function is_check_role($chk_role)
 {
     if ($chk_role == ROLE_GUEST) {
         return FALSE;
     }
     // 機能無効
     if ($chk_role == ROLE_FORCE) {
         return TRUE;
     }
     // 強制
     // 役割に応じた挙動の設定
     $now_role = (int) auth::get_role_level();
     if ($now_role == ROLE_GUEST) {
         return TRUE;
     }
     return $now_role <= $chk_role ? FALSE : TRUE;
 }
function htdigest_menu($msg = '&nbsp;')
{
    global $script, $realm, $head_tags, $_htdigest_msg;
    $head_tags[] = ' <script type="text/javascript" src="' . SKIN_URI . 'crypt/md4.js"></script>';
    $head_tags[] = ' <script type="text/javascript" src="' . SKIN_URI . 'crypt/md5.js"></script>';
    $head_tags[] = ' <script type="text/javascript" src="' . SKIN_URI . 'crypt/sha1.js"></script>';
    $head_tags[] = ' <script type="text/javascript" src="' . SKIN_URI . 'crypt/des.js"></script>';
    $head_tags[] = ' <script type="text/javascript" src="' . SKIN_URI . 'crypt/base64.js"></script>';
    // 使用する場合は、変更させることもコピーさせることも不要なので、抑止する
    $disabled = USE_APACHE_WRITE_FUNC ? 'disabled="disabled"' : '';
    $func = 'save';
    $role_level = auth::get_role_level();
    if ($role_level > 2) {
        $user_disabled = 'disabled="disabled"';
        $user = auth::check_auth();
        $func = 'update';
        $msg_pass = $_htdigest_msg['msg_pass_old'];
    } else {
        $user_disabled = $user = '';
        $msg_pass = $role_level == 2 ? $_htdigest_msg['msg_pass_admin'] : '';
    }
    $x = <<<EOD
<script type="text/javascript">
<!-- <![CDATA[

function set_hash()
{
 var a1,ctr,pref,hash,des_key;
 var fn = function(){
   switch(objForm.algorithm.value) {
   case 'MD4':
     hash = hex_md4(a1);
     break;
   case 'SHA-1':
     hash = hex_sha1(a1);
     break;
   default:
     objForm.submit.disabled = false;
     hash = hex_md5(a1);
   }
 };

 var objForm = eval("document.htdigest");
 objForm.submit.disabled = true;

 if (objForm.passwd.value == "" || objForm.key.value == "") {
   objForm.hash.value = "";
   objForm.algorithm.value = "";
 } else {

   ctr = objForm.scheme.length;
   for (i=0; i<ctr; i++) {
     if (objForm.scheme[i].checked) {
       objForm.algorithm.value = objForm.scheme[i].value;
       break;
     }
   }
EOD;
    if ($role_level > 2) {
        // a1
        $x .= "a1 = objForm.username.value+':'+objForm.realm.value+':'+objForm.key.value;\n";
    } else {
        // adminpass
        $x .= "a1 = objForm.key.value;\n";
    }
    $x .= <<<EOD
   fn();
   des_key = hash;

   a1 = objForm.username.value+':'+objForm.realm.value+':'+objForm.passwd.value;
   fn();

   objForm.hash.value = base64encode( des(des_key, hash, 1, 0) );
   objForm.passwd.value = "";
 }

 if (objForm.hash.value == "") {
   objForm.hash_view.value = "";
 } else {
   objForm.hash_view.value = objForm.username.value+':'+objForm.realm.value+':'+hash;
 }
}

//]]>-->
</script>

<h2>htdigest</h2>

<div>{$msg}</div>

<form name="htdigest" action="{$script}" method="post">
  <input type="hidden" name="plugin" value="htdigest" />
  <input type="hidden" name="func" value="{$func}" />
  <input type="hidden" name="algorithm" />
  <input type="hidden" name="hash" />
  <table class="indented">
    <tr>
      <th>{$_htdigest_msg['realm']}</th>
      <td><input type="text" name="realm" size="30" value="{$realm}" /></td>
    </tr>
    <tr>
      <th>{$_htdigest_msg['UserName']}</th>
      <td><input type="text" name="username" size="10" value="{$user}" {$user_disabled} /></td>
    </tr>
    <tr>
      <th>{$_htdigest_msg['Passwd']}</th>
      <td><input type="password" name="passwd" size="10" />&nbsp;{$_htdigest_msg['msg_pass_new']}</td>
    </tr>

    <tr>
     <th>{$_htdigest_msg['Crypt']}</th>
     <td><input type="password" name="key" size="10" />&nbsp;{$msg_pass}</td>
    </tr>

    <tr>
      <th>{$_htdigest_msg['Calculate']}</th>
      <td>
        <input type="radio" name="scheme" value="MD5" checked="checked" /> <label>MD5</label>
        <input type="radio" name="scheme" value="SHA-1" /> <label>SHA-1</label>
        <input type="radio" name="scheme" value="MD4" /> <label>MD4</label>
        &nbsp;
        <input type="button" onclick="set_hash()" value="{$_htdigest_msg['CALC']}" />
      </td>
    </tr>
    <tr>
      <th>{$_htdigest_msg['Result']}</th>
      <td><input type="text" name="hash_view" size="80" {$disabled} /></td>
    </tr>
    <tr>
      <td><input type="submit" name="submit" value="{$_htdigest_msg['Update']}" disabled="disabled" /></td>
    </tr>

  </table>
</form>
EOD;
    return $x;
}
示例#7
0
function plugin_guiedit_action()
{
    // global $vars, $_title_edit, $load_template_func;
    global $vars, $load_template_func;
    global $menubar, $sidebar, $topicpath;
    // if (PKWK_READONLY) die_message( _('PKWK_READONLY prohibits editing') );
    if (auth::check_role('readonly')) {
        die_message(_('PKWK_READONLY prohibits editing'));
    }
    if (PKWK_READONLY == ROLE_AUTH && auth::get_role_level() > ROLE_AUTH) {
        die_message(_('PKWK_READONLY prohibits editing'));
    }
    $page = isset($vars['page']) ? $vars['page'] : '';
    check_editable($page, true, true);
    if (!is_page($page) && auth::is_check_role(PKWK_CREATE_PAGE)) {
        die_message(_('PKWK_CREATE_PAGE prohibits editing'));
    }
    global $guiedit_use_fck;
    $guiedit_use_fck = isset($vars['text']) ? false : true;
    if ($guiedit_use_fck) {
        global $guiedit_pkwk_root;
        $guiedit_pkwk_root = get_baseuri('abs');
    }
    if (GUIEDIT_FULL_SIZE) {
        $menubar = $sidebar = '';
        $topicpath = false;
    }
    if (isset($vars['edit'])) {
        return plugin_guiedit_edit_data($page);
    } else {
        if ($load_template_func && isset($vars['template'])) {
            return plugin_guiedit_template();
        } else {
            if (isset($vars['preview'])) {
                return plugin_guiedit_preview();
            } else {
                if (isset($vars['write'])) {
                    return plugin_guiedit_write();
                } else {
                    if (isset($vars['cancel'])) {
                        return plugin_guiedit_cancel();
                    }
                }
            }
        }
    }
    $source = get_source($page);
    $postdata = $vars['original'] = join('', $source);
    if (isset($vars['text'])) {
        if (!empty($vars['id'])) {
            exist_plugin('edit');
            $postdata = plugin_edit_parts($vars['id'], $source);
            if ($postdata === FALSE) {
                unset($vars['id']);
                $postdata = $vars['original'];
            }
        }
        if ($postdata == '') {
            $postdata = auto_template($page);
        }
    }
    return array('msg' => $_title_edit, 'body' => plugin_guiedit_edit_form($page, $postdata));
}
function plugin_pcomment_get_nick()
{
    global $vars, $_no_name;
    $name = empty($vars['name']) ? $_no_name : $vars['name'];
    if (PKWK_READONLY != ROLE_AUTH) {
        return array($name, $name, '');
    }
    $auth_key = auth::get_user_name();
    if (empty($auth_key['nick'])) {
        return array($name, $name, '');
    }
    if (auth::get_role_level() < ROLE_AUTH) {
        return array($auth_key['nick'], $name, '');
    }
    $link = empty($auth_key['profile']) ? $auth_key['nick'] : $auth_key['nick'] . '>' . $auth_key['profile'];
    return array($auth_key['nick'], $link, "disabled=\"disabled\"");
}