diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/common.inc.php | 11 | ||||
-rw-r--r-- | include/functions_html.inc.php | 1 | ||||
-rw-r--r-- | include/functions_search.inc.php | 17 | ||||
-rw-r--r-- | include/functions_user.inc.php | 42 | ||||
-rw-r--r-- | include/php_compat/array_intersect_key.php | 35 | ||||
-rw-r--r-- | include/php_compat/hash_hmac.php | 25 | ||||
-rw-r--r-- | include/picture_comment.inc.php | 38 | ||||
-rw-r--r-- | include/ws_functions.inc.php | 14 |
8 files changed, 120 insertions, 63 deletions
diff --git a/include/common.inc.php b/include/common.inc.php index 5a0a82ff9..aea694639 100644 --- a/include/common.inc.php +++ b/include/common.inc.php @@ -121,6 +121,17 @@ if (!defined('PHPWG_INSTALLED')) exit; } +foreach( array( + 'array_intersect_key', //PHP 5 >= 5.1.0RC1 + 'hash_hmac', //(hash) - enabled by default as of PHP 5.1.2 + ) as $func) +{ + if (!function_exists($func)) + { + include_once(PHPWG_ROOT_PATH . 'include/php_compat/'.$func.'.php'); + } +} + include(PHPWG_ROOT_PATH . 'include/config_default.inc.php'); @include(PHPWG_ROOT_PATH. 'include/config_local.inc.php'); include(PHPWG_ROOT_PATH . 'include/constants.php'); diff --git a/include/functions_html.inc.php b/include/functions_html.inc.php index 8b544defa..bb8861ba4 100644 --- a/include/functions_html.inc.php +++ b/include/functions_html.inc.php @@ -717,5 +717,6 @@ function set_status_header($code, $text='') } header("HTTP/1.1 $code $text"); header("Status: $code $text"); + trigger_action('set_status_header', $code, $text); } ?> diff --git a/include/functions_search.inc.php b/include/functions_search.inc.php index 8f1105caf..24b676e1f 100644 --- a/include/functions_search.inc.php +++ b/include/functions_search.inc.php @@ -252,23 +252,6 @@ SELECT DISTINCT(id) return $items; } - -if (!function_exists('array_intersect_key')) { - function array_intersect_key() - { - $arrs = func_get_args(); - $result = array_shift($arrs); - foreach ($arrs as $array) { - foreach ($result as $key => $v) { - if (!array_key_exists($key, $array)) { - unset($result[$key]); - } - } - } - return $result; - } -} - /** * returns the LIKE sql clause corresponding to the quick search query $q * and the field $field. example q="john bill", field="file" will return diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 5499eb86c..74c1c81f1 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -858,8 +858,9 @@ function get_language_filepath($filename, $dirname = '') /** * returns the auto login key or false on error * @param int user_id + * @param string [out] username */ -function calculate_auto_login_key($user_id) +function calculate_auto_login_key($user_id, &$username) { global $conf; $query = ' @@ -871,7 +872,12 @@ WHERE '.$conf['user_fields']['id'].' = '.$user_id; if (mysql_num_rows($result) > 0) { $row = mysql_fetch_assoc($result); - $key = sha1( $row['username'].$row['password'] ); + $username = $row['username']; + $data = $row['username'].$row['password']; + $key = base64_encode( + pack('H*', sha1($data)) + .hash_hmac('md5', $data, $conf['secret_key'],true) + ); return $key; } return false; @@ -889,7 +895,7 @@ function log_user($user_id, $remember_me) if ($remember_me and $conf['authorize_remembering']) { - $key = calculate_auto_login_key($user_id); + $key = calculate_auto_login_key($user_id, $username); if ($key!==false) { $cookie = array('id' => (int)$user_id, 'key' => $key); @@ -928,12 +934,13 @@ function auto_login() { if ( isset( $_COOKIE[$conf['remember_me_name']] ) ) { $cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']])); - if ($cookie!==false) + if ($cookie!==false and is_numeric(@$cookie['id']) ) { - $key = calculate_auto_login_key($cookie['id']); + $key = calculate_auto_login_key( $cookie['id'], $username ); if ($key!==false and $key===$cookie['key']) { log_user($cookie['id'], true); + trigger_action('login_success', $username); return true; } } @@ -942,6 +949,31 @@ function auto_login() { return false; } +/** + * Tries to login a user given username and password (must be MySql escaped) + * return true on success + */ +function try_log_user($username, $password, $remember_me) +{ + global $conf; + // retrieving the encrypted password of the login submitted + $query = ' +SELECT '.$conf['user_fields']['id'].' AS id, + '.$conf['user_fields']['password'].' AS password + FROM '.USERS_TABLE.' + WHERE '.$conf['user_fields']['username'].' = \''.$username.'\' +;'; + $row = mysql_fetch_assoc(pwg_query($query)); + if ($row['password'] == $conf['pass_convert']($password)) + { + log_user($row['id'], $remember_me); + trigger_action('login_success', $username); + return true; + } + trigger_action('login_failure', $username); + return false; +} + /* * Return access_type definition of uuser * Test does with user status diff --git a/include/php_compat/array_intersect_key.php b/include/php_compat/array_intersect_key.php new file mode 100644 index 000000000..748b8f6f1 --- /dev/null +++ b/include/php_compat/array_intersect_key.php @@ -0,0 +1,35 @@ +<?php +// http://www.php.net/manual/en/function.array-intersect-key.php +// PHP 5 >= 5.1.0RC1 +function array_intersect_key() +{ + $args = func_get_args(); + if (count($args) < 2) { + trigger_error('Wrong parameter count for array_intersect_key()', E_USER_WARNING); + return; + } + + // Check arrays + $array_count = count($args); + for ($i = 0; $i !== $array_count; $i++) { + if (!is_array($args[$i])) { + trigger_error('array_intersect_key() Argument #' . ($i + 1) . ' is not an array', E_USER_WARNING); + return; + } + } + + // Compare entries + $result = array(); + foreach ($args[0] as $key1 => $value1) { + for ($i = 1; $i !== $array_count; $i++) { + foreach ($args[$i] as $key2 => $value2) { + if ((string) $key1 === (string) $key2) { + $result[$key1] = $value1; + } + } + } + } + + return $result; +} +?>
\ No newline at end of file diff --git a/include/php_compat/hash_hmac.php b/include/php_compat/hash_hmac.php new file mode 100644 index 000000000..5f05e370c --- /dev/null +++ b/include/php_compat/hash_hmac.php @@ -0,0 +1,25 @@ +<?php +//(hash) - enabled by default as of PHP 5.1.2 +function hash_hmac($algo, $data, $key, $raw_output=false) +{ + /* md5 and sha1 only */ + $algo=strtolower($algo); + $p=array('md5'=>'H32','sha1'=>'H40'); + if ( !isset($p[$algo]) or !function_exists($algo) ) + { + $algo = 'md5'; + } + if(strlen($key)>64) $key=pack($p[$algo],$algo($key)); + if(strlen($key)<64) $key=str_pad($key,64,chr(0)); + + $ipad=substr($key,0,64) ^ str_repeat(chr(0x36),64); + $opad=substr($key,0,64) ^ str_repeat(chr(0x5C),64); + + $ret = $algo($opad.pack($p[$algo],$algo($ipad.$data))); + if ($raw_output) + { + $ret = pack('H*', $ret); + } + return $ret; +} +?>
\ No newline at end of file diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php index fbbe80d50..faf1d9d7d 100644 --- a/include/picture_comment.inc.php +++ b/include/picture_comment.inc.php @@ -30,32 +30,6 @@ * */ -if (!function_exists('hash_hmac')) -{ -function hash_hmac($algo, $data, $key, $raw_output=false) -{ - /* md5 and sha1 only */ - $algo=strtolower($algo); - $p=array('md5'=>'H32','sha1'=>'H40'); - if ( !isset($p[$algo]) or !function_exists($algo) ) - { - $algo = 'md5'; - } - if(strlen($key)>64) $key=pack($p[$algo],$algo($key)); - if(strlen($key)<64) $key=str_pad($key,64,chr(0)); - - $ipad=substr($key,0,64) ^ str_repeat(chr(0x36),64); - $opad=substr($key,0,64) ^ str_repeat(chr(0x5C),64); - - $ret = $algo($opad.pack($p[$algo],$algo($ipad.$data))); - if ($raw_output) - { - $ret = pack('H*', $ret); - } - return $ret; -} -} - //returns string action to perform on a new comment: validate, moderate, reject function user_comment_check($action, $comment, $picture) { @@ -166,7 +140,8 @@ if ( $page['show_comments'] and isset( $_POST['content'] ) ) $key = explode(':', @$_POST['key']); if ( count($key)!=2 - or $key[0]>time() or $key[0]<time()-1800 // 30 minutes expiration + or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago + or $key[0]<time()-3600 // 60 minutes expiration or hash_hmac('md5', $key[0], $conf['secret_key'])!=$key[1] ) { @@ -257,6 +232,7 @@ if ( $page['show_comments'] and isset( $_POST['content'] ) ) } else { + set_status_header(403); $template->assign_block_vars('information', array('INFORMATION'=>l10n('comment_not_added') ) ); @@ -354,9 +330,15 @@ SELECT id,author,date,image_id,content { $key = time(); $key .= ':'.hash_hmac('md5', $key, $conf['secret_key']); + $content = ''; + if ('reject'===@$comment_action) + { + $content = htmlspecialchars($comm['content']); + } $template->assign_block_vars('comments.add_comment', array( - 'key' => $key + 'KEY' => $key, + 'CONTENT' => $content )); // display author field if the user is not logged in if ($user['is_the_guest']) diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index 849407ef2..61310265b 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -494,20 +494,8 @@ function ws_session_login($params, &$service) { return new PwgError(400, "This method requires POST"); } - - $username = $params['username']; - // retrieving the encrypted password of the login submitted - $query = ' -SELECT '.$conf['user_fields']['id'].' AS id, - '.$conf['user_fields']['password'].' AS password - FROM '.USERS_TABLE.' - WHERE '.$conf['user_fields']['username'].' = \''.$username.'\' -;'; - $row = mysql_fetch_assoc(pwg_query($query)); - - if ($row['password'] == $conf['pass_convert']($params['password'])) + if (try_log_user($params['username'], $params['password'],false)) { - log_user($row['id'], false); return true; } return new PwgError(999, 'Invalid username/password'); |