| [ Index ] | [ Index ] [ Classes ] [ Functions ] [ Variables ] [ Constants ] |
PHP Cross Reference of TXP stable 4.0.6 |
||
[Summary view] [Print] [Text view]
1 <?php 2 3 /* 4 This is Textpattern 5 6 Copyright 2005 by Dean Allen 7 www.textpattern.com 8 All rights reserved 9 10 Use of this software indicates acceptance of the Textpattern license agreement 11 12 $HeadURL: http://svn.textpattern.com/releases/4.0.6/source/textpattern/include/txp_auth.php $ 13 $LastChangedRevision: 2728 $ 14 15 */ 16 17 if (!defined('txpinterface')) die('txpinterface is undefined.'); 18 19 function doAuth() 20 { 21 global $txp_user; 22 23 $txp_user = NULL; 24 25 $message = doTxpValidate(); 26 27 if(!$txp_user) 28 { 29 doLoginForm($message); 30 } 31 32 ob_start(); 33 } 34 35 // ------------------------------------------------------------- 36 function txp_validate($user,$password) 37 { 38 $safe_user = doSlash($user); 39 $passwords = array(); 40 41 $passwords[] = "password(lower('".doSlash($password)."'))"; 42 $passwords[] = "password('".doSlash($password)."')"; 43 44 if (version_compare(mysql_get_server_info(), '4.1.0', '>=')) 45 { 46 $passwords[] = "old_password(lower('".doSlash($password)."'))"; 47 $passwords[] = "old_password('".doSlash($password)."')"; 48 } 49 50 $r = safe_field("name", "txp_users", 51 "name = '$safe_user' and (pass = ".join(' or pass = ', $passwords).") and privs > 0"); 52 53 if ($r) 54 { 55 // update the last access time 56 safe_update("txp_users", "last_access = now()", "name = '$safe_user'"); 57 return true; 58 59 } 60 61 return false; 62 } 63 64 // ------------------------------------------------------------- 65 66 function doLoginForm($message) 67 { 68 global $txpcfg; 69 70 include txpath.'/lib/txplib_head.php'; 71 72 pagetop(gTxt('login')); 73 74 $stay = (cs('txp_login') and !gps('logout') ? 1 : 0); 75 $reset = gps('reset'); 76 77 list($name) = split(',', cs('txp_login')); 78 79 echo form( 80 startTable('edit'). 81 n.n.tr( 82 n.td(). 83 td(graf($message)) 84 ). 85 86 n.n.tr( 87 n.fLabelCell('name', '', 'name'). 88 n.fInputCell('p_userid', $name, 1, '', '', 'name') 89 ). 90 91 ($reset ? '' : 92 n.n.tr( 93 n.fLabelCell('password', '', 'password'). 94 n.td( 95 fInput('password', 'p_password', '', 'edit', '', '', '', 2, 'password') 96 ) 97 ) 98 ). 99 100 ($reset ? '' : 101 n.n.tr( 102 n.td(). 103 td( 104 graf(checkbox('stay', 1, $stay, 3, 'stay').'<label for="stay">'.gTxt('stay_logged_in').'</label>'. 105 sp.popHelp('remember_login')) 106 ) 107 ) 108 ). 109 110 n.n.tr( 111 n.td(). 112 td( 113 ($reset ? hInput('p_reset', 1) : ''). 114 fInput('submit', '', gTxt($reset ? 'password_reset_button' : 'log_in_button'), 'publish', '', '', '', 4). 115 ($reset ? '' : graf('<a href="?reset=1">'.gTxt('password_forgotten').'</a>')) 116 ) 117 ). 118 119 endTable(). 120 121 (gps('event') ? eInput(gps('event')) : '') 122 ). 123 124 125 n.'</div>'.n.n.'</body>'.n.'</html>'; 126 127 exit(0); 128 } 129 130 // ------------------------------------------------------------- 131 function doTxpValidate() 132 { 133 global $logout,$txpcfg, $txp_user; 134 $p_userid = ps('p_userid'); 135 $p_password = ps('p_password'); 136 $p_reset = ps('p_reset'); 137 $stay = ps('stay'); 138 $logout = gps('logout'); 139 $message = gTxt('login_to_textpattern'); 140 $pub_path = preg_replace('|//$|','/', rhu.'/'); 141 142 if (cs('txp_login') and strpos(cs('txp_login'), ',')) 143 { 144 list($c_userid, $c_hash) = split(',', cs('txp_login')); 145 } 146 else 147 { 148 $c_hash = ''; 149 $c_userid = ''; 150 } 151 152 if ($logout) 153 { 154 setcookie('txp_login', '', time()-3600); 155 setcookie('txp_login_public', '', time()-3600, $pub_path); 156 } 157 elseif ($c_userid and strlen($c_hash) == 32) // cookie exists 158 { 159 $nonce = safe_field('nonce', 'txp_users', "name='".doSlash($c_userid)."' AND last_access > DATE_SUB(NOW(), INTERVAL 30 DAY)"); 160 161 if ($nonce and $nonce === md5($c_userid.pack('H*', $c_hash))) 162 { 163 // cookie is good, create $txp_user 164 $txp_user = $c_userid; 165 return ''; 166 } 167 else 168 { 169 setcookie('txp_login', $c_userid, time()+3600*24*365); 170 setcookie('txp_login_public', '', time()-3600, $pub_path); 171 $message = gTxt('bad_cookie'); 172 } 173 174 } 175 elseif ($p_userid and $p_password) // incoming login vars 176 { 177 sleep(3); 178 179 if (txp_validate($p_userid,$p_password)) 180 { 181 $c_hash = md5(uniqid(mt_rand(), TRUE)); 182 $nonce = md5($p_userid.pack('H*',$c_hash)); 183 184 safe_update( 185 'txp_users', 186 "nonce = '".doSlash($nonce)."'", 187 "name = '".doSlash($p_userid)."'" 188 ); 189 190 setcookie( 191 'txp_login', 192 $p_userid.','.$c_hash, 193 ($stay ? time()+3600*24*365 : 0) 194 ); 195 196 setcookie( 197 'txp_login_public', 198 substr(md5($nonce), -10).$p_userid, 199 ($stay ? time()+3600*24*30 : 0), 200 $pub_path 201 ); 202 203 // login is good, create $txp_user 204 $txp_user = $p_userid; 205 return ''; 206 } 207 else 208 { 209 $message = gTxt('could_not_log_in'); 210 } 211 } 212 elseif ($p_reset) // reset request 213 { 214 sleep(3); 215 216 include_once txpath.'/lib/txplib_admin.php'; 217 218 $message = send_reset_confirmation_request($p_userid); 219 } 220 elseif (gps('reset')) 221 { 222 $message = gTxt('password_reset'); 223 } 224 elseif (gps('confirm')) 225 { 226 sleep(3); 227 228 $confirm = pack('H*', gps('confirm')); 229 $name = substr($confirm, 5); 230 $nonce = safe_field('nonce', 'txp_users', "name = '".doSlash($name)."'"); 231 232 if ($nonce and $confirm === pack('H*', substr(md5($nonce), 0, 10)).$name) 233 { 234 include_once txpath.'/lib/txplib_admin.php'; 235 236 $message = reset_author_pass($name); 237 } 238 } 239 240 $txp_user = ''; 241 return $message; 242 } 243 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Mon Feb 18 03:42:45 2008 | Cross-referenced by PHPXref 0.7 |