plugins/SpecialUserFuncs.php
changeset 562 75df0b2c596c
parent 555 ac4c6a7f01d8
child 573 43e7254afdb4
equal deleted inserted replaced
561:e53cf8b1d942 562:75df0b2c596c
     3 {
     3 {
     4   "Plugin Name"  : "plugin_specialuserfuncs_title",
     4   "Plugin Name"  : "plugin_specialuserfuncs_title",
     5   "Plugin URI"   : "http://enanocms.org/",
     5   "Plugin URI"   : "http://enanocms.org/",
     6   "Description"  : "plugin_specialuserfuncs_desc",
     6   "Description"  : "plugin_specialuserfuncs_desc",
     7   "Author"       : "Dan Fuhry",
     7   "Author"       : "Dan Fuhry",
     8   "Version"      : "1.1.3",
     8   "Version"      : "1.1.4",
     9   "Author URI"   : "http://enanocms.org/"
     9   "Author URI"   : "http://enanocms.org/"
    10 }
    10 }
    11 **!*/
    11 **!*/
    12 
    12 
    13 /*
    13 /*
   223     $errstring = $__login_status['error'];
   223     $errstring = $__login_status['error'];
   224     switch($__login_status['error'])
   224     switch($__login_status['error'])
   225     {
   225     {
   226       case 'key_not_found':
   226       case 'key_not_found':
   227         $errstring = $lang->get('user_err_key_not_found');
   227         $errstring = $lang->get('user_err_key_not_found');
       
   228         break;
       
   229       case 'ERR_DH_KEY_NOT_FOUND':
       
   230         $errstring = $lang->get('user_err_dh_key_not_found') . " -- {$__login_status['debug']}";
       
   231         break;
       
   232       case 'ERR_DH_KEY_NOT_INTEGER':
       
   233         $errstring = $lang->get('user_err_dh_key_not_numeric');
   228         break;
   234         break;
   229       case 'key_wrong_length':
   235       case 'key_wrong_length':
   230         $errstring = $lang->get('user_err_key_wrong_length');
   236         $errstring = $lang->get('user_err_key_wrong_length');
   231         break;
   237         break;
   232       case 'too_big_for_britches':
   238       case 'too_big_for_britches':
   250         $attempts = intval($__login_status['lockout_fails']);
   256         $attempts = intval($__login_status['lockout_fails']);
   251         if ( $attempts > $__login_status['lockout_threshold'])
   257         if ( $attempts > $__login_status['lockout_threshold'])
   252           $attempts = $__login_status['lockout_threshold'];
   258           $attempts = $__login_status['lockout_threshold'];
   253         
   259         
   254         $server_time = time();
   260         $server_time = time();
   255         $time_rem = ( $__login_status['lockout_last_time'] == time() ) ? $__login_status['lockout_duration'] : $__login_status['lockout_duration'] - round( ( $server_time - $__login_status['lockout_last_time'] ) / 60 );
   261         $time_rem = ( intval(@$__login_status['lockout_last_time']) == time() ) ? $__login_status['lockout_duration'] : $__login_status['lockout_duration'] - round( ( $server_time - $__login_status['lockout_last_time'] ) / 60 );
   256         if ( $time_rem < 1 )
   262         if ( $time_rem < 1 )
   257           $time_rem = $__login_status['lockout_duration'];
   263           $time_rem = $__login_status['lockout_duration'];
   258         
   264         
   259         $s = ( $time_rem == 1 ) ? '' : $lang->get('meta_plural');
   265         $s = ( $time_rem == 1 ) ? '' : $lang->get('meta_plural');
   260         
   266         
   450     $db->close();
   456     $db->close();
   451     exit;
   457     exit;
   452   }
   458   }
   453   if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' )
   459   if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' )
   454   {
   460   {
   455     die('This version of the Enano LoginAPI is deprecated. Please use the action.json method instead.');
   461     echo 'This version of the Enano LoginAPI is deprecated. Please use the action.json method instead.';
   456     $db->close();
   462     return true;
   457     exit;
       
   458   }
   463   }
   459   if(isset($_POST['login']))
   464   if(isset($_POST['login']))
   460   {
   465   {
   461     $captcha_hash = ( isset($_POST['captcha_hash']) ) ? $_POST['captcha_hash'] : false;
   466     $captcha_hash = ( isset($_POST['captcha_hash']) ) ? $_POST['captcha_hash'] : false;
   462     $captcha_code = ( isset($_POST['captcha_code']) ) ? $_POST['captcha_code'] : false;
   467     $captcha_code = ( isset($_POST['captcha_code']) ) ? $_POST['captcha_code'] : false;
   478       
   483       
   479       // Fetch private key
   484       // Fetch private key
   480       $dh_public = $_POST['dh_public_key'];
   485       $dh_public = $_POST['dh_public_key'];
   481       if ( !preg_match('/^[0-9]+$/', $dh_public) )
   486       if ( !preg_match('/^[0-9]+$/', $dh_public) )
   482       {
   487       {
   483         die_semicritical('DiffieHellman error', 'Public key not integer: ' . $dh_public);
   488         $__login_status = array(
       
   489           'success' => false,
       
   490           'error' => 'ERR_DH_KEY_NOT_INTEGER',
       
   491           'debug' => "public key: $dh_public"
       
   492         );
       
   493         return false;
   484       }
   494       }
   485       $q = $db->sql_query('SELECT private_key, key_id FROM ' . table_prefix . "diffiehellman WHERE public_key = '$dh_public';");
   495       $q = $db->sql_query('SELECT private_key, key_id FROM ' . table_prefix . "diffiehellman WHERE public_key = '$dh_public';");
   486       if ( !$q )
   496       if ( !$q )
   487         $db->die_json();
   497         $db->die_json();
   488       
   498       
   489       if ( $db->numrows() < 1 )
   499       if ( $db->numrows() < 1 )
   490       {
   500       {
   491         die_semicritical('DiffieHellman error', 'ERR_DH_KEY_NOT_FOUND');
   501         $__login_status = array(
       
   502           'success' => false,
       
   503           'error' => 'ERR_DH_KEY_NOT_FOUND',
       
   504           'debug' => "public key: $dh_public"
       
   505         );
       
   506         return false;
   492       }
   507       }
   493       
   508       
   494       list($dh_private, $dh_key_id) = $db->fetchrow_num();
   509       list($dh_private, $dh_key_id) = $db->fetchrow_num();
   495       $db->free_result();
   510       $db->free_result();
   496       
   511       
   506       // Did we get all our math right?
   521       // Did we get all our math right?
   507       $dh_secret_check = sha1($dh_secret);
   522       $dh_secret_check = sha1($dh_secret);
   508       $dh_hash = $_POST['crypt_key'];
   523       $dh_hash = $_POST['crypt_key'];
   509       if ( $dh_secret_check !== $dh_hash )
   524       if ( $dh_secret_check !== $dh_hash )
   510       {
   525       {
   511         die_semicritical('DiffieHellman error', 'ERR_DH_HASH_NO_MATCH');
   526         $__login_status = array(
       
   527           'success' => false,
       
   528           'error' => 'ERR_DH_HASH_NO_MATCH',
       
   529           'debug' => "dh_secret_check = $dh_secret_check\ndh_hash_input = $dh_hash"
       
   530         );
       
   531         return false;
   512       }
   532       }
   513       
   533       
   514       // All good! Generate the AES key
   534       // All good! Generate the AES key
   515       $aes_key = substr(sha256($dh_secret), 0, ( AES_BITS / 4 ));
   535       $aes_key = substr(sha256($dh_secret), 0, ( AES_BITS / 4 ));
   516       
   536       
   579   $db->close();
   599   $db->close();
   580   
   600   
   581   exit;
   601   exit;
   582 }
   602 }
   583 
   603 
   584 function page_Special_Logout() {
   604 function page_Special_Logout()
       
   605 {
   585   global $db, $session, $paths, $template, $plugins; // Common objects
   606   global $db, $session, $paths, $template, $plugins; // Common objects
   586   global $lang;
   607   global $lang;
       
   608   
   587   if ( !$session->user_logged_in )
   609   if ( !$session->user_logged_in )
   588     $paths->main_page();
   610     $paths->main_page();
   589   
   611   
       
   612   $token = $paths->getParam(0);
       
   613   if ( $token !== $session->csrf_token )
       
   614   {
       
   615     csrf_confirm_form();
       
   616   }
       
   617   
   590   $l = $session->logout();
   618   $l = $session->logout();
   591   if ( $l == 'success' )
   619   if ( $l == 'success' )
   592   {
   620   {
   593     $url = makeUrl(getConfig('main_page'), false, true);
   621     $url = makeUrl(getConfig('main_page'), false, true);
   594     if ( $pi = $paths->getAllParams() )
   622     if ( $paths->getParam(1) )
   595     {
   623     {
       
   624       $pi = explode('/', $paths->getAllParams());
       
   625       $pi = implode('/', array_values(array_slice($pi, 1)));
   596       list($pid, $ns) = RenderMan::strToPageID($pi);
   626       list($pid, $ns) = RenderMan::strToPageID($pi);
   597       $perms = $session->fetch_page_acl($pid, $ns);
   627       $perms = $session->fetch_page_acl($pid, $ns);
   598       if ( $perms->get_permissions('read') )
   628       if ( $perms->get_permissions('read') )
   599       {
   629       {
   600         $url = makeUrl($pi, false, true);
   630         $url = makeUrl($pi, false, true);
   601       }
   631       }
   602     }
   632     }
   603     redirect($url, $lang->get('user_logout_success_title'), $lang->get('user_logout_success_body'), 4);
   633     redirect($url, $lang->get('user_logout_success_title'), $lang->get('user_logout_success_body'), 3);
   604   }
   634   }
   605   $template->header();
   635   $template->header();
   606   echo '<h3>' . $lang->get('user_logout_err_title') . '</h3>';
   636   echo '<h3>' . $lang->get('user_logout_err_title') . '</h3>';
   607   echo '<p>' . $l . '</p>';
   637   echo '<p>' . $l . '</p>';
   608   $template->footer();
   638   $template->footer();
  2025       exit();
  2055       exit();
  2026     }
  2056     }
  2027   }
  2057   }
  2028   
  2058   
  2029   $timestamp = enano_date('D, j M Y H:i:s T', $lang_local->lang_timestamp);
  2059   $timestamp = enano_date('D, j M Y H:i:s T', $lang_local->lang_timestamp);
       
  2060   // generate expires header
       
  2061   $expires = date('r', mktime(-1, -1, -1, -1, -1, intval(date('y'))+1));
       
  2062 
  2030   header("Last-Modified: $timestamp");
  2063   header("Last-Modified: $timestamp");
  2031   header("Date: $timestamp");
  2064   header("Date: $timestamp");
  2032   header("ETag: \"$etag\"");
  2065   header("ETag: \"$etag\"");
  2033   header('Content-type: text/javascript');
  2066   header('Content-type: text/javascript');
       
  2067   header("Expires: $expires");
  2034   
  2068   
  2035   $lang_local->fetch();
  2069   $lang_local->fetch();
  2036   echo "if ( typeof(enano_lang) != 'object' )
  2070   echo "if ( typeof(enano_lang) != 'object' )
  2037   var enano_lang = new Object();
  2071   var enano_lang = new Object();
  2038 
  2072 
  2106     {
  2140     {
  2107       echo $fd;
  2141       echo $fd;
  2108     }
  2142     }
  2109     fclose($fh);
  2143     fclose($fh);
  2110     
  2144     
  2111     gzip_output();
       
  2112     
       
  2113     return true;
       
  2114   }
  2145   }
  2115   return true;
  2146   return true;
  2116 }
  2147 }
  2117 
  2148 
  2118 ?>
  2149 ?>