PageRenderTime 58ms CodeModel.GetById 24ms RepoModel.GetById 1ms app.codeStats 0ms

/elgg/mod/dokuwiki/lib/dokuwiki/inc/auth.php

https://bitbucket.org/rhizomatik/lorea_production/
PHP | 1099 lines | 678 code | 114 blank | 307 comment | 178 complexity | b39b9fb84048aa9b45bccfd1b45f8cd7 MD5 | raw file
Possible License(s): GPL-3.0, GPL-2.0, BSD-3-Clause, LGPL-2.1 
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * Authentication library
    4. 

  4.  *
    5. 

  5.  * Including this file will automatically try to login
    6. 

  6.  * a user by calling auth_login()
    7. 

  7.  *
    8. 

  8.  * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
    9. 

  9.  * @author     Andreas Gohr <andi@splitbrain.org>
    10. 

  10.  */
    11. 

  11. 

  12. if(!defined('DOKU_INC')) die('meh.');
    13. 

  13. require_once(DOKU_INC.'inc/common.php');
    14. 

  14. require_once(DOKU_INC.'inc/io.php');
    15. 

  15. 

  16. // some ACL level defines
    17. 

  17. define('AUTH_NONE',0);
    18. 

  18. define('AUTH_READ',1);
    19. 

  19. define('AUTH_EDIT',2);
    20. 

  20. define('AUTH_CREATE',4);
    21. 

  21. define('AUTH_UPLOAD',8);
    22. 

  22. define('AUTH_DELETE',16);
    23. 

  23. define('AUTH_ADMIN',255);
    24. 

  24. 

  25. global $conf;
    26. 

  26. 

  27. if($conf['useacl']){
    28. 

  28.     require_once(DOKU_INC.'inc/blowfish.php');
    29. 

  29.     require_once(DOKU_INC.'inc/mail.php');
    30. 

  30. 

  31.     global $auth;
    32. 

  32. 

  33.     // load the the backend auth functions and instantiate the auth object
    34. 

  34.     if (@file_exists(DOKU_INC.'inc/auth/'.$conf['authtype'].'.class.php')) {
    35. 

  35.         require_once(DOKU_INC.'inc/auth/basic.class.php');
    36. 

  36.         require_once(DOKU_INC.'inc/auth/'.$conf['authtype'].'.class.php');
    37. 

  37. 

  38.         $auth_class = "auth_".$conf['authtype'];
    39. 

  39.         if (class_exists($auth_class)) {
    40. 

  40.             $auth = new $auth_class();
    41. 

  41.             if ($auth->success == false) {
    42. 

  42.                 // degrade to unauthenticated user
    43. 

  43.                 unset($auth);
    44. 

  44.                 auth_logoff();
    45. 

  45.                 msg($lang['authtempfail'], -1);
    46. 

  46.             }
    47. 

  47.         } else {
    48. 

  48.             nice_die($lang['authmodfailed']);
    49. 

  49.         }
    50. 

  50.     } else {
    51. 

  51.         nice_die($lang['authmodfailed']);
    52. 

  52.     }
    53. 

  53. }
    54. 

  54. 

  55. // do the login either by cookie or provided credentials
    56. 

  56. if($conf['useacl']){
    57. 

  57.     if($auth){
    58. 

  58.         if (!isset($_REQUEST['u'])) $_REQUEST['u'] = '';
    59. 

  59.         if (!isset($_REQUEST['p'])) $_REQUEST['p'] = '';
    60. 

  60.         if (!isset($_REQUEST['r'])) $_REQUEST['r'] = '';
    61. 

  61.         $_REQUEST['http_credentials'] = false;
    62. 

  62.         if (!$conf['rememberme']) $_REQUEST['r'] = false;
    63. 

  63. 

  64.         // streamline HTTP auth credentials (IIS/rewrite -> mod_php)
    65. 

  65.         if(isset($_SERVER['HTTP_AUTHORIZATION'])){
    66. 

  66.             list($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']) =
    67. 

  67.                 explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
    68. 

  68.         }
    69. 

  69. 

  70.         // if no credentials were given try to use HTTP auth (for SSO)
    71. 

  71.         if(empty($_REQUEST['u']) && empty($_COOKIE[DOKU_COOKIE]) && !empty($_SERVER['PHP_AUTH_USER'])){
    72. 

  72.             $_REQUEST['u'] = $_SERVER['PHP_AUTH_USER'];
    73. 

  73.             $_REQUEST['p'] = $_SERVER['PHP_AUTH_PW'];
    74. 

  74.             $_REQUEST['http_credentials'] = true;
    75. 

  75.         }
    76. 

  76. 

  77.         // apply cleaning
    78. 

  78.         $_REQUEST['u'] = $auth->cleanUser($_REQUEST['u']);
    79. 

  79. 

  80.         if(isset($_REQUEST['authtok'])){
    81. 

  81.             // when an authentication token is given, trust the session
    82. 

  82.             auth_validateToken($_REQUEST['authtok']);
    83. 

  83.         }elseif(!is_null($auth) && $auth->canDo('external')){
    84. 

  84.             // external trust mechanism in place
    85. 

  85.             $auth->trustExternal($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r']);
    86. 

  86.         }else{
    87. 

  87.             $evdata = array(
    88. 

  88.                     'user'     => $_REQUEST['u'],
    89. 

  89.                     'password' => $_REQUEST['p'],
    90. 

  90.                     'sticky'   => $_REQUEST['r'],
    91. 

  91.                     'silent'   => $_REQUEST['http_credentials'],
    92. 

  92.                     );
    93. 

  93.             $evt = new Doku_Event('AUTH_LOGIN_CHECK',$evdata);
    94. 

  94.             if($evt->advise_before()){
    95. 

  95.                 auth_login($evdata['user'],
    96. 

  96.                            $evdata['password'],
    97. 

  97.                            $evdata['sticky'],
    98. 

  98.                            $evdata['silent']);
    99. 

  99.             }
    100. 

  100.         }
    101. 

  101.     }
    102. 

  102. 

  103.     //load ACL into a global array
    104. 

  104.     global $AUTH_ACL;
    105. 

  105.     if($auth->cando['getACL']) {
    106. 

  106.         $AUTH_ACL = $auth->getACL();
    107. 

  107.         //support user wildcard
    108. 

  108.         if(isset($_SERVER['REMOTE_USER'])){
    109. 

  109.             $AUTH_ACL = str_replace('%USER%',$_SERVER['REMOTE_USER'],$AUTH_ACL);
    110. 

  110.             $AUTH_ACL = str_replace('@USER@',$_SERVER['REMOTE_USER'],$AUTH_ACL); //legacy
    111. 

  111.         }
    112. 

  112.     }
    113. 

  113.     elseif(is_readable(DOKU_CONF.'acl.auth.php')){
    114. 

  114.         $AUTH_ACL = file(DOKU_CONF.'acl.auth.php');
    115. 

  115.         //support user wildcard
    116. 

  116.         if(isset($_SERVER['REMOTE_USER'])){
    117. 

  117.             $AUTH_ACL = str_replace('%USER%',$_SERVER['REMOTE_USER'],$AUTH_ACL);
    118. 

  118.             $AUTH_ACL = str_replace('@USER@',$_SERVER['REMOTE_USER'],$AUTH_ACL); //legacy
    119. 

  119.         }
    120. 

  120.     }else{
    121. 

  121.         $AUTH_ACL = array();
    122. 

  122.     }
    123. 

  123. }
    124. 

  124. 

  125. /**
    126. 

  126.  * This tries to login the user based on the sent auth credentials
    127. 

  127.  *
    128. 

  128.  * The authentication works like this: if a username was given
    129. 

  129.  * a new login is assumed and user/password are checked. If they
    130. 

  130.  * are correct the password is encrypted with blowfish and stored
    131. 

  131.  * together with the username in a cookie - the same info is stored
    132. 

  132.  * in the session, too. Additonally a browserID is stored in the
    133. 

  133.  * session.
    134. 

  134.  *
    135. 

  135.  * If no username was given the cookie is checked: if the username,
    136. 

  136.  * crypted password and browserID match between session and cookie
    137. 

  137.  * no further testing is done and the user is accepted
    138. 

  138.  *
    139. 

  139.  * If a cookie was found but no session info was availabe the
    140. 

  140.  * blowfish encrypted password from the cookie is decrypted and
    141. 

  141.  * together with username rechecked by calling this function again.
    142. 

  142.  *
    143. 

  143.  * On a successful login $_SERVER[REMOTE_USER] and $USERINFO
    144. 

  144.  * are set.
    145. 

  145.  *
    146. 

  146.  * @author  Andreas Gohr <andi@splitbrain.org>
    147. 

  147.  *
    148. 

  148.  * @param   string  $user    Username
    149. 

  149.  * @param   string  $pass    Cleartext Password
    150. 

  150.  * @param   bool    $sticky  Cookie should not expire
    151. 

  151.  * @param   bool    $silent  Don't show error on bad auth
    152. 

  152.  * @return  bool             true on successful auth
    153. 

  153.  */
    154. 

  154. function auth_login($user,$pass,$sticky=false,$silent=false){
    155. 

  155.     global $USERINFO;
    156. 

  156.     global $conf;
    157. 

  157.     global $lang;
    158. 

  158.     global $auth;
    159. 

  159.     $sticky ? $sticky = true : $sticky = false; //sanity check
    160. 

  160. 

  161.     if (!$auth) return false;
    162. 

  162. 

  163.     if(!empty($user)){
    164. 

  164.         //usual login
    165. 

  165.         if ($auth->checkPass($user,$pass)){
    166. 

  166.             // make logininfo globally available
    167. 

  167.             $_SERVER['REMOTE_USER'] = $user;
    168. 

  168.             auth_setCookie($user,PMA_blowfish_encrypt($pass,auth_cookiesalt()),$sticky);
    169. 

  169.             return true;
    170. 

  170.         }else{
    171. 

  171.             //invalid credentials - log off
    172. 

  172.             if(!$silent) msg($lang['badlogin'],-1);
    173. 

  173.             auth_logoff();
    174. 

  174.             return false;
    175. 

  175.         }
    176. 

  176.     }else{
    177. 

  177.         // read cookie information
    178. 

  178.         list($user,$sticky,$pass) = auth_getCookie();
    179. 

  179.         // get session info
    180. 

  180.         $session = $_SESSION[DOKU_COOKIE]['auth'];
    181. 

  181.         if($user && $pass){
    182. 

  182.             // we got a cookie - see if we can trust it
    183. 

  183.             if(isset($session) &&
    184. 

  184.                     $auth->useSessionCache($user) &&
    185. 

  185.                     ($session['time'] >= time()-$conf['auth_security_timeout']) &&
    186. 

  186.                     ($session['user'] == $user) &&
    187. 

  187.                     ($session['pass'] == $pass) &&  //still crypted
    188. 

  188.                     ($session['buid'] == auth_browseruid()) ){
    189. 

  189.                 // he has session, cookie and browser right - let him in
    190. 

  190.                 $_SERVER['REMOTE_USER'] = $user;
    191. 

  191.                 $USERINFO = $session['info']; //FIXME move all references to session
    192. 

  192.                 return true;
    193. 

  193.             }
    194. 

  194.             // no we don't trust it yet - recheck pass but silent
    195. 

  195.             $pass = PMA_blowfish_decrypt($pass,auth_cookiesalt());
    196. 

  196.             return auth_login($user,$pass,$sticky,true);
    197. 

  197.         }
    198. 

  198.     }
    199. 

  199.     //just to be sure
    200. 

  200.     auth_logoff(true);
    201. 

  201.     return false;
    202. 

  202. }
    203. 

  203. 

  204. /**
    205. 

  205.  * Checks if a given authentication token was stored in the session
    206. 

  206.  *
    207. 

  207.  * Will setup authentication data using data from the session if the
    208. 

  208.  * token is correct. Will exit with a 401 Status if not.
    209. 

  209.  *
    210. 

  210.  * @author Andreas Gohr <andi@splitbrain.org>
    211. 

  211.  * @param  string $token The authentication token
    212. 

  212.  * @return boolean true (or will exit on failure)
    213. 

  213.  */
    214. 

  214. function auth_validateToken($token){
    215. 

  215.     if(!$token || $token != $_SESSION[DOKU_COOKIE]['auth']['token']){
    216. 

  216.         // bad token
    217. 

  217.         header("HTTP/1.0 401 Unauthorized");
    218. 

  218.         print 'Invalid auth token - maybe the session timed out';
    219. 

  219.         unset($_SESSION[DOKU_COOKIE]['auth']['token']); // no second chance
    220. 

  220.         exit;
    221. 

  221.     }
    222. 

  222.     // still here? trust the session data
    223. 

  223.     global $USERINFO;
    224. 

  224.     $_SERVER['REMOTE_USER'] = $_SESSION[DOKU_COOKIE]['auth']['user'];
    225. 

  225.     $USERINFO = $_SESSION[DOKU_COOKIE]['auth']['info'];
    226. 

  226.     return true;
    227. 

  227. }
    228. 

  228. 

  229. /**
    230. 

  230.  * Create an auth token and store it in the session
    231. 

  231.  *
    232. 

  232.  * NOTE: this is completely unrelated to the getSecurityToken() function
    233. 

  233.  *
    234. 

  234.  * @author Andreas Gohr <andi@splitbrain.org>
    235. 

  235.  * @return string The auth token
    236. 

  236.  */
    237. 

  237. function auth_createToken(){
    238. 

  238.     $token = md5(mt_rand());
    239. 

  239.     @session_start(); // reopen the session if needed
    240. 

  240.     $_SESSION[DOKU_COOKIE]['auth']['token'] = $token;
    241. 

  241.     session_write_close();
    242. 

  242.     return $token;
    243. 

  243. }
    244. 

  244. 

  245. /**
    246. 

  246.  * Builds a pseudo UID from browser and IP data
    247. 

  247.  *
    248. 

  248.  * This is neither unique nor unfakable - still it adds some
    249. 

  249.  * security. Using the first part of the IP makes sure
    250. 

  250.  * proxy farms like AOLs are stil okay.
    251. 

  251.  *
    252. 

  252.  * @author  Andreas Gohr <andi@splitbrain.org>
    253. 

  253.  *
    254. 

  254.  * @return  string  a MD5 sum of various browser headers
    255. 

  255.  */
    256. 

  256. function auth_browseruid(){
    257. 

  257.     $ip   = clientIP(true);
    258. 

  258.     $uid  = '';
    259. 

  259.     $uid .= $_SERVER['HTTP_USER_AGENT'];
    260. 

  260.     $uid .= $_SERVER['HTTP_ACCEPT_ENCODING'];
    261. 

  261.     $uid .= $_SERVER['HTTP_ACCEPT_LANGUAGE'];
    262. 

  262.     $uid .= $_SERVER['HTTP_ACCEPT_CHARSET'];
    263. 

  263.     $uid .= substr($ip,0,strpos($ip,'.'));
    264. 

  264.     return md5($uid);
    265. 

  265. }
    266. 

  266. 

  267. /**
    268. 

  268.  * Creates a random key to encrypt the password in cookies
    269. 

  269.  *
    270. 

  270.  * This function tries to read the password for encrypting
    271. 

  271.  * cookies from $conf['metadir'].'/_htcookiesalt'
    272. 

  272.  * if no such file is found a random key is created and
    273. 

  273.  * and stored in this file.
    274. 

  274.  *
    275. 

  275.  * @author  Andreas Gohr <andi@splitbrain.org>
    276. 

  276.  *
    277. 

  277.  * @return  string
    278. 

  278.  */
    279. 

  279. function auth_cookiesalt(){
    280. 

  280.     global $conf;
    281. 

  281.     $file = $conf['metadir'].'/_htcookiesalt';
    282. 

  282.     $salt = io_readFile($file);
    283. 

  283.     if(empty($salt)){
    284. 

  284.         $salt = uniqid(rand(),true);
    285. 

  285.         io_saveFile($file,$salt);
    286. 

  286.     }
    287. 

  287.     return $salt;
    288. 

  288. }
    289. 

  289. 

  290. /**
    291. 

  291.  * Log out the current user
    292. 

  292.  *
    293. 

  293.  * This clears all authentication data and thus log the user
    294. 

  294.  * off. It also clears session data.
    295. 

  295.  *
    296. 

  296.  * @author  Andreas Gohr <andi@splitbrain.org>
    297. 

  297.  * @param bool $keepbc - when true, the breadcrumb data is not cleared
    298. 

  298.  */
    299. 

  299. function auth_logoff($keepbc=false){
    300. 

  300.     global $conf;
    301. 

  301.     global $USERINFO;
    302. 

  302.     global $INFO, $ID;
    303. 

  303.     global $auth;
    304. 

  304. 

  305.     // make sure the session is writable (it usually is)
    306. 

  306.     @session_start();
    307. 

  307. 

  308.     if(isset($_SESSION[DOKU_COOKIE]['auth']['user']))
    309. 

  309.         unset($_SESSION[DOKU_COOKIE]['auth']['user']);
    310. 

  310.     if(isset($_SESSION[DOKU_COOKIE]['auth']['pass']))
    311. 

  311.         unset($_SESSION[DOKU_COOKIE]['auth']['pass']);
    312. 

  312.     if(isset($_SESSION[DOKU_COOKIE]['auth']['info']))
    313. 

  313.         unset($_SESSION[DOKU_COOKIE]['auth']['info']);
    314. 

  314.     if(!$keepbc && isset($_SESSION[DOKU_COOKIE]['bc']))
    315. 

  315.         unset($_SESSION[DOKU_COOKIE]['bc']);
    316. 

  316.     if(isset($_SERVER['REMOTE_USER']))
    317. 

  317.         unset($_SERVER['REMOTE_USER']);
    318. 

  318.     $USERINFO=null; //FIXME
    319. 

  319. 

  320.     if (version_compare(PHP_VERSION, '5.2.0', '>')) {
    321. 

  321.         setcookie(DOKU_COOKIE,'',time()-600000,DOKU_REL,'',($conf['securecookie'] && is_ssl()),true);
    322. 

  322.     }else{
    323. 

  323.         setcookie(DOKU_COOKIE,'',time()-600000,DOKU_REL,'',($conf['securecookie'] && is_ssl()));
    324. 

  324.     }
    325. 

  325. 

  326.     if($auth && $auth->canDo('logoff')){
    327. 

  327.         $auth->logOff();
    328. 

  328.     }
    329. 

  329. }
    330. 

  330. 

  331. /**
    332. 

  332.  * Check if a user is a manager
    333. 

  333.  *
    334. 

  334.  * Should usually be called without any parameters to check the current
    335. 

  335.  * user.
    336. 

  336.  *
    337. 

  337.  * The info is available through $INFO['ismanager'], too
    338. 

  338.  *
    339. 

  339.  * @author Andreas Gohr <andi@splitbrain.org>
    340. 

  340.  * @see    auth_isadmin
    341. 

  341.  * @param  string user      - Username
    342. 

  342.  * @param  array  groups    - List of groups the user is in
    343. 

  343.  * @param  bool   adminonly - when true checks if user is admin
    344. 

  344.  */
    345. 

  345. function auth_ismanager($user=null,$groups=null,$adminonly=false){
    346. 

  346.     global $conf;
    347. 

  347.     global $USERINFO;
    348. 

  348.     global $auth;
    349. 

  349. 

  350.     if (!$auth) return false;
    351. 

  351.     if(is_null($user)) {
    352. 

  352.         if (!isset($_SERVER['REMOTE_USER'])) {
    353. 

  353.             return false;
    354. 

  354.         } else {
    355. 

  355.             $user = $_SERVER['REMOTE_USER'];
    356. 

  356.         }
    357. 

  357.     }
    358. 

  358.     $user = $auth->cleanUser($user);
    359. 

  359.     if(is_null($groups)) $groups = (array) $USERINFO['grps'];
    360. 

  360.     $groups = array_map(array($auth,'cleanGroup'),$groups);
    361. 

  361.     $user   = auth_nameencode($user);
    362. 

  362. 

  363.     // check username against superuser and manager
    364. 

  364.     $superusers = explode(',', $conf['superuser']);
    365. 

  365.     $superusers = array_unique($superusers);
    366. 

  366.     $superusers = array_map('trim', $superusers);
    367. 

  367.     // prepare an array containing only true values for array_map call
    368. 

  368.     $alltrue = array_fill(0, count($superusers), true);
    369. 

  369.     $superusers = array_map('auth_nameencode', $superusers, $alltrue);
    370. 

  370. 

  371.     // case insensitive?
    372. 

  372.     if(!$auth->isCaseSensitive()){
    373. 

  373.         $superusers = array_map('utf8_strtolower',$superusers);
    374. 

  374.         $user       = utf8_strtolower($user);
    375. 

  375.     }
    376. 

  376. 

  377.     // check user match
    378. 

  378.     if(in_array($user, $superusers)) return true;
    379. 

  379. 

  380.     // check managers
    381. 

  381.     if(!$adminonly){
    382. 

  382.         $managers = explode(',', $conf['manager']);
    383. 

  383.         $managers = array_unique($managers);
    384. 

  384.         $managers = array_map('trim', $managers);
    385. 

  385.         // prepare an array containing only true values for array_map call
    386. 

  386.         $alltrue = array_fill(0, count($managers), true);
    387. 

  387.         $managers = array_map('auth_nameencode', $managers, $alltrue);
    388. 

  388.         if(!$auth->isCaseSensitive()) $managers = array_map('utf8_strtolower',$managers);
    389. 

  389.         if(in_array($user, $managers)) return true;
    390. 

  390.     }
    391. 

  391. 

  392.     // check user's groups against superuser and manager
    393. 

  393.     if (!empty($groups)) {
    394. 

  394. 

  395.         //prepend groups with @ and nameencode
    396. 

  396.         $cnt = count($groups);
    397. 

  397.         for($i=0; $i<$cnt; $i++){
    398. 

  398.             $groups[$i] = '@'.auth_nameencode($groups[$i]);
    399. 

  399.             if(!$auth->isCaseSensitive()){
    400. 

  400.                 $groups[$i] = utf8_strtolower($groups[$i]);
    401. 

  401.             }
    402. 

  402.         }
    403. 

  403. 

  404.         // check groups against superuser and manager
    405. 

  405.         foreach($superusers as $supu)
    406. 

  406.             if(in_array($supu, $groups)) return true;
    407. 

  407.         if(!$adminonly){
    408. 

  408.             foreach($managers as $mana)
    409. 

  409.                 if(in_array($mana, $groups)) return true;
    410. 

  410.         }
    411. 

  411.     }
    412. 

  412. 

  413.     return false;
    414. 

  414. }
    415. 

  415. 

  416. /**
    417. 

  417.  * Check if a user is admin
    418. 

  418.  *
    419. 

  419.  * Alias to auth_ismanager with adminonly=true
    420. 

  420.  *
    421. 

  421.  * The info is available through $INFO['isadmin'], too
    422. 

  422.  *
    423. 

  423.  * @author Andreas Gohr <andi@splitbrain.org>
    424. 

  424.  * @see auth_ismanager
    425. 

  425.  */
    426. 

  426. function auth_isadmin($user=null,$groups=null){
    427. 

  427.     return auth_ismanager($user,$groups,true);
    428. 

  428. }
    429. 

  429. 

  430. /**
    431. 

  431.  * Convinience function for auth_aclcheck()
    432. 

  432.  *
    433. 

  433.  * This checks the permissions for the current user
    434. 

  434.  *
    435. 

  435.  * @author  Andreas Gohr <andi@splitbrain.org>
    436. 

  436.  *
    437. 

  437.  * @param  string  $id  page ID (needs to be resolved and cleaned)
    438. 

  438.  * @return int          permission level
    439. 

  439.  */
    440. 

  440. function auth_quickaclcheck($id){
    441. 

  441.     global $conf;
    442. 

  442.     global $USERINFO;
    443. 

  443.     # if no ACL is used always return upload rights
    444. 

  444.     if(!$conf['useacl']) return AUTH_UPLOAD;
    445. 

  445.     //error_log("DOKUWIKI: auth_quickaclcheck:".$_SERVER['REMOTE_USER'].":".$id.json_encode($USERINFO));
    446. 

  446.     return auth_aclcheck($id,$_SERVER['REMOTE_USER'],$USERINFO['grps']);
    447. 

  447. }
    448. 

  448. 

  449. /**
    450. 

  450.  * Returns the maximum rights a user has for
    451. 

  451.  * the given ID or its namespace
    452. 

  452.  *
    453. 

  453.  * @author  Andreas Gohr <andi@splitbrain.org>
    454. 

  454.  *
    455. 

  455.  * @param  string  $id     page ID (needs to be resolved and cleaned)
    456. 

  456.  * @param  string  $user   Username
    457. 

  457.  * @param  array   $groups Array of groups the user is in
    458. 

  458.  * @return int             permission level
    459. 

  459.  */
    460. 

  460. function auth_aclcheck($id,$user,$groups){
    461. 

  461.     global $conf;
    462. 

  462.     global $AUTH_ACL;
    463. 

  463.     global $auth;
    464. 

  464. 

  465.     // if no ACL is used always return upload rights
    466. 

  466.     if(!$conf['useacl']) return AUTH_UPLOAD;
    467. 

  467.     if (!$auth) return AUTH_NONE;
    468. 

  468. 

  469.     //make sure groups is an array
    470. 

  470.     if(!is_array($groups)) $groups = array();
    471. 

  471. 

  472.     //if user is superuser or in superusergroup return 255 (acl_admin)
    473. 

  473.     if(auth_isadmin($user,$groups)) { return AUTH_ADMIN; }
    474. 

  474. 

  475.     $ci = '';
    476. 

  476.     if(!$auth->isCaseSensitive()) $ci = 'ui';
    477. 

  477. 

  478.     $user = $auth->cleanUser($user);
    479. 

  479.     $groups = array_map(array($auth,'cleanGroup'),(array)$groups);
    480. 

  480.     $user = auth_nameencode($user);
    481. 

  481. 

  482.     //prepend groups with @ and nameencode
    483. 

  483.     $cnt = count($groups);
    484. 

  484.     for($i=0; $i<$cnt; $i++){
    485. 

  485.         $groups[$i] = '@'.auth_nameencode($groups[$i]);
    486. 

  486.     }
    487. 

  487. 

  488.     $ns    = getNS($id);
    489. 

  489.     $perm  = -1;
    490. 

  490. 

  491.     if($user || count($groups)){
    492. 

  492.         //add ALL group
    493. 

  493.         $groups[] = '@ALL';
    494. 

  494.         //add User
    495. 

  495.         if($user) $groups[] = $user;
    496. 

  496.         //build regexp
    497. 

  497.         $regexp   = join('|',$groups);
    498. 

  498.     }else{
    499. 

  499.         $regexp = '@ALL';
    500. 

  500.     }
    501. 

  501. 

  502.     //check exact match first
    503. 

  503.     $matches = preg_grep('/^'.preg_quote($id,'/').'\s+('.$regexp.')\s+/'.$ci,$AUTH_ACL);
    504. 

  504.     if(count($matches)){
    505. 

  505.         foreach($matches as $match){
    506. 

  506.             $match = preg_replace('/#.*$/','',$match); //ignore comments
    507. 

  507.             $acl   = preg_split('/\s+/',$match);
    508. 

  508.             if($acl[2] > AUTH_DELETE) $acl[2] = AUTH_DELETE; //no admins in the ACL!
    509. 

  509.             if($acl[2] > $perm){
    510. 

  510.                 $perm = $acl[2];
    511. 

  511.             }
    512. 

  512.         }
    513. 

  513.         if($perm > -1){
    514. 

  514.             //we had a match - return it
    515. 

  515.             return $perm;
    516. 

  516.         }
    517. 

  517.     }
    518. 

  518. 

  519.     //still here? do the namespace checks
    520. 

  520.     if($ns){
    521. 

  521.         $path = $ns.':\*';
    522. 

  522.     }else{
    523. 

  523.         $path = '\*'; //root document
    524. 

  524.     }
    525. 

  525. 

  526.     do{
    527. 

  527.         $matches = preg_grep('/^'.$path.'\s+('.$regexp.')\s+/'.$ci,$AUTH_ACL);
    528. 

  528.         if(count($matches)){
    529. 

  529.             foreach($matches as $match){
    530. 

  530.                 $match = preg_replace('/#.*$/','',$match); //ignore comments
    531. 

  531.                 $acl   = preg_split('/\s+/',$match);
    532. 

  532.                 if($acl[2] > AUTH_DELETE) $acl[2] = AUTH_DELETE; //no admins in the ACL!
    533. 

  533.                 if($acl[2] > $perm){
    534. 

  534.                     $perm = $acl[2];
    535. 

  535.                 }
    536. 

  536.             }
    537. 

  537.             //we had a match - return it
    538. 

  538.             return $perm;
    539. 

  539.         }
    540. 

  540. 

  541.         //get next higher namespace
    542. 

  542.         $ns   = getNS($ns);
    543. 

  543. 

  544.         if($path != '\*'){
    545. 

  545.             $path = $ns.':\*';
    546. 

  546.             if($path == ':\*') $path = '\*';
    547. 

  547.         }else{
    548. 

  548.             //we did this already
    549. 

  549.             //looks like there is something wrong with the ACL
    550. 

  550.             //break here
    551. 

  551.             msg('No ACL setup yet! Denying access to everyone.');
    552. 

  552.             return AUTH_NONE;
    553. 

  553.         }
    554. 

  554.     }while(1); //this should never loop endless
    555. 

  555. 

  556.     //still here? return no permissions
    557. 

  557.     return AUTH_NONE;
    558. 

  558. }
    559. 

  559. 

  560. /**
    561. 

  561.  * Encode ASCII special chars
    562. 

  562.  *
    563. 

  563.  * Some auth backends allow special chars in their user and groupnames
    564. 

  564.  * The special chars are encoded with this function. Only ASCII chars
    565. 

  565.  * are encoded UTF-8 multibyte are left as is (different from usual
    566. 

  566.  * urlencoding!).
    567. 

  567.  *
    568. 

  568.  * Decoding can be done with rawurldecode
    569. 

  569.  *
    570. 

  570.  * @author Andreas Gohr <gohr@cosmocode.de>
    571. 

  571.  * @see rawurldecode()
    572. 

  572.  */
    573. 

  573. function auth_nameencode($name,$skip_group=false){
    574. 

  574.     global $cache_authname;
    575. 

  575.     $cache =& $cache_authname;
    576. 

  576.     $name  = (string) $name;
    577. 

  577. 

  578.     if (!isset($cache[$name][$skip_group])) {
    579. 

  579.         if($skip_group && $name{0} =='@'){
    580. 

  580.             $cache[$name][$skip_group] = '@'.preg_replace('/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e',
    581. 

  581.                     "'%'.dechex(ord(substr('\\1',-1)))",substr($name,1));
    582. 

  582.         }else{
    583. 

  583.             $cache[$name][$skip_group] = preg_replace('/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e',
    584. 

  584.                     "'%'.dechex(ord(substr('\\1',-1)))",$name);
    585. 

  585.         }
    586. 

  586.     }
    587. 

  587. 

  588.     return $cache[$name][$skip_group];
    589. 

  589. }
    590. 

  590. 

  591. /**
    592. 

  592.  * Create a pronouncable password
    593. 

  593.  *
    594. 

  594.  * @author  Andreas Gohr <andi@splitbrain.org>
    595. 

  595.  * @link    http://www.phpbuilder.com/annotate/message.php3?id=1014451
    596. 

  596.  *
    597. 

  597.  * @return string  pronouncable password
    598. 

  598.  */
    599. 

  599. function auth_pwgen(){
    600. 

  600.     $pw = '';
    601. 

  601.     $c  = 'bcdfghjklmnprstvwz'; //consonants except hard to speak ones
    602. 

  602.     $v  = 'aeiou';              //vowels
    603. 

  603.     $a  = $c.$v;                //both
    604. 

  604. 

  605.     //use two syllables...
    606. 

  606.     for($i=0;$i < 2; $i++){
    607. 

  607.         $pw .= $c[rand(0, strlen($c)-1)];
    608. 

  608.         $pw .= $v[rand(0, strlen($v)-1)];
    609. 

  609.         $pw .= $a[rand(0, strlen($a)-1)];
    610. 

  610.     }
    611. 

  611.     //... and add a nice number
    612. 

  612.     $pw .= rand(10,99);
    613. 

  613. 

  614.     return $pw;
    615. 

  615. }
    616. 

  616. 

  617. /**
    618. 

  618.  * Sends a password to the given user
    619. 

  619.  *
    620. 

  620.  * @author  Andreas Gohr <andi@splitbrain.org>
    621. 

  621.  *
    622. 

  622.  * @return bool  true on success
    623. 

  623.  */
    624. 

  624. function auth_sendPassword($user,$password){
    625. 

  625.     global $conf;
    626. 

  626.     global $lang;
    627. 

  627.     global $auth;
    628. 

  628.     if (!$auth) return false;
    629. 

  629. 

  630.     $hdrs  = '';
    631. 

  631.     $user     = $auth->cleanUser($user);
    632. 

  632.     $userinfo = $auth->getUserData($user);
    633. 

  633. 

  634.     if(!$userinfo['mail']) return false;
    635. 

  635. 

  636.     $text = rawLocale('password');
    637. 

  637.     $text = str_replace('@DOKUWIKIURL@',DOKU_URL,$text);
    638. 

  638.     $text = str_replace('@FULLNAME@',$userinfo['name'],$text);
    639. 

  639.     $text = str_replace('@LOGIN@',$user,$text);
    640. 

  640.     $text = str_replace('@PASSWORD@',$password,$text);
    641. 

  641.     $text = str_replace('@TITLE@',$conf['title'],$text);
    642. 

  642. 

  643.     return mail_send($userinfo['name'].' <'.$userinfo['mail'].'>',
    644. 

  644.             $lang['regpwmail'],
    645. 

  645.             $text,
    646. 

  646.             $conf['mailfrom']);
    647. 

  647. }
    648. 

  648. 

  649. /**
    650. 

  650.  * Register a new user
    651. 

  651.  *
    652. 

  652.  * This registers a new user - Data is read directly from $_POST
    653. 

  653.  *
    654. 

  654.  * @author  Andreas Gohr <andi@splitbrain.org>
    655. 

  655.  *
    656. 

  656.  * @return bool  true on success, false on any error
    657. 

  657.  */
    658. 

  658. function register(){
    659. 

  659.     global $lang;
    660. 

  660.     global $conf;
    661. 

  661.     global $auth;
    662. 

  662. 

  663.     if (!$auth) return false;
    664. 

  664.     if(!$_POST['save']) return false;
    665. 

  665.     if(!$auth->canDo('addUser')) return false;
    666. 

  666. 

  667.     //clean username
    668. 

  668.     $_POST['login'] = trim($auth->cleanUser($_POST['login']));
    669. 

  669. 

  670.     //clean fullname and email
    671. 

  671.     $_POST['fullname'] = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/','',$_POST['fullname']));
    672. 

  672.     $_POST['email']    = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/','',$_POST['email']));
    673. 

  673. 

  674.     if( empty($_POST['login']) ||
    675. 

  675.         empty($_POST['fullname']) ||
    676. 

  676.         empty($_POST['email']) ){
    677. 

  677.         msg($lang['regmissing'],-1);
    678. 

  678.         return false;
    679. 

  679.     }
    680. 

  680. 

  681.     if ($conf['autopasswd']) {
    682. 

  682.         $pass = auth_pwgen();                // automatically generate password
    683. 

  683.     } elseif (empty($_POST['pass']) ||
    684. 

  684.             empty($_POST['passchk'])) {
    685. 

  685.         msg($lang['regmissing'], -1);        // complain about missing passwords
    686. 

  686.         return false;
    687. 

  687.     } elseif ($_POST['pass'] != $_POST['passchk']) {
    688. 

  688.         msg($lang['regbadpass'], -1);      // complain about misspelled passwords
    689. 

  689.         return false;
    690. 

  690.     } else {
    691. 

  691.         $pass = $_POST['pass'];              // accept checked and valid password
    692. 

  692.     }
    693. 

  693. 

  694.     //check mail
    695. 

  695.     if(!mail_isvalid($_POST['email'])){
    696. 

  696.         msg($lang['regbadmail'],-1);
    697. 

  697.         return false;
    698. 

  698.     }
    699. 

  699. 

  700.     //okay try to create the user
    701. 

  701.     if(!$auth->triggerUserMod('create', array($_POST['login'],$pass,$_POST['fullname'],$_POST['email']))){
    702. 

  702.         msg($lang['reguexists'],-1);
    703. 

  703.         return false;
    704. 

  704.     }
    705. 

  705. 

  706.     // create substitutions for use in notification email
    707. 

  707.     $substitutions = array(
    708. 

  708.             'NEWUSER' => $_POST['login'],
    709. 

  709.             'NEWNAME' => $_POST['fullname'],
    710. 

  710.             'NEWEMAIL' => $_POST['email'],
    711. 

  711.             );
    712. 

  712. 

  713.     if (!$conf['autopasswd']) {
    714. 

  714.         msg($lang['regsuccess2'],1);
    715. 

  715.         notify('', 'register', '', $_POST['login'], false, $substitutions);
    716. 

  716.         return true;
    717. 

  717.     }
    718. 

  718. 

  719.     // autogenerated password? then send him the password
    720. 

  720.     if (auth_sendPassword($_POST['login'],$pass)){
    721. 

  721.         msg($lang['regsuccess'],1);
    722. 

  722.         notify('', 'register', '', $_POST['login'], false, $substitutions);
    723. 

  723.         return true;
    724. 

  724.     }else{
    725. 

  725.         msg($lang['regmailfail'],-1);
    726. 

  726.         return false;
    727. 

  727.     }
    728. 

  728. }
    729. 

  729. 

  730. /**
    731. 

  731.  * Update user profile
    732. 

  732.  *
    733. 

  733.  * @author    Christopher Smith <chris@jalakai.co.uk>
    734. 

  734.  */
    735. 

  735. function updateprofile() {
    736. 

  736.     global $conf;
    737. 

  737.     global $INFO;
    738. 

  738.     global $lang;
    739. 

  739.     global $auth;
    740. 

  740. 

  741.     if (!$auth) return false;
    742. 

  742.     if(empty($_POST['save'])) return false;
    743. 

  743.     if(!checkSecurityToken()) return false;
    744. 

  744. 

  745.     // should not be able to get here without Profile being possible...
    746. 

  746.     if(!$auth->canDo('Profile')) {
    747. 

  747.         msg($lang['profna'],-1);
    748. 

  748.         return false;
    749. 

  749.     }
    750. 

  750. 

  751.     if ($_POST['newpass'] != $_POST['passchk']) {
    752. 

  752.         msg($lang['regbadpass'], -1);      // complain about misspelled passwords
    753. 

  753.         return false;
    754. 

  754.     }
    755. 

  755. 

  756.     //clean fullname and email
    757. 

  757.     $_POST['fullname'] = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/','',$_POST['fullname']));
    758. 

  758.     $_POST['email']    = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/','',$_POST['email']));
    759. 

  759. 

  760.     if ((empty($_POST['fullname']) && $auth->canDo('modName')) ||
    761. 

  761.         (empty($_POST['email']) && $auth->canDo('modMail'))) {
    762. 

  762.         msg($lang['profnoempty'],-1);
    763. 

  763.         return false;
    764. 

  764.     }
    765. 

  765. 

  766.     if (!mail_isvalid($_POST['email']) && $auth->canDo('modMail')){
    767. 

  767.         msg($lang['regbadmail'],-1);
    768. 

  768.         return false;
    769. 

  769.     }
    770. 

  770. 

  771.     if ($_POST['fullname'] != $INFO['userinfo']['name'] && $auth->canDo('modName')) $changes['name'] = $_POST['fullname'];
    772. 

  772.     if ($_POST['email'] != $INFO['userinfo']['mail'] && $auth->canDo('modMail')) $changes['mail'] = $_POST['email'];
    773. 

  773.     if (!empty($_POST['newpass']) && $auth->canDo('modPass')) $changes['pass'] = $_POST['newpass'];
    774. 

  774. 

  775.     if (!count($changes)) {
    776. 

  776.         msg($lang['profnochange'], -1);
    777. 

  777.         return false;
    778. 

  778.     }
    779. 

  779. 

  780.     if ($conf['profileconfirm']) {
    781. 

  781.         if (!$auth->checkPass($_SERVER['REMOTE_USER'], $_POST['oldpass'])) {
    782. 

  782.             msg($lang['badlogin'],-1);
    783. 

  783.             return false;
    784. 

  784.         }
    785. 

  785.     }
    786. 

  786. 

  787.     if ($result = $auth->triggerUserMod('modify', array($_SERVER['REMOTE_USER'], $changes))) {
    788. 

  788.         // update cookie and session with the changed data
    789. 

  789.         $cookie = base64_decode($_COOKIE[DOKU_COOKIE]);
    790. 

  790.         list($user,$sticky,$pass) = explode('|',$cookie,3);
    791. 

  791.         if ($changes['pass']) $pass = PMA_blowfish_encrypt($changes['pass'],auth_cookiesalt());
    792. 

  792. 

  793.         auth_setCookie($_SERVER['REMOTE_USER'],$pass,(bool)$sticky);
    794. 

  794.         return true;
    795. 

  795.     }
    796. 

  796. }
    797. 

  797. 

  798. /**
    799. 

  799.  * Send a  new password
    800. 

  800.  *
    801. 

  801.  * This function handles both phases of the password reset:
    802. 

  802.  *
    803. 

  803.  *   - handling the first request of password reset
    804. 

  804.  *   - validating the password reset auth token
    805. 

  805.  *
    806. 

  806.  * @author Benoit Chesneau <benoit@bchesneau.info>
    807. 

  807.  * @author Chris Smith <chris@jalakai.co.uk>
    808. 

  808.  * @author Andreas Gohr <andi@splitbrain.org>
    809. 

  809.  *
    810. 

  810.  * @return bool true on success, false on any error
    811. 

  811.  */
    812. 

  812. function act_resendpwd(){
    813. 

  813.     global $lang;
    814. 

  814.     global $conf;
    815. 

  815.     global $auth;
    816. 

  816. 

  817.     if(!actionOK('resendpwd')) return false;
    818. 

  818.     if (!$auth) return false;
    819. 

  819. 

  820.     // should not be able to get here without modPass being possible...
    821. 

  821.     if(!$auth->canDo('modPass')) {
    822. 

  822.         msg($lang['resendna'],-1);
    823. 

  823.         return false;
    824. 

  824.     }
    825. 

  825. 

  826.     $token = preg_replace('/[^a-f0-9]+/','',$_REQUEST['pwauth']);
    827. 

  827. 

  828.     if($token){
    829. 

  829.         // we're in token phase
    830. 

  830. 

  831.         $tfile = $conf['cachedir'].'/'.$token{0}.'/'.$token.'.pwauth';
    832. 

  832.         if(!@file_exists($tfile)){
    833. 

  833.             msg($lang['resendpwdbadauth'],-1);
    834. 

  834.             return false;
    835. 

  835.         }
    836. 

  836.         $user = io_readfile($tfile);
    837. 

  837.         @unlink($tfile);
    838. 

  838.         $userinfo = $auth->getUserData($user);
    839. 

  839.         if(!$userinfo['mail']) {
    840. 

  840.             msg($lang['resendpwdnouser'], -1);
    841. 

  841.             return false;
    842. 

  842.         }
    843. 

  843. 

  844.         $pass = auth_pwgen();
    845. 

  845.         if (!$auth->triggerUserMod('modify', array($user,array('pass' => $pass)))) {
    846. 

  846.             msg('error modifying user data',-1);
    847. 

  847.             return false;
    848. 

  848.         }
    849. 

  849. 

  850.         if (auth_sendPassword($user,$pass)) {
    851. 

  851.             msg($lang['resendpwdsuccess'],1);
    852. 

  852.         } else {
    853. 

  853.             msg($lang['regmailfail'],-1);
    854. 

  854.         }
    855. 

  855.         return true;
    856. 

  856. 

  857.     } else {
    858. 

  858.         // we're in request phase
    859. 

  859. 

  860.         if(!$_POST['save']) return false;
    861. 

  861. 

  862.         if (empty($_POST['login'])) {
    863. 

  863.             msg($lang['resendpwdmissing'], -1);
    864. 

  864.             return false;
    865. 

  865.         } else {
    866. 

  866.             $user = trim($auth->cleanUser($_POST['login']));
    867. 

  867.         }
    868. 

  868. 

  869.         $userinfo = $auth->getUserData($user);
    870. 

  870.         if(!$userinfo['mail']) {
    871. 

  871.             msg($lang['resendpwdnouser'], -1);
    872. 

  872.             return false;
    873. 

  873.         }
    874. 

  874. 

  875.         // generate auth token
    876. 

  876.         $token = md5(auth_cookiesalt().$user); //secret but user based
    877. 

  877.         $tfile = $conf['cachedir'].'/'.$token{0}.'/'.$token.'.pwauth';
    878. 

  878.         $url = wl('',array('do'=>'resendpwd','pwauth'=>$token),true,'&');
    879. 

  879. 

  880.         io_saveFile($tfile,$user);
    881. 

  881. 

  882.         $text = rawLocale('pwconfirm');
    883. 

  883.         $text = str_replace('@DOKUWIKIURL@',DOKU_URL,$text);
    884. 

  884.         $text = str_replace('@FULLNAME@',$userinfo['name'],$text);
    885. 

  885.         $text = str_replace('@LOGIN@',$user,$text);
    886. 

  886.         $text = str_replace('@TITLE@',$conf['title'],$text);
    887. 

  887.         $text = str_replace('@CONFIRM@',$url,$text);
    888. 

  888. 

  889.         if(mail_send($userinfo['name'].' <'.$userinfo['mail'].'>',
    890. 

  890.                      $lang['regpwmail'],
    891. 

  891.                      $text,
    892. 

  892.                      $conf['mailfrom'])){
    893. 

  893.             msg($lang['resendpwdconfirm'],1);
    894. 

  894.         }else{
    895. 

  895.             msg($lang['regmailfail'],-1);
    896. 

  896.         }
    897. 

  897.         return true;
    898. 

  898.     }
    899. 

  899. 

  900.     return false; // never reached
    901. 

  901. }
    902. 

  902. 

  903. /**
    904. 

  904.  * Encrypts a password using the given method and salt
    905. 

  905.  *
    906. 

  906.  * If the selected method needs a salt and none was given, a random one
    907. 

  907.  * is chosen.
    908. 

  908.  *
    909. 

  909.  * The following methods are understood:
    910. 

  910.  *
    911. 

  911.  *   smd5  - Salted MD5 hashing
    912. 

  912.  *   apr1  - Apache salted MD5 hashing
    913. 

  913.  *   md5   - Simple MD5 hashing
    914. 

  914.  *   sha1  - SHA1 hashing
    915. 

  915.  *   ssha  - Salted SHA1 hashing
    916. 

  916.  *   crypt - Unix crypt
    917. 

  917.  *   mysql - MySQL password (old method)
    918. 

  918.  *   my411 - MySQL 4.1.1 password
    919. 

  919.  *   kmd5  - Salted MD5 hashing as used by UNB
    920. 

  920.  *
    921. 

  921.  * @author  Andreas Gohr <andi@splitbrain.org>
    922. 

  922.  * @return  string  The crypted password
    923. 

  923.  */
    924. 

  924. function auth_cryptPassword($clear,$method='',$salt=null){
    925. 

  925.     global $conf;
    926. 

  926.     if(empty($method)) $method = $conf['passcrypt'];
    927. 

  927. 

  928.     //prepare a salt
    929. 

  929.     if(is_null($salt)) $salt = md5(uniqid(rand(), true));
    930. 

  930. 

  931.     switch(strtolower($method)){
    932. 

  932.         case 'smd5':
    933. 

  933.             if(defined('CRYPT_MD5') && CRYPT_MD5) return crypt($clear,'$1$'.substr($salt,0,8).'$');
    934. 

  934.             // when crypt can't handle SMD5, falls through to pure PHP implementation
    935. 

  935.             $magic = '1';
    936. 

  936.         case 'apr1':
    937. 

  937.             //from http://de.php.net/manual/en/function.crypt.php#73619 comment by <mikey_nich at hotmail dot com>
    938. 

  938.             if(!$magic) $magic = 'apr1';
    939. 

  939.             $salt = substr($salt,0,8);
    940. 

  940.             $len = strlen($clear);
    941. 

  941.             $text = $clear.'$'.$magic.'$'.$salt;
    942. 

  942.             $bin = pack("H32", md5($clear.$salt.$clear));
    943. 

  943.             for($i = $len; $i > 0; $i -= 16) {
    944. 

  944.                 $text .= substr($bin, 0, min(16, $i));
    945. 

  945.             }
    946. 

  946.             for($i = $len; $i > 0; $i >>= 1) {
    947. 

  947.                 $text .= ($i & 1) ? chr(0) : $clear{0};
    948. 

  948.             }
    949. 

  949.             $bin = pack("H32", md5($text));
    950. 

  950.             for($i = 0; $i < 1000; $i++) {
    951. 

  951.                 $new = ($i & 1) ? $clear : $bin;
    952. 

  952.                 if ($i % 3) $new .= $salt;
    953. 

  953.                 if ($i % 7) $new .= $clear;
    954. 

  954.                 $new .= ($i & 1) ? $bin : $clear;
    955. 

  955.                 $bin = pack("H32", md5($new));
    956. 

  956.             }
    957. 

  957.             $tmp = '';
    958. 

  958.             for ($i = 0; $i < 5; $i++) {
    959. 

  959.                 $k = $i + 6;
    960. 

  960.                 $j = $i + 12;
    961. 

  961.                 if ($j == 16) $j = 5;
    962. 

  962.                 $tmp = $bin[$i].$bin[$k].$bin[$j].$tmp;
    963. 

  963.             }
    964. 

  964.             $tmp = chr(0).chr(0).$bin[11].$tmp;
    965. 

  965.             $tmp = strtr(strrev(substr(base64_encode($tmp), 2)),
    966. 

  966.                     "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",
    967. 

  967.                     "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");
    968. 

  968.             return '$'.$magic.'$'.$salt.'$'.$tmp;
    969. 

  969.         case 'md5':
    970. 

  970.             return md5($clear);
    971. 

  971.         case 'sha1':
    972. 

  972.             return sha1($clear);
    973. 

  973.         case 'ssha':
    974. 

  974.             $salt=substr($salt,0,4);
    975. 

  975.             return '{SSHA}'.base64_encode(pack("H*", sha1($clear.$salt)).$salt);
    976. 

  976.         case 'crypt':
    977. 

  977.             return crypt($clear,substr($salt,0,2));
    978. 

  978.         case 'mysql':
    979. 

  979.             //from http://www.php.net/mysql comment by <soren at byu dot edu>
    980. 

  980.             $nr=0x50305735;
    981. 

  981.             $nr2=0x12345671;
    982. 

  982.             $add=7;
    983. 

  983.             $charArr = preg_split("//", $clear);
    984. 

  984.             foreach ($charArr as $char) {
    985. 

  985.                 if (($char == '') || ($char == ' ') || ($char == '\t')) continue;
    986. 

  986.                 $charVal = ord($char);
    987. 

  987.                 $nr ^= ((($nr & 63) + $add) * $charVal) + ($nr << 8);
    988. 

  988.                 $nr2 += ($nr2 << 8) ^ $nr;
    989. 

  989.                 $add += $charVal;
    990. 

  990.             }
    991. 

  991.             return sprintf("%08x%08x", ($nr & 0x7fffffff), ($nr2 & 0x7fffffff));
    992. 

  992.         case 'my411':
    993. 

  993.             return '*'.sha1(pack("H*", sha1($clear)));
    994. 

  994.         case 'kmd5':
    995. 

  995.             $key = substr($salt, 16, 2);
    996. 

  996.             $hash1 = strtolower(md5($key . md5($clear)));
    997. 

  997.             $hash2 = substr($hash1, 0, 16) . $key . substr($hash1, 16);
    998. 

  998.             return $hash2;
    999. 

  999.         default:
    1000. 

  1000.             msg("Unsupported crypt method $method",-1);
    1001. 

  1001.     }
    1002. 

  1002. }
    1003. 

  1003. 

  1004. /**
    1005. 

  1005.  * Verifies a cleartext password against a crypted hash
    1006. 

  1006.  *
    1007. 

  1007.  * The method and salt used for the crypted hash is determined automatically
    1008. 

  1008.  * then the clear text password is crypted using the same method. If both hashs
    1009. 

  1009.  * match true is is returned else false
    1010. 

  1010.  *
    1011. 

  1011.  * @author  Andreas Gohr <andi@splitbrain.org>
    1012. 

  1012.  * @return  bool
    1013. 

  1013.  */
    1014. 

  1014. function auth_verifyPassword($clear,$crypt){
    1015. 

  1015.     $method='';
    1016. 

  1016.     $salt='';
    1017. 

  1017. 

  1018.     //determine the used method and salt
    1019. 

  1019.     $len = strlen($crypt);
    1020. 

  1020.     if(preg_match('/^\$1\$([^\$]{0,8})\$/',$crypt,$m)){
    1021. 

  1021.         $method = 'smd5';
    1022. 

  1022.         $salt   = $m[1];
    1023. 

  1023.     }elseif(preg_match('/^\$apr1\$([^\$]{0,8})\$/',$crypt,$m)){
    1024. 

  1024.         $method = 'apr1';
    1025. 

  1025.         $salt   = $m[1];
    1026. 

  1026.     }elseif(substr($crypt,0,6) == '{SSHA}'){
    1027. 

  1027.         $method = 'ssha';
    1028. 

  1028.         $salt   = substr(base64_decode(substr($crypt, 6)),20);
    1029. 

  1029.     }elseif($len == 32){
    1030. 

  1030.         $method = 'md5';
    1031. 

  1031.     }elseif($len == 40){
    1032. 

  1032.         $method = 'sha1';
    1033. 

  1033.     }elseif($len == 16){
    1034. 

  1034.         $method = 'mysql';
    1035. 

  1035.     }elseif($len == 41 && $crypt[0] == '*'){
    1036. 

  1036.         $method = 'my411';
    1037. 

  1037.     }elseif($len == 34){
    1038. 

  1038.         $method = 'kmd5';
    1039. 

  1039.         $salt   = $crypt;
    1040. 

  1040.     }else{
    1041. 

  1041.         $method = 'crypt';
    1042. 

  1042.         $salt   = substr($crypt,0,2);
    1043. 

  1043.     }
    1044. 

  1044. 

  1045.     //crypt and compare
    1046. 

  1046.     if(auth_cryptPassword($clear,$method,$salt) === $crypt){
    1047. 

  1047.         return true;
    1048. 

  1048.     }
    1049. 

  1049.     return false;
    1050. 

  1050. }
    1051. 

  1051. 

  1052. /**
    1053. 

  1053.  * Set the authentication cookie and add user identification data to the session
    1054. 

  1054.  *
    1055. 

  1055.  * @param string  $user       username
    1056. 

  1056.  * @param string  $pass       encrypted password
    1057. 

  1057.  * @param bool    $sticky     whether or not the cookie will last beyond the session
    1058. 

  1058.  */
    1059. 

  1059. function auth_setCookie($user,$pass,$sticky) {
    1060. 

  1060.     global $conf;
    1061. 

  1061.     global $auth;
    1062. 

  1062.     global $USERINFO;
    1063. 

  1063. 

  1064.     if (!$auth) return false;
    1065. 

  1065.     $USERINFO = $auth->getUserData($user);
    1066. 

  1066. 

  1067.     // set cookie
    1068. 

  1068.     $cookie = base64_encode($user).'|'.((int) $sticky).'|'.base64_encode($pass);
    1069. 

  1069.     $time = $sticky ? (time()+60*60*24*365) : 0; //one year
    1070. 

  1070.     if (version_compare(PHP_VERSION, '5.2.0', '>')) {
    1071. 

  1071.         setcookie(DOKU_COOKIE,$cookie,$time,DOKU_REL,'',($conf['securecookie'] && is_ssl()),true);
    1072. 

  1072.     }else{
    1073. 

  1073.         setcookie(DOKU_COOKIE,$cookie,$time,DOKU_REL,'',($conf['securecookie'] && is_ssl()));
    1074. 

  1074.     }
    1075. 

  1075.     // set session
    1076. 

  1076.     $_SESSION[DOKU_COOKIE]['auth']['user'] = $user;
    1077. 

  1077.     $_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass;
    1078. 

  1078.     $_SESSION[DOKU_COOKIE]['auth']['buid'] = auth_browseruid();
    1079. 

  1079.     $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
    1080. 

  1080.     $_SESSION[DOKU_COOKIE]['auth']['time'] = time();
    1081. 

  1081. }
    1082. 

  1082. 

  1083. /**
    1084. 

  1084.  * Returns the user, (encrypted) password and sticky bit from cookie
    1085. 

  1085.  *
    1086. 

  1086.  * @returns array
    1087. 

  1087.  */
    1088. 

  1088. function auth_getCookie(){
    1089. 

  1089.     if (!isset($_COOKIE[DOKU_COOKIE])) {
    1090. 

  1090.         return array(null, null, null);
    1091. 

  1091.     }
    1092. 

  1092.     list($user,$sticky,$pass) = explode('|',$_COOKIE[DOKU_COOKIE],3);
    1093. 

  1093.     $sticky = (bool) $sticky;
    1094. 

  1094.     $pass   = base64_decode($pass);
    1095. 

  1095.     $user   = base64_decode($user);
    1096. 

  1096.     return array($user,$sticky,$pass);
    1097. 

  1097. }
    1098. 

  1098. 

  1099. //Setup VIM: ex: et ts=2 enc=utf-8 :
    1100. 

  1100.