| [ Index ] |
PHP Cross Reference of Textpattern 4.0.8 |
[Summary view] [Print] [Text view]
1 <?php 2 3 /* 4 This is Textpattern 5 6 Copyright 2005 by Dean Allen 7 www.textpattern.com 8 All rights reserved 9 10 Use of this software indicates acceptance of the Textpattern license agreement 11 12 $HeadURL: https://textpattern.googlecode.com/svn/releases/4.0.8/source/textpattern/include/txp_auth.php $ 13 $LastChangedRevision: 2856 $ 14 15 */ 16 17 if (!defined('txpinterface')) die('txpinterface is undefined.'); 18 19 function doAuth() 20 { 21 global $txp_user; 22 23 $txp_user = NULL; 24 25 $message = doTxpValidate(); 26 27 if(!$txp_user) 28 { 29 doLoginForm($message); 30 } 31 32 ob_start(); 33 } 34 35 // ------------------------------------------------------------- 36 function txp_validate($user,$password) 37 { 38 $safe_user = doSlash($user); 39 $passwords = array(); 40 41 $passwords[] = "password(lower('".doSlash($password)."'))"; 42 $passwords[] = "password('".doSlash($password)."')"; 43 44 if (version_compare(mysql_get_server_info(), '4.1.0', '>=')) 45 { 46 $passwords[] = "old_password(lower('".doSlash($password)."'))"; 47 $passwords[] = "old_password('".doSlash($password)."')"; 48 } 49 50 $name = safe_field("name", "txp_users", 51 "name = '$safe_user' and (pass = ".join(' or pass = ', $passwords).") and privs > 0"); 52 53 if ($name !== FALSE) 54 { 55 // update the last access time 56 safe_update("txp_users", "last_access = now()", "name = '$safe_user'"); 57 return $name; 58 59 } 60 61 return false; 62 } 63 64 // ------------------------------------------------------------- 65 66 function doLoginForm($message) 67 { 68 global $txpcfg; 69 70 include txpath.'/lib/txplib_head.php'; 71 72 pagetop(gTxt('login')); 73 74 $stay = (cs('txp_login') and !gps('logout') ? 1 : 0); 75 $reset = gps('reset'); 76 77 list($name) = split(',', cs('txp_login')); 78 79 echo form( 80 startTable('edit'). 81 n.n.tr( 82 n.td(). 83 td(graf($message)) 84 ). 85 86 n.n.tr( 87 n.fLabelCell('name', '', 'name'). 88 n.fInputCell('p_userid', $name, 1, '', '', 'name') 89 ). 90 91 ($reset ? '' : 92 n.n.tr( 93 n.fLabelCell('password', '', 'password'). 94 n.td( 95 fInput('password', 'p_password', '', 'edit', '', '', '', 2, 'password') 96 ) 97 ) 98 ). 99 100 ($reset ? '' : 101 n.n.tr( 102 n.td(). 103 td( 104 graf(checkbox('stay', 1, $stay, 3, 'stay').'<label for="stay">'.gTxt('stay_logged_in').'</label>'. 105 sp.popHelp('remember_login')) 106 ) 107 ) 108 ). 109 110 n.n.tr( 111 n.td(). 112 td( 113 ($reset ? hInput('p_reset', 1) : ''). 114 fInput('submit', '', gTxt($reset ? 'password_reset_button' : 'log_in_button'), 'publish', '', '', '', 4). 115 ($reset ? '' : graf('<a href="?reset=1">'.gTxt('password_forgotten').'</a>')) 116 ) 117 ). 118 119 endTable(). 120 121 (gps('event') ? eInput(gps('event')) : '') 122 ). 123 124 125 n.'</body>'.n.'</html>'; 126 127 exit(0); 128 } 129 130 // ------------------------------------------------------------- 131 function doTxpValidate() 132 { 133 global $logout,$txpcfg, $txp_user; 134 $p_userid = ps('p_userid'); 135 $p_password = ps('p_password'); 136 $p_reset = ps('p_reset'); 137 $stay = ps('stay'); 138 $logout = gps('logout'); 139 $message = gTxt('login_to_textpattern'); 140 $pub_path = preg_replace('|//$|','/', rhu.'/'); 141 142 if (cs('txp_login') and strpos(cs('txp_login'), ',')) 143 { 144 list($c_userid, $c_hash) = split(',', cs('txp_login')); 145 } 146 else 147 { 148 $c_hash = ''; 149 $c_userid = ''; 150 } 151 152 if ($logout) 153 { 154 setcookie('txp_login', '', time()-3600); 155 setcookie('txp_login_public', '', time()-3600, $pub_path); 156 } 157 elseif ($c_userid and strlen($c_hash) == 32) // cookie exists 158 { 159 $nonce = safe_field('nonce', 'txp_users', "name='".doSlash($c_userid)."' AND last_access > DATE_SUB(NOW(), INTERVAL 30 DAY)"); 160 161 if ($nonce and $nonce === md5($c_userid.pack('H*', $c_hash))) 162 { 163 // cookie is good, create $txp_user 164 $txp_user = $c_userid; 165 return ''; 166 } 167 else 168 { 169 setcookie('txp_login', $c_userid, time()+3600*24*365); 170 setcookie('txp_login_public', '', time()-3600, $pub_path); 171 $message = gTxt('bad_cookie'); 172 } 173 174 } 175 elseif ($p_userid and $p_password) // incoming login vars 176 { 177 sleep(3); 178 179 $name = txp_validate($p_userid,$p_password); 180 181 if ($name !== FALSE) 182 { 183 $c_hash = md5(uniqid(mt_rand(), TRUE)); 184 $nonce = md5($name.pack('H*',$c_hash)); 185 186 safe_update( 187 'txp_users', 188 "nonce = '".doSlash($nonce)."'", 189 "name = '".doSlash($name)."'" 190 ); 191 192 setcookie( 193 'txp_login', 194 $name.','.$c_hash, 195 ($stay ? time()+3600*24*365 : 0) 196 ); 197 198 setcookie( 199 'txp_login_public', 200 substr(md5($nonce), -10).$name, 201 ($stay ? time()+3600*24*30 : 0), 202 $pub_path 203 ); 204 205 // login is good, create $txp_user 206 $txp_user = $name; 207 return ''; 208 } 209 else 210 { 211 $message = gTxt('could_not_log_in'); 212 } 213 } 214 elseif ($p_reset) // reset request 215 { 216 sleep(3); 217 218 include_once txpath.'/lib/txplib_admin.php'; 219 220 $message = send_reset_confirmation_request($p_userid); 221 } 222 elseif (gps('reset')) 223 { 224 $message = gTxt('password_reset'); 225 } 226 elseif (gps('confirm')) 227 { 228 sleep(3); 229 230 $confirm = pack('H*', gps('confirm')); 231 $name = substr($confirm, 5); 232 $nonce = safe_field('nonce', 'txp_users', "name = '".doSlash($name)."'"); 233 234 if ($nonce and $confirm === pack('H*', substr(md5($nonce), 0, 10)).$name) 235 { 236 include_once txpath.'/lib/txplib_admin.php'; 237 238 $message = reset_author_pass($name); 239 } 240 } 241 242 $txp_user = ''; 243 return $message; 244 } 245 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu May 21 23:03:01 2009 | Cross-referenced by PHPXref 0.7 |