ConLite
/
ConLite
1
0
Fork 0
Code Issues 22 Pull-Requests Projekte 2 Releases 2 Wiki Aktivität

fixes for releasetool

Dieser Commit ist enthalten in:
Oldperl 2017-03-09 17:20:28 +00:00
Ursprung 926c88ead7
Commit e42cb01978
3 geänderte Dateien mit 177 neuen und 209 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Vergleichs-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

24
conlib/db_mysqli.inc
Datei anzeigen

@ -378,13 +378,15 @@ class DB_Sql extends DB_Sql_Abstract {
// made this IF due to performance (one if is faster than $count if's) // made this IF due to performance (one if is faster than $count if's)
for ($i = 0; $i < $count; $i ++) { for ($i = 0; $i < $count; $i ++) {
$finfo = mysqli_fetch_field($id); $finfo = mysqli_fetch_field($id);
$res[$i]['table'] = $finfo->table; if (is_object($finfo)) {
$res[$i]['name'] = $finfo->name; $res[$i]['table'] = $finfo->table;
$res[$i]['type'] = $this->_aDataTypes[$finfo->type]; $res[$i]['name'] = $finfo->name;
$res[$i]['len'] = $finfo->max_length; $res[$i]['type'] = $this->_aDataTypes[$finfo->type];
$res[$i]['flags'] = $finfo->flags; $res[$i]['len'] = $finfo->max_length;
if ($full) { $res[$i]['flags'] = $finfo->flags;
$res['meta'][$res[$i]['name']] = $i; if ($full) {
$res['meta'][$res[$i]['name']] = $i;
}
} }
} }
if ($full) { if ($full) {
@ -395,7 +397,8 @@ class DB_Sql extends DB_Sql_Abstract {
if ($table) { if ($table) {
mysqli_free_result($id); mysqli_free_result($id);
} }
return $res;
return (count($res) > 0) ? $res : FALSE;
} }
/** /**
@ -493,8 +496,9 @@ class DB_Sql extends DB_Sql_Abstract {
$oCharSet = mysqli_get_charset($this->Link_ID); $oCharSet = mysqli_get_charset($this->Link_ID);
return $oCharSet->charset; return $oCharSet->charset;
} }
public function getClientInfo() { public function getClientInfo() {
return mysqli_get_client_info(); return mysqli_get_client_info();
} }
}
}

9
conlib/db_sql_abstract.inc
Datei anzeigen

@ -465,6 +465,15 @@ abstract class DB_Sql_Abstract {
* @return array Depends on used database and on parameter $full * @return array Depends on used database and on parameter $full
*/ */
public function metadata($table = '', $full = false) { public function metadata($table = '', $full = false) {
if(empty($table)) {
$aMeta = $this->_metaData(NULL, true);
if(is_array($aMeta) && isset($aMeta[0]['table'])) {
$table = $aMeta[0]['table'];
} else {
return FALSE;
}
}
$key = (string) $this->Database . '_' . $table . '_' . (($full) ? '1' : '0'); $key = (string) $this->Database . '_' . $table . '_' . (($full) ? '1' : '0');
if (!isset(self::$_metaCache[$key])) { if (!isset(self::$_metaCache[$key])) {

353
conlib/local.php
Datei anzeigen

@ -1,4 +1,5 @@
<?php <?php
/** /**
* Project: * Project:
* Contenido Content Management System * Contenido Content Management System
@ -32,7 +33,6 @@
* }} * }}
* *
*/ */
if (!defined('CON_FRAMEWORK')) { if (!defined('CON_FRAMEWORK')) {
die('Illegal call'); die('Illegal call');
} }
@ -40,8 +40,8 @@ if (!defined('CON_FRAMEWORK')) {
/** /**
* DB-class for all DB handling * DB-class for all DB handling
*/ */
class DB_ConLite extends DB_Sql class DB_ConLite extends DB_Sql {
{
/** /**
* Constructor of database class. * Constructor of database class.
* *
@ -58,8 +58,7 @@ class DB_ConLite extends DB_Sql
* - $options['enableProfiling'] (bool) Optional, flag to enable profiling * - $options['enableProfiling'] (bool) Optional, flag to enable profiling
* @return void * @return void
*/ */
public function __construct(array $options = array()) public function __construct(array $options = array()) {
{
global $cachemeta; global $cachemeta;
parent::__construct($options); parent::__construct($options);
@ -70,19 +69,16 @@ class DB_ConLite extends DB_Sql
// TODO check this out // TODO check this out
// HerrB: Checked and disabled. Kills umlauts, if tables are latin1_general. // HerrB: Checked and disabled. Kills umlauts, if tables are latin1_general.
// try to use the new connection and get the needed encryption // try to use the new connection and get the needed encryption
//$this->query("SET NAMES 'utf8'"); //$this->query("SET NAMES 'utf8'");
} }
/** /**
* Fetches the next recordset from result set * Fetches the next recordset from result set
* *
* @param bool * @param bool
*/ */
public function next_record() public function next_record() {
{
global $cCurrentModule; global $cCurrentModule;
// FIXME For what reason is NoRecord used??? // FIXME For what reason is NoRecord used???
$this->NoRecord = false; $this->NoRecord = false;
@ -99,7 +95,6 @@ class DB_ConLite extends DB_Sql
return parent::next_record(); return parent::next_record();
} }
/** /**
* Returns the metada of passed table * Returns the metada of passed table
* *
@ -108,22 +103,13 @@ class DB_ConLite extends DB_Sql
* or false in case of an error * or false in case of an error
* @deprecated Use db drivers toArray() method instead * @deprecated Use db drivers toArray() method instead
*/ */
public function copyResultToArray($sTable = '') public function copyResultToArray($sTable = '') {
{
global $cachemeta;
$aValues = array(); $aValues = array();
if ($sTable != '') {
if (array_key_exists($sTable, $cachemeta)) { $aMetadata = $this->metadata($sTable);
$aMetadata = $cachemeta[$sTable];
} else {
$cachemeta[$sTable] = $this->metadata($sTable);
$aMetadata = $cachemeta[$sTable];
}
} else {
$aMetadata = $this->metadata($sTable);
}
if (!is_array($aMetadata) || count($aMetadata) == 0) { if (!is_array($aMetadata) || count($aMetadata) == 0) {
return false; return false;
@ -135,6 +121,7 @@ class DB_ConLite extends DB_Sql
return $aValues; return $aValues;
} }
} }
/** /**
@ -143,7 +130,7 @@ class DB_ConLite extends DB_Sql
* @deprecated since version 2.0.0, use DB_ConLite instead * @deprecated since version 2.0.0, use DB_ConLite instead
*/ */
class DB_Contenido extends DB_ConLite { class DB_Contenido extends DB_ConLite {
/** /**
* *
* @deprecated since version 2.0.0 * @deprecated since version 2.0.0
@ -152,11 +139,11 @@ class DB_Contenido extends DB_ConLite {
public function __construct(array $options = array()) { public function __construct(array $options = array()) {
parent::__construct($options); parent::__construct($options);
} }
} }
class Contenido_CT_Sql extends CT_Sql {
class Contenido_CT_Sql extends CT_Sql
{
/** /**
* Database class name * Database class name
* @var string * @var string
@ -169,8 +156,7 @@ class Contenido_CT_Sql extends CT_Sql
*/ */
public $database_table = ''; public $database_table = '';
public function __construct() public function __construct() {
{
global $cfg; global $cfg;
$this->database_table = $cfg['tab']['phplib_active_sessions']; $this->database_table = $cfg['tab']['phplib_active_sessions'];
} }
@ -189,36 +175,34 @@ class Contenido_CT_Sql extends CT_Sql
* @param string $str The value to store * @param string $str The value to store
* @return bool * @return bool
*/ */
public function ac_store($id, $name, $str) public function ac_store($id, $name, $str) {
{
switch ($this->encoding_mode) { switch ($this->encoding_mode) {
case 'slashes': case 'slashes':
$str = addslashes($name . ':' . $str); $str = addslashes($name . ':' . $str);
break; break;
case 'base64': case 'base64':
default: default:
$str = base64_encode($name . ':' . $str); $str = base64_encode($name . ':' . $str);
} }
$name = addslashes($name); $name = addslashes($name);
$now = date('YmdHis', time()); $now = date('YmdHis', time());
$iquery = sprintf( $iquery = sprintf(
"REPLACE INTO %s (sid, name, val, changed) VALUES ('%s', '%s', '%s', '%s')", "REPLACE INTO %s (sid, name, val, changed) VALUES ('%s', '%s', '%s', '%s')", $this->database_table, $id, $name, $str, $now
$this->database_table, $id, $name, $str, $now
); );
return ($this->db->query($iquery)) ? true : false; return ($this->db->query($iquery)) ? true : false;
} }
}
}
/** /**
* Implements the interface class for storing session data to disk using file * Implements the interface class for storing session data to disk using file
* session container of phplib. * session container of phplib.
*/ */
class Contenido_CT_File extends CT_File class Contenido_CT_File extends CT_File {
{
/** /**
* The maximum length for one line in session file. * The maximum length for one line in session file.
* @var int * @var int
@ -233,8 +217,7 @@ class Contenido_CT_File extends CT_File
* *
* @author Holger Librenz <holger.librenz@4fb.de> * @author Holger Librenz <holger.librenz@4fb.de>
*/ */
public function __construct() public function __construct() {
{
global $cfg; global $cfg;
if (isset($cfg['session_line_length']) && !empty($cfg['session_line_length'])) { if (isset($cfg['session_line_length']) && !empty($cfg['session_line_length'])) {
@ -253,11 +236,10 @@ class Contenido_CT_File extends CT_File
* @param string $sName * @param string $sName
* @return mixed * @return mixed
*/ */
public function ac_get_value($sId, $sName) public function ac_get_value($sId, $sName) {
{
if (file_exists($this->file_path . "$sId$sName")) { if (file_exists($this->file_path . "$sId$sName")) {
$f = fopen($this->file_path . "$sId$sName", 'r'); $f = fopen($this->file_path . "$sId$sName", 'r');
if ($f<0) { if ($f < 0) {
return ''; return '';
} }
@ -269,16 +251,16 @@ class Contenido_CT_File extends CT_File
return ''; return '';
} }
} }
} }
class Contenido_CT_Shm extends CT_Shm class Contenido_CT_Shm extends CT_Shm {
{
public function __construct() public function __construct() {
{
$this->ac_start(); $this->ac_start();
} }
}
}
/** /**
* Contenido session container, uses PHP's session implementation. * Contenido session container, uses PHP's session implementation.
@ -292,34 +274,33 @@ class Contenido_CT_Shm extends CT_Shm
* *
* @author Murat Purc <murat@purc.de> * @author Murat Purc <murat@purc.de>
*/ */
class Contenido_CT_Session extends CT_Session class Contenido_CT_Session extends CT_Session {
{
public function __construct() public function __construct() {
{
$this->ac_start(array( $this->ac_start(array(
'namespace' => 'contenido_ct_session_ns', 'namespace' => 'contenido_ct_session_ns',
'session.hash_function' => '1', // use sha-1 function 'session.hash_function' => '1', // use sha-1 function
'session.hash_bits_per_character' => '5', // and set 5 character to achieve 32 chars 'session.hash_bits_per_character' => '5', // and set 5 character to achieve 32 chars
# 'session.save_path' => 'your path', # 'session.save_path' => 'your path',
# 'session.name' => 'your session name', # 'session.name' => 'your session name',
# 'session.gc_maxlifetime' => 'your lifetime in seconds', # 'session.gc_maxlifetime' => 'your lifetime in seconds',
)); ));
} }
} }
class Contenido_Session extends Session class Contenido_Session extends Session {
{
public $classname = 'Contenido_Session';
public $cookiename = 'contenido'; ## defaults to classname
public $magic = '934ComeOnEileen'; ## ID seed
public $mode = 'get'; ## We propagate session IDs with cookies
public $fallback_mode = 'cookie';
public $lifetime = 0; ## 0 = do session cookies, else minutes
public $that_class = 'Contenido_CT_Sql'; ## name of data storage container
public $gc_probability = 5;
public function __construct() public $classname = 'Contenido_Session';
{ public $cookiename = 'contenido'; ## defaults to classname
public $magic = '934ComeOnEileen'; ## ID seed
public $mode = 'get'; ## We propagate session IDs with cookies
public $fallback_mode = 'cookie';
public $lifetime = 0; ## 0 = do session cookies, else minutes
public $that_class = 'Contenido_CT_Sql'; ## name of data storage container
public $gc_probability = 5;
public function __construct() {
global $cfg; global $cfg;
$sFallback = 'sql'; $sFallback = 'sql';
@ -327,7 +308,7 @@ class Contenido_Session extends Session
$sStorageContainer = strtolower($cfg['session_container']); $sStorageContainer = strtolower($cfg['session_container']);
if (class_exists ($sClassPrefix . ucfirst($sStorageContainer))) { if (class_exists($sClassPrefix . ucfirst($sStorageContainer))) {
$sClass = $sClassPrefix . ucfirst($sStorageContainer); $sClass = $sClassPrefix . ucfirst($sStorageContainer);
} else { } else {
$sClass = $sClassPrefix . ucfirst($sFallback); $sClass = $sClassPrefix . ucfirst($sFallback);
@ -336,33 +317,31 @@ class Contenido_Session extends Session
$this->that_class = $sClass; $this->that_class = $sClass;
} }
public function delete() public function delete() {
{
$oCol = new InUseCollection(); $oCol = new InUseCollection();
$oCol->removeSessionMarks($this->id); $oCol->removeSessionMarks($this->id);
parent::delete(); parent::delete();
} }
} }
class Contenido_Frontend_Session extends Session {
class Contenido_Frontend_Session extends Session public $classname = 'Contenido_Frontend_Session';
{ public $cookiename = 'sid'; ## defaults to classname
public $classname = 'Contenido_Frontend_Session'; public $magic = 'Phillipip'; ## ID seed
public $cookiename = 'sid'; ## defaults to classname public $mode = 'cookie'; ## We propagate session IDs with cookies
public $magic = 'Phillipip'; ## ID seed public $fallback_mode = 'cookie';
public $mode = 'cookie'; ## We propagate session IDs with cookies public $lifetime = 0; ## 0 = do session cookies, else minutes
public $fallback_mode = 'cookie'; public $that_class = 'Contenido_CT_Sql'; ## name of data storage container
public $lifetime = 0; ## 0 = do session cookies, else minutes
public $that_class = 'Contenido_CT_Sql'; ## name of data storage container
public $gc_probability = 5; public $gc_probability = 5;
public function __construct() public function __construct() {
{
global $load_lang, $load_client, $cfg; global $load_lang, $load_client, $cfg;
$this->cookiename = 'sid_' . $load_client . '_' . $load_lang; $this->cookiename = 'sid_' . $load_client . '_' . $load_lang;
$this->setExpires(time()+3600); $this->setExpires(time() + 3600);
// added 2007-10-11, H. Librenz // added 2007-10-11, H. Librenz
// bugfix (found by dodger77): we need alternative session containers // bugfix (found by dodger77): we need alternative session containers
@ -380,23 +359,22 @@ class Contenido_Frontend_Session extends Session
$this->that_class = $sClass; $this->that_class = $sClass;
} }
} }
class Contenido_Auth extends Auth class Contenido_Auth extends Auth {
{
public $classname = 'Contenido_Auth'; public $classname = 'Contenido_Auth';
public $lifetime = 15; public $lifetime = 15;
public $database_class = 'DB_Contenido'; public $database_class = 'DB_Contenido';
public $database_table = 'con_phplib_auth_user'; public $database_table = 'con_phplib_auth_user';
public function auth_loginform() public function auth_loginform() {
{
global $sess, $_PHPLIB; global $sess, $_PHPLIB;
include($_PHPLIB['libdir'] . 'loginform.ihtml'); include($_PHPLIB['libdir'] . 'loginform.ihtml');
} }
public function auth_validatelogin() public function auth_validatelogin() {
{
global $username, $password; global $username, $password;
if ($password == '') { if ($password == '') {
@ -405,15 +383,14 @@ class Contenido_Auth extends Auth
if (isset($username)) { if (isset($username)) {
$this->auth['uname'] = $username; ## This provides access for 'loginform.ihtml' $this->auth['uname'] = $username; ## This provides access for 'loginform.ihtml'
} elseif ($this->nobody){ ## provides for 'default login cancel' } elseif ($this->nobody) { ## provides for 'default login cancel'
$uid = $this->auth['uname'] = $this->auth['uid'] = 'nobody'; $uid = $this->auth['uname'] = $this->auth['uid'] = 'nobody';
return $uid; return $uid;
} }
$uid = false; $uid = false;
$this->db->query( $this->db->query(
sprintf("SELECT user_id, perms FROM %s WHERE username = '%s' AND password = '%s'", sprintf("SELECT user_id, perms FROM %s WHERE username = '%s' AND password = '%s'", $this->database_table, addslashes($username), addslashes($password))
$this->database_table, addslashes($username), addslashes($password))
); );
while ($this->db->next_record()) { while ($this->db->next_record()) {
@ -422,33 +399,31 @@ class Contenido_Auth extends Auth
} }
return $uid; return $uid;
} }
} }
class Contenido_Default_Auth extends Contenido_Auth {
class Contenido_Default_Auth extends Contenido_Auth
{
public $classname = 'Contenido_Default_Auth'; public $classname = 'Contenido_Default_Auth';
public $lifetime = 1; public $lifetime = 1;
public $nobody = true; public $nobody = true;
public function auth_loginform() public function auth_loginform() {
{
global $sess, $_PHPLIB; global $sess, $_PHPLIB;
include($_PHPLIB['libdir'] . 'defloginform.ihtml'); include($_PHPLIB['libdir'] . 'defloginform.ihtml');
} }
} }
class Contenido_Challenge_Auth extends Auth {
class Contenido_Challenge_Auth extends Auth public $classname = 'Contenido_Challenge_Auth';
{ public $lifetime = 1;
public $classname = 'Contenido_Challenge_Auth'; public $magic = 'Simsalabim'; ## Challenge seed
public $lifetime = 1;
public $magic = 'Simsalabim'; ## Challenge seed
public $database_class = 'DB_Contenido'; public $database_class = 'DB_Contenido';
public $database_table = 'con_phplib_auth_user'; public $database_table = 'con_phplib_auth_user';
public function auth_loginform() public function auth_loginform() {
{
global $sess, $challenge, $_PHPLIB; global $sess, $challenge, $_PHPLIB;
$challenge = md5(uniqid($this->magic)); $challenge = md5(uniqid($this->magic));
@ -457,8 +432,7 @@ class Contenido_Challenge_Auth extends Auth
include($_PHPLIB['libdir'] . 'crloginform.ihtml'); include($_PHPLIB['libdir'] . 'crloginform.ihtml');
} }
public function auth_validatelogin() public function auth_validatelogin() {
{
global $username, $password, $challenge, $response, $timestamp; global $username, $password, $challenge, $response, $timestamp;
if ($password == '') { if ($password == '') {
@ -476,14 +450,13 @@ class Contenido_Challenge_Auth extends Auth
return false; return false;
} }
$this->db->query( $this->db->query(
sprintf("SELECT user_id, perms, password FROM %s WHERE username = '%s'", sprintf("SELECT user_id, perms, password FROM %s WHERE username = '%s'", $this->database_table, addslashes($username))
$this->database_table, addslashes($username))
); );
while ($this->db->next_record()) { while ($this->db->next_record()) {
$uid = $this->db->f('user_id'); $uid = $this->db->f('user_id');
$perm = $this->db->f('perms'); $perm = $this->db->f('perms');
$pass = $this->db->f('password'); $pass = $this->db->f('password');
} }
$exspected_response = md5("$username:$pass:$challenge"); $exspected_response = md5("$username:$pass:$challenge");
@ -505,6 +478,7 @@ class Contenido_Challenge_Auth extends Auth
return $uid; return $uid;
} }
} }
} }
## ##
@ -512,18 +486,17 @@ class Contenido_Challenge_Auth extends Auth
## than cleartext in database ## than cleartext in database
## Author: Jim Zajkowski <jim@jimz.com> ## Author: Jim Zajkowski <jim@jimz.com>
class Contenido_Challenge_Crypt_Auth extends Auth class Contenido_Challenge_Crypt_Auth extends Auth {
{
public $classname = 'Contenido_Challenge_Crypt_Auth'; public $classname = 'Contenido_Challenge_Crypt_Auth';
public $lifetime = 15; public $lifetime = 15;
public $magic = 'Frrobo123xxica'; ## Challenge seed public $magic = 'Frrobo123xxica'; ## Challenge seed
public $database_class = 'DB_Contenido'; public $database_class = 'DB_Contenido';
public $database_table = ''; public $database_table = '';
public $group_table = ''; public $group_table = '';
public $member_table = ''; public $member_table = '';
public function __construct() public function __construct() {
{
global $cfg; global $cfg;
$this->database_table = $cfg['tab']['phplib_auth_user_md5']; $this->database_table = $cfg['tab']['phplib_auth_user_md5'];
$this->group_table = $cfg['tab']['groups']; $this->group_table = $cfg['tab']['groups'];
@ -535,8 +508,7 @@ class Contenido_Challenge_Crypt_Auth extends Auth
} }
} }
public function auth_loginform() public function auth_loginform() {
{
global $sess, $challenge, $_PHPLIB, $cfg; global $sess, $challenge, $_PHPLIB, $cfg;
$challenge = md5(uniqid($this->magic)); $challenge = md5(uniqid($this->magic));
@ -545,30 +517,29 @@ class Contenido_Challenge_Crypt_Auth extends Auth
include($cfg['path']['contenido'] . 'main.loginform.php'); include($cfg['path']['contenido'] . 'main.loginform.php');
} }
public function auth_loglogin($uid) public function auth_loglogin($uid) {
{
global $cfg, $client, $lang, $auth, $sess, $saveLoginTime; global $cfg, $client, $lang, $auth, $sess, $saveLoginTime;
$perm = new Contenido_Perm(); $perm = new Contenido_Perm();
$timestamp = date('Y-m-d H:i:s'); $timestamp = date('Y-m-d H:i:s');
$idcatart = '0'; $idcatart = '0';
/* Find the first accessible client and language for the user */ /* Find the first accessible client and language for the user */
// All the needed information should be available in clients_lang - but the previous code was designed with a // All the needed information should be available in clients_lang - but the previous code was designed with a
// reference to the clients table. Maybe fail-safe technology, who knows... // reference to the clients table. Maybe fail-safe technology, who knows...
$sql = 'SELECT tblClientsLang.idclient, tblClientsLang.idlang FROM ' . $sql = 'SELECT tblClientsLang.idclient, tblClientsLang.idlang FROM ' .
$cfg['tab']['clients'] . ' AS tblClients, ' . $cfg['tab']['clients_lang'] . ' AS tblClientsLang ' . $cfg['tab']['clients'] . ' AS tblClients, ' . $cfg['tab']['clients_lang'] . ' AS tblClientsLang ' .
'WHERE tblClients.idclient = tblClientsLang.idclient ORDER BY idclient ASC, idlang ASC'; 'WHERE tblClients.idclient = tblClientsLang.idclient ORDER BY idclient ASC, idlang ASC';
$this->db->query($sql); $this->db->query($sql);
$bFound = false; $bFound = false;
while ($this->db->next_record() && !$bFound) { while ($this->db->next_record() && !$bFound) {
$iTmpClient = $this->db->f('idclient'); $iTmpClient = $this->db->f('idclient');
$iTmpLang = $this->db->f('idlang'); $iTmpLang = $this->db->f('idlang');
if ($perm->have_perm_client_lang($iTmpClient, $iTmpLang)) { if ($perm->have_perm_client_lang($iTmpClient, $iTmpLang)) {
$client = $iTmpClient; $client = $iTmpClient;
$lang = $iTmpLang; $lang = $iTmpLang;
$bFound = true; $bFound = true;
} }
} }
@ -577,10 +548,10 @@ class Contenido_Challenge_Crypt_Auth extends Auth
// SECURITY FIX // SECURITY FIX
$sql = "SELECT idcatart $sql = "SELECT idcatart
FROM FROM
". $cfg['tab']['cat_art'] ." " . $cfg['tab']['cat_art'] . "
WHERE WHERE
idcat = '".Contenido_Security::toInteger($idcat)."' AND idcat = '" . Contenido_Security::toInteger($idcat) . "' AND
idart = '".Contenido_Security::toInteger($idart)."'"; idart = '" . Contenido_Security::toInteger($idart) . "'";
$this->db->query($sql); $this->db->query($sql);
$this->db->next_record(); $this->db->next_record();
@ -591,16 +562,16 @@ class Contenido_Challenge_Crypt_Auth extends Auth
return; return;
} }
$idaction = $perm->getIDForAction('login'); $idaction = $perm->getIDForAction('login');
$lastentry = $this->db->nextid($cfg['tab']['actionlog']); $lastentry = $this->db->nextid($cfg['tab']['actionlog']);
$sql = "INSERT INTO $sql = "INSERT INTO
". $cfg['tab']['actionlog']." " . $cfg['tab']['actionlog'] . "
SET SET
idlog = $lastentry, idlog = $lastentry,
user_id = '" . $uid . "', user_id = '" . $uid . "',
idclient = '".Contenido_Security::toInteger($client)."', idclient = '" . Contenido_Security::toInteger($client) . "',
idlang = '".Contenido_Security::toInteger($lang)."', idlang = '" . Contenido_Security::toInteger($lang) . "',
idaction = $idaction, idaction = $idaction,
idcatart = $idcatart, idcatart = $idcatart,
logtimestamp = '$timestamp'"; logtimestamp = '$timestamp'";
@ -610,8 +581,7 @@ class Contenido_Challenge_Crypt_Auth extends Auth
$saveLoginTime = true; $saveLoginTime = true;
} }
public function auth_validatelogin() public function auth_validatelogin() {
{
global $username, $password, $challenge, $response, $formtimestamp, $auth_handlers; global $username, $password, $challenge, $response, $formtimestamp, $auth_handlers;
$gperm = array(); $gperm = array();
@ -620,7 +590,7 @@ class Contenido_Challenge_Crypt_Auth extends Auth
return false; return false;
} }
if (($formtimestamp + (60*15)) < time()) { if (($formtimestamp + (60 * 15)) < time()) {
return false; return false;
} }
@ -631,24 +601,22 @@ class Contenido_Challenge_Crypt_Auth extends Auth
return $uid; return $uid;
} }
$uid = false; $uid = false;
$perm = false; $perm = false;
$pass = false; $pass = false;
$sDate = date('Y-m-d'); $sDate = date('Y-m-d');
$this->db->query(sprintf("SELECT user_id, perms, password FROM %s WHERE username = '%s' AND $this->db->query(sprintf("SELECT user_id, perms, password FROM %s WHERE username = '%s' AND
(valid_from <= '".$sDate."' OR valid_from = '0000-00-00' OR valid_from is NULL) AND (valid_from <= '" . $sDate . "' OR valid_from = '0000-00-00' OR valid_from is NULL) AND
(valid_to >= '".$sDate."' OR valid_to = '0000-00-00' OR valid_to is NULL)", (valid_to >= '" . $sDate . "' OR valid_to = '0000-00-00' OR valid_to is NULL)", $this->database_table, Contenido_Security::escapeDB($username, $this->db)
$this->database_table,
Contenido_Security::escapeDB($username, $this->db)
)); ));
$sMaintenanceMode = getSystemProperty('maintenance', 'mode'); $sMaintenanceMode = getSystemProperty('maintenance', 'mode');
while($this->db->next_record()) { while ($this->db->next_record()) {
$uid = $this->db->f('user_id'); $uid = $this->db->f('user_id');
$perm = $this->db->f('perms'); $perm = $this->db->f('perms');
$pass = $this->db->f('password'); ## Password is stored as a md5 hash $pass = $this->db->f('password'); ## Password is stored as a md5 hash
$bInMaintenance = false; $bInMaintenance = false;
if ($sMaintenanceMode == 'enabled') { if ($sMaintenanceMode == 'enabled') {
@ -681,11 +649,8 @@ class Contenido_Challenge_Crypt_Auth extends Auth
sleep(5); sleep(5);
return false; return false;
} else { } else {
$this->db->query(sprintf("SELECT a.group_id AS group_id, a.perms AS perms ". $this->db->query(sprintf("SELECT a.group_id AS group_id, a.perms AS perms " .
"FROM %s AS a, %s AS b WHERE a.group_id = b.group_id AND b.user_id = '%s'", "FROM %s AS a, %s AS b WHERE a.group_id = b.group_id AND b.user_id = '%s'", $this->group_table, $this->member_table, $uid
$this->group_table,
$this->member_table,
$uid
)); ));
if ($perm != '') { if ($perm != '') {
@ -697,7 +662,7 @@ class Contenido_Challenge_Crypt_Auth extends Auth
} }
if (is_array($gperm)) { if (is_array($gperm)) {
$perm = implode(',',$gperm); $perm = implode(',', $gperm);
} }
if ($response == '') { ## True when JS is disabled if ($response == '') { ## True when JS is disabled
@ -723,22 +688,22 @@ class Contenido_Challenge_Crypt_Auth extends Auth
} }
} }
} }
} }
class Contenido_Frontend_Challenge_Crypt_Auth extends Auth class Contenido_Frontend_Challenge_Crypt_Auth extends Auth {
{
public $classname = 'Contenido_Frontend_Challenge_Crypt_Auth'; public $classname = 'Contenido_Frontend_Challenge_Crypt_Auth';
public $lifetime = 15; public $lifetime = 15;
public $magic = 'Frrobo123xxica'; ## Challenge seed public $magic = 'Frrobo123xxica'; ## Challenge seed
public $database_class = 'DB_Contenido'; public $database_class = 'DB_Contenido';
public $database_table = ''; public $database_table = '';
public $fe_database_table = ''; public $fe_database_table = '';
public $group_table = ''; public $group_table = '';
public $member_table = ''; public $member_table = '';
public $nobody = true; public $nobody = true;
public function __construct() public function __construct() {
{
global $cfg; global $cfg;
$this->database_table = $cfg['tab']['phplib_auth_user_md5']; $this->database_table = $cfg['tab']['phplib_auth_user_md5'];
$this->fe_database_table = $cfg['tab']['frontendusers']; $this->fe_database_table = $cfg['tab']['frontendusers'];
@ -746,8 +711,7 @@ class Contenido_Frontend_Challenge_Crypt_Auth extends Auth
$this->member_table = $cfg['tab']['groupmembers']; $this->member_table = $cfg['tab']['groupmembers'];
} }
public function auth_preauth() public function auth_preauth() {
{
global $password; global $password;
if ($password == '') { if ($password == '') {
@ -759,23 +723,21 @@ class Contenido_Frontend_Challenge_Crypt_Auth extends Auth
return $this->auth_validatelogin(); return $this->auth_validatelogin();
} }
public function auth_loginform() public function auth_loginform() {
{
global $sess, $challenge, $_PHPLIB, $client, $cfgClient; global $sess, $challenge, $_PHPLIB, $client, $cfgClient;
$challenge = md5(uniqid($this->magic)); $challenge = md5(uniqid($this->magic));
$sess->register('challenge'); $sess->register('challenge');
include($cfgClient[$client]['path']['frontend'].'front_crcloginform.inc.php'); include($cfgClient[$client]['path']['frontend'] . 'front_crcloginform.inc.php');
} }
public function auth_validatelogin() public function auth_validatelogin() {
{
global $username, $password, $challenge, $response, $auth_handlers, $client; global $username, $password, $challenge, $response, $auth_handlers, $client;
$client = (int)$client; $client = (int) $client;
if(isset($username)) { if (isset($username)) {
$this->auth['uname'] = $username; ## This provides access for 'loginform.ihtml' $this->auth['uname'] = $username; ## This provides access for 'loginform.ihtml'
} else if ($this->nobody) { ## provides for 'default login cancel' } else if ($this->nobody) { ## provides for 'default login cancel'
$uid = $this->auth['uname'] = $this->auth['uid'] = 'nobody'; $uid = $this->auth['uname'] = $this->auth['uid'] = 'nobody';
@ -785,33 +747,29 @@ class Contenido_Frontend_Challenge_Crypt_Auth extends Auth
$uid = false; $uid = false;
/* Authentification via frontend users */ /* Authentification via frontend users */
$this->db->query(sprintf("SELECT idfrontenduser, password FROM %s WHERE username = '%s' AND idclient='$client' AND active='1'", $this->db->query(sprintf("SELECT idfrontenduser, password FROM %s WHERE username = '%s' AND idclient='$client' AND active='1'", $this->fe_database_table, Contenido_Security::escapeDB(urlencode($username), $this->db)
$this->fe_database_table,
Contenido_Security::escapeDB(urlencode($username), $this->db)
)); ));
if ($this->db->next_record()) { if ($this->db->next_record()) {
$uid = $this->db->f('idfrontenduser'); $uid = $this->db->f('idfrontenduser');
$perm = 'frontend'; $perm = 'frontend';
$pass = $this->db->f('password'); $pass = $this->db->f('password');
} }
if ($uid == false) { if ($uid == false) {
/* Authentification via backend users */ /* Authentification via backend users */
$this->db->query(sprintf("SELECT user_id, perms, password FROM %s WHERE username = '%s'", $this->db->query(sprintf("SELECT user_id, perms, password FROM %s WHERE username = '%s'", $this->database_table, Contenido_Security::escapeDB($username, $this->db)));
$this->database_table,
Contenido_Security::escapeDB($username, $this->db) ));
while($this->db->next_record()) { while ($this->db->next_record()) {
$uid = $this->db->f('user_id'); $uid = $this->db->f('user_id');
$perm = $this->db->f('perms'); $perm = $this->db->f('perms');
$pass = $this->db->f('password'); ## Password is stored as a md5 hash $pass = $this->db->f('password'); ## Password is stored as a md5 hash
if (is_array($auth_handlers)) { if (is_array($auth_handlers)) {
if (array_key_exists($pass, $auth_handlers)) { if (array_key_exists($pass, $auth_handlers)) {
$success = call_user_func($auth_handlers[$pass], $username, $password); $success = call_user_func($auth_handlers[$pass], $username, $password);
if ($success) { if ($success) {
$uid = md5($username); $uid = md5($username);
$pass = md5($password); $pass = md5($password);
} }
} }
@ -819,17 +777,14 @@ class Contenido_Frontend_Challenge_Crypt_Auth extends Auth
} }
if ($uid !== false) { if ($uid !== false) {
$this->db->query(sprintf("SELECT a.group_id AS group_id, a.perms AS perms ". $this->db->query(sprintf("SELECT a.group_id AS group_id, a.perms AS perms " .
"FROM %s AS a, %s AS b WHERE a.group_id = b.group_id AND ". "FROM %s AS a, %s AS b WHERE a.group_id = b.group_id AND " .
"b.user_id = '%s'", "b.user_id = '%s'", $this->group_table, $this->member_table, $uid
$this->group_table,
$this->member_table,
$uid
)); ));
/* Deactivated: Backend user would be sysadmin when logged on as frontend user /* Deactivated: Backend user would be sysadmin when logged on as frontend user
* (and perms would be checked), see http://www.contenido.org/forum/viewtopic.php?p=85666#85666 * (and perms would be checked), see http://www.contenido.org/forum/viewtopic.php?p=85666#85666
$perm = 'sysadmin'; */ $perm = 'sysadmin'; */
if ($perm != '') { if ($perm != '') {
$gperm[] = $perm; $gperm[] = $perm;
} }
@ -839,7 +794,7 @@ class Contenido_Frontend_Challenge_Crypt_Auth extends Auth
} }
if (is_array($gperm)) { if (is_array($gperm)) {
$perm = implode(',',$gperm); $perm = implode(',', $gperm);
} }
} }
} }
@ -869,13 +824,13 @@ class Contenido_Frontend_Challenge_Crypt_Auth extends Auth
} }
} }
} }
} }
/** /**
* Registers an external auth handler * Registers an external auth handler
*/ */
function register_auth_handler($aHandlers) function register_auth_handler($aHandlers) {
{
global $auth_handlers; global $auth_handlers;
if (!is_array($auth_handlers)) { if (!is_array($auth_handlers)) {