Changeset 1744
- Timestamp:
- Jan 23, 2007, 2:22:52 AM (17 years ago)
- Location:
- trunk
- Files:
-
- 4 added
- 15 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/admin/configuration.php
r1652 r1744 52 52 'history_admin', 53 53 'history_guest', 54 'login_history',55 54 'email_admin_on_new_user', 56 55 'allow_user_registration', -
trunk/identification.php
r1727 r1744 46 46 { 47 47 $redirect_to = isset($_POST['redirect']) ? $_POST['redirect'] : ''; 48 $username = mysql_escape_string($_POST['username']); 49 // retrieving the encrypted password of the login submitted 50 $query = ' 51 SELECT '.$conf['user_fields']['id'].' AS id, 52 '.$conf['user_fields']['password'].' AS password 53 FROM '.USERS_TABLE.' 54 WHERE '.$conf['user_fields']['username'].' = \''.$username.'\' 55 ;'; 56 $row = mysql_fetch_array(pwg_query($query)); 57 if ($row['password'] == $conf['pass_convert']($_POST['password'])) 48 $remember_me = isset($_POST['remember_me']) and $_POST['remember_me']==1; 49 if ( try_log_user($_POST['username'], $_POST['password'], $remember_me) ) 58 50 { 59 $remember_me = false;60 if (isset($_POST['remember_me'])61 and $_POST['remember_me'] == 1)62 {63 $remember_me = true;64 }65 log_user($row['id'], $remember_me);66 51 redirect(empty($redirect_to) ? make_index_url() : $redirect_to); 67 52 } -
trunk/include/common.inc.php
r1722 r1744 122 122 } 123 123 124 foreach( array( 125 'array_intersect_key', //PHP 5 >= 5.1.0RC1 126 'hash_hmac', //(hash) - enabled by default as of PHP 5.1.2 127 ) as $func) 128 { 129 if (!function_exists($func)) 130 { 131 include_once(PHPWG_ROOT_PATH . 'include/php_compat/'.$func.'.php'); 132 } 133 } 134 124 135 include(PHPWG_ROOT_PATH . 'include/config_default.inc.php'); 125 136 @include(PHPWG_ROOT_PATH. 'include/config_local.inc.php'); -
trunk/include/functions_html.inc.php
r1677 r1744 718 718 header("HTTP/1.1 $code $text"); 719 719 header("Status: $code $text"); 720 trigger_action('set_status_header', $code, $text); 720 721 } 721 722 ?> -
trunk/include/functions_search.inc.php
r1727 r1744 251 251 252 252 return $items; 253 }254 255 256 if (!function_exists('array_intersect_key')) {257 function array_intersect_key()258 {259 $arrs = func_get_args();260 $result = array_shift($arrs);261 foreach ($arrs as $array) {262 foreach ($result as $key => $v) {263 if (!array_key_exists($key, $array)) {264 unset($result[$key]);265 }266 }267 }268 return $result;269 }270 253 } 271 254 -
trunk/include/functions_user.inc.php
r1699 r1744 859 859 * returns the auto login key or false on error 860 860 * @param int user_id 861 * @param string [out] username 861 862 */ 862 function calculate_auto_login_key($user_id )863 function calculate_auto_login_key($user_id, &$username) 863 864 { 864 865 global $conf; … … 872 873 { 873 874 $row = mysql_fetch_assoc($result); 874 $key = sha1( $row['username'].$row['password'] ); 875 $username = $row['username']; 876 $data = $row['username'].$row['password']; 877 $key = base64_encode( 878 pack('H*', sha1($data)) 879 .hash_hmac('md5', $data, $conf['secret_key'],true) 880 ); 875 881 return $key; 876 882 } … … 890 896 if ($remember_me and $conf['authorize_remembering']) 891 897 { 892 $key = calculate_auto_login_key($user_id );898 $key = calculate_auto_login_key($user_id, $username); 893 899 if ($key!==false) 894 900 { … … 929 935 { 930 936 $cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']])); 931 if ($cookie!==false )932 { 933 $key = calculate_auto_login_key( $cookie['id']);937 if ($cookie!==false and is_numeric(@$cookie['id']) ) 938 { 939 $key = calculate_auto_login_key( $cookie['id'], $username ); 934 940 if ($key!==false and $key===$cookie['key']) 935 941 { 936 942 log_user($cookie['id'], true); 943 trigger_action('login_success', $username); 937 944 return true; 938 945 } … … 940 947 setcookie($conf['remember_me_name'], '', 0, cookie_path()); 941 948 } 949 return false; 950 } 951 952 /** 953 * Tries to login a user given username and password (must be MySql escaped) 954 * return true on success 955 */ 956 function try_log_user($username, $password, $remember_me) 957 { 958 global $conf; 959 // retrieving the encrypted password of the login submitted 960 $query = ' 961 SELECT '.$conf['user_fields']['id'].' AS id, 962 '.$conf['user_fields']['password'].' AS password 963 FROM '.USERS_TABLE.' 964 WHERE '.$conf['user_fields']['username'].' = \''.$username.'\' 965 ;'; 966 $row = mysql_fetch_assoc(pwg_query($query)); 967 if ($row['password'] == $conf['pass_convert']($password)) 968 { 969 log_user($row['id'], $remember_me); 970 trigger_action('login_success', $username); 971 return true; 972 } 973 trigger_action('login_failure', $username); 942 974 return false; 943 975 } -
trunk/include/picture_comment.inc.php
r1737 r1744 31 31 */ 32 32 33 if (!function_exists('hash_hmac'))34 {35 function hash_hmac($algo, $data, $key, $raw_output=false)36 {37 /* md5 and sha1 only */38 $algo=strtolower($algo);39 $p=array('md5'=>'H32','sha1'=>'H40');40 if ( !isset($p[$algo]) or !function_exists($algo) )41 {42 $algo = 'md5';43 }44 if(strlen($key)>64) $key=pack($p[$algo],$algo($key));45 if(strlen($key)<64) $key=str_pad($key,64,chr(0));46 47 $ipad=substr($key,0,64) ^ str_repeat(chr(0x36),64);48 $opad=substr($key,0,64) ^ str_repeat(chr(0x5C),64);49 50 $ret = $algo($opad.pack($p[$algo],$algo($ipad.$data)));51 if ($raw_output)52 {53 $ret = pack('H*', $ret);54 }55 return $ret;56 }57 }58 59 33 //returns string action to perform on a new comment: validate, moderate, reject 60 34 function user_comment_check($action, $comment, $picture) … … 167 141 $key = explode(':', @$_POST['key']); 168 142 if ( count($key)!=2 169 or $key[0]>time() or $key[0]<time()-1800 // 30 minutes expiration 143 or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago 144 or $key[0]<time()-3600 // 60 minutes expiration 170 145 or hash_hmac('md5', $key[0], $conf['secret_key'])!=$key[1] 171 146 ) … … 258 233 else 259 234 { 235 set_status_header(403); 260 236 $template->assign_block_vars('information', 261 237 array('INFORMATION'=>l10n('comment_not_added') ) … … 355 331 $key = time(); 356 332 $key .= ':'.hash_hmac('md5', $key, $conf['secret_key']); 333 $content = ''; 334 if ('reject'===@$comment_action) 335 { 336 $content = htmlspecialchars($comm['content']); 337 } 357 338 $template->assign_block_vars('comments.add_comment', 358 339 array( 359 'key' => $key 340 'KEY' => $key, 341 'CONTENT' => $content 360 342 )); 361 343 // display author field if the user is not logged in -
trunk/include/ws_functions.inc.php
r1711 r1744 495 495 return new PwgError(400, "This method requires POST"); 496 496 } 497 498 $username = $params['username']; 499 // retrieving the encrypted password of the login submitted 500 $query = ' 501 SELECT '.$conf['user_fields']['id'].' AS id, 502 '.$conf['user_fields']['password'].' AS password 503 FROM '.USERS_TABLE.' 504 WHERE '.$conf['user_fields']['username'].' = \''.$username.'\' 505 ;'; 506 $row = mysql_fetch_assoc(pwg_query($query)); 507 508 if ($row['password'] == $conf['pass_convert']($params['password'])) 509 { 510 log_user($row['id'], false); 497 if (try_log_user($params['username'], $params['password'],false)) 498 { 511 499 return true; 512 500 } -
trunk/install/config.sql
r1737 r1744 22 22 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('history_admin','false','keep a history of administrator visits on your website'); 23 23 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('history_guest','true','keep a history of guest visits on your website'); 24 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('login_history','true','keep a history of user logins on your website');25 24 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('allow_user_registration','true','allow visitors to register?'); 26 25 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('secret_key', MD5(RAND()), 'a secret key specific to the gallery for internal use'); -
trunk/language/en_UK.iso-8859-1/admin.lang.php
r1726 r1744 107 107 $lang['Linked categories'] = 'Linked categories'; 108 108 $lang['Lock gallery'] = 'Lock gallery'; 109 $lang['Login history'] = 'User login history';110 109 $lang['Maintenance'] = 'Maintenance'; 111 110 $lang['Manage permissions for a category'] = 'Manage permissions for a category'; -
trunk/language/en_UK.iso-8859-1/help/configuration.html
r1565 r1744 41 41 42 42 <li><strong>History Guests</strong>: page visits by guests will be saved.</li> 43 44 <li><strong>User login history</strong>: when a user logs in, it will be45 logged in the <code>history</code> table.</li>46 47 43 </ul> 48 44 -
trunk/language/fr_FR.iso-8859-1/admin.lang.php
r1726 r1744 107 107 $lang['Linked categories'] = 'Catégories associées'; 108 108 $lang['Lock gallery'] = 'Verrouiller la galerie'; 109 $lang['Login history'] = 'Historique des connexions';110 109 $lang['Maintenance'] = 'Maintenance'; 111 110 $lang['Manage permissions for a category'] = 'Gérer les permissions pour une catégorie'; -
trunk/language/fr_FR.iso-8859-1/help/configuration.html
r1565 r1744 42 42 <li><strong>Historique Invités</strong>: les visites des pages 43 43 par les invités sont enregistrées.</li> 44 45 <li><strong>Historique des connexions</strong>: chaque connexion46 utilisateur, est enregistrée dans la table <code>history</code>.</li>47 48 44 </ul> 49 45 -
trunk/template/yoga/admin/configuration.tpl
r1652 r1744 83 83 <label><span class="property">{lang:Guests}</span><input type="checkbox" name="history_guest" {general.HISTORY_GUEST} /></label> 84 84 </li> 85 86 <li>87 <label><span class="property">{lang:Login history}</span><input type="checkbox" name="login_history" {general.LOGIN_HISTORY} /></label>88 </li>89 85 </ul> 90 86 </fieldset> -
trunk/template/yoga/picture.tpl
r1737 r1744 191 191 <label>{lang:upload_author}<input type="text" name="author"></label> 192 192 <!-- END author_field --> 193 <label>{lang:comment}<textarea name="content" rows="5" cols="80"> </textarea></label>194 <input type="hidden" name="key" value="{comments.add_comment. key}" />193 <label>{lang:comment}<textarea name="content" rows="5" cols="80">{comments.add_comment.CONTENT}</textarea></label> 194 <input type="hidden" name="key" value="{comments.add_comment.KEY}" /> 195 195 <input type="submit" value="{lang:submit}"> 196 196 </fieldset>
Note: See TracChangeset
for help on using the changeset viewer.