Merge branch 'cleanup_auth' into storageareas
This commit is contained in:
commit
e268264761
|
@ -18,51 +18,6 @@
|
||||||
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
//
|
//
|
||||||
|
|
||||||
// PP - POST request handler for PHP which does not need extensions
|
|
||||||
// credit: http://wezfurlong.org/blog/2006/nov/http-post-from-php-without-curl/
|
|
||||||
|
|
||||||
|
|
||||||
function do_request($method, $url, $data=array(), $optional_headers = null) {
|
|
||||||
global $php_errormsg;
|
|
||||||
|
|
||||||
$params = array('http' => array(
|
|
||||||
'method' => $method,
|
|
||||||
'content' => $data
|
|
||||||
));
|
|
||||||
if ( $optional_headers !== null ) {
|
|
||||||
$params['http']['header'] = $optional_headers;
|
|
||||||
}
|
|
||||||
$ctx = stream_context_create($params);
|
|
||||||
$fp = @fopen($url, 'rb', false, $ctx);
|
|
||||||
if ( !$fp ) {
|
|
||||||
throw new Exception("Problem with $url, $php_errormsg");
|
|
||||||
}
|
|
||||||
$response = @stream_get_contents($fp);
|
|
||||||
if ( $response === false ) {
|
|
||||||
throw new Exception("Problem reading data from $url, $php_errormsg");
|
|
||||||
}
|
|
||||||
return $response;
|
|
||||||
}
|
|
||||||
|
|
||||||
function do_post_request($url, $data, $optional_headers = null) {
|
|
||||||
$params = array('http' => array(
|
|
||||||
'method' => 'POST',
|
|
||||||
'content' => $data
|
|
||||||
));
|
|
||||||
if ( $optional_headers !== null ) {
|
|
||||||
$params['http']['header'] = $optional_headers;
|
|
||||||
}
|
|
||||||
$ctx = stream_context_create($params);
|
|
||||||
$fp = @fopen($url, 'rb', false, $ctx);
|
|
||||||
if ( !$fp ) {
|
|
||||||
throw new Exception("Problem with $url, $php_errormsg");
|
|
||||||
}
|
|
||||||
$response = @stream_get_contents($fp);
|
|
||||||
if ( $response === false ) {
|
|
||||||
throw new Exception("Problem reading data from $url, $php_errormsg");
|
|
||||||
}
|
|
||||||
return $response;
|
|
||||||
}
|
|
||||||
|
|
||||||
function getAffectedIds( $name ) {
|
function getAffectedIds( $name ) {
|
||||||
$names = $name.'s';
|
$names = $name.'s';
|
||||||
|
@ -88,52 +43,17 @@ if ( empty($action) ) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if ( $action == 'login' && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == 'remote' || isset($_REQUEST['password']) ) ) {
|
if ( $action == 'login' && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == 'remote' || isset($_REQUEST['password']) ) ) {
|
||||||
// if true, a popup will display after login
|
|
||||||
// PP - lets validate reCaptcha if it exists
|
|
||||||
if ( defined('ZM_OPT_USE_GOOG_RECAPTCHA')
|
|
||||||
&& defined('ZM_OPT_GOOG_RECAPTCHA_SECRETKEY')
|
|
||||||
&& defined('ZM_OPT_GOOG_RECAPTCHA_SITEKEY')
|
|
||||||
&& ZM_OPT_USE_GOOG_RECAPTCHA && ZM_OPT_GOOG_RECAPTCHA_SECRETKEY
|
|
||||||
&& ZM_OPT_GOOG_RECAPTCHA_SITEKEY )
|
|
||||||
{
|
|
||||||
$url = 'https://www.google.com/recaptcha/api/siteverify';
|
|
||||||
$fields = array (
|
|
||||||
'secret' => ZM_OPT_GOOG_RECAPTCHA_SECRETKEY,
|
|
||||||
'response' => $_REQUEST['g-recaptcha-response'],
|
|
||||||
'remoteip' => $_SERVER['REMOTE_ADDR']
|
|
||||||
);
|
|
||||||
$res = do_post_request($url, http_build_query($fields));
|
|
||||||
$responseData = json_decode($res,true);
|
|
||||||
// PP - credit: https://github.com/google/recaptcha/blob/master/src/ReCaptcha/Response.php
|
|
||||||
// if recaptcha resulted in error, we might have to deny login
|
|
||||||
if ( isset($responseData['success']) && $responseData['success'] == false ) {
|
|
||||||
// PP - before we deny auth, let's make sure the error was not 'invalid secret'
|
|
||||||
// because that means the user did not configure the secret key correctly
|
|
||||||
// in this case, we prefer to let him login in and display a message to correct
|
|
||||||
// the key. Unfortunately, there is no way to check for invalid site key in code
|
|
||||||
// as it produces the same error as when you don't answer a recaptcha
|
|
||||||
if ( isset($responseData['error-codes']) && is_array($responseData['error-codes']) ) {
|
|
||||||
if ( !in_array('invalid-input-secret',$responseData['error-codes']) ) {
|
|
||||||
Error('reCaptcha authentication failed');
|
|
||||||
userLogout();
|
|
||||||
$view = 'login';
|
|
||||||
$refreshParent = true;
|
|
||||||
return;
|
|
||||||
} else {
|
|
||||||
//Let them login but show an error
|
|
||||||
echo '<script type="text/javascript">alert("'.translate('RecaptchaWarning').'"); </script>';
|
|
||||||
Error('Invalid recaptcha secret detected');
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} // end if success==false
|
|
||||||
} // end if using reCaptcha
|
|
||||||
|
|
||||||
$username = validStr($_REQUEST['username']);
|
|
||||||
$password = isset($_REQUEST['password'])?validStr($_REQUEST['password']):'';
|
|
||||||
userLogin($username, $password);
|
|
||||||
$refreshParent = true;
|
$refreshParent = true;
|
||||||
|
// User login is automatically performed in includes/auth.php So we don't need to perform a login here,
|
||||||
|
// just handle redirects. This is the action that comes from the login view, so the logical thing to
|
||||||
|
// do on successful auth is redirect to console, otherwise loop back to login.
|
||||||
|
if ( !$user ) {
|
||||||
|
$view = 'login';
|
||||||
|
} else {
|
||||||
$view = 'console';
|
$view = 'console';
|
||||||
$redirect = ZM_BASE_URL.$_SERVER['PHP_SELF'].'?view=console';
|
$redirect = ZM_BASE_URL.$_SERVER['PHP_SELF'].'?view=console';
|
||||||
|
}
|
||||||
} else if ( $action == 'logout' ) {
|
} else if ( $action == 'logout' ) {
|
||||||
userLogout();
|
userLogout();
|
||||||
$refreshParent = true;
|
$refreshParent = true;
|
||||||
|
|
|
@ -18,9 +18,50 @@
|
||||||
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
//
|
//
|
||||||
|
|
||||||
function userLogin($username, $password='', $passwordHashed=false) {
|
function userLogin($username='', $password='', $passwordHashed=false) {
|
||||||
global $user;
|
global $user;
|
||||||
|
|
||||||
|
if ( !$username and isset($_REQUEST['username']) )
|
||||||
|
$username = $_REQUEST['username'];
|
||||||
|
if ( !$password and isset($_REQUEST['password']) )
|
||||||
|
$password = $_REQUEST['password'];
|
||||||
|
|
||||||
|
// if true, a popup will display after login
|
||||||
|
// PP - lets validate reCaptcha if it exists
|
||||||
|
if ( defined('ZM_OPT_USE_GOOG_RECAPTCHA')
|
||||||
|
&& defined('ZM_OPT_GOOG_RECAPTCHA_SECRETKEY')
|
||||||
|
&& defined('ZM_OPT_GOOG_RECAPTCHA_SITEKEY')
|
||||||
|
&& ZM_OPT_USE_GOOG_RECAPTCHA
|
||||||
|
&& ZM_OPT_GOOG_RECAPTCHA_SECRETKEY
|
||||||
|
&& ZM_OPT_GOOG_RECAPTCHA_SITEKEY )
|
||||||
|
{
|
||||||
|
$url = 'https://www.google.com/recaptcha/api/siteverify';
|
||||||
|
$fields = array (
|
||||||
|
'secret' => ZM_OPT_GOOG_RECAPTCHA_SECRETKEY,
|
||||||
|
'response' => $_REQUEST['g-recaptcha-response'],
|
||||||
|
'remoteip' => $_SERVER['REMOTE_ADDR']
|
||||||
|
);
|
||||||
|
$res = do_post_request($url, http_build_query($fields));
|
||||||
|
$responseData = json_decode($res,true);
|
||||||
|
// PP - credit: https://github.com/google/recaptcha/blob/master/src/ReCaptcha/Response.php
|
||||||
|
// if recaptcha resulted in error, we might have to deny login
|
||||||
|
if ( isset($responseData['success']) && $responseData['success'] == false ) {
|
||||||
|
// PP - before we deny auth, let's make sure the error was not 'invalid secret'
|
||||||
|
// because that means the user did not configure the secret key correctly
|
||||||
|
// in this case, we prefer to let him login in and display a message to correct
|
||||||
|
// the key. Unfortunately, there is no way to check for invalid site key in code
|
||||||
|
// as it produces the same error as when you don't answer a recaptcha
|
||||||
|
if ( isset($responseData['error-codes']) && is_array($responseData['error-codes']) ) {
|
||||||
|
if ( !in_array('invalid-input-secret',$responseData['error-codes']) ) {
|
||||||
|
Error('reCaptcha authentication failed');
|
||||||
|
return null;
|
||||||
|
} else {
|
||||||
|
Error('Invalid recaptcha secret detected');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} // end if success==false
|
||||||
|
} // end if using reCaptcha
|
||||||
|
|
||||||
$sql = 'SELECT * FROM Users WHERE Enabled=1';
|
$sql = 'SELECT * FROM Users WHERE Enabled=1';
|
||||||
$sql_values = NULL;
|
$sql_values = NULL;
|
||||||
if ( ZM_AUTH_TYPE == 'builtin' ) {
|
if ( ZM_AUTH_TYPE == 'builtin' ) {
|
||||||
|
@ -36,7 +77,6 @@ function userLogin($username, $password='', $passwordHashed=false) {
|
||||||
}
|
}
|
||||||
$close_session = 0;
|
$close_session = 0;
|
||||||
if ( !is_session_started() ) {
|
if ( !is_session_started() ) {
|
||||||
Logger::Debug("Starting session in userLogin");
|
|
||||||
session_start();
|
session_start();
|
||||||
$close_session = 1;
|
$close_session = 1;
|
||||||
}
|
}
|
||||||
|
@ -70,7 +110,6 @@ function userLogout() {
|
||||||
session_start();
|
session_start();
|
||||||
unset($_SESSION['user']);
|
unset($_SESSION['user']);
|
||||||
unset($user);
|
unset($user);
|
||||||
|
|
||||||
session_destroy();
|
session_destroy();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -179,4 +218,18 @@ function is_session_started() {
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ( ZM_OPT_USE_AUTH ) {
|
||||||
|
if ( ZM_AUTH_HASH_LOGINS && empty($user) && ! empty($_REQUEST['auth']) ) {
|
||||||
|
if ( $authUser = getAuthUser($_REQUEST['auth']) ) {
|
||||||
|
userLogin($authUser['Username'], $authUser['Password'], true);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if ( isset($_REQUEST['username']) and isset($_REQUEST['password']) ) {
|
||||||
|
userLogin($_REQUEST['username'], $_REQUEST['password'], false);
|
||||||
|
}
|
||||||
|
if ( !empty($user) ) {
|
||||||
|
// generate it once here, while session is open. Value will be cached in session and return when called later on
|
||||||
|
generateAuthHash(ZM_AUTH_HASH_IPS);
|
||||||
|
}
|
||||||
|
}
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -2272,4 +2272,50 @@ function unparse_url($parsed_url, $substitutions = array() ) {
|
||||||
$fragment = isset($parsed_url['fragment']) ? '#' . $parsed_url['fragment'] : '';
|
$fragment = isset($parsed_url['fragment']) ? '#' . $parsed_url['fragment'] : '';
|
||||||
return "$scheme$user$pass$host$port$path$query$fragment";
|
return "$scheme$user$pass$host$port$path$query$fragment";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// PP - POST request handler for PHP which does not need extensions
|
||||||
|
// credit: http://wezfurlong.org/blog/2006/nov/http-post-from-php-without-curl/
|
||||||
|
|
||||||
|
|
||||||
|
function do_request($method, $url, $data=array(), $optional_headers = null) {
|
||||||
|
global $php_errormsg;
|
||||||
|
|
||||||
|
$params = array('http' => array(
|
||||||
|
'method' => $method,
|
||||||
|
'content' => $data
|
||||||
|
));
|
||||||
|
if ( $optional_headers !== null ) {
|
||||||
|
$params['http']['header'] = $optional_headers;
|
||||||
|
}
|
||||||
|
$ctx = stream_context_create($params);
|
||||||
|
$fp = @fopen($url, 'rb', false, $ctx);
|
||||||
|
if ( !$fp ) {
|
||||||
|
throw new Exception("Problem with $url, $php_errormsg");
|
||||||
|
}
|
||||||
|
$response = @stream_get_contents($fp);
|
||||||
|
if ( $response === false ) {
|
||||||
|
throw new Exception("Problem reading data from $url, $php_errormsg");
|
||||||
|
}
|
||||||
|
return $response;
|
||||||
|
}
|
||||||
|
|
||||||
|
function do_post_request($url, $data, $optional_headers = null) {
|
||||||
|
$params = array('http' => array(
|
||||||
|
'method' => 'POST',
|
||||||
|
'content' => $data
|
||||||
|
));
|
||||||
|
if ( $optional_headers !== null ) {
|
||||||
|
$params['http']['header'] = $optional_headers;
|
||||||
|
}
|
||||||
|
$ctx = stream_context_create($params);
|
||||||
|
$fp = @fopen($url, 'rb', false, $ctx);
|
||||||
|
if ( !$fp ) {
|
||||||
|
throw new Exception("Problem with $url, $php_errormsg");
|
||||||
|
}
|
||||||
|
$response = @stream_get_contents($fp);
|
||||||
|
if ( $response === false ) {
|
||||||
|
throw new Exception("Problem reading data from $url, $php_errormsg");
|
||||||
|
}
|
||||||
|
return $response;
|
||||||
|
}
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -156,7 +156,6 @@ session_write_close();
|
||||||
|
|
||||||
require_once('includes/lang.php');
|
require_once('includes/lang.php');
|
||||||
require_once('includes/functions.php');
|
require_once('includes/functions.php');
|
||||||
require_once('includes/auth.php');
|
|
||||||
|
|
||||||
# Running is global but only do the daemonCheck if it is actually needed
|
# Running is global but only do the daemonCheck if it is actually needed
|
||||||
$running = null;
|
$running = null;
|
||||||
|
@ -182,20 +181,8 @@ if ( isset($_REQUEST['request']) )
|
||||||
foreach ( getSkinIncludes('skin.php') as $includeFile )
|
foreach ( getSkinIncludes('skin.php') as $includeFile )
|
||||||
require_once $includeFile;
|
require_once $includeFile;
|
||||||
|
|
||||||
if ( ZM_OPT_USE_AUTH ) {
|
# User Login will be performed in auth.php
|
||||||
if ( ZM_AUTH_HASH_LOGINS && empty($user) && ! empty($_REQUEST['auth']) ) {
|
require_once('includes/auth.php');
|
||||||
if ( $authUser = getAuthUser($_REQUEST['auth']) ) {
|
|
||||||
userLogin($authUser['Username'], $authUser['Password'], true);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else if ( isset($_REQUEST['username']) and isset($_REQUEST['password']) ) {
|
|
||||||
userLogin($_REQUEST['username'], $_REQUEST['password'], false);
|
|
||||||
}
|
|
||||||
if ( !empty($user) ) {
|
|
||||||
// generate it once here, while session is open. Value will be cached in session and return when called later on
|
|
||||||
generateAuthHash(ZM_AUTH_HASH_IPS);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( isset($_REQUEST['action']) ) {
|
if ( isset($_REQUEST['action']) ) {
|
||||||
$action = detaintPath($_REQUEST['action']);
|
$action = detaintPath($_REQUEST['action']);
|
||||||
|
|
Loading…
Reference in New Issue