mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-28 18:30:53 +02:00
Code Issues Releases Wiki Activity

Get CHAP login working again. Plus a bit of tidying up.

Browse Source
This commit is contained in:
SteveD
2012-12-20 22:51:38 +00:00
parent 94c9f41071
commit 4e6924e3a5
3 changed files with 429 additions and 419 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
e107_admin/prefs.php
View File

@@ -1467,8 +1467,8 @@ $text .= "
$text .= " $text .= "
<td>".PRFLAN_178."</td> <td>".PRFLAN_178."</td>
<td>".$frm->selectbox('password_CHAP',$CHAP_list,$pref['password_CHAP'] )." <td>".$frm->selectbox('password_CHAP',$CHAP_list,$pref['password_CHAP'] );
".$frm->select_open('password_CHAP'); //." ".$frm->select_open('password_CHAP');
//TODO - user tracking session name - visible only if Cookie is enabled (JS) //TODO - user tracking session name - visible only if Cookie is enabled (JS)

29
e107_handlers/login.php
View File

@@ -78,7 +78,7 @@ class userlogin
$username = trim($username); $username = trim($username);
$userpass = trim($userpass); $userpass = trim($userpass);
if($_E107['cli'] && ($username == "")) if($_E107['cli'] && ($username == ''))
{ {
return FALSE; return FALSE;
} }
@@ -111,7 +111,7 @@ class userlogin
{ {
if ($this->lookupUser($username, $forceLogin)) if ($this->lookupUser($username, $forceLogin))
{ {
if ($this->checkUserPassword($userpass, $response, $forceLogin) === TRUE) if ($this->checkUserPassword($username, $userpass, $response, $forceLogin) === TRUE)
{ {
$authorized = true; $authorized = true;
$result = LOGIN_CONTINUE; // Valid User exists in local DB $result = LOGIN_CONTINUE; // Valid User exists in local DB
@@ -131,7 +131,7 @@ class userlogin
{ {
if ($method != 'none') if ($method != 'none')
{ {
$auth_file = e_PLUGIN."alt_auth/".$method."_auth.php"; $auth_file = e_PLUGIN.'alt_auth/'.$method.'_auth.php';
if (file_exists($auth_file)) if (file_exists($auth_file))
{ {
require_once(e_PLUGIN.'alt_auth/alt_auth_login_class.php'); require_once(e_PLUGIN.'alt_auth/alt_auth_login_class.php');
@@ -165,7 +165,7 @@ class userlogin
$username = preg_replace("/\sOR\s|\=|\#/", "", $username); $username = preg_replace("/\sOR\s|\=|\#/", "", $username);
// Check secure image // Check secure image
if (!$forceLogin && $pref['logcode'] && extension_loaded("gd")) if (!$forceLogin && $pref['logcode'] && extension_loaded('gd'))
{ {
require_once(e_HANDLER."secure_img_handler.php"); require_once(e_HANDLER."secure_img_handler.php");
$sec_img = new secure_image; $sec_img = new secure_image;
@@ -183,7 +183,7 @@ class userlogin
} }
} }
if ($authorized !== true && $this->checkUserPassword($userpass, $response, $forceLogin) !== true) if ($authorized !== true && $this->checkUserPassword($username, $userpass, $response, $forceLogin) !== true)
{ {
return $this->invalidLogin($username,LOGIN_BAD_PW); return $this->invalidLogin($username,LOGIN_BAD_PW);
} }
@@ -359,6 +359,11 @@ class userlogin
return TRUE; return TRUE;
} }
/**
* Generate a DB query to look up a user, dependent on the various login options supported.
*/
public function getLookupQuery($username, $forceLogin, $dbAlias = '') public function getLookupQuery($username, $forceLogin, $dbAlias = '')
{ {
$pref = e107::getPref(); $pref = e107::getPref();
@@ -384,13 +389,15 @@ class userlogin
/** /**
* Checks user password againt preferences set etc * Checks user password againt preferences set etc
* Assumes that $this->userData array already set up * Assumes that $this->userData array already set up
*
* @param string $username - the user name string as entered (might not relate to the intended user at this stage)
* @param string $userpass - as entered * @param string $userpass - as entered
* @param string $response - received string if CHAP used * @param string $response - received string if CHAP used
* @param boolean $forceLogin - TRUE if login is being forced from clicking signup link; normally FALSE * @param boolean $forceLogin - TRUE if login is being forced from clicking signup link; normally FALSE
* @return TRUE if valid password * @return TRUE if valid password
* otherwise FALSE * otherwise FALSE
*/ */
protected function checkUserPassword($userpass, $response, $forceLogin) protected function checkUserPassword($username, $userpass, $response, $forceLogin)
{ {
$pref = e107::getPref(); $pref = e107::getPref();
@@ -408,7 +415,7 @@ class userlogin
} }
// FIXME - [SecretR] $username is not set and I really can't get the idea. // FIXME - [SecretR] $username is not set and I really can't get the idea.
$username = $this->userData['user_loginname']; // TODO for Steve - temporary fix, where $username comes from? //$username = $this->userData['user_loginname']; // TODO for Steve - temporary fix, where $username comes from?
// Now check password // Now check password
if ($forceLogin) if ($forceLogin)
@@ -421,9 +428,11 @@ class userlogin
else else
{ {
$session = e107::getSession(); $session = e107::getSession();
if ((($pref['password_CHAP'] > 0) && ($response && $session->is('challenge')) && ($response != $session->get('challenge'))) || ($pref['password_CHAP'] == 2)) $gotChallenge = $session->is('challenge');
//$aLogVal = "U: {$username}, P: ******, C: ".$session->get('challenge')." R:{$response} S: {$this->userData['user_password']} Prf: {$pref['password_CHAP']}/{$gotChallenge}";
if ((($pref['password_CHAP'] > 0) && ($response && $gotChallenge) && ($response != $session->get('challenge'))) || ($pref['password_CHAP'] == 2))
{ // Verify using CHAP { // Verify using CHAP
// $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","CHAP login","U: {$username}, P: {$userpass}, C: ".$session->get('challenge')." R:{$response} S: {$this->userData['user_password']}",FALSE,LOG_TO_ROLLING); //$this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","CHAP login",$aLogVal, FALSE, LOG_TO_ROLLING);
if (($pass_result = $this->userMethods->CheckCHAP($session->get('challenge'), $response, $username, $requiredPassword)) === PASSWORD_INVALID) if (($pass_result = $this->userMethods->CheckCHAP($session->get('challenge'), $response, $username, $requiredPassword)) === PASSWORD_INVALID)
{ {
return $this->invalidLogin($username,LOGIN_CHAP_FAIL); return $this->invalidLogin($username,LOGIN_CHAP_FAIL);
@@ -432,7 +441,7 @@ class userlogin
else else
{ {
// Plaintext password // Plaintext password
// $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Plaintext login","U: {$username}, P: {$userpass}, C: ".$session->get('challenge')." R:{$response} S: {$this->userData['user_password']}",FALSE,LOG_TO_ROLLING); //$this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Plaintext login",$aLogVal, FALSE,LOG_TO_ROLLING);
if (($pass_result = $this->userMethods->CheckPassword($userpass,($this->lookEmail ? $this->userData['user_loginname'] : $username),$requiredPassword)) === PASSWORD_INVALID) if (($pass_result = $this->userMethods->CheckPassword($userpass,($this->lookEmail ? $this->userData['user_loginname'] : $username),$requiredPassword)) === PASSWORD_INVALID)
{ {
return $this->invalidLogin($username,LOGIN_BAD_PW); return $this->invalidLogin($username,LOGIN_BAD_PW);

11
e107_web/js/chap_script.js
View File

@@ -19,12 +19,13 @@ function getChallenge()
// Passed current form // Passed current form
function hashLoginPassword(doForm) function hashLoginPassword(doForm)
{ {
if (typeof(hex_md5) == "undefined") return; getChallenge();
if (typeof(challenge) == "undefined") return; if (typeof(hex_md5) == "undefined") return;
if (typeof(challenge) == "undefined") return;
doForm.hashchallenge.value = hex_md5(hex_md5(hex_md5(doForm.userpass.value) + doForm.username.value) + challenge); doForm.hashchallenge.value = hex_md5(hex_md5(hex_md5(doForm.userpass.value) + doForm.username.value) + challenge);
doForm.userpass.value = ""; // Don't send plaintext password back doForm.userpass.value = ""; // Don't send plaintext password back
return true; return true;
} }