mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-13 18:14:26 +02:00
Code Issues Releases Wiki Activity

EONE-62 (New Feature): Improved extended field model (fields of type db working now);

Browse Source 
structure model improvements;
extended fields administration problems solved (there are maybe more);
init_session() and login core routines modified to work with user models;
option Login As added on user administration (visible from main admins only);
minor fixes;
This commit is contained in:
secretr
2010-05-14 18:45:51 +00:00
parent 5cc153b09c
commit 7ccb925587
7 changed files with 497 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
e107_admin/auth.php
View File

@@ -29,9 +29,16 @@ if (ADMIN)
//don't include it if it'a an AJAX call or not wanted
if (!e_AJAX_REQUEST && !defset('e_NOHEADER'))
{
// XXX LOGIN AS Temporary solution, we need something smarter, e.g. reserved message stack 'admin' which will be always printed
// inside admin area
if(e107::getUser()->getSessionDataAs())
{ // TODO - lan
$asuser = e107::getSystemUser(e107::getUser()->getSessionDataAs(), false);
e107::getMessage()->addInfo('Successfully logged in as '.($asuser && $asuser->getValue('name') ? $asuser->getValue('name') : 'unknown'). ' <a href="'.e_ADMIN_ABS.'users.php?logoutas">[logout]</a>');
}
require_once (e_ADMIN."header.php");
}
/*
* FIXME - missing $style for tablerender
* The Solution: parse_admin() without sending it to the browser if it's an ajax call
@@ -46,19 +53,19 @@ else
require_once (e_HANDLER.'js_helper.php');
e_jshelper::sendAjaxError(403, ADLAN_86, ADLAN_87, true);
}
$use_imagecode = ($pref['logcode'] && extension_loaded("gd"));
if ($use_imagecode)
{
require_once (e_HANDLER."secure_img_handler.php");
$sec_img = new secure_image;
}
if ($_POST['authsubmit'])
{
$obj = new auth;
if ($use_imagecode)
{
if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify']))
@@ -68,10 +75,10 @@ else
exit;
}
}
// require_once (e_HANDLER.'user_handler.php');
$row = $authresult = $obj->authcheck($_POST['authname'], $_POST['authpass'], varset($_POST['hashchallenge'], ''));
if ($row[0] == "authfail")
{
$admin_log->e_log_event(4, __FILE__."|".__FUNCTION__."@".__LINE__, "LOGIN", LAN_ROLL_LOG_11, "U: ".$tp->toDB($_POST['authname']), FALSE, LOG_TO_ROLLING);
@@ -83,10 +90,10 @@ else
else
{
$cookieval = $row['user_id'].".".md5($row['user_password']);
// $sql->db_Select("user", "*", "user_name='".$tp -> toDB($_POST['authname'])."'");
// list($user_id, $user_name, $userpass) = $sql->db_Fetch();
// Calculate class membership - needed for a couple of things
// Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point
$class_list = explode(',', $row['user_class']);
@@ -100,26 +107,26 @@ else
}
$class_list[] = e_UC_MEMBER;
$class_list[] = e_UC_PUBLIC;
$user_logging_opts = array_flip(explode(',', varset($pref['user_audit_opts'], '')));
if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'], ''), $class_list))
{ // Need to note in user audit trail
e107::getAdminLog()->user_audit(USER_AUDIT_LOGIN, '', $user_id, $user_name);
}
$edata_li = array("user_id"=>$row['user_id'], "user_name"=>$row['user_name'], 'class_list'=>implode(',', $class_list));
e107::getEvent()->trigger("login", $edata_li);
session_set(e_COOKIE, $cookieval, (time() + 3600 * 24 * 30));
echo "<script type='text/javascript'>document.location.href='admin.php'</script>\n";
}
}
$e_sub_cat = 'logout';
if (!defset('NO_HEADER'))
require_once (e_ADMIN."header.php");
if (ADMIN == FALSE)
{
$obj = new auth;
@@ -139,13 +146,13 @@ class auth
* @return null
*/
public function authform() //TODO Template
{
{
global $use_imagecode,$sec_img,$pref;
$frm = e107::getForm();
$incChap = (vartrue($pref['password_CHAP'], 0)) ? " onsubmit='hashLoginPassword(this)'" : "";
$text = "<div style='padding:20px;text-align:center'>
<form method='post' action='".e_SELF."' {$incChap} >
<table style='width:50%' class='fborder'>
@@ -158,12 +165,12 @@ class auth
<tr>
<td style='width:35%' class='forumheader3'>".ADLAN_90."</td>
<td class='forumheader3' style='text-align:center'><input class='tbox' type='password' name='authpass' id='userpass' size='30' value='' maxlength='30' />\n";
if (isset($_SESSION['challenge']) && varset($pref['password_CHAP'], 0))
$text .= "<input type='hidden' name='hashchallenge' id='hashchallenge' value='{$_SESSION['challenge']}' />\n\n";
$text .= "</td></tr>\n";
if ($use_imagecode)
{
$text .= "
@@ -174,7 +181,7 @@ class auth
</tr>
";
}
$text .= "
<tr>
<td colspan='2' class='forumheader center'>"
@@ -184,7 +191,7 @@ class auth
</table>
</form>
</div>";
e107::getRender()->tablerender(ADLAN_92, $text);
}
@@ -200,20 +207,20 @@ class auth
{
global $pref;
$tp = e107::getParser();
$sql_auth = e107::getDb('sql_auth');
$user_info = e107::getSession();
$reason = '';
$reason = '';
$authname = $tp->toDB(preg_replace("/\sOR\s|\=|\#/", "", trim($authname)));
$authpass = trim($authpass);
if (($authpass == '') || ($authname == ''))
$reason = 'np';
if (strlen($authname) > varset($pref['loginname_maxlength'], 30))
$reason = 'lu';
if (!$reason)
{
if ($sql_auth->db_Select("user", "*", "user_loginname='{$authname}' AND user_admin='1' "))
@@ -231,7 +238,7 @@ class auth
}
}
if (!$reason && ($row['user_id'])) // Can validate password
{
{
if (($authresponse && isset($_SESSION['challenge'])) && ($authresponse != $_SESSION['challenge']))
{ // Verify using CHAP (can't handle login by email address - only loginname - although with this code it does still work if the password is stored unsalted)
if (($pass_result = $user_info->CheckCHAP($_SESSION['challenge'], $authresponse, $authname, $row['user_password'])) !== PASSWORD_INVALID)