From: Reini U. <ru...@us...> - 2004-12-19 00:58:11
|
Update of /cvsroot/phpwiki/phpwiki/lib In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv11432 Modified Files: WikiUserNew.php main.php Log Message: Enforce PASSWORD_LENGTH_MINIMUM in almost all PassUser checks, Provide an errormessage if so. Just PersonalPage and BogoLogin not. Simplify httpauth logout handling and set sessions for all methods. fix main.php unknown index "x" getLevelDescription() warning. Index: WikiUserNew.php =================================================================== RCS file: /cvsroot/phpwiki/phpwiki/lib/WikiUserNew.php,v retrieving revision 1.120 retrieving revision 1.121 diff -u -2 -b -p -d -r1.120 -r1.121 --- WikiUserNew.php 17 Dec 2004 12:31:57 -0000 1.120 +++ WikiUserNew.php 19 Dec 2004 00:58:01 -0000 1.121 @@ -541,11 +541,11 @@ class _WikiUser if ($logout) { // Log out - $GLOBALS['request']->_user = new _AnonUser(); - $GLOBALS['request']->_user->_userid = ''; - $GLOBALS['request']->_user->_level = WIKIAUTH_ANON; - if (isa($this, "_HttpAuth")) { - $this->_logout(); + if (method_exists($GLOBALS['request']->_user, "logout")) { //_HttpAuthPassUser + $GLOBALS['request']->_user->logout(); } - return $GLOBALS['request']->_user; + $user = new _AnonUser(); + $user->_userid = ''; + $user->_level = WIKIAUTH_ANON; + return $user; } elseif ($cancel) return false; // User hit cancel button. @@ -1165,4 +1165,13 @@ extends _AnonUser } + + function _checkPassLength($submitted_password) { + if (strlen($submitted_password) < PASSWORD_LENGTH_MINIMUM) { + trigger_error(_("The length of the password is shorter than the system policy allows.")); + return false; + } + return true; + } + /** * The basic password checker for all PassUser objects. @@ -1181,13 +1190,12 @@ extends _AnonUser */ function _checkPass($submitted_password, $stored_password) { - if(!empty($submitted_password)) { - //FIXME: This will work only on plaintext passwords. - if (strlen($stored_password) < PASSWORD_LENGTH_MINIMUM) { + if (!empty($submitted_password)) { + // This works only on plaintext passwords. + if (!ENCRYPTED_PASSWD and (strlen($stored_password) < PASSWORD_LENGTH_MINIMUM)) { // With the EditMetaData plugin trigger_error(_("The length of the stored password is shorter than the system policy allows. Sorry, you cannot login.\n You have to ask the System Administrator to reset your password.")); return false; } - if (strlen($submitted_password) < PASSWORD_LENGTH_MINIMUM) { - trigger_error(_("The length of the password is shorter than the system policy allows.")); + if (!$this->_checkPassLength($submitted_password)) { return false; } @@ -2030,4 +2038,10 @@ extends UserPreferences // $Log$ +// Revision 1.121 2004/12/19 00:58:01 rurban +// Enforce PASSWORD_LENGTH_MINIMUM in almost all PassUser checks, +// Provide an errormessage if so. Just PersonalPage and BogoLogin not. +// Simplify httpauth logout handling and set sessions for all methods. +// fix main.php unknown index "x" getLevelDescription() warning. +// // Revision 1.120 2004/12/17 12:31:57 rurban // better logout, fake httpauth not yet Index: main.php =================================================================== RCS file: /cvsroot/phpwiki/phpwiki/lib/main.php,v retrieving revision 1.198 retrieving revision 1.199 diff -u -2 -b -p -d -r1.198 -r1.199 --- main.php 17 Dec 2004 16:49:51 -0000 1.198 +++ main.php 19 Dec 2004 00:58:01 -0000 1.199 @@ -49,4 +49,5 @@ class WikiRequest extends Request { case 'ADODB': include_once("lib/WikiUser/AdoDb.php"); break; } + unset($method); } } @@ -188,14 +189,10 @@ $this->version = phpwiki_version(); // Save preferences in session and cookie if (!defined('WIKI_XMLRPC') or !WIKI_XMLRPC) { - if (isset($this->_user) and - (!isset($this->_user->_authhow) or $this->_user->_authhow != 'session')) { - $id_only = true; - $this->_user->setPreferences($this->_prefs, $id_only); - if (isa($this->_user, "_HttpAuthPassUser")) - $this->setSessionVar('wiki_user', $this->_user); - } else { - $this->setSessionVar('wiki_user', $this->_user); - //$this->setSessionVar('wiki_prefs', $this->_prefs); + if (isset($this->_user)) { + if (!isset($this->_user->_authhow) or $this->_user->_authhow != 'session') { + $this->_user->setPreferences($this->_prefs, true); + } } + $this->setSessionVar('wiki_user', $this->_user); } @@ -345,6 +342,6 @@ $this->version = phpwiki_version(); // login or logout or restore state - function _setUser ($user) { - $this->_user = $user; + function _setUser (&$user) { + $this->_user =& $user; if (defined('MAIN_setUser')) return; define('MAIN_setUser',true); @@ -376,5 +373,10 @@ $this->version = phpwiki_version(); 'x10' => _("ADMIN"), 'x100'=> _("UNOBTAINABLE")); + if (!empty($level)) + $level = '0'; + if (!empty($levels["x".$level])) return $levels["x".$level]; + else + return _("ANON"); } @@ -1189,4 +1191,10 @@ if (!defined('PHPWIKI_NOMAIN') or !PHPWI // $Log$ +// Revision 1.199 2004/12/19 00:58:01 rurban +// Enforce PASSWORD_LENGTH_MINIMUM in almost all PassUser checks, +// Provide an errormessage if so. Just PersonalPage and BogoLogin not. +// Simplify httpauth logout handling and set sessions for all methods. +// fix main.php unknown index "x" getLevelDescription() warning. +// // Revision 1.198 2004/12/17 16:49:51 rurban // avoid Invalid username message on Sign In button click |