[Openfirst-cvscommit] base/includes Module.php,1.3,1.4 auth.php,1.2,1.3 globals.php,1.9,1.10
Brought to you by:
xtimg
Menu
▾
▴
[Openfirst-cvscommit] base/includes Module.php,1.3,1.4 auth.php,1.2,1.3 globals.php,1.9,1.10
|
From: Astronouth7303 <ast...@us...> - 2005-06-30 02:35:07
|
Update of /cvsroot/openfirst/base/includes In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv14967/includes Modified Files: Module.php auth.php globals.php Log Message: Converted to OOP DB Index: auth.php =================================================================== RCS file: /cvsroot/openfirst/base/includes/auth.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** auth.php 26 May 2005 21:00:03 -0000 1.2 --- auth.php 30 Jun 2005 02:34:55 -0000 1.3 *************** *** 1,189 **** ! <?php ! /* ! * openFIRST.base - config/auth.php ! * ! * Copyright (C) 2003, ! * openFIRST Project ! * Original Author: Tim Ginn <tim...@po...> ! * ! * This program is free software; you can redistribute it and/or modify ! * it under the terms of the GNU General Public License as published by ! * the Free Software Foundation; either version 2 of the License, or ! * (at your option) any later version. ! * ! * This program is distributed in the hope that it will be useful, ! * but WITHOUT ANY WARRANTY; without even the implied warranty of ! * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ! * GNU General Public License for more details. ! * This program is distributed in the hope that it will be useful, ! * but WITHOUT ANY WARRANTY; without even the implied warranty of ! * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ! * GNU General Public License for more details. ! * ! * You should have received a copy of the GNU General Public License ! * along with this program; if not, write to the Free Software ! * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ! * ! */ ! // Purpose: Deal with authorization of users. ! ! require_once('dbase.php'); ! ! if(isset($encryption) == false) { $encryption = "crypt"; } ! ! // Provide functions for the various encryption types... ! // syntax: cryptpassword(password, encryption-type, salt); ! ! function cryptpassword ($password, $enctype = false, $salt="") { ! global $encryption; ! if ($enctype === false) $enctype = $encryption; ! ! // Encrypt passwords using whatever algorithm is preferred. ! if ($enctype == "crc32") { ! return(crc32($password)); ! } else if ($enctype == "sha1") { ! return(sha1($password)); ! } else if ($enctype == "crypt") { ! return(crypt($password, $salt)); ! } else { ! return(md5($password)); ! } ! } ! ! function logout(){ ! if(isset($GLOBALS["user"]->user)) { ! $q = ofirst_dbquery("UPDATE ofirst_members SET authcode = NULL WHERE user='".$GLOBALS["user"]->user."';"); ! } ! } ! ! function showlogin () { ! ! // Show a login form for the user. ! echo("<br /><br />"); ! ! if (isset($_POST["login"]) && !isset($user)) { ! echo '<div class="error">Invalid username or password!</div>'; ! } ! ! echo "<form action='". $_SERVER["PHP_SELF"] . "' method='post'>"; ! if(isset($_SERVER["HTTP_REFERER"])){ ! echo("<input name='referer' type='hidden' value='".$_SERVER["HTTP_REFERER"]."'/>"); ! } ! echo "<table width='200' class='center' id='login'> ! <caption>Account Login</caption> ! <tr> ! <td><div align='right'>Username:</div></td> ! <td><input name='login' type='text' /> ! </td> ! </tr> ! <tr> ! <td><div align='right'>Password:</div></td> ! <td> <input name='password' type='password' /></td> ! </tr> ! <tr> ! <td colspan='2'><input type=\"submit\" value=\"Login\" />"; ! global $pass_save_disabled; ! if(!(isset($pass_save_disabled) && $pass_save_disabled)){ ! echo " <br /><input type=checkbox name=savepass id=savepass value=1 checked /><label for=savepass>Save Password</label>"; ! } ! global $BasePath; ! echo "</td></tr> ! <tr><td colspan='2'><a href=\"".htmlentities($BasePath)."/members/forgotten.php\">Forgot Password</a></td></tr> ! </table>"; ! ! // Include anything else in the post, so it is forwarded to the actual form ! unset($_POST['login'], $_POST['password']); ! foreach($_POST as $name => $value) { ! echo '<input type="hidden" name="'.htmlentities($name).'" value="'.htmlentities($value).'" />'; ! } ! echo "</form><br /><br />"; ! return(0); ! } ! ! ! function InitUser() { ! global $pass_save_disabled, $encryption, $user; ! // Determine if the user has already logged in with this session. If ! // they have, set variables indicating this. If they have not, make a ! // note of this so that components requiring them to log in are disabled. ! ! if ( (isset($_SESSION['authcode'])) || ! (isset($_COOKIE["openFIRSTlogin"]) && !$pass_save_disabled) ! ) { ! ! if (isset($_SESSION['authcode'])) { ! $authcode = $_SESSION['authcode']; ! } else if (isset($_COOKIE["openFIRSTlogin"]) && $_COOKIE["openFIRSTlogin"] != 0) { ! $authcode = $_COOKIE["openFIRSTlogin"]; ! $_SESSION['authcode'] = $authcode; ! //renew cookie ! setcookie("openFIRSTlogin", $authcode, time()+2592000, "/"); ! } else { ! $authcode = 0; ! } ! ! $query = ofirst_dbquery("SELECT * FROM ofirst_members WHERE authcode='$authcode';"); ! if (ofirst_dberrno() == 0 && ofirst_dbnum_rows($query) == 1 && $authcode != 0 ) { ! $user = ofirst_dbfetch_object($query); ! } else { ! unset($_SESSION['authcode']); ! if(!isset($pass_save_disabled)){ ! //delete cookie ! setcookie("openFIRSTlogin"," ",time()-3600,"/"); ! } ! if (isset($_POST["login"])){ ! $query = ofirst_dbquery("SELECT * FROM ofirst_members WHERE user='" . $_POST["login"] . "';"); ! if (ofirst_dberrno() == 0) { ! $user = ofirst_dbfetch_object($query); ! if (ofirst_dbnum_rows($query) == 1) { ! if (cryptpassword($_POST["password"], false, $user->password) == $user->password) { ! session_register("authcode"); ! mt_srand(microtime() * 1000000); ! $_SESSION["authcode"] = (microtime()|mt_rand(1,mt_getrandmax())).substr(gethostbyaddr($_SERVER["REMOTE_ADDR"]),0,40); ! $aquery = ofirst_dbquery("UPDATE ofirst_members SET authcode='" . $_SESSION["authcode"] . "' WHERE user='" . $_POST["login"] . "';"); ! } else { ! unset($user); ! } ! } ! } ! } ! } ! } elseif (isset($_POST["login"]) && isset($_POST["password"])) { ! ! $query = ofirst_dbquery("SELECT * FROM ofirst_members WHERE user='{$_POST['login']}';"); ! if (ofirst_dberrno() == 0) { ! $user = ofirst_dbfetch_object($query); ! if (ofirst_dbnum_rows($query) == 1) { ! if (cryptpassword($_POST["password"], $encryption, $user->password) == $user->password) { ! session_register("authcode"); ! mt_srand(microtime() * 1000000); ! $_SESSION["authcode"] = (microtime()|mt_rand(1,mt_getrandmax())).$_SERVER['REMOTE_ADDR']; ! $aquery = ofirst_dbquery("UPDATE ofirst_members SET authcode='" . $_SESSION["authcode"] . "' WHERE user='" . $_POST["login"] . "';"); ! if(!isset($pass_save_disabled)){ ! if(isset($_POST["savepass"])&&$_POST["savepass"]="1"){ ! //save authcode in a cookie ! setcookie("openFIRSTlogin",$_SESSION["authcode"],time()+2592000,"/"); ! } else { ! //delete cookie ! setcookie("openFIRSTlogin"," ",time()-3600,"/"); ! unset($_COOKIE["openFIRSTlogin"]); ! } ! } ! } else { ! # invalid password! ! unset($user); ! } ! } ! } else { ! # invalid user! ! unset($user); ! } ! } ! ! if(isset($user->user)){ ! $query = "UPDATE ofirst_members SET lastseen='" . date("h:i:s M d, Y") . "' WHERE user='$user->user';"; ! $q = ofirst_dbquery($query); ! unset($q); ! } ! } ! ?> --- 1,197 ---- ! <?php ! /* ! * openFIRST.base - config/auth.php ! * ! * Copyright (C) 2003, ! * openFIRST Project ! * Original Author: Tim Ginn <tim...@po...> ! * ! * This program is free software; you can redistribute it and/or modify ! * it under the terms of the GNU General Public License as published by ! * the Free Software Foundation; either version 2 of the License, or ! * (at your option) any later version. ! * ! * This program is distributed in the hope that it will be useful, ! * but WITHOUT ANY WARRANTY; without even the implied warranty of ! * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ! * GNU General Public License for more details. ! * This program is distributed in the hope that it will be useful, ! * but WITHOUT ANY WARRANTY; without even the implied warranty of ! * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ! * GNU General Public License for more details. ! * ! * You should have received a copy of the GNU General Public License ! * along with this program; if not, write to the Free Software ! * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ! * ! */ ! // Purpose: Deal with authorization of users. ! ! require_once('dbase.php'); ! ! if(isset($encryption) == false) { $encryption = "crypt"; } ! ! // Provide functions for the various encryption types... ! // syntax: cryptpassword(password, encryption-type, salt); ! ! function cryptpassword ($password, $enctype = false, $salt="") { ! global $encryption; ! if ($enctype === false) $enctype = $encryption; ! ! // Encrypt passwords using whatever algorithm is preferred. ! if ($enctype == "crc32") { ! return(crc32($password)); ! } else if ($enctype == "sha1") { ! return(sha1($password)); ! } else if ($enctype == "crypt") { ! return(crypt($password, $salt)); ! } else { ! return(md5($password)); ! } ! } ! ! function logout(){ ! global $ofDB; ! if(isset($GLOBALS["user"]->user)) { ! #FIXME: Bad SQL Handling ! $q = $ofDB->query("UPDATE ofirst_members SET authcode = NULL WHERE user='".$GLOBALS["user"]->user."';"); ! } ! } ! ! function showlogin () { ! ! // Show a login form for the user. ! echo("<br /><br />"); ! ! if (isset($_POST["login"]) && !isset($user)) { ! echo '<div class="error">Invalid username or password!</div>'; ! } ! ! echo "<form action='". $_SERVER["PHP_SELF"] . "' method='post'>"; ! if(isset($_SERVER["HTTP_REFERER"])){ ! echo("<input name='referer' type='hidden' value='".$_SERVER["HTTP_REFERER"]."'/>"); ! } ! echo "<table width='200' class='center' id='login'> ! <caption>Account Login</caption> ! <tr> ! <td><div align='right'>Username:</div></td> ! <td><input name='login' type='text' /> ! </td> ! </tr> ! <tr> ! <td><div align='right'>Password:</div></td> ! <td> <input name='password' type='password' /></td> ! </tr> ! <tr> ! <td colspan='2'><input type=\"submit\" value=\"Login\" />"; ! global $pass_save_disabled; ! if(!(isset($pass_save_disabled) && $pass_save_disabled)){ ! echo " <br /><input type=checkbox name=savepass id=savepass value=1 checked /><label for=savepass>Save Password</label>"; ! } ! global $BasePath; ! echo "</td></tr> ! <tr><td colspan='2'><a href=\"".htmlentities($BasePath)."/members/forgotten.php\">Forgot Password</a></td></tr> ! </table>"; ! ! // Include anything else in the post, so it is forwarded to the actual form ! unset($_POST['login'], $_POST['password']); ! foreach($_POST as $name => $value) { ! echo '<input type="hidden" name="'.htmlentities($name).'" value="'.htmlentities($value).'" />'; ! } ! echo "</form><br /><br />"; ! return(0); ! } ! ! ! function InitUser() { ! global $pass_save_disabled, $encryption, $user, $ofDB; ! // Determine if the user has already logged in with this session. If ! // they have, set variables indicating this. If they have not, make a ! // note of this so that components requiring them to log in are disabled. ! ! if ( (isset($_SESSION['authcode'])) || ! (isset($_COOKIE["openFIRSTlogin"]) && !$pass_save_disabled) ! ) { ! ! if (isset($_SESSION['authcode'])) { ! $authcode = $_SESSION['authcode']; ! } else if (isset($_COOKIE["openFIRSTlogin"]) && $_COOKIE["openFIRSTlogin"] != 0) { ! $authcode = $_COOKIE["openFIRSTlogin"]; ! $_SESSION['authcode'] = $authcode; ! //renew cookie ! setcookie("openFIRSTlogin", $authcode, time()+2592000, "/"); ! } else { ! $authcode = 0; ! } ! ! #FIXME: Bad SQL handling ! $query = $ofDB->query("SELECT * FROM ofirst_members WHERE authcode='$authcode';"); ! if ($ofDB->errorNumber() == 0 && $ofDB->numberOfRows($query) == 1 && $authcode != 0 ) { ! $user = $ofDB->fetchObject($query); ! } else { ! unset($_SESSION['authcode']); ! if(!isset($pass_save_disabled)){ ! //delete cookie ! setcookie("openFIRSTlogin"," ",time()-3600,"/"); ! } ! if (isset($_POST["login"])){ ! #FIXME: Bad SQL handling ! $query = $ofDB->query("SELECT * FROM ofirst_members WHERE user='" . $_POST["login"] . "';"); ! if ($ofDB->errorNumber() == 0) { ! $user = $ofDB->fetchObject($query); ! if ($ofDB->numberOfRows($query) == 1) { ! if (cryptpassword($_POST["password"], false, $user->password) == $user->password) { ! session_register("authcode"); ! mt_srand(microtime() * 1000000); ! $_SESSION["authcode"] = (microtime()|mt_rand(1,mt_getrandmax())).substr(gethostbyaddr($_SERVER["REMOTE_ADDR"]),0,40); ! #FIXME: Bad SQL handling ! $aquery = $ofDB->query("UPDATE ofirst_members SET authcode='" . $_SESSION["authcode"] . "' WHERE user='" . $_POST["login"] . "';"); ! } else { ! unset($user); ! } ! } ! } ! } ! } ! } elseif (isset($_POST["login"]) && isset($_POST["password"])) { ! ! #FIXME: Bad SQL handling ! $query = $ofDB->query("SELECT * FROM ofirst_members WHERE user='{$_POST['login']}';"); ! if ($ofDB->errorNumber() == 0) { ! $user = $ofDB->fetchObject($query); ! if ($ofDB->numberOfRows($query) == 1) { ! if (cryptpassword($_POST["password"], $encryption, $user->password) == $user->password) { ! session_register("authcode"); ! mt_srand(microtime() * 1000000); ! $_SESSION["authcode"] = (microtime()|mt_rand(1,mt_getrandmax())).$_SERVER['REMOTE_ADDR']; ! #FIXME: Bad SQL handling ! $aquery = $ofDB->query("UPDATE ofirst_members SET authcode='" . $_SESSION["authcode"] . "' WHERE user='" . $_POST["login"] . "';"); ! if(!isset($pass_save_disabled)){ ! if(isset($_POST["savepass"])&&$_POST["savepass"]="1"){ ! //save authcode in a cookie ! setcookie("openFIRSTlogin",$_SESSION["authcode"],time()+2592000,"/"); ! } else { ! //delete cookie ! setcookie("openFIRSTlogin"," ",time()-3600,"/"); ! unset($_COOKIE["openFIRSTlogin"]); ! } ! } ! } else { ! # invalid password! ! unset($user); ! } ! } ! } else { ! # invalid user! ! unset($user); ! } ! } ! ! if(isset($user->user)){ ! #FIXME: Bad SQL handling ! $query = "UPDATE ofirst_members SET lastseen='" . date("h:i:s M d, Y") . "' WHERE user='$user->user';"; ! $q = $ofDB->query($query); ! unset($q); ! } ! } ! ?> Index: Module.php =================================================================== RCS file: /cvsroot/openfirst/base/includes/Module.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** Module.php 29 Jun 2005 21:20:41 -0000 1.3 --- Module.php 30 Jun 2005 02:34:55 -0000 1.4 *************** *** 36,48 **** */ /*public*/ function getIDFromDir($dir) { #$dir = strtolower($dir); //Should I do this? if (!isset($this->dirs[$dir])) { ! $sql = 'SELECT '.ofirst_dbquote_name('modulename'). ! ' FROM '.ofirst_dbquote_table('config'). ! ' WHERE '.ofirst_dbquote_fd_pairs(array('dir'=>$dir), ' AND '). ' LIMIT 0,1'; ! $res = ofirst_dbquery($sql); ! $row = ofirst_dbfetch_object($res); ! ofirst_dbfree_result($res); $this->dirs[$dir] = $row->modulename; } --- 36,49 ---- */ /*public*/ function getIDFromDir($dir) { + global $ofDB; #$dir = strtolower($dir); //Should I do this? if (!isset($this->dirs[$dir])) { ! $sql = 'SELECT '.$ofDB->quoteField('modulename'). ! ' FROM '.$ofDB->quoteTable('config'). ! ' WHERE '.$ofDB->quoteFDPairs(array('dir'=>$dir), ' AND '). ' LIMIT 0,1'; ! $res = $ofDB->query($sql); ! $row = $ofDB->fetchObject($res); ! $ofDB->freeResult($res); $this->dirs[$dir] = $row->modulename; } *************** *** 51,63 **** /*public*/ function getDirsFromID($ID) { if (!isset($this->ids[$ID])) { ! $sql = 'SELECT '.ofirst_dbquote_name('dir'). ! ' FROM '.ofirst_dbquote_table('config'). ! ' WHERE '.ofirst_dbquote_fd_pairs(array('modulename'=>$ID), ' AND '); ! $res = ofirst_dbquery($sql); ! while ($row = ofirst_dbfetch_object($res)) { $this->ids[$ID][] = $row->dir; } ! ofirst_dbfree_result($res); } return $this->ids[$ID]; --- 52,65 ---- /*public*/ function getDirsFromID($ID) { + global $ofDB; if (!isset($this->ids[$ID])) { ! $sql = 'SELECT '.$ofDB->quoteField('dir'). ! ' FROM '.$ofDB->quoteTable('config'). ! ' WHERE '.$ofDB->quoteFDPairs(array('modulename'=>$ID), ' AND '); ! $res = $ofDB->query($sql); ! while ($row = $ofDB->fetchObject($res)) { $this->ids[$ID][] = $row->dir; } ! $ofDB->freeResult($res); } return $this->ids[$ID]; *************** *** 100,107 **** function Module($dir) { ! $sql = 'SELECT * FROM '.ofirst_dbquote_table('config').' WHERE '.ofirst_dbquote_fd_pairs(array('dir'=>$dir), ' AND ').' LIMIT 0,1'; ! $res = ofirst_dbquery($sql); ! $mod = ofirst_dbfetch_object($res); ! ofirst_dbfree_result($res); $this->mName = $mod->label; --- 102,110 ---- function Module($dir) { ! global $ofDB; ! $sql = 'SELECT * FROM '.$ofDB->quoteTable('config').' WHERE '.$ofDB->quoteFDPairs(array('dir'=>$dir), ' AND ').' LIMIT 0,1'; ! $res = $ofDB->query($sql); ! $mod = $ofDB->fetchObject($res); ! $ofDB->freeResult($res); $this->mName = $mod->label; *************** *** 117,120 **** --- 120,126 ---- } else { $this->mIncludes = explode(',', $mod->includes); + foreach($this->mIncludes as $key => $value) { + $this->mIncludes[$key] = replaceVariables($value, $this->getDir()); + } } $this->mNavBar = replaceVariables($mod->modulenavigation, $this->getDir()); *************** *** 123,127 **** $this->mActive = $mod->active; ! ofirst_dbfree_result($res); } --- 129,133 ---- $this->mActive = $mod->active; ! $ofDB->freeResult($res); } Index: globals.php =================================================================== RCS file: /cvsroot/openfirst/base/includes/globals.php,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** globals.php 29 Jun 2005 21:33:47 -0000 1.9 --- globals.php 30 Jun 2005 02:34:55 -0000 1.10 *************** *** 57,60 **** --- 57,61 ---- require_once('compatibility.php'); + require_once('dbase.php'); set_include_path( get_include_path().PATH_SEPARATOR."$configdir/".PATH_SEPARATOR."."); *************** *** 62,69 **** require_once('functions.php'); - require_once('dbase.php'); require_once('auth.php'); require_once('Module.php'); require_once('slug.php'); $sqlTablePrefix = 'ofirst_'; --- 63,71 ---- require_once('functions.php'); require_once('auth.php'); require_once('Module.php'); require_once('slug.php'); + require_once('edit.php'); + require_once('skin.php'); $sqlTablePrefix = 'ofirst_'; *************** *** 71,77 **** require_once('sitesettings.php'); ! if(function_exists("ofirst_dbconnect") == false) { ! die('Your version of PHP has not been compiled with SQL support, therefore the openFIRST web portal system cannot run on this system. Please contact your system administrator to request SQL support for your version of PHP.'); ! } InitUser(); --- 73,79 ---- require_once('sitesettings.php'); ! $ofDB = new DataBase($DBaseType, $sqlServer, $sqlUser, $sqlPassword); ! $ofDB->selectDB($sqlDatabase); ! InitUser(); *************** *** 94,103 **** */ $ogModuleManager = new ModuleManager; ! $res = ofirst_dbquery('SELECT '.ofirst_dbquote_name('dir'). ! ' FROM '.ofirst_dbquote_table('config')); ! if(ofirst_dberrno() != 0) { trigger_error('Error while listing modules!', E_USER_ERROR); } ! while($mod =& ofirst_dbfetch_object($res)) { $dir = $mod->dir; $module =& $ogModuleManager->addModuleFromDir($dir); --- 96,105 ---- */ $ogModuleManager = new ModuleManager; ! $res = $ofDB->query('SELECT '.$ofDB->quoteField('dir'). ! ' FROM '.$ofDB->quoteTable('config')); ! if($ofDB->errorNumber() != 0) { trigger_error('Error while listing modules!', E_USER_ERROR); } ! while($mod =& $ofDB->fetchObject($res)) { $dir = $mod->dir; $module =& $ogModuleManager->addModuleFromDir($dir); *************** *** 108,112 **** foreach ($includes as $include) { if ($include != '') { ! include_once("$fBasePath/$dir/$include"); } } --- 110,114 ---- foreach ($includes as $include) { if ($include != '') { ! include_once($include); } } *************** *** 114,118 **** } } ! ofirst_dbfree_result($res); if (!preg_match('/\A[a-zA-Z0-9]+\z/',session_id())) { --- 116,120 ---- } } ! $ofDB->freeResult($res); if (!preg_match('/\A[a-zA-Z0-9]+\z/',session_id())) { |
