|
From: Joe S. <joe...@us...> - 2002-05-20 19:54:20
|
Update of /cvsroot/phpslash/phpslash-ft/class
In directory usw-pr-cvs1:/tmp/cvs-serv6220/phpslash-ft/class
Modified Files:
Author.class slashAuthCR.class
Log Message:
auth_preauth
Index: Author.class
===================================================================
RCS file: /cvsroot/phpslash/phpslash-ft/class/Author.class,v
retrieving revision 1.18
retrieving revision 1.19
diff -C2 -d -r1.18 -r1.19
*** Author.class 13 Apr 2002 16:35:21 -0000 1.18
--- Author.class 20 May 2002 19:54:17 -0000 1.19
***************
*** 10,14 ****
*/
class Author {
! var $author_templ, $db, $perm, $psl;
/**
--- 10,14 ----
*/
class Author {
! var $author_templ, $db, $perm, $psl, $auth;
/**
***************
*** 22,30 ****
function Author () {
! global $perm, $_PSL;
$this->db = new slashDB;
$this->perm = $perm;
$this->psl = $_PSL;
/* Templates */
--- 22,31 ----
function Author () {
! global $perm, $_PSL, $auth;
$this->db = new slashDB;
$this->perm = $perm;
$this->psl = $_PSL;
+ $this->auth = $auth;
/* Templates */
***************
*** 483,487 ****
*
* @access public
! * @param $ary - permission array for futute use
* @return author_array(id, name)
*/
--- 484,488 ----
*
* @access public
! * @param $ary - permission array for future use
* @return author_array(id, name)
*/
***************
*** 505,508 ****
--- 506,613 ----
return $author_array;
}
+
+ /**
+ * lostpw - send confirmation email for login
+ *
+ *
+ * @access public
+ * @param $ary - HTTP_GET_VARS
+ * @return success state
+ */
+ function lostpw($ary = "") {
+
+ global $REMOTE_ADDR;
+
+ $this->author_templ->set_file(array(
+ "author-lostpw" => "authorEmailLostPW.tpl"
+ ));
+
+ if( $ary['id']) {
+ $q = "SELECT *
+ FROM psl_author
+ WHERE author_id = '$ary[id]' ";
+ } elseif( $ary['username']) {
+ $q = "SELECT *
+ FROM psl_author
+ WHERE author_name = '$ary[username]' ";
+ } else {
+ $this->message = "Missing Username or ID";
+ return false;
+ }
+
+ $this->db->query($q);
+
+ if ($this->db->num_rows() == 0) {
+ $this->message = "Username not found";
+ return false;
+ }
+
+ if ($this->db->next_record()) {
+
+ $cookie_challenge = md5($this->auth->magic .":". $this->psl['basedir']);
+ $md5_pw = $this->db->Record['password']; // this is the raw MD5ed user/pass combo
+ $cookie_response = md5("$md5_pw:$cookie_challenge");
+ // replace the challenge with the date
+ $cookie_challenge = date("Ymd");
+ $cookie_ary[] = $cookie_response;
+ $cookie_ary[] = $this->db->Record['author_name'];
+ $cookie_ary[] = $cookie_challenge;
+ $confirm_hash=serialize($cookie_ary);
+ $confirm_hash=base64_encode($confirm_hash);
+ $confirm_hash=urlencode($confirm_hash);
+ if(!is_valid_email($this->db->Record['email'])) {
+ $this->message = "Sorry the user's email address is not valid";
+ return false;
+ }
+ $this->author_templ->set_var(array(
+ 'REMOTE_ADDR' => $REMOTE_ADDR,
+ 'CONFIRM' => $confirm_hash,
+ 'ROOTURL' => $this->psl['rooturl'],
+ 'MAILTONAME' => $this->db->Record['author_realname'],
+ 'MAILTOADDRESS' => $this->db->Record['email'],
+ 'SITE_NAME' => $this->psl['site_name'],
+ 'SITE_OWNER' => $this->psl['site_owner']
+ ));
+ // parse the to_block to the mail_to variable
+ $this->author_templ->set_block("author-lostpw","to_block","mail_to");
+ $this->author_templ->parse("mail_to", "to_block", true);
+
+ $mail_to = trim($this->author_templ->get_var("mail_to"));
+ debug("mail_to", $mail_to);
+
+ // parse the subject_block to the mail_subject variable
+ $this->author_templ->set_block("author-lostpw","subject_block","mail_subject");
+ $this->author_templ->parse("mail_subject", "subject_block", true);
+
+ $mail_subject = trim($this->author_templ->get_var("mail_subject"));
+ debug("mail_subject", $mail_subject);
+
+ // parse the headers_block to the mail_headers variable
+ $this->author_templ->set_block("author-lostpw","headers_block","mail_headers");
+ $this->author_templ->parse("mail_headers", "headers_block", true);
+
+ $mail_headers = trim($this->author_templ->get_var("mail_headers"));
+ debug("mail_headers", $mail_headers);
+
+ // parse the body_block to the mail_body variable
+ $this->author_templ->set_block("author-lostpw","body_block","mail_body");
+ $this->author_templ->parse("mail_body", "body_block", true);
+
+ $mail_body = $this->author_templ->get_var("mail_body");
+ debug("mail_body", $mail_body);
+
+ if(mail( $mail_to, $mail_subject, $mail_body, $mail_headers)) {
+ $this->message = "Email Confirmation sent";
+ $success = true;
+ } else {
+ $this->message = "Email Confirmation failure";
+ $success = false;
+ }
+ }
+
+ return $success;
+ }
+
+
} /* end of Author.class */
?>
Index: slashAuthCR.class
===================================================================
RCS file: /cvsroot/phpslash/phpslash-ft/class/slashAuthCR.class,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -d -r1.7 -r1.8
*** slashAuthCR.class 12 Apr 2002 15:44:21 -0000 1.7
--- slashAuthCR.class 20 May 2002 19:54:17 -0000 1.8
***************
*** 22,25 ****
--- 22,34 ----
var $cancel_login = "cancel";
var $mode = "log";
+ var $psl;
+
+ function slashAuth() {
+
+ global $_PSL;
+
+ $this->psl = $_PSL;
+
+ }
function auth_loginform() {
***************
*** 58,61 ****
--- 67,114 ----
}
+ function auth_preauth() {
+
+ global $HTTP_COOKIE_VARS;
+
+ // debug("auth", "preauth");
+ if( !empty($HTTP_COOKIE_VARS['user_info'])){
+
+ $cookie_challenge = md5($this->magic .":". $this->psl['basedir']);
+
+ $cookie_ary = unserialize(base64_decode($HTTP_COOKIE_VARS['user_info']));
+
+ # assume the check is gonna fail
+ $uid = false;
+
+ $q = "SELECT *
+ FROM psl_author
+ WHERE author_name = '$cookie_ary[1]' ";
+
+ $this->db->query($q);
+
+ if ($this->db->num_rows() == 0) {
+ return false;
+ }
+
+ while ($this->db->next_record()) {
+ $this->auth["uname"] = $this->db->Record["author_name"];
+
+ $md5_pw = $this->db->Record['password']; // this is the raw MD5ed user/pass combo
+ $expected_response = md5("$md5_pw:$cookie_challenge");
+ if( $expected_response == $cookie_ary[0]) {
+ // preauth successful
+ // debug("preauth", "successful");
+ $this->auth["perm"] = $this->db->Record["perms"];
+ return $this->db->Record["author_id"];
+ } else {
+ // preauth failed
+ // debug("preauth", "failed");
+ return false;
+ }
+ }
+ }
+ }
+
+
function auth_validatelogin() {
***************
*** 66,69 ****
--- 119,124 ----
$challenge = $HTTP_POST_VARS['challenge'];
$response = $HTTP_POST_VARS['response'];
+ $setcookie = $HTTP_POST_VARS['setcookie'];
+ $lostpw = $HTTP_POST_VARS['lostpw'];
# the login form will save the username
***************
*** 80,83 ****
--- 135,146 ----
return false;
}
+
+ if( $lostpw) {
+ $author = new Author;
+ $ary['username'] = $username;
+ $success = $author->lostpw($ary);
+ $this->auth["error"] = $author->message;
+ return false;
+ }
# assume the check is gonna fail
***************
*** 113,124 ****
// Response is set, JS might be enabled...
! if ($expected_response != $response) {
$this->auth["error"] = "Either your username or password are invalid.<br>Please try again.";
return false;
} else {
$this->auth["perm"] = $this->db->Record["perms"];
return $uid;
! }
!
return false;
}
--- 176,198 ----
// Response is set, JS might be enabled...
! if ($expected_response != $response) {
$this->auth["error"] = "Either your username or password are invalid.<br>Please try again.";
return false;
} else {
$this->auth["perm"] = $this->db->Record["perms"];
+ if(isset($setcookie)){
+ $cookie_challenge = md5($this->magic .":". $this->psl['basedir']);
+ $md5_pw = $this->db->Record['password']; // this is the raw MD5ed user/pass combo
+ $cookie_response = md5("$md5_pw:$cookie_challenge");
+ $cookie_ary[] = $cookie_response;
+ $cookie_ary[] = $this->auth['uname'];
+ $cookie_ary[] = $cookie_challenge;
+
+ // setcookie( 'user_info', serialize($cookie_ary), time()+31536000, $this->psl['rooturl'], ereg_replace("www.", "", "$SERVER_NAME"), "");
+ setcookie( 'user_info', base64_encode(serialize($cookie_ary)), time()+31536000,$this->psl['rooturl'] , "" , "");
+ }
return $uid;
! }
!
return false;
}
|
