phpslash-commit Mailing List for phpSlash (Page 27)
Brought to you by:
joestewart,
nhruby
Menu
▾
▴
phpslash-commit — A list for automatically mailed SCM Commits
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(11) |
Nov
(59) |
Dec
(60) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(52) |
Feb
(77) |
Mar
(118) |
Apr
(76) |
May
(106) |
Jun
(145) |
Jul
(9) |
Aug
(15) |
Sep
(78) |
Oct
(83) |
Nov
(105) |
Dec
(51) |
| 2003 |
Jan
(105) |
Feb
(100) |
Mar
(111) |
Apr
(149) |
May
(95) |
Jun
(56) |
Jul
(8) |
Aug
(2) |
Sep
|
Oct
(22) |
Nov
(117) |
Dec
(6) |
| 2004 |
Jan
(1) |
Feb
|
Mar
(3) |
Apr
(25) |
May
|
Jun
(11) |
Jul
(26) |
Aug
(85) |
Sep
(119) |
Oct
(312) |
Nov
(271) |
Dec
(5) |
| 2005 |
Jan
(6) |
Feb
|
Mar
|
Apr
(12) |
May
(7) |
Jun
(8) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2009 |
Jan
(5) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Joe S. <joe...@us...> - 2004-09-18 14:46:55
|
Update of /cvsroot/phpslash/phpslash-dev/include/modules/admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv5452/phpslash-dev/include/modules/admin Added Files: index.php Log Message: Added Admin module --- NEW FILE: index.php --- <?php $content = '<p>'. pslgetText('Welcome') . ' ' . $GLOBALS['auth']->auth['uname'] . '</p>'; return $content; ?> |
|
From: Joe S. <joe...@us...> - 2004-09-18 14:41:26
|
Update of /cvsroot/phpslash/phpslash-dev/include/modules/infolog In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv4335/phpslash-dev/include/modules/infolog Modified Files: admin.php Log Message: Added Admin module Index: admin.php =================================================================== RCS file: /cvsroot/phpslash/phpslash-dev/include/modules/infolog/admin.php,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** admin.php 15 Sep 2004 23:31:47 -0000 1.1 --- admin.php 18 Sep 2004 14:41:10 -0000 1.2 *************** *** 2,6 **** // $Id$ ! global $_PSL, $sess, $auth, $perm; AddClassRequirement("infolog",$_PSL['moduledir'] ."/infolog/Infolog.class"); --- 2,6 ---- // $Id$ ! global $_PSL, $sess, $auth, $perm, $HTTP_POST_VARS; AddClassRequirement("infolog",$_PSL['moduledir'] ."/infolog/Infolog.class"); |
|
From: Joe S. <joe...@us...> - 2004-09-18 14:40:11
|
Update of /cvsroot/phpslash/phpslash-dev In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv4113/phpslash-dev Modified Files: CHANGES Log Message: Added Admin module |
|
From: Joe S. <joe...@us...> - 2004-09-18 14:35:33
|
Update of /cvsroot/phpslash/phpslash-dev/public_html In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv3391/phpslash-dev/public_html Modified Files: config-dist.ini.php config_setup.ini.php Log Message: Added Admin module Index: config-dist.ini.php =================================================================== RCS file: /cvsroot/phpslash/phpslash-dev/public_html/config-dist.ini.php,v retrieving revision 1.14 retrieving revision 1.15 diff -C2 -d -r1.14 -r1.15 *** config-dist.ini.php 15 Sep 2004 23:18:39 -0000 1.14 --- config-dist.ini.php 18 Sep 2004 14:35:24 -0000 1.15 *************** *** 364,367 **** --- 364,373 ---- ;;; + ;; Breadcrumb delimiter + ;; + ;; example: home -> section -> topic + breadcrumb.delimiter = " -> " + + ;;; ;; Notification Options ;; *************** *** 548,551 **** --- 554,563 ---- ;; Error page module ( Page not found) Error = error + ;; Admin Module + ;; assorted blocks for admin uses - security warnings, stats, etc. + Admin = admin + + + ;; default module [default] = Story *************** *** 576,584 **** ;;; end of approvedtags definitions - ;;; - ;; Breadcrumb delimiter - ;; - ;; example: home -> section -> topic - breadcrumb.delimiter = " -> " - ; DO NOT REMOVE THIS LINE ?> --- 588,590 ---- Index: config_setup.ini.php =================================================================== RCS file: /cvsroot/phpslash/phpslash-dev/public_html/config_setup.ini.php,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** config_setup.ini.php 16 Sep 2004 21:06:13 -0000 1.11 --- config_setup.ini.php 18 Sep 2004 14:35:24 -0000 1.12 *************** *** 548,551 **** --- 548,554 ---- ;; Error page module ( Page not found) Error = error + ;; Admin Module + ;; assorted blocks for admin uses - security warnings, stats, etc. + Admin = admin ;; default module [default] = Story |
|
From: Joe S. <joe...@us...> - 2004-09-18 14:30:42
|
Update of /cvsroot/phpslash/phpslash-dev/include/modules/admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2298/phpslash-dev/include/modules/admin Added Files: clearcache.php configperms.php systemdetails.php Log Message: Added Admin module --- NEW FILE: clearcache.php --- <?php // Clear Cache if ($GLOBALS['perm']->have_perm('root')) { if (isset($_GET['clearCache'])) { $clearCache = pslgetText('Cache Cleared'); // Clear jpcache if (function_exists('jpcache_gc')) { // jpcachedir->the full directory path to the jpcache scripts. $clearCache .= "<br />".pslgetText('Clearing jpcache: ')."<br />\n"; jpcache_gc('regex', "/.*/", '100'); jpcache_gc('string', 'index', '100'); } } else { $clearCache = ' <form action="' . $_SERVER['SCRIPT_NAME'] . '" method="get" /> <input name="submit" value="' . pslgetText('Clear Cache') . '" type="submit" /> <input type="hidden" name="clearCache" value="yes" /> </form> '; } } else { $clearCache = ''; } return $clearCache; ?> --- NEW FILE: configperms.php --- <?php // Check if config.ini.php still is writeable. if ($GLOBALS['perm']->have_perm('root') && is_writable($GLOBALS['_PSL']['basedir'] . '/config.ini.php')) { $securityWarning .= '<p>'.getError('After phpSlash is installed, please write protect all php files in the public directory (config.php, config.ini.php, index.php, etc).'); $securityWarning .= '</p><p>From a linux shell the following will make your install more secure and remove this message:<br /> <em>chmod 644 ' . $GLOBALS['_PSL']['basedir'] . '/*.php</em></p>'; } // Check if config_setup.php is still enabled. if ($GLOBALS['perm']->have_perm('root') && file_exists($GLOBALS['_PSL']['basedir'] . '/config_setup.php')) { $securityWarning .= '<p>' . getError('Notice: After phpSlash is installed, please remove config_setup.php and config_setup.ini.php.') .'</p><p>From a linux shell the following wll make your install more secure and remove this message:' . '<br /> <em>rm ' . $GLOBALS['_PSL']['basedir'] . '/config_setup*</em></p>'; } return $securityWarning; ?> --- NEW FILE: systemdetails.php --- <? // System Details if ($GLOBALS['perm']->have_perm('root')) { if (isset($_GET['systemDetails'])) { // From phpList's code - Thanks Michiel! $systemDetailsMsg = '' . pslgetText('Your system details are') . ': '; $systemDetailsMsg .= ' <ul> <li>PHP version: ' . phpversion() . '</li> <li>Webserver: ' . getenv('SERVER_SOFTWARE') . '</li> <li>Mysql Info: ' . mysql_get_server_info() . '</li> <li>PHP Modules:<br /><ul>'; $le = get_loaded_extensions(); foreach($le as $module) { $systemDetailsMsg .= "<li>$module\n</li>"; } $systemDetailsMsg .= '</ul></li></ul>'; // logwrite('Login', "Get system details {$auth->auth['uname']} ({$auth->auth['uid']})"); } else { $systemDetailsMsg = " <form action=\"{$_SERVER['SCRIPT_NAME']}\" method=\"get\" /> <input name=\"submit\" value=\"" . pslgetText('System Details') . "\" type=\"submit\" /> <input type=\"hidden\" name=\"systemDetails\" value=\"yes\" /> </form> "; } } else { $systemDetailsMsg = ''; } return $systemDetailsMsg; ?> |
|
From: Joe S. <joe...@us...> - 2004-09-18 14:30:42
|
Update of /cvsroot/phpslash/phpslash-dev In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2298/phpslash-dev Modified Files: CHANGES Log Message: Added Admin module Index: CHANGES =================================================================== RCS file: /cvsroot/phpslash/phpslash-dev/CHANGES,v retrieving revision 1.100 retrieving revision 1.101 diff -C2 -d -r1.100 -r1.101 *** CHANGES 16 Sep 2004 21:04:55 -0000 1.100 --- CHANGES 18 Sep 2004 14:30:32 -0000 1.101 *************** *** 13,16 **** --- 13,20 ---- 9 - Removal of something (kill -9 :) + 2004-September 18 Joe Stewart <joe...@us... + [F] - Admin module - added blocks from Back-End for file perm + warnings, clearing cache, and system details. + 2004-September 16 Joe Stewart <joe...@us... [WT] - moved login.php new layout with code in auth/index.php |
|
From: Joe S. <joe...@us...> - 2004-09-18 14:29:32
|
Update of /cvsroot/phpslash/phpslash-dev/include/modules/admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv1991/admin Log Message: Directory /cvsroot/phpslash/phpslash-dev/include/modules/admin added to the repository |
|
From: Joe S. <joe...@us...> - 2004-09-17 15:30:14
|
Update of /cvsroot/phpslash/phpslash-dev/public_html/admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv20277/phpslash-dev/public_html/admin Modified Files: index.php Log Message: updated non CR loginform.tpl to be used with other auth methods Index: index.php =================================================================== RCS file: /cvsroot/phpslash/phpslash-dev/public_html/admin/index.php,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -C2 -d -r1.1.1.1 -r1.2 *** index.php 12 Mar 2003 16:12:57 -0000 1.1.1.1 --- index.php 17 Sep 2004 15:30:04 -0000 1.2 *************** *** 1,90 **** <?php - // $Id$ - - require('config.php'); - - $pagetitle = pslgetText('Home'); // The name to be displayed in the header - $xsiteobject = pslgetText('Home Page'); // This Defines The META Tag Object Type - if(!empty($HTTP_GET_VARS['login'])) { - $auth->login_if($HTTP_GET_VARS['login']); - } - - // Objects - - // does the module get variable match a module definition? - if(!empty($HTTP_GET_VARS['module'])) { - if(!empty($_PSL['module'][$HTTP_GET_VARS['module']])) { - $_PSL['module']['module.current'] = $_PSL['module'][$HTTP_GET_VARS['module']]; - } - } - - // no match, go to "admin" link page - if(empty($_PSL['module']['module.current'])) { Header("Location: ../login.php"); exit; - } - - // get content from the module - $allstories = include($_PSL['moduledir'] ."/". $_PSL['module']['module.current'] ."/admin.php"); - - // setup the block module - $_PSL['module']['module.current'] = $_PSL['module']['Block']; - include($_PSL['moduledir'] ."/". $_PSL['module']['module.current'] ."/index.php"); - $block = pslNew("Block_i"); - - - $ary['section'] = "Admin"; - // Start of Page - - $_PSL['metatags']['object'] = $xsiteobject; - - slashhead($pagetitle,$_PSL['metatags']); - - // $allstories = $story->getStories($ary); - $leftblocks = $block->getBlocks($ary, "left"); - $centerblocks = $block->getBlocks($ary, "center"); - $rightblocks = $block->getBlocks($ary, "right"); - - if (empty($leftblocks)) { - if (empty($rightblocks)) { - // $centerblocks = $block->getBlocks($ary); - $tplfile = "index1col.tpl"; - } else { - $tplfile = 'index2colright.tpl'; - } - } elseif (empty($rightblocks)) { - $tplfile = 'index2colleft.tpl'; - } else { - $tplfile = 'index3col.tpl'; - } - - $template = pslNew("slashTemplate",$_PSL['templatedir']); - $template->debug = 0; - $template->set_file(array( - 'index' => $tplfile //"index3col.tpl" - )); - - if( !empty($GLOBALS['QUERY_STRING'])) { - $QUERY_STRING = '?'.$GLOBALS['QUERY_STRING']; - } else { - $QUERY_STRING = ''; - } - - $template->set_var(array( - 'QUERYSTRING' => $QUERY_STRING, - 'ROOTDIR' => $_PSL['rooturl'], - 'IMAGEDIR' => $_PSL['imageurl'], - 'BREADCRUMB' => $breadcrumb, - 'STORY_COLUMN' => $allstories, - 'LEFT_BLOCK_COLUMN' => $leftblocks, - 'CENTER_BLOCK_COLUMN' => $centerblocks, - 'RIGHT_BLOCK_COLUMN' => $rightblocks - )); - $template->parse('OUT','index'); - $template->p('OUT'); - - slashfoot(); - page_close(); ?> --- 1,6 ---- |
|
From: Joe S. <joe...@us...> - 2004-09-17 15:19:38
|
Update of /cvsroot/phpslash/phpslash-dev/scripts In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18271/phpslash-dev/scripts Modified Files: db_xfer.php.disabled Log Message: updated non CR loginform.tpl to be used with other auth methods Index: db_xfer.php.disabled =================================================================== RCS file: /cvsroot/phpslash/phpslash-dev/scripts/db_xfer.php.disabled,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** db_xfer.php.disabled 6 Sep 2004 01:34:29 -0000 1.3 --- db_xfer.php.disabled 17 Sep 2004 15:19:28 -0000 1.4 *************** *** 461,464 **** --- 461,465 ---- $section_id_ary[] = $section->getId("Submission"); $section_id_ary[] = $section->getId("test"); + $section_id_ary[] = $section->getId("User"); $ary['section_id_ary'] = $section_id_ary; |
|
From: Joe S. <joe...@us...> - 2004-09-17 15:17:57
|
Update of /cvsroot/phpslash/phpslash-dev/tables/0.8 In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv17896/phpslash-dev/tables/0.8 Modified Files: slash-all.sql Log Message: updated non CR loginform.tpl to be used with other auth methods Index: slash-all.sql =================================================================== RCS file: /cvsroot/phpslash/phpslash-dev/tables/0.8/slash-all.sql,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** slash-all.sql 8 Sep 2004 20:07:59 -0000 1.8 --- slash-all.sql 17 Sep 2004 15:17:47 -0000 1.9 *************** *** 128,132 **** INSERT INTO db_sequence (seq_name, nextid) VALUES ('psl_glossary_seq',1); INSERT INTO db_sequence (seq_name, nextid) VALUES ('psl_blocktype_seq',20); ! INSERT INTO db_sequence (seq_name, nextid) VALUES ('psl_section_block_lut_seq',439); INSERT INTO db_sequence (seq_name, nextid) VALUES ('psl_permission_seq',82); INSERT INTO db_sequence (seq_name, nextid) VALUES ('psl_group_seq',28); --- 128,132 ---- INSERT INTO db_sequence (seq_name, nextid) VALUES ('psl_glossary_seq',1); INSERT INTO db_sequence (seq_name, nextid) VALUES ('psl_blocktype_seq',20); ! INSERT INTO db_sequence (seq_name, nextid) VALUES ('psl_section_block_lut_seq',440); INSERT INTO db_sequence (seq_name, nextid) VALUES ('psl_permission_seq',82); INSERT INTO db_sequence (seq_name, nextid) VALUES ('psl_group_seq',28); *************** *** 981,987 **** INSERT INTO psl_section_block_lut (lut_id, block_id, section_id) VALUES (438,171,5); INSERT INTO psl_section_block_lut (lut_id, block_id, section_id) VALUES (439,171,7); -- ! -- Table structure for table 'psl_section_lut' -- --- 981,988 ---- INSERT INTO psl_section_block_lut (lut_id, block_id, section_id) VALUES (438,171,5); INSERT INTO psl_section_block_lut (lut_id, block_id, section_id) VALUES (439,171,7); + INSERT INTO psl_section_block_lut (lut_id, block_id, section_id) VALUES (440,155,8); -- ! -- Table structure for table `psl_section_lut` -- |
|
From: Joe S. <joe...@us...> - 2004-09-16 21:08:50
|
Update of /cvsroot/phpslash/phpslash-dev In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv1175/phpslash-dev Modified Files: ChangeLog Log Message: updated non CR loginform.tpl to be used with other auth methods Index: ChangeLog =================================================================== RCS file: /cvsroot/phpslash/phpslash-dev/ChangeLog,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** ChangeLog 15 Sep 2004 23:37:14 -0000 1.11 --- ChangeLog 16 Sep 2004 21:08:41 -0000 1.12 *************** *** 1,13 **** 2004-09-15 18:36 joestewart ! * include/modules/auth/authtypes/: slashAuthCR.class, ! slashAuthLDAP.class: removed classes that already had been moved ! to module directories. moved Infolog and slashAuth to module ! directories. 2004-09-15 18:31 joestewart ! * include/modules/: infolog/Infolog.class, infolog/admin.php, ! variable/Variable.class, variable/admin.php: removed classes that already had been moved to module directories. moved Infolog and slashAuth to module directories. --- 1,35 ---- + 2004-09-16 16:05 joestewart + + * include/modules/auth/authtypes/: slashAuth.class, + slashAuthCR.class: updated non CR loginform.tpl to be used with + other auth methods + 2004-09-15 18:36 joestewart ! * include/modules/auth/slashAuth.class, ! include/modules/auth/slashAuthCR.class, ! include/modules/auth/authtypes/slashAuthCR.class, ! include/modules/auth/authtypes/slashAuthLDAP.class, ChangeLog: ! removed classes that already had been moved to module ! directories. moved Infolog and slashAuth to module directories. 2004-09-15 18:31 joestewart ! * public_html/admin/variableAdmin.php, ! include/modules/infolog/Infolog.class, ! include/modules/infolog/admin.php, ! include/modules/variable/Variable.class, ! include/modules/variable/admin.php, ChangeLog: removed classes ! that already had been moved to module directories. moved Infolog ! and slashAuth to module directories. ! ! 2004-09-15 18:18 joestewart ! ! * include/class/Comment.class, include/class/Group.class, ! include/class/Infolog.class, include/class/NavBar.class, ! include/class/TopicBar.class, include/class/Variable.class, ! public_html/config-dist.ini.php, public_html/config-dist.php, ! public_html/config_setup.ini.php, ! public_html/admin/infologAdmin.php, CHANGES: removed classes that already had been moved to module directories. moved Infolog and slashAuth to module directories. |
|
From: Joe S. <joe...@us...> - 2004-09-16 21:06:21
|
Update of /cvsroot/phpslash/phpslash-dev/public_html In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv663/phpslash-dev/public_html Modified Files: config_setup.ini.php Log Message: updated non CR loginform.tpl to be used with other auth methods Index: config_setup.ini.php =================================================================== RCS file: /cvsroot/phpslash/phpslash-dev/public_html/config_setup.ini.php,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** config_setup.ini.php 15 Sep 2004 23:18:39 -0000 1.10 --- config_setup.ini.php 16 Sep 2004 21:06:13 -0000 1.11 *************** *** 251,255 **** ;; 'reg' - allow users to register themselves and create accounts on your site ;; 'log' - restrict the creation of new accounts to administrators ! authmode = "reg" ;;; --- 251,255 ---- ;; 'reg' - allow users to register themselves and create accounts on your site ;; 'log' - restrict the creation of new accounts to administrators ! auth.mode = "reg" ;;; |
|
From: Joe S. <joe...@us...> - 2004-09-16 21:05:17
|
Update of /cvsroot/phpslash/phpslash-dev In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv443/phpslash-dev Modified Files: CHANGES Log Message: updated non CR loginform.tpl to be used with other auth methods Index: CHANGES =================================================================== RCS file: /cvsroot/phpslash/phpslash-dev/CHANGES,v retrieving revision 1.99 retrieving revision 1.100 diff -C2 -d -r1.99 -r1.100 *** CHANGES 16 Sep 2004 19:21:21 -0000 1.99 --- CHANGES 16 Sep 2004 21:04:55 -0000 1.100 *************** *** 14,19 **** 2004-September 16 Joe Stewart <joe...@us... ! [W] - moved login.php new layout with code in auth/index.php ! 2004-September 15 Joe Stewart <joe...@us... [W] - removed classes that already had been moved to module directories. --- 14,21 ---- 2004-September 16 Joe Stewart <joe...@us... ! [WT] - moved login.php new layout with code in auth/index.php ! updated non CR loginform.tpl to be used with other auth ! methods. ! 2004-September 15 Joe Stewart <joe...@us... [W] - removed classes that already had been moved to module directories. |
|
From: Joe S. <joe...@us...> - 2004-09-16 21:05:17
|
Update of /cvsroot/phpslash/phpslash-dev/include/modules/auth In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv443/phpslash-dev/include/modules/auth Modified Files: slashAuth.class Log Message: updated non CR loginform.tpl to be used with other auth methods Index: slashAuth.class =================================================================== RCS file: /cvsroot/phpslash/phpslash-dev/include/modules/auth/slashAuth.class,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** slashAuth.class 15 Sep 2004 23:36:29 -0000 1.1 --- slashAuth.class 16 Sep 2004 21:05:07 -0000 1.2 *************** *** 114,118 **** $templ = pslNew("slashTemplate"); $templ->set_file(array( ! 'form' => 'loginformCR.tpl', 'index' => 'index1col.tpl' )); --- 114,118 ---- $templ = pslNew("slashTemplate"); $templ->set_file(array( ! 'form' => 'loginform.tpl', 'index' => 'index1col.tpl' )); *************** *** 787,795 **** } ! // dummy method to be overridden in child class function psl_validate($username, $password, $response, $user_info) { ! return false; } // dummy method to be overridden in child class function psl_preauth($username, $password, $user_info) { --- 787,823 ---- } ! // method to be overridden in child class ! // used by authtypes/slashAuthCR.class and authtypes/slashAuth.class function psl_validate($username, $password, $response, $user_info) { ! global $challenge; ! ! // debug("response", $response); ! // debug("challenge", $challenge); ! ! $is_user = false; ! ! // generate the expected response ! $md5_pw = $user_info['password']; // this is the raw MD5ed user/pass combo ! ! $expected_response = md5("$md5_pw:$challenge"); ! // debug("expected_response", $expected_response); ! // True when JS is disabled ! if ($response == "") { ! $md5_pw_net = md5("$username:$password"); ! $response = md5("$md5_pw_net:$challenge"); ! } ! ! // Response is set, JS might be enabled... ! // compare the responses ! if ($expected_response == $response) { ! // success ! $is_user = true; ! } else { ! $this->auth["error"] = pslgetText("Either your username or password are invalid. Please try again."); ! } ! return $is_user; } + // dummy method to be overridden in child class function psl_preauth($username, $password, $user_info) { *************** *** 797,801 **** } - } --- 825,828 ---- |
|
From: Joe S. <joe...@us...> - 2004-09-16 21:05:17
|
Update of /cvsroot/phpslash/phpslash-dev/include/templates/en/basic In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv443/phpslash-dev/include/templates/en/basic Modified Files: loginform.tpl Log Message: updated non CR loginform.tpl to be used with other auth methods Index: loginform.tpl =================================================================== RCS file: /cvsroot/phpslash/phpslash-dev/include/templates/en/basic/loginform.tpl,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -C2 -d -r1.1.1.1 -r1.2 *** loginform.tpl 12 Mar 2003 16:12:52 -0000 1.1.1.1 --- loginform.tpl 16 Sep 2004 21:05:06 -0000 1.2 *************** *** 5,10 **** <p class="error">{ERROR}</p> ! <form action="{ACTION_URL}" method="post"> ! <table border="0" align="center" cellspacing="0" cellpadding="4"> <tr> <td class="descr">Username:</td> --- 5,11 ---- <p class="error">{ERROR}</p> ! <form name="login" action="{ACTION_URL}" method="post" onsubmit="doChallengeResponse()"> ! ! <table border="0" cellspacing="0" cellpadding="4" align="center"> <tr> <td class="descr">Username:</td> *************** *** 22,27 **** </td> </tr> </table> </form> ! </div> <!-- id="loginForm" --> ! <!-- End loginForm.tpl --> \ No newline at end of file --- 23,56 ---- </td> </tr> + <tr> + <td class="descr"><input type="checkbox" name="setcookie" /></td> + <td class="descr">Remember me? ( Stay logged in from this computer)</td> + </tr> + <tr> + <td class="descr"><input type="checkbox" name="lostpw" /></td> + <td class="descr">Oops, I lost my password.<br /> Send an email with a link that allows me to change my password</td> + </tr> </table> + <input type="hidden" name="challenge" value="{CHALLENGE}" /> + <input type="hidden" name="response" value="" /> </form> ! ! <script language="JavaScript" type="text/javascript"> ! <!-- ! // Activate the appropriate input form field. ! if (document.login.username.value == '') { ! document.login.username.focus(); ! } else { ! document.login.password.focus(); ! } ! // --> ! </script> ! </div> ! <!-- BEGIN reg_block --> ! <div align="center"> ! Don't have an account yet? Use our <a href="{PHP_SELF}?login=yes&mode=reg">Registration form</a> ! </div> ! <!-- END reg_block --> ! <!-- id="loginForm" --> ! <!-- end loginform.tpl --> ! |
|
From: Joe S. <joe...@us...> - 2004-09-16 21:05:17
|
Update of /cvsroot/phpslash/phpslash-dev/include/modules/auth/authtypes In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv443/phpslash-dev/include/modules/auth/authtypes Modified Files: slashAuthCR.class Added Files: slashAuth.class Log Message: updated non CR loginform.tpl to be used with other auth methods --- NEW FILE: slashAuth.class --- <?php /* $Id: slashAuth.class,v 1.1 2004/09/16 21:05:07 joestewart Exp $ * */ class slashAuth extends slashAuth_base { } ?> Index: slashAuthCR.class =================================================================== RCS file: /cvsroot/phpslash/phpslash-dev/include/modules/auth/authtypes/slashAuthCR.class,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** slashAuthCR.class 15 Sep 2004 23:36:30 -0000 1.1 --- slashAuthCR.class 16 Sep 2004 21:05:07 -0000 1.2 *************** *** 14,71 **** // psl built in Challenge Response ! function psl_validate($username, $password, $response, $user_info) { ! global $challenge; ! // debug("response", $response); ! // debug("challenge", $challenge); ! $is_user = false; ! // generate the expected response ! $md5_pw = $user_info['password']; // this is the raw MD5ed user/pass combo ! ! $expected_response = md5("$md5_pw:$challenge"); ! // debug("expected_response", $expected_response); ! // True when JS is disabled ! if ($response == "") { ! $md5_pw_net = md5("$username:$password"); ! $response = md5("$md5_pw_net:$challenge"); } ! // Response is set, JS might be enabled... ! // compare the responses ! if ($expected_response == $response) { ! // success ! $is_user = true; } else { ! $this->auth["error"] = pslgetText("Either your username or password are invalid. Please try again."); ! } ! return $is_user; ! } ! // psl built in "Remember Me" ! function psl_preauth($username, $password, $user_info) { ! global $HTTP_COOKIE_VARS; ! ! $is_user = false; ! ! // decode the cookie data into an array ! $cookie_ary = unserialize(base64_decode($HTTP_COOKIE_VARS['user_info'])); ! ! // generate the challenge we expect ! $cookie_challenge = md5($this->magic .":". $this->psl['basedir']); ! ! $md5_pw = $password; // this is the raw MD5ed user/pass combo ! $expected_response = md5("$md5_pw:$cookie_challenge"); ! ! // compare the response given in the cookie to expected response ! if( $expected_response == $cookie_ary[0]) { ! $is_user = true; } ! return $is_user; ! } ! } --- 14,91 ---- // psl built in Challenge Response ! ! /** ! * auth_loginform - displays the login form ! * ! * @todo: Move to Block_render_login ! * ! * @return void ! */ ! function auth_loginform() { ! global $challenge, $sess, $saved_get, $saved_post; ! ! // preserve the POST variable through the login process ! $saved_post = $_POST; ! $saved_get = $_GET; ! $sess->register("saved_post"); ! $sess->register("saved_get"); ! // generate a challenge word if needed. ! if (empty($challenge)) { ! $challenge = md5(uniqid($this->magic)); ! $sess->register("challenge"); ! } ! ! // create the template object ! $templ = pslNew("slashTemplate"); ! $templ->set_file(array( ! 'form' => 'loginformCR.tpl', ! 'index' => 'index1col.tpl' ! )); ! ! $templ->set_var( array( ! // 'ACTION_URL' => $this->psl['rooturl'] . "/login.php", ! 'ACTION_URL' => $this->psl['phpself'], ! 'PHP_SELF' => $this->psl['phpself'], ! 'ROOTURL' => $this->psl['rooturl'], ! 'CHALLENGE' => $challenge ! )); ! ! // Display the previously used name in the form field ! if (isset($this->auth["uname"]) && $this->auth["uname"] != "nobody") { ! $templ->set_var('USERNAME', htmlentities($this->auth["uname"])); ! } else { ! $templ->set_var('USERNAME', ""); ! // $this->auth["error"] = ""; } ! // Display message string if present ! if (isset($this->auth["error"])) { ! $templ->set_var('ERROR', $this->auth["error"]); } else { ! $templ->set_var('ERROR', ""); ! } ! // Link to registration screen if enabled ! $templ->set_block("form","reg_block","regblock"); ! if( $this->psl['auth.mode'] == "reg") { ! $templ->parse("regblock", "reg_block", true); } ! AddClassRequirement("navbar",$this->psl['moduledir'] ."/". $this->psl['module']['NavBar'] ."/NavBar.class"); ! $navbar = pslNew("NavBar"); ! // display ! $templ->set_var(array( ! 'TOP' => getHeader('Login', 'Login') . $navbar->getNavBar('navbarBlockh'), ! 'CENTER_BLOCK_COLUMN' => $templ->parse('form','form'), ! 'BOTTOM' => getFooter() ! )); ! ! $templ->pparse('OUT','index'); ! ! } } |
|
From: Joe S. <joe...@us...> - 2004-09-16 19:21:46
|
Update of /cvsroot/phpslash/phpslash-dev In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12340/phpslash-dev Modified Files: CHANGES Log Message: added auth/index.php Index: CHANGES =================================================================== RCS file: /cvsroot/phpslash/phpslash-dev/CHANGES,v retrieving revision 1.98 retrieving revision 1.99 diff -C2 -d -r1.98 -r1.99 *** CHANGES 15 Sep 2004 23:19:35 -0000 1.98 --- CHANGES 16 Sep 2004 19:21:21 -0000 1.99 *************** *** 13,16 **** --- 13,19 ---- 9 - Removal of something (kill -9 :) + 2004-September 16 Joe Stewart <joe...@us... + [W] - moved login.php new layout with code in auth/index.php + 2004-September 15 Joe Stewart <joe...@us... [W] - removed classes that already had been moved to module directories. |
|
From: Joe S. <joe...@us...> - 2004-09-16 19:21:46
|
Update of /cvsroot/phpslash/phpslash-dev/public_html In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12340/phpslash-dev/public_html Modified Files: login.php Log Message: added auth/index.php Index: login.php =================================================================== RCS file: /cvsroot/phpslash/phpslash-dev/public_html/login.php,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** login.php 8 Sep 2004 19:17:31 -0000 1.5 --- login.php 16 Sep 2004 19:21:22 -0000 1.6 *************** *** 2,79 **** // $Id$ ! $HTTP_GET_VARS['section'] = 'User'; ! ! // don't cache this page $cachetimeout=-1; ! require('config.php'); ! ! $pagetitle = pslgetText('Administration'); // The name to be displayed in the header ! $xsiteobject = pslgetText('Administration Page'); // This Defines The META Tag Object Type ! if (isset($HTTP_POST_VARS['cancel'])) { ! $sess->delete(); ! Header("Location: " . $_PSL['rooturl'] ."/"); // go home ! die("\n"); // Kill script if not dead already, possible memory leak ! } ! ! if ((!empty($HTTP_GET_VARS['logout'])) && ($perm->have_perm('user'))) { ! // if (isset($HTTP_GET_VARS['logout'])) { ! if(isset($HTTP_COOKIE_VARS['user_info'])) { ! $user_info = unserialize(base64_decode($HTTP_COOKIE_VARS['user_info'])); ! if(!array_key_exists('preferences',$user_info)) { ! $rooturl_ary = parse_url($this->psl['rooturl']); ! setcookie( 'user_info', '', time()-31536000, $rooturl_ary['path'], "", ""); ! // $sess->delete(); ! $HTTP_COOKIE_VARS['user_info'] = ''; ! } ! } ! ! // expire cache for this session ! if(function_exists('jpcache_gc')) { ! jpcache_gc('string', "-slashSess-" . $sess->id, "100"); ! } ! ! $username = $auth->auth['uname']; ! // $sess->delete(); // may be needed for phplib session4.inc ! // discard prefs when logging out. ! $auth->auth['preferences'] = ''; ! $auth->auth["error"] = sprintf(pslgetText("%s logged out."), $username); ! $auth->auth['uid'] = 'nobody'; ! $auth->auth['perm'] = ""; ! ! $HTTP_GET_VARS['logout'] = ''; ! } ! ! // old kludge for phplib to accept login from an external form such as the login block. Will be removed. jvs - 02/18/2003 - ! // If new auth had replaced existing phplib auth. 08/30/2004 ! if(isset($_POST['username']) && !$perm->have_perm('user')) { // this would be present if a login is in progress ! $auth->auth["uid"]= "form"; // this is what auth seems to want ! $auth->start(); ! } ! $auth->login_if(!$perm->have_perm('user')); - /* - if(!empty($HTTP_GET_VARS['login'])) { - $auth->login_if($HTTP_GET_VARS['login']); - } - */ $_PSL['metatags']['object'] = $xsiteobject; - // Objects - - // $ary['section'] = 'User'; - // $ary['page'] = 'index'; - // setup the block module ! $_PSL['module']['module.current'] = $_PSL['module']['Block']; ! include($_PSL['moduledir'] ."/". $_PSL['module']['module.current'] ."/index.php"); ! $block = pslNew("Block_i"); ! ! // Start of Page ! ! $content = $block->getBlocks($ary, "page"); echo $content; --- 2,23 ---- // $Id$ ! // don't cache login page $cachetimeout=-1; ! require("config.php"); + $ary['module'] = 'Auth'; + $ary['section'] = 'User'; + $ary['section_id'] = '8'; ! $pagetitle = pslgetText('Administration'); // The name to be displayed in the header ! $xsiteobject = pslgetText('Administration'); // This Defines The META Tag Object Type $_PSL['metatags']['object'] = $xsiteobject; // setup the block module ! $content = include($_PSL['moduledir'] ."/". $_PSL['module']['Block'] ."/index.php"); + // show page echo $content; |
|
From: Joe S. <joe...@us...> - 2004-09-16 19:21:32
|
Update of /cvsroot/phpslash/phpslash-dev/include/modules/auth In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12340/phpslash-dev/include/modules/auth Added Files: index.php Log Message: added auth/index.php --- NEW FILE: index.php --- <?php // $Id: index.php,v 1.1 2004/09/16 19:21:22 joestewart Exp $ global $sess, $auth, $perm, $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_COOKIE_VARS; $pagetitle = pslgetText('Administration'); // The name to be displayed in the header $xsiteobject = pslgetText('Administration Page'); // This Defines The META Tag Object Type $content = ''; if (isset($HTTP_POST_VARS['cancel'])) { $sess->delete(); Header("Location: " . $_PSL['rooturl'] ."/"); // go home die("\n"); // Kill script if not dead already, possible memory leak } if ((!empty($HTTP_GET_VARS['logout'])) && ($perm->have_perm('user'))) { // if (isset($HTTP_GET_VARS['logout'])) { if(isset($HTTP_COOKIE_VARS['user_info'])) { $user_info = unserialize(base64_decode($HTTP_COOKIE_VARS['user_info'])); if(!array_key_exists('preferences',$user_info)) { $rooturl_ary = parse_url($this->psl['rooturl']); setcookie( 'user_info', '', time()-31536000, $rooturl_ary['path'], "", ""); // $sess->delete(); $HTTP_COOKIE_VARS['user_info'] = ''; } } // expire cache for this session if(function_exists('jpcache_gc')) { jpcache_gc('string', "-slashSess-" . $sess->id, "100"); } $username = $auth->auth['uname']; // $sess->delete(); // may be needed for phplib session4.inc // discard prefs when logging out. $auth->auth['preferences'] = ''; $auth->auth["error"] = sprintf(pslgetText("%s logged out."), $username); $auth->auth['uid'] = 'nobody'; $auth->auth['perm'] = ""; $HTTP_GET_VARS['logout'] = ''; } // old kludge for phplib to accept login from an external form such as the login block. Will be removed. jvs - 02/18/2003 - // If new auth had replaced existing phplib auth. 08/30/2004 if(isset($_POST['username']) && !$perm->have_perm('user')) { // this would be present if a login is in progress $auth->auth["uid"]= "form"; // this is what auth seems to want $auth->start(); } $auth->login_if(!$perm->have_perm('user')); return $content; page_close(); ?> |
|
From: Joe S. <joe...@us...> - 2004-09-15 23:37:24
|
Update of /cvsroot/phpslash/phpslash-dev In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv14355/phpslash-dev Modified Files: ChangeLog Log Message: removed classes that already had been moved to module directories. moved Infolog and slashAuth to module directories. Index: ChangeLog =================================================================== RCS file: /cvsroot/phpslash/phpslash-dev/ChangeLog,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** ChangeLog 15 Sep 2004 23:33:41 -0000 1.10 --- ChangeLog 15 Sep 2004 23:37:14 -0000 1.11 *************** *** 1,2 **** --- 1,9 ---- + 2004-09-15 18:36 joestewart + + * include/modules/auth/authtypes/: slashAuthCR.class, + slashAuthLDAP.class: removed classes that already had been moved + to module directories. moved Infolog and slashAuth to module + directories. + 2004-09-15 18:31 joestewart |
|
From: Joe S. <joe...@us...> - 2004-09-15 23:36:40
|
Update of /cvsroot/phpslash/phpslash-dev/include/modules/auth In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv14210/phpslash-dev/include/modules/auth Added Files: slashAuth.class Removed Files: slashAuthCR.class Log Message: removed classes that already had been moved to module directories. moved Infolog and slashAuth to module directories. --- NEW FILE: slashAuth.class --- <?php /* $Id: slashAuth.class,v 1.1 2004/09/15 23:36:29 joestewart Exp $ * * Provides the authorization functions of PHPSlash * * Extends the phplib auth class. * * Quoting the phplib local.inc * * "A variation of Auth which uses a Challenge-Response * Authentication. The password never crosses the net in clear, * if the remote system supports JavaScript. Please read the * Documentation section about CR Authentication to understand * what is going on." * * NOTE: This class does NOT use the PSL page layout engine */ class slashAuth_base extends Auth { var $classname = "slashAuth"; // For object health var $lifetime = 15; var $database_class = "slashDB"; var $database_table = "auth_user"; var $magic = "monkeyisnotanape"; var $nobody = true; var $cancel_login = "cancel"; var $mode = "log"; var $psl; var $sess; /** * customizes class names and loads the class definitions * * @param string classnames (as many as you want) * @return void */ function loadClasses() { $arr = func_get_args(); foreach($arr as $class) { $this->$class = pslGetClass($this->$class); loadClass($this->$class); } } /** * functions as a class constructor. * Called from page_open. * * @return void */ function start() { global $_PSL, $sess; $this->psl = &$_PSL; $this->sess = &$sess; // If the magic word is defined in the config file - use it. if(!empty($_PSL['magic'])) { $this->magic = $_PSL['magic']; } AddClassRequirement("author",$_PSL['moduledir'] ."/". $_PSL['module']['Author'] ."/Author.class"); $this->loadClasses("database_class"); // setup registration mode or login only if (!empty($_GET['mode']) && $_GET['mode']=='reg') { if( !empty($_PSL['auth.mode'])) { $this->mode = $_PSL['auth.mode']; } else { $this->mode='reg'; } } else { $this->mode='log'; } // use preferences if(!empty($this->auth['preferences'])) { $this->use_preferences(); } // call underlying phplib auth Auth::start(); } /** * auth_loginform - displays the login form * * @todo: Move to Block_render_login * * @return void */ function auth_loginform() { global $challenge, $sess, $saved_get, $saved_post; // preserve the POST variable through the login process $saved_post = $_POST; $saved_get = $_GET; $sess->register("saved_post"); $sess->register("saved_get"); // generate a challenge word if needed. if (empty($challenge)) { $challenge = md5(uniqid($this->magic)); $sess->register("challenge"); } // create the template object $templ = pslNew("slashTemplate"); $templ->set_file(array( 'form' => 'loginformCR.tpl', 'index' => 'index1col.tpl' )); $templ->set_var( array( // 'ACTION_URL' => $this->psl['rooturl'] . "/login.php", 'ACTION_URL' => $this->psl['phpself'], 'PHP_SELF' => $this->psl['phpself'], 'ROOTURL' => $this->psl['rooturl'], 'CHALLENGE' => $challenge )); // Display the previously used name in the form field if (isset($this->auth["uname"]) && $this->auth["uname"] != "nobody") { $templ->set_var('USERNAME', htmlentities($this->auth["uname"])); } else { $templ->set_var('USERNAME', ""); // $this->auth["error"] = ""; } // Display message string if present if (isset($this->auth["error"])) { $templ->set_var('ERROR', $this->auth["error"]); } else { $templ->set_var('ERROR', ""); } // Link to registration screen if enabled $templ->set_block("form","reg_block","regblock"); if( $this->psl['auth.mode'] == "reg") { $templ->parse("regblock", "reg_block", true); } AddClassRequirement("navbar",$this->psl['moduledir'] ."/". $this->psl['module']['NavBar'] ."/NavBar.class"); $navbar = pslNew("NavBar"); // display $templ->set_var(array( 'TOP' => getHeader('Login', 'Login') . $navbar->getNavBar('navbarBlockh'), 'CENTER_BLOCK_COLUMN' => $templ->parse('form','form'), 'BOTTOM' => getFooter() )); $templ->pparse('OUT','index'); } /** * auth_preauth - allow for auto login or preference loading. * * @return int */ function auth_preauth() { global $sess; // debug("auth", "preauth"); // The preauth cookie is called 'user_info' if( !empty($_COOKIE['user_info'])){ // generate the challenge we expect $cookie_challenge = md5($this->magic .":". $this->psl['basedir']); // decode the cookie data into an array $cookie_ary = unserialize(base64_decode($_COOKIE['user_info'])); # assume the check is gonna fail $uid = false; $user_info = $this->get_psluser_info($cookie_ary[1]); $is_user = $this->psl_preauth($user_info['author_name'], $user_info['password'], $user_info); // if the user is not found - apply any preferences if ($is_user == false) { if(!empty($cookie_ary['preferences'])) { $this->auth['preferences'] = $cookie_ary['preferences']; // use preferences $this->use_preferences(); } return false; } // user found - now check for correct data $this->auth["uname"] = $user_info["author_name"]; $this->auth["dname"] = $user_info["author_realname"]; $temparray=unserialize($user_info['author_options']); $md5_pw = $user_info['password']; // this is the raw MD5ed user/pass combo $expected_response = md5("$md5_pw:$cookie_challenge"); // compare the response given in the cookie to expected response if( $expected_response == $cookie_ary[0]) { // preauth successful // debug("preauth", "successful"); $this->auth["url"] = $user_info["url"]; $uid = $user_info["author_id"]; $this->auth["perm"] = $this->get_userperms($uid); // use preferences if(!empty($temparray['preferences'])){ $this->auth['preferences'] = $temparray['preferences']; $this->use_preferences(); } // expire cache for this session if(function_exists('jpcache_gc')) { jpcache_gc('string', "-slashSess-" . $sess->id, "100"); } // success is signalled by returning the user's id. return $uid; } else { // preauth failed // debug("preauth", "failed"); return false; } } else if ($this->nobody) { // no user_info cookie // if public access allowed apply the data for user named 'nobody' $arg_ary['author_name'] = 'nobody'; $author_ary = $this->load_user_info($arg_ary); $this->auth['preferences'] = ''; // get rid of session variables and use the db author record. $this->clear_session_vars(); // expire cache for this session if(function_exists('jpcache_gc')) { jpcache_gc('string', "-slashSess-" . $sess->id, "100"); } // return the id for user 'nobody' return $author_ary['author_id']; } } /** * auth_validatelogin - process the login form. * * @return int */ function auth_validatelogin() { global $saved_get, $saved_post, $challenge, $sess; // If no POST variables this must be an error or user // abandoned a login form to return to a public area of site if(empty($_POST)) { // This will happen when abandoning a login form // need to load the data for the 'nobody' user. if(!empty($this->auth['uid']) && ($this->auth['uid'] == 'nobody' || $this->auth['uid'] == 'form')){ $arg_ary['author_name'] = 'nobody'; $author_ary = $this->load_user_info($arg_ary); return $author_ary['author_id']; } return false; } $setcookie = ''; $lostpw = ''; // set form entries to local variables $username = $_POST['username']; $password = ''; if(array_key_exists('password', $_POST)) { $password = $_POST['password']; } // $challenge = $_POST['challenge']; // use session variable $response = $_POST['response']; if(!empty($_POST['setcookie'])) { $setcookie = $_POST['setcookie']; } if(!empty($_POST['lostpw'])) { $lostpw = $_POST['lostpw']; } // missing challenge - shouldn't happen if(empty($_POST['challenge'])) { // $this->auth["error"] = "debug only - missing challenge"; return false; } // old loginforms expire - prevents hitting "back" or // "refresh" to login if($challenge != $_POST['challenge']) { // $this->auth["error"] = "debug only - wrong challenge"; return false; } // the login form will save the username if(isset($username)) { $this->auth["uname"] = $username; } else if ($this->nobody) { // provides for "default login cancel" $arg_ary['author_name'] = 'nobody'; $author_ary = $this->load_user_info($arg_ary); return $author_ary['author_id']; } // check for missing name or other shenanigans if ($username == "" || strstr($username,"'")) { // spit out empty login form $this->auth["error"] = pslgetText("Either your username or password are invalid. Please try again."); return false; } // If the "Lost password" reminder is checked - call the // method in Author class. if( $lostpw) { $author = pslNew("Author"); $ary['username'] = $username; $success = $author->lostpw($ary); $this->auth["error"] = $author->message; return false; } // assume the check is gonna fail $uid = false; $user_info = $this->get_psluser_info($username); // username not found - return failure if ($user_info == false) { return false; } // username found $uid = $user_info["author_id"]; $this->auth["uid"] = $user_info["author_id"]; $this->auth["uname"] = $user_info["author_name"]; $this->auth["dname"] = $user_info["author_realname"]; $this->auth["url"] = $user_info["url"]; // auth type specific validation // psl built in Challenge Response // other auth methods can return true or false for validation results $is_user = $this->psl_validate($username, $password, $response, $user_info); // Drop password for safety $password=''; $_POST['password'] = ''; if ($is_user == false) { // failed - return with error message $this->auth["error"] = pslgetText("Either your username or password are invalid. Please try again."); return false; } else { // success - authenticated // set Remember Me cookie if(!empty($setcookie)){ $this->set_preauth_cookie($user_info); } // apply user's preferences $temparray=unserialize($user_info['author_options']); if(!empty($temparray['preferences'])){ $this->auth['preferences'] = $temparray['preferences']; $this->use_preferences(); } // load the user's permissions/group membership $this->auth["perm"] = $this->get_userperms( $uid); // successful - no errors $this->auth["error"] = ""; // restore saved POST variables $_GET = $saved_get; $_POST = $saved_post; // clear the session variables $saved_get = ''; $saved_post = ''; $challenge = ''; // get rid of session variables and use the db author record. $this->clear_session_vars(); // expire cache for this session if(function_exists('jpcache_gc')) { jpcache_gc('string', "-slashSess-" . $sess->id, "100"); } // signal success by returning user id return $uid; } $this->auth["error"] = pslgetText("Either your username or password are invalid. Please try again."); return false; } /** * auth_registerform - displays the registration form. * * @todo Move to new class: Block_render_registerform * * @return void */ function auth_registerform() { global $sess; // create the template object $templ = pslNew("slashTemplate"); $templ->set_file(array( form => "registerform.tpl" )); // Fill out any fields already saved $templ->set_var(ACTION_URL,$this->psl['rooturl']."/login.php?mode=reg"); $templ->set_var(PHP_SELF,$this->psl[phpself]); if (isset($this->auth["uname"])) { $templ->set_var(USERNAME,$this->auth['uname']); } else { $templ->set_var(USERNAME,""); $this->auth["error"] = ""; } if (isset($this->auth["email"])) { $templ->set_var(EMAIL,$this->auth["email"]); } else { $templ->set_var(EMAIL,""); } if (isset($this->auth["realname"])) { $templ->set_var(REALNAME,$this->auth["realname"]); } else { $templ->set_var(REALNAME,""); } if (isset($this->auth["url"])) { $templ->set_var(URL,$this->auth["url"]); } else { $templ->set_var(URL,""); } if (isset($this->auth["quote"])) { $templ->set_var(QUOTE,$this->auth["quote"]); } else { $templ->set_var(QUOTE,""); } if (isset($this->auth["seclev"])) { $templ->set_var(SECLEV,$this->auth["seclev"]); } else { $templ->set_var(SECLEV,""); } if (isset($this->auth["error"])) { $templ->set_var(ERROR,$this->auth["error"]); } else { $templ->set_var(ERROR,""); } // display the form // - see auth_loginform for an example of how to make the screen look more consistent echo getHeader("Register", "Register"); AddClassRequirement("navbar",$this->psl['moduledir'] ."/". $this->psl['module']['NavBar'] ."/NavBar.class"); $navbar = pslNew("NavBar"); echo $navbar->getNavBar(); $templ->pparse(OUT,"form"); echo getFooter(); } /** * auth_doregister - validate the registration. * * @return void */ function auth_doregister() { global $challenge, $response; // if no POST variables, this must be an error if(empty($_POST)) { return false; } // save the entered data - to display the form again with data $this->auth["uname"] = $username = $_POST['username']; $this->auth["realname"] = $realname = $_POST['realname']; $this->auth["email"] = $email = $_POST['email']; $this->auth["url"] = $url = $_POST['url']; $this->auth["quote"] = $quote = $_POST['quote']; $this->auth["seclev"] = $seclev = $_POST['seclev']; // password is not saved in the session $pass1 = $_POST['pass1']; $pass2 = $_POST['pass2']; // if form empty - complain if ($username == "" || $pass1 == ""){ $this->auth["error"] = pslgetText("Username or password missing. Please try again."); return false; } // Check the passwords for validity. if ($pass1 != $pass2) { $this->auth["error"] = pslgetText("Password and repeated password do not match. Please try again."); return false; } if (($pass1 == "") OR ($pass2 == "")) { $this->auth["error"] = pslgetText("Please enter your password."); return false; } // assume the check is gonna fail $uid = false; $user_info = $this->get_psluser_info($username); if($user_info) { // If user is present and password matches, silently log // the user in. $md5_pw = md5($username .":". $pass1); if($this->psl_validate($username, $md5_pw, '', $user_info)) { // if ($user_info["password"] == $md5_pw) { $uid = $user_info["author_id"]; $this->auth["uid"] = $user_info['author_id']; $this->auth["uname"] = $user_info['author_name']; // $this->auth["perm"] = $user_info['perms']; $this->auth["email"] = $user_info['email']; $this->auth["realname"] = $user_info['realname']; // $this->auth["perm"] = $this->get_userperms($uid); return $uid; } // If user is present and password does not match, // complain and fail. $this->auth["error"] = pslgetText("This username is already taken. Please choose a different one."); return false; } // add new user $author = pslNew("Author"); $ary["author_name"] = $username; $ary["password"] = $pass1; $ary["email"] = $email; $ary["url"] = $url; $ary["quote"] = $quote; $ary["author_realname"] = $realname; $ary["seclev"] = $seclev; // temporary kludge to fix registration $perm_ary['nobody'] = 20; $perm_ary['user'] = 21; $ary["permission"] = $perm_ary; // use Author.class saveAuthor for account creation if ($author->saveAuthor($ary)) { // successful account creation // attempt to log in the new user // $password = $pass1; $_POST['username'] = $username; $_POST['password'] = $pass1; // $_POST['challenge'] = md5(uniqid($this->magic)); $_POST['challenge'] = $challenge; $_POST['response'] = ''; // debug("username", $username); // debug("pass1", $pass1); $uid = $this->auth_validatelogin(); if( $uid == false) { $this->auth["error"] = pslgetText("Account created, but validation failed"); } return $uid; } else { // account creation failed $this->auth["error"] = pslgetText("User Registration failed"); return false; } } /** * get_userperms - return an array of the user's group memberships. * * @return array */ function get_userperms($uid) { /* * Get the group perms's for this author into an array */ $q = "SELECT psl_permission.permission_name, psl_group.group_name, psl_group.group_id FROM psl_group, psl_author_group_lut, psl_group_permission_lut, psl_permission WHERE psl_group.group_id = psl_author_group_lut.group_id AND psl_group.group_id = psl_group_permission_lut.group_id AND psl_group_permission_lut.permission_id = psl_permission.permission_id AND psl_author_group_lut.author_id = '$uid' "; // debug("q", $q); $this->db->query($q); while ($this->db->next_record()) { $group_id = $this->db->Record['group_id']; // Load the group and its permissions $this->auth['perm'][$this->db->Record['group_name']][$this->db->Record['permission_name']] = true; // get the available sections for this group $q = "SELECT section_id FROM psl_group_section_lut WHERE group_id = '$group_id' "; $db2 = pslNew("slashDB"); $db2->query($q); while ($db2->next_record()) { $section_perm = "section_id". $db2->Record['section_id']; $this->auth["perm"][$this->db->Record['group_name']][$section_perm] = true; } } /* * Get the group->group perm's for this author into an array */ // first get all the group names in an array $q = "SELECT group_name, group_id FROM psl_group "; // debug("q", $q); $this->db->query($q); while ($this->db->next_record()) { $groups_ary[$this->db->Record['group_id']] = $this->db->Record['group_name']; } // get the group of groups for this user $q = "SELECT psl_group_group_lut.group_id, psl_group_group_lut.childgroup_id FROM psl_author_group_lut, psl_group_group_lut WHERE psl_group_group_lut.group_id = psl_author_group_lut.group_id AND psl_author_group_lut.author_id = '$uid' "; // debug("q", $q); $this->db->query($q); while ($this->db->next_record()) { $group_id = $this->db->Record['group_id']; $childgroup_id = $this->db->Record['childgroup_id']; $group_name = $groups_ary[$group_id]; $childgroup_name = ''; if(!empty($groups_ary[$childgroup_id])) { $childgroup_name = $groups_ary[$childgroup_id]; } if(empty($this->auth['perm'])) { $this->auth['perm'] = array(); } if( array_key_exists($childgroup_name, $this->auth['perm'])) { // We already know the perms for this group $this->auth['perm'][$group_name][$childgroup_name] = $this->auth['perm'][$childgroup_name]; } else { // We don't have the perms for this group so - // query to get group perms $q = "SELECT psl_permission.permission_name FROM psl_group_permission_lut, psl_permission WHERE psl_group_permission_lut.permission_id = psl_permission.permission_id AND psl_group_permission_lut.group_id = '$childgroup_id' "; // debug("q", $q); $db2 = pslNew("slashDB"); $db2->query($q); while ($db2->next_record()) { $this->auth['perm'][$group_name][$childgroup_name][$db2->Record['permission_name']] = true; // get the available sections for this group $q = "SELECT section_id FROM psl_group_section_lut WHERE group_id = '$childgroup_id' "; $db3 = pslNew("slashDB"); $db3->query($q); while ($db3->next_record()) { $section_perm = "section_id". $db3->Record['section_id']; $this->auth["perm"][$group_name][$childgroup_name][$section_perm] = true; } } } // endif } //end while return $this->auth['perm']; } // end of function get_userperms() function clear_session_vars() { $this->clear_session_var("comment_name"); $this->clear_session_var("comment_email"); $this->clear_session_var("comment_url"); } function clear_session_var($var) { if($this->sess->is_registered($var)) { $this->sess->unregister($var); $_SESSION[$var] = null; unset($GLOBALS[$var]); } } function use_preferences() { // use language preference if(isset($this->auth['preferences']['lang'])) { $this->psl['languagefile'] = setLang($this->auth['preferences']['lang']); $this->psl['templatedir'] = setLangTpl($this->auth['preferences']['lang']); } // use skin preference if ((isset($this->auth['preferences']['skin'])) && ($this->psl['defaultskin'] != $this->auth['preferences']['skin'])){ $this->psl['templatedir'] = setSkinTpl($this->auth['preferences']['skin'],"userpref"); } } function load_user_info($arg_ary) { loadClass('Author'); $author_ary = Author::getAuthor($arg_ary); $this->auth["perm"] = $this->get_userperms($author_ary['author_id']); $this->auth["dname"] = $author_ary['author_realname']; $this->auth["uname"] = $author_ary['author_name']; $this->auth["email"] = $author_ary['email']; $this->auth["url"] = $author_ary['url']; return $author_ary; } function get_psluser_info($username) { $info = false; $q = "SELECT * FROM psl_author WHERE author_name = '$username' "; $this->db->query($q); if($this->db->next_record()) { $info = $this->db->Record; } return $info; } function set_preauth_cookie($user_info) { // set preauth cookie so the user won't have // to log in again $cookie_challenge = md5($this->magic .":". $this->psl['basedir']); $md5_pw = $user_info['password']; // this is the raw MD5ed user/pass combo $cookie_response = md5("$md5_pw:$cookie_challenge"); $cookie_ary[] = $cookie_response; $cookie_ary[] = $this->auth['uname']; $cookie_ary[] = $cookie_challenge; // strip the rooturl down to its path for the cookie path. $rooturl_ary = parse_url($this->psl['rooturl']); setcookie( 'user_info', base64_encode(serialize($cookie_ary)), time()+31536000,$rooturl_ary['path'] , "" , ""); } // dummy method to be overridden in child class function psl_validate($username, $password, $response, $user_info) { return false; } // dummy method to be overridden in child class function psl_preauth($username, $password, $user_info) { return false; } } ?> --- slashAuthCR.class DELETED --- |
|
From: Joe S. <joe...@us...> - 2004-09-15 23:36:39
|
Update of /cvsroot/phpslash/phpslash-dev/include/modules/auth/authtypes In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv14210/phpslash-dev/include/modules/auth/authtypes Added Files: slashAuthCR.class slashAuthLDAP.class Log Message: removed classes that already had been moved to module directories. moved Infolog and slashAuth to module directories. --- NEW FILE: slashAuthCR.class --- <?php /* $Id: slashAuthCR.class,v 1.1 2004/09/15 23:36:30 joestewart Exp $ * * Quoting the phplib local.inc * * "A variation of Auth which uses a Challenge-Response * Authentication. The password never crosses the net in clear, * if the remote system supports JavaScript. Please read the * Documentation section about CR Authentication to understand * what is going on." */ class slashAuth extends slashAuth_base { // psl built in Challenge Response function psl_validate($username, $password, $response, $user_info) { global $challenge; // debug("response", $response); // debug("challenge", $challenge); $is_user = false; // generate the expected response $md5_pw = $user_info['password']; // this is the raw MD5ed user/pass combo $expected_response = md5("$md5_pw:$challenge"); // debug("expected_response", $expected_response); // True when JS is disabled if ($response == "") { $md5_pw_net = md5("$username:$password"); $response = md5("$md5_pw_net:$challenge"); } // Response is set, JS might be enabled... // compare the responses if ($expected_response == $response) { // success $is_user = true; } else { $this->auth["error"] = pslgetText("Either your username or password are invalid. Please try again."); } return $is_user; } // psl built in "Remember Me" function psl_preauth($username, $password, $user_info) { global $HTTP_COOKIE_VARS; $is_user = false; // decode the cookie data into an array $cookie_ary = unserialize(base64_decode($HTTP_COOKIE_VARS['user_info'])); // generate the challenge we expect $cookie_challenge = md5($this->magic .":". $this->psl['basedir']); $md5_pw = $password; // this is the raw MD5ed user/pass combo $expected_response = md5("$md5_pw:$cookie_challenge"); // compare the response given in the cookie to expected response if( $expected_response == $cookie_ary[0]) { $is_user = true; } return $is_user; } } ?> --- NEW FILE: slashAuthLDAP.class --- <?php /* $Id: slashAuthLDAP.class,v 1.1 2004/09/15 23:36:30 joestewart Exp $ * * Mostly taken from Back-End LDAP.class which was: * Written by Peter Starowicz <pe...@op...> for OpenConcept.ca * * This module unfinished and untested - remove this when completed * */ class slashAuth extends slashAuth_base { // LDAP validation function psl_validate($username, $password, $user_info) { global $challenge; $is_user = false; $md5_pw = $this->ldap_pass($username); // generate the expected response $expected_response = md5("$md5_pw:$challenge"); // True when JS is disabled if ($response == "") { $md5_pw_net = md5("$username:$password"); $response = md5("$md5_pw_net:$challenge"); } if ($expected_response != $response) { // failed - return with error message $this->auth["error"] = pslgetText("Either your username or password are invalid. Please try again."); $is_user = false; } else { // success $is_user = true; } return $is_user; } /** * * Find and return the MD5 encoded password for the specified user * * **/ function ldap_pass($username = "") { // debug('function LDAP_pass()', ""); $ldap_user = $this->ldap_search_user($username); if ($ldap_user) { $md5_pw = md5($username .":". $ldap_user[0]["password"][0]; // return $ldap_user[0]["password"][0]; } //debug('function ldap_pass() ', 'failed'); return false; } /** * * Find and return the specified LDAP user * * **/ function ldap_search_user($username = "") { //debug('function LDAP_search_user()', ""); $this->ds = @ldap_connect($this->Host, $this->Port); $ldap_search_result = @ldap_search($this->ds, $this->Base_dn, $this->Search_detail."=".$username); if ($ldap_search_result) { //debug("function LDAP_search() ldap_search_result",print_r($ldap_search_result)); $result = ldap_get_entries($this->ds, $ldap_search_result); //debug("function LDAP_search() result",print_r($result)); return $result; } //debug('function LDAP_search_user() ', ' failed'); return false; } } ?> |
|
From: Joe S. <joe...@us...> - 2004-09-15 23:35:10
|
Update of /cvsroot/phpslash/phpslash-dev/include/modules/auth/authtypes In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv13845/authtypes Log Message: Directory /cvsroot/phpslash/phpslash-dev/include/modules/auth/authtypes added to the repository |
|
From: Joe S. <joe...@us...> - 2004-09-15 23:33:52
|
Update of /cvsroot/phpslash/phpslash-dev In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv13531/phpslash-dev Modified Files: ChangeLog Log Message: removed classes that already had been moved to module directories. moved Infolog and slashAuth to module directories. Index: ChangeLog =================================================================== RCS file: /cvsroot/phpslash/phpslash-dev/ChangeLog,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** ChangeLog 11 Sep 2004 15:10:18 -0000 1.9 --- ChangeLog 15 Sep 2004 23:33:41 -0000 1.10 *************** *** 1,2283 **** ! 2004-09-11 10:48 lems1 * CHANGES: added bugfix note about file.php jpcache support ! 2004-09-11 10:45 lems1 * include/class/jpcache/type/file.php: added a check for the ! JPCACHE_DIR. If this doesn't exist, then we attempt to create it ! using php4's mkdir(). Note that mkdir won't try to recursively make ! the directories needed to reach this path [...4589 lines suppressed...] ! public_html/images/topics/topicredhat.gif, ! public_html/images/topics/topicscience.gif, ! public_html/images/topics/topicsgi.gif, ! public_html/images/topics/topicslashdot.gif, ! public_html/images/topics/topicspam.jpg, ! public_html/images/topics/topicstarwars.gif, ! public_html/images/topics/topicsun.gif, ! public_html/images/topics/topicsuse.gif, ! public_html/images/topics/topictech2.jpg, ! public_html/images/topics/topictv.jpg, ! public_html/images/topics/topicunix.jpg, ! public_html/images/topics/topicus.gif, ! public_html/images/topics/topicwine.gif, ! public_html/images/topics/topicx.jpg, ! public_html/images/topics/topicxmas.jpg, ! public_html/styles/basic.css, public_html/styles/xhtmlb.css, ! scripts/db_xfer.php3.disabled, scripts/url_test.php, ! tables/0.7/65_to_7.sql, tables/0.7/slash-all.sql: Initial ! revision |
|
From: Joe S. <joe...@us...> - 2004-09-15 23:31:59
|
Update of /cvsroot/phpslash/phpslash-dev/include/modules/variable In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv13201/phpslash-dev/include/modules/variable Added Files: Variable.class admin.php Log Message: removed classes that already had been moved to module directories. moved Infolog and slashAuth to module directories. --- NEW FILE: Variable.class --- <?php /* * Class: Variable * * Layer: All * Desc.: * * NOTES/TO-DO: get rid of the global's * */ class Variable { var $variable_templ; var $var_array; var $db; var $psl; /* * CONSTRUCTORS */ function Variable () { global $_PSL, $message; $this->var_array['rootdir'] = $_PSL['rooturl']; $this->var_array['basedir'] = $_PSL['basedir']; $this->psl = $_PSL; $this->db = pslNew("slashDB"); $this->message = ''; /* Templates */ $this->variable_templ = pslNew("slashTemplate",$this->psl['templatedir']); $this->variable_templ->debug = 0; $this->variable_templ->set_file(array( listvariable => "variableList.tpl", newvariable => "variableNew.tpl" )); } /* * METHODS */ function getvar($variable_name, $mode="") { if (isset($this->var_array[$variable_name])) { return $this->var_array[$variable_name]; # we have it - return it. } else { #get var from db and store in cache ($this->var_array) $query = "SELECT variable_name, value FROM psl_variable WHERE variable_name='$variable_name'"; $this->db->query($query); if ($this->db->next_record()) { $this->var_array[$variable_name] = $this->db->Record[value]; } else { if( $mode != "quiet") { $this->message = "<BR><BR><B>VARIABLE.CLASS::GETVAR: I don't have a \$$variable_name variable!!</B><BR><BR>\n"; } return 0; } } return $this->var_array[$variable_name]; } function setvar($name,$val) { if ( ($name == "") || ($val == "") ) { return false; } $query = "UPDATE psl_variable SET value='$val' WHERE variable_name='$name'"; if ($this->db->query($query)) { return true; } else { return false; }; } /* * Just prints the form with the list of existing variables * Used only by admin */ function listVariable() { $q = "SELECT * FROM psl_variable ORDER BY variable_name"; $this->db->query($q); $this->variable_templ->set_var('TITLEBAR',getTitlebar("100%","Change existing Variable")); $this->variable_templ->set_block("listvariable","row","rows"); while ($this->db->next_record()) { $variable_id = $this->db->Record[variable_id]; $admin = "<A HREF=$this->psl['phpself']?submit=edit&variable_id=$variable_id>(Edit)</A>"; $admin .= "<A HREF=$this->psl['phpself']?submit=delete&variable_id=$variable_id>(Delete)</A>"; $this->variable_templ->set_var(array( ACTION_URL => $this->psl['phpself'], VARIABLE_ID => $variable_id, VARIABLE_NAME => $this->db->Record[variable_name], VARIABLE_DESC => $this->db->Record[description], VARIABLE_VALUE => $this->db->Record[value], ADMIN => $admin )); $this->variable_templ->parse("rows","row",true); }; return $this->variable_templ->parse(OUT,array("listvariable")); // $this->variable_templ->p(OUT); } /* * Saves the variable in the $ary array to the DB * Obligatory fields: variable_name, description, value * Optional fields: variable_id (only if this variable is already in the DB), * Returns true if sucessful (variable added or updated), false on error * Used only by admin */ function saveVariable($ary) { /* we need to check for the stuff to add in the DB before we actually * add anything. And yes, I know it looks like I just passed my * "Intro to C++ Programming" class. --ajay */ /* We don't test for variable_id because no variable_id means, that this is a new variable. We also don't test for the "value" because an empty value is a valid one. */ if ($ary[variable_name] == "") { $this->message = "There is no variable_name in Variable.class::saveVariable"; return false; } if ($ary[description] == "") { $this->messge = "There is no description in Variable.class::saveVariable"; return false; } /* addslashes for the (') AND str_replace for the (") */ $ary[description] = clean($ary["description"]); $ary[variable_name] = clean($ary["variable_name"]); $ary[variable_name] = clean($ary["variable_name"]); /* if a record exists, then we update, else we insert a new variable! */ if (isset($ary[variable_id])) { $this->db->query("SELECT variable_id FROM psl_variable WHERE variable_id = '$ary[variable_id]'"); if ($this->db->next_record()) { $q = "UPDATE psl_variable SET variable_name = '$ary[variable_name]', description = '$ary[description]', value = '$ary[value]', variable_group = '$ary[group]' WHERE variable_id = '$ary[variable_id]'"; } $this->message = "Variable updated"; } else { $ary[variable_id] = generateID("psl_variable_seq"); $q = "INSERT INTO psl_variable (variable_id, variable_name, description, value, variable_group) VALUES ('$ary[variable_id]', '$ary[variable_name]', '$ary[description]', '$ary[value]', '$ary[group]')"; $this->message = "Variable saved"; } # echo "<BR><B>QUERY: $q</B><BR>\n"; $this->db->query($q); return true; } /* Given the variable_id, it deletes that from the variable table. The * psl_variable_lut and psl_variable_submission_lut table must be cleaned * first by updating all the stories to point to different variables. It * will also check and make sure there are NO stories/submissions * associated with this variable before deleting it. Returns true if * variable is deleted, false if not. */ function deleteVariable($variable_id) { if (!$variable_id) { return false; } $q = "DELETE FROM psl_variable WHERE variable_id = '$variable_id'"; if ($this->db->query($q)) { return true; } else { return false; } } /* * Just prints out the "form" and points the user to the "save" method * Used only by admin */ function newVariable() { $this->variable_templ->set_var(array( 'TITLEBAR' => getTitlebar("100%","Add a new Variable"), ACTION_URL => $this->psl['phpself'] )); return $this->variable_templ->parse(OUT,array("newvariable")); // $this->variable_templ->p(OUT); } } /* end of Variable.class */ ?> --- NEW FILE: admin.php --- <?php // $Id: admin.php,v 1.1 2004/09/15 23:31:47 joestewart Exp $ global $_PSL, $sess, $auth, $perm; # header title $pagetitle = pslgetText("Administration"); #Defines The META TAG Page Type $xsiteobject = pslgetText("Administration"); /***************************** START OF PAGE *****************************/ $auth->login_if(!$perm->have_perm('variableList')); /* DEBUG */ // debug( "HTTP_POST_VARS" , $HTTP_POST_VARS); // debug( "HTTP_GET_VARS" , $HTTP_GET_VARS); // debug( "variable_name", $variable_name ); /* DEBUG */ AddClassRequirement("topic",$_PSL['moduledir'] ."/variable/Variable.class"); $variable = pslNew("Variable"); $content = ''; if(!empty($HTTP_POST_VARS['submit'])) { $submit = clean($HTTP_POST_VARS['submit']); $variable_ary = clean($HTTP_POST_VARS['variable_ary']); $variable_name = clean($HTTP_POST_VARS['variable_name']); $variable_id = clean($HTTP_POST_VARS['variable_id']); $description = clean($HTTP_POST_VARS['description']); $variable_value = clean($HTTP_POST_VARS['variable_value']); $variable_group = clean($HTTP_POST_VARS['variable_group']); } elseif (!empty($HTTP_GET_VARS['submit'])) { $submit = clean($HTTP_GET_VARS['submit']); } else { $submit = ''; } if ($perm->have_perm("variableList")) { switch ($submit) { case "delete": if($perm->have_perm("variableDelete")) { while ( list( $key, $val ) = each( $variable_ary ) ) { $success = $variable->deleteVariable($variable_ary[$key]); } } break; case "new": if($perm->have_perm("variableSave")) { $success = $variable->saveVariable(clean($HTTP_POST_VARS)); } break; case "update": if($perm->have_perm("variableEdit")) { reset ($variable_id); while ( list( $key, $val ) = each( $variable_id ) ) { $ary["variable_id"] = $variable_id[$key]; $ary["variable_name"] = $variable_name[$key]; $ary["description"] = $description[$key]; $ary["value"] = $variable_value[$key]; $ary["variable_group"] = $variable_group[$key]; if ($variable->saveVariable($ary)) { $content .= "<em>$variable_name[$key]</em> has been updated<BR>\n"; } else { $content .= "<em>$variable_name[$key]</em> has <strong>not</strong> been updated<BR>\n"; } } } break; default: break; } if($perm->have_perm("variableNew")) { $content .= $variable->newVariable(); } if($perm->have_perm("variableList")) { $content .= $variable->listVariable(); } } else { $content = getTitlebar("100%","Error! Invalid Privileges"); $content .= "Sorry. You do not have the necessary privilege to view this page."; } return $content; ?> |
2 messages has been excluded from this view by a project administrator.
