[Webnotes-cvs] webnotes/core access_api.php,1.2,1.3 api.php,1.19,1.20 config_api.php,1.2,1.3 config_inc.php,1.14,1.15 constants_inc.php,1.2,1.3 css_inc.php,1.2,1.3 html_api.php,1.3,1.4

[<vb...@us...>]

Update of /cvsroot/webnotes/webnotes/core
In directory usw-pr-cvs1:/tmp/cvs-serv8861/core

Modified Files:
	access_api.php api.php config_api.php config_inc.php 
	constants_inc.php css_inc.php html_api.php 
Log Message:
- Fixed 0000011: Support MD5 password encryption (includes db change)
- Fixed 0000043: Support Plain Passwords 
- Fixed 0000044: Warning if administrator/root account still enabled
- Fixed 0000045: Administrator Account Details (includes db change)
- Added db_upgrade.sql
- Included the meta tags in some pages.
- Some cleanup of the login pages (there is still a problem with login!!)

Index: access_api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/access_api.php,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- access_api.php	11 Sep 2002 09:49:54 -0000	1.2
+++ access_api.php	14 Sep 2002 06:22:03 -0000	1.3
@@ -10,13 +10,44 @@
 
 	### --------------------
 	function password_match( $p_test_password, $p_password ) {
-		$salt = substr( $p_password, 0, 2 );
-		if ( crypt( $p_test_password, $salt ) == $p_password ) {
-			return true;
-		}
-		else {
-			return false;
+		switch( config_get( 'auth_type' ) ) {
+			case AUTH_PLAIN: 
+				return ( strcmp( $p_test_password, $p_password ) == 0 );
+
+			case AUTH_CRYPT: 
+				$salt = substr( $p_password, 0, 2 );
+				return ( crypt( $p_test_password, $salt ) == $p_password );
+
+			case AUTH_MD5: 
+				return ( md5( $p_test_password ) == $p_password );
+				
+			default:
+				# @@@@ Replace with proper error
+				echo "Invalid authentication type";
+				exit;
+		} // switchconfig_get()) {
+	}
+	### --------------------
+	function access_verify_login( $p_username, $p_password )	{
+		global $g_phpWN_user_table;
+
+		$c_username = db_prepare_string( $p_username );
+
+		### get user info
+		$query = "SELECT *
+				FROM $g_phpWN_user_table
+				WHERE username='$c_username'";
+		$result = db_query( $query );
+		$row = db_fetch_array( $result );
+
+		if ( $row ) {
+			extract( $row, EXTR_PREFIX_ALL, 'v' );
+		} else {
+			### invalid login, retry
+			return (false);
 		}
+
+		return ( password_match( $p_password, $v_password ) );
 	}
 	### --------------------
 	function create_random_password( $p_email ) {
@@ -26,8 +57,7 @@
 	}
 	### --------------------
 	function is_moderator() {
-		global 	$g_string_cookie_val, $g_phpWN_user_table,
-				$g_hostname, $g_db_username, $g_db_password, $g_database_name;
+		global 	$g_string_cookie_val, $g_phpWN_user_table;
 
 		$query = "SELECT COUNT(*)
 				FROM $g_phpWN_user_table
@@ -41,26 +71,18 @@
 	### checks to see that a user is logged in
 	### if the user is and the account is enabled then let them pass
 	### otherwise redirect them to the login page
-	function login_cookie_check( $p_redirect_url="" ) {
-		global 	$g_string_cookie_val,
-				$g_login_page, $g_logout,
-				$g_hostname, $g_db_username, $g_db_password, $g_database_name,
-				$g_phpWN_user_table;
-				
-		### @@@@@ DISABLE FOR NOW
-		return;
+	function login_cookie_check( $p_redirect_url = '' ) {
+		global $g_string_cookie_val, $g_login_page, $g_logout;
 
 		### if logged in
 		if ( isset( $g_string_cookie_val ) ) {
 			if ( empty( $g_string_cookie_val ) ) {
-				header( "Location: $g_login_page" );
-				exit;
+				util_header_redirect( $g_login_page );
 			}
 
 			### go to redirect
 			if ( !empty( $p_redirect_url ) ) {
-				header( "Location: $p_redirect_url" );
-				exit;
+				util_header_redirect( $p_redirect_url );
 			}
 			### continue with current page
 			else {
@@ -69,8 +91,7 @@
 		}
 		### not logged in
 		else {
-			header( "Location: $g_login_page" );
-			exit;
+			util_header_redirect( $g_login_page );
 		}
 	}
 	### --------------------

Index: api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/api.php,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -d -r1.19 -r1.20
--- api.php	13 Sep 2002 07:17:53 -0000	1.19
+++ api.php	14 Sep 2002 06:22:03 -0000	1.20
@@ -28,7 +28,7 @@
 	# Filenames
 	$g_login = $g_web_directory . 'login' . $g_ext;
 	$g_login_page = $g_web_directory . 'login_page' . $g_ext;
-	$g_login_success_page = $g_web_directory . 'index' . $g_ext;
+	$g_login_success_page = $g_web_directory . 'admin' . $g_ext;
 	$g_logout = $g_web_directory . 'logout' . $g_ext;
 	$g_logout_redirect_page = $g_web_directory;
 
@@ -40,6 +40,7 @@
 	$g_admin_change_password = $g_web_directory . 'admin_change_password' . $g_ext;
 
 	$g_css_inc_file = $g_absolute_directory . 'core' . DIRECTORY_SEPARATOR . 'css_inc' . $g_ext;
+	$g_meta_inc_file = $g_absolute_directory . 'core' . DIRECTORY_SEPARATOR . 'meta_inc' . $g_ext;
 
 	$g_note_add_page = $g_web_directory . 'note_add_page' . $g_ext;
 	$g_note_preview_page = $g_web_directory . 'note_preview_page' . $g_ext;
@@ -65,6 +66,9 @@
 	require_once( $t_path_core . 'gpc_api.php' );
 	require_once( $t_path_main . DIRECTORY_SEPARATOR . 'themes' . DIRECTORY_SEPARATOR . $g_theme . 
 					DIRECTORY_SEPARATOR . 'theme_api.php' );
+
+	# Cookies
+	$g_string_cookie_val = gpc_get_cookie( $g_string_cookie, '' );
 
 	###########################################################################
 	### END                                                                 ###

Index: config_api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/config_api.php,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- config_api.php	11 Sep 2002 09:49:54 -0000	1.2
+++ config_api.php	14 Sep 2002 06:22:03 -0000	1.3
@@ -76,4 +76,4 @@
 			exit;
 		}
 	}
-?>
\ No newline at end of file
+?>

Index: config_inc.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/config_inc.php,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- config_inc.php	11 Sep 2002 14:33:59 -0000	1.14
+++ config_inc.php	14 Sep 2002 06:22:03 -0000	1.15
@@ -61,10 +61,6 @@
 
 	### Cookies
 	$g_string_cookie = 'PHPWEBNOTES_COOKIE_STRING';
-	$g_string_cookie_val = '';
-	if ( isset( $HTTP_COOKIE_VARS[$g_string_cookie] ) ) {
-		$g_string_cookie_val = $HTTP_COOKIE_VARS[$g_string_cookie];
-	}
 
 	##################
 	# TIME SETTINGS
@@ -129,4 +125,11 @@
 	########################
 
 	$g_auto_accept_notes = OFF;
+	
+	################################
+	# SECURITY AND AUTHENTICATION 
+	################################
+
+	# AUTH_MD5, AUTH_CRYPT, AUTH_PLAIN
+	$g_auth_type = AUTH_PLAIN;
 ?>

Index: constants_inc.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/constants_inc.php,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- constants_inc.php	11 Sep 2002 09:49:54 -0000	1.2
+++ constants_inc.php	14 Sep 2002 06:22:03 -0000	1.3
@@ -14,4 +14,9 @@
 
 	define( 'ON',       1 );
 	define( 'OFF',      0 );
+	
+    # Authentication Types
+	define( 'AUTH_PLAIN',      0 );
+	define( 'AUTH_CRYPT',      1 );
+	define( 'AUTH_MD5',        2 );
 ?>

Index: css_inc.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/css_inc.php,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- css_inc.php	11 Sep 2002 09:49:54 -0000	1.2
+++ css_inc.php	14 Sep 2002 06:22:03 -0000	1.3
@@ -14,4 +14,5 @@
 p { font-family:Verdana, Arial; font-size: 10pt }
 h3 { font-family:Verdana, Arial; font-size: 13pt; font-weight: bold; text-align: center }
 address { font-family:Verdana, Arial; font-size: 8pt }
+div.warning {background-color: #f8e0e0; border: 1px solid #aa4444; padding: 8px;}
 </style>

Index: html_api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/html_api.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- html_api.php	10 Sep 2002 01:14:35 -0000	1.3
+++ html_api.php	14 Sep 2002 06:22:03 -0000	1.4
@@ -21,12 +21,18 @@
 		echo "<title>$p_title</title>";
 	}
 	### --------------------
-	function print_css( $p_css="" ) {
+	function print_css( $p_css = '' ) {
 		if ( !empty( $p_css ) && file_exists( $p_css ) ) {
 			include( $p_css );
 		}
 	}
 	### --------------------
+	function print_meta_inc( $p_meta_inc = '' ) {
+		if ( !empty( $p_meta_inc ) && file_exists( $p_meta_inc ) ) {
+			include( $p_meta_inc );
+		}
+	}
+	### --------------------
 	function print_header_redirect( $p_url ) {
 		$t_use_iis = config_get( 'use_iis');
 
@@ -57,7 +63,7 @@
 		echo '<body>';
 	}
 	### --------------------
-	function print_header( $p_title="" ) {
+	function print_header( $p_title = '' ) {
 		echo "<h3>$p_title</h3>";
 	}
 	### --------------------
@@ -74,9 +80,9 @@
 	}
 	### --------------------
 	function print_footer( $p_file ) {
-		global 	$g_string_cookie_val, $g_webmaster_email;
+		global 	$g_webmaster_email;
 
-		echo '<hr size=1 />';
+		echo '<hr size="1" />';
 		print_phpWebNotes_version();
 		echo '<address>Copyright (c) 2000-2002</address>';
 		echo "<address><a href=\"mailto:$g_webmaster_email\">$g_webmaster_email</a></address>";
@@ -96,10 +102,8 @@
 	### --------------------
 	### checks to see whether we need to be displaying the version number
 	function print_phpWebNotes_version() {
-		global $g_phpWebNotes_version, $g_show_version;
-
-		if ( ON == $g_show_version ) {
-			echo "<em>phpWebNotes - $g_phpWebNotes_version</em>";
+		if ( ON == config_get( 'show_version' ) ) {
+			echo '<em>phpWebNotes - ' . config_get( 'phpWebNotes_version' ) . '</em>';
 		}
 	}
 	### --------------------