Menu

#64 su (substitute user) for phpSlash auth layer

open
nobody
None
5
2014-08-13
2005-11-22
tobozo
No

su.php - change the effective user id without knowing
the password

alter authorList.tpl so it generates links to the
su.php page

<!-- authorList.tpl -->
<!-- BEGIN row -->
(...)
<a href="su.php?suid={AUTHOR_ID}">{REALNAME}</a>
(...)
<!-- END row -->
<!-- authorList.tpl -->

create su.php :

<?php
// $Id: su.php,v 1.43 2005/11/21 16:08:45 tobozo Exp $

$cachetimeout=-1;
require("config.php");

if((int)$_GET['suid']>0) {
// 1st lvl security
if(!$perm->have_perm('root')) {
$sess->delete();
die("Error : You are not in the wheel group...");
}
$db = pslnew('slashDB');
$db->query("SELECT * FROM psl_author WHERE
author_id='".(int)$_GET['suid']."'");
if($db->nf()!=1) {
$sess->delete();
die("Error : unknown ID");
}
$db->next_record();
$cookie_challenge = md5($_PSL['magic'] .":".
$_PSL['basedir']);
$md5_pw = $db->Record['password'];
$cookie_response = md5("$md5_pw:$cookie_challenge");
$cookie_ary[] = $cookie_response;
$cookie_ary[] = $db->Record['author_name'];
$cookie_ary[] = $cookie_challenge;
$rooturl_ary = parse_url($_PSL['rooturl']);
$sess->delete();
setcookie( 'user_info',
base64_encode(serialize($cookie_ary)),
time()+31536000,$rooturl_ary['path'] , "" , "");
Header("Location: " . $_PSL['rooturl'] ."/"); // go home
exit;
} else {
$sess->delete();
die("No user to switch to...");
}
?>

Discussion


Log in to post a comment.