Skip to content

Instantly share code, notes, and snippets.

@Tyrael

Tyrael/gist:1098769

Created July 22, 2011 02:36
Show Gist options
  • Save Tyrael/1098769 to your computer and use it in GitHub Desktop.
Save Tyrael/1098769 to your computer and use it in GitHub Desktop.
Download ZIP
pecl.php.net svn auth
Raw
gistfile1.diff
Index: public_html/release-upload.php
===================================================================
--- public_html/release-upload.php (revision 313395)
+++ public_html/release-upload.php (working copy)
@@ -122,8 +122,8 @@
$errors[] = $pacid->getMessage();
break;
}
- if (!user::isAdmin($_COOKIE['PEAR_USER']) &&
- !user::maintains($_COOKIE['PEAR_USER'], $pacid, 'lead')) {
+ if (!user::isAdmin($auth_user->handle) &&
+ !user::maintains($auth_user->handle, $pacid, 'lead')) {
$errors[] = 'You don\'t have permissions to upload this release.';
break;
}
@@ -166,8 +166,8 @@
$errors[] = $pacid->getMessage();
break;
}
- if (!user::isAdmin($_COOKIE['PEAR_USER']) &&
- !user::maintains($_COOKIE['PEAR_USER'], $pacid, 'lead')) {
+ if (!user::isAdmin($auth_user->handle) &&
+ !user::maintains($auth_user->handle, $pacid, 'lead')) {
$errors[] = 'You don\'t have permissions to upload this release.';
break;
}
Index: public_html/login.php
===================================================================
--- public_html/login.php (revision 313395)
+++ public_html/login.php (working copy)
@@ -33,13 +33,11 @@
/*
* If they're already logged in, say so.
*/
-if (isset($_COOKIE['PEAR_USER']) && isset($_COOKIE['PEAR_PW'])) {
- if (auth_verify($_COOKIE['PEAR_USER'], $_COOKIE['PEAR_PW'])) {
- response_header('Login');
- echo '<div class="warnings">You are already logged in.</div>';
- response_footer();
- exit;
- }
+if (!empty($auth_user)) {
+ response_header('Login');
+ echo '<div class="warnings">You are already logged in.</div>';
+ response_footer();
+ exit;
}
if (isset($_POST['PEAR_USER'], $_POST['PEAR_PW']) && auth_verify(@$_POST['PEAR_USER'], @$_POST['PEAR_PW'])) {
@@ -48,8 +46,7 @@
} else {
$expire = 0;
}
- setcookie('PEAR_USER', $_POST['PEAR_USER'], $expire, '/');
- setcookie('PEAR_PW', md5($_POST['PEAR_PW']), $expire, '/');
+ $_SESSION["PEAR_USER"] = $_POST['PEAR_USER'];
/*
* Update users lastlogin
@@ -58,15 +55,6 @@
$dbh->query($query, array($_POST['PEAR_USER']));
/*
- * Update users password if it is held in the db
- * crypt()ed.
- */
- if (strlen(@$auth_user->password) == 13) { // $auth_user comes from auth_verify() function
- $query = 'UPDATE users SET password = ? WHERE handle = ?';
- $dbh->query($query, array(md5($_POST['PEAR_PW']), $_POST['PEAR_USER']));
- }
-
- /*
* Determine URL
*/
if (isset($_POST['PEAR_OLDURL']) &&
@@ -74,10 +62,7 @@
{
localRedirect($_POST['PEAR_OLDURL']);
} else {
- response_header('Login');
- report_success('Welcome.');
- response_footer();
- exit;
+ localRedirect('index.php');
}
exit;
Index: public_html/ppp/propose.php
===================================================================
--- public_html/ppp/propose.php (revision 313395)
+++ public_html/ppp/propose.php (working copy)
@@ -37,7 +37,7 @@
"summary" => "enter the one-liner description",
"desc" => "enter the full description",
"category" => "choose a category");
- if (empty($_COOKIE['PEAR_USER']) || !user::exists($_COOKIE['PEAR_USER'])) {
+ if (empty($auth_user) || !user::exists($auth_user->handle)) {
$additionals = array("user_firstname" => "enter your firstname",
"user_lastname" => "enter your lastname",
"user_email" => "enter your email address",
@@ -45,7 +45,7 @@
);
$required = array_merge($required, $additionals);
} else {
- $_POST['handle'] = $_COOKIE['PEAR_USER'];
+ $_POST['handle'] = $auth_user->handle;
}
foreach ($required as $field => $_desc) {
@@ -132,7 +132,7 @@
null, $width, 3);
// Only ask for user information if the user is not logged in
- if (empty($_COOKIE['PEAR_USER']) || !user::exists($_COOKIE['PEAR_USER'])) {
+ if (empty($auth_user) || !user::exists($auth_user->handle)) {
$form->addText("user_firstname", "Your firstname", null, 20);
$form->addText("user_lastname", "Your lastname", null, 20);
$form->addPassword("user_password", "Your password", null, 20);
Index: public_html/bugs/include/cvs-auth.inc
===================================================================
--- public_html/bugs/include/cvs-auth.inc (revision 313395)
+++ public_html/bugs/include/cvs-auth.inc (working copy)
@@ -1,35 +1,9 @@
<?php
/* $Id$ */
-$ignore_password = false;
-$passwd_file = "/repository/CVSROOT/passwd";
-
-function find_password($user) {
- global $passwd_file, $ignore_password;
- if ($ignore_password) return " "; // can't be ""
- $fp=fopen($passwd_file,"r");
- while(!feof($fp)) {
- $line=fgets($fp,120);
- list($luser,$passwd,$junk) = explode(":",$line);
- if($user==$luser) {
- fclose($fp);
- return($passwd);
- }
- }
- fclose($fp);
- return("");
-}
-
function verify_password($user, $pass) {
- return isset($_COOKIE['PEAR_USER']);
- global $ignore_password;
- $psw = find_password($user);
- if (strlen($psw) > 0) {
- if ($ignore_password || crypt($pass,substr($psw,0,2)) == $psw) {
- return true;
- }
- }
- return false;
+ global $auth_user;
+ return isset($auth_user->handle);
}
?>
Index: public_html/bugs/bug.php
===================================================================
--- public_html/bugs/bug.php (revision 313395)
+++ public_html/bugs/bug.php (working copy)
@@ -61,11 +61,10 @@
$user = rinse($_POST['user']);
}
$pw = rinse($_POST['pw']);
-} elseif (isset($_COOKIE['PEAR_USER']) &&
- isset($_COOKIE['PEAR_PW']) &&
+} elseif (!empty($auth_user) &&
$edit == 1) {
- $user = rinse($_COOKIE['PEAR_USER']);
- $pw = rinse($_COOKIE['PEAR_PW']);
+ $user = rinse($auth_user->handle);
+ $pw = '';
} else {
$user = '';
$pw = '';
Index: public_html/bugs/search.php
===================================================================
--- public_html/bugs/search.php (revision 313395)
+++ public_html/bugs/search.php (working copy)
@@ -29,7 +29,7 @@
if (!empty($_GET['search_for']) &&
!preg_match('/\\D/', trim($_GET['search_for'])))
{
- if (isset($_COOKIE['PEAR_USER'])) {
+ if (!empty($auth_user)) {
$x = '&edit=1';
} else {
$x = '';
@@ -503,8 +503,8 @@
<td style="white-space: nowrap">Return bugs <b>assigned</b> to</td>
<td><input type="text" name="assign" value="<?php echo clean($assign);?>" />
<?php
- if (!empty($_COOKIE['PEAR_USER'])) {
- $u = rinse($_REQUEST['PEAR_USER']);
+ if (!empty($auth_user)) {
+ $u = rinse($auth_user->handle);
print "<input type=\"button\" value=\"set to $u\" onclick=\"form.assign.value='$u'\" />";
}
?>
@@ -515,8 +515,8 @@
<td nowrap="nowrap">Return only bugs in packages <b>maintained</b> by</td>
<td><input type="text" name="maintain" value="<?php echo clean($maintain);?>" />
<?php
- if (!empty($_COOKIE['PEAR_USER'])) {
- $u = stripslashes($_REQUEST['PEAR_USER']);
+ if (!empty($auth_user)) {
+ $u = stripslashes($auth_user->handle);
print "<input type=\"button\" value=\"set to $u\" onclick=\"form.maintain.value='$u'\" />";
}
?>
Index: public_html/account-mail.php
===================================================================
--- public_html/account-mail.php (revision 313395)
+++ public_html/account-mail.php (working copy)
@@ -120,9 +120,8 @@
. ' you can do this by filling out the following form.</p>';
/** Guess the user if he is logged in */
- if (isset($_COOKIE['PEAR_USER'])) {
- $user =& new PEAR_User($dbh, $_COOKIE['PEAR_USER']);
- $data = array('email' => $user->email, 'name' => $user->name);
+ if (!empty($auth_user)) {
+ $data = array('email' => $auth_user->email, 'name' => $auth_user->name);
} else {
$data = array();
}
Index: public_html/account-edit.php
===================================================================
--- public_html/account-edit.php (revision 313395)
+++ public_html/account-edit.php (working copy)
@@ -29,7 +29,7 @@
} elseif (isset($_POST['handle'])) {
$handle = $_POST['handle'];
} else {
- $handle = false;
+ $handle = $auth_user->handle;
}
if ($handle && !preg_match('@[0-9A-Za-z_]{2,20}$@', $handle)) {
Index: public_html/account-request.php
===================================================================
--- public_html/account-request.php (revision 313395)
+++ public_html/account-request.php (working copy)
@@ -43,7 +43,6 @@
'email',
'moreinfo',
'homepage',
- 'needsvn',
'showemail');
foreach ($fields as $field) {
@@ -99,18 +98,17 @@
break;
}
- $md5pw = md5($password);
$showemail = @(bool)$showemail;
- $needsvn = @(bool)$needsvn;
+ $needsvn = true;
// hack to temporarily embed the "purpose" in
// the user's "userinfo" column
$userinfo = serialize(array($purpose, $moreinfo));
$sth = $dbh->prepare("INSERT INTO users
- (handle, name, email, password, registered, showemail, homepage, userinfo, from_site, active)
- VALUES(?, ?, ?, ?, 0, ?, ?, ?, 'pecl', 0)");
- $res = $dbh->execute($sth, array($handle, $name, $email, $md5pw, $showemail, $homepage, $userinfo));
+ (handle, name, email, registered, showemail, homepage, userinfo, from_site, active)
+ VALUES(?, ?, ?, 0, ?, ?, ?, 'pecl', 0)");
+ $res = $dbh->execute($sth, array($handle, $name, $email, $showemail, $homepage, $userinfo));
if (DB::isError($res)) {
//constraint violation, only email and handle(username) is unique
@@ -130,17 +128,34 @@
/* Now do the SVN stuff */
if ($needsvn) {
- $error = posttohost(
- 'http://master.php.net/entry/svn-account.php',
- array(
- "username" => $handle,
- "name" => $name,
- "email" => $email,
- "passwd" => $password,
- "note" => $purpose
- )
- );
+ // check if the given user+pass is a valid svn account
+ $svn_info = auth_verify_master_status($handle, $password);
+ // the given svn account is exists and the password is correct
+ if(isset($svn_info['SUCCESS'])){}
+ // the svn account is available
+ elseif(@$svn_info['errno'] == 1){
+ $error = posttohost(
+ 'http://master.php.net/entry/svn-account.php',
+ array(
+ "username" => $handle,
+ "name" => $name,
+ "email" => $email,
+ "passwd" => $password,
+ "note" => $purpose
+ )
+ );
+ }
+ // the given svn account is exists and the password is incorrect
+ elseif(@$svn_info['errno'] == 2){
+ $error = "Incorrect password. If you don't have SVN account yet, choose a different user.";
+ }
+ // other errors
+ else{
+ $error = "Unknown error.";
+ }
+
+
if ($error) {
display_error("Problem submitting the SVN account request: $error");
break;
@@ -154,7 +169,6 @@
"Real Name: {$name}\n".
"Email: {$email}".
(@$showemail ? " (show address)" : " (hide address)") . "\n".
- "Need SVN Account: " . (@$needsvn ? "yes" : "no") . "\n".
"Purpose:\n".
"$purpose\n\n".
"To handle: http://" . PEAR_CHANNELNAME . "/admin/?acreq={$handle}\n";
@@ -335,7 +349,6 @@
$bb->horizHeadRow("First Name:", HTML_Form::returnText("firstname", $firstname));
$bb->horizHeadRow("Last Name:", HTML_Form::returnText("lastname", $lastname));
$bb->horizHeadRow("Password:", HTML_Form::returnPassword("password", null, 10) . " Again: " . HTML_Form::returnPassword("password2", null, 10));
- $bb->horizHeadRow("Need a SVN account?", HTML_Form::returnCheckbox("needsvn", $needsvn));
$bb->horizHeadRow("Email address:", HTML_Form::returnText("email", $email));
$bb->horizHeadRow("Show email address?", HTML_Form::returnCheckbox("showemail", $showemail));
Index: public_html/package-info.php
===================================================================
--- public_html/package-info.php (revision 313395)
+++ public_html/package-info.php (working copy)
@@ -204,7 +204,7 @@
}
}
-if (!empty($_COOKIE['PEAR_USER'])) {
+if (!empty($auth_user)) {
$bb->fullRow("<div align=\"right\">" .
make_link("/package-edit.php?id=$pacid",
make_image("edit.gif", "Edit package information")) .
Index: public_html/admin/package-maintainers.php
===================================================================
--- public_html/admin/package-maintainers.php (revision 313395)
+++ public_html/admin/package-maintainers.php (working copy)
@@ -203,9 +203,10 @@
function isAllowed($package)
{
+ global $auth_user;
auth_require();
- $lead = in_array($_COOKIE['PEAR_USER'], array_keys(maintainer::get($package, true)));
- $admin = user::isAdmin($_COOKIE['PEAR_USER']);
+ $lead = in_array($auth_user->handle, array_keys(maintainer::get($package, true)));
+ $admin = user::isAdmin($auth_user->handle);
return ($lead || $admin);
}
Index: public_html/admin/index.php
===================================================================
--- public_html/admin/index.php (revision 313395)
+++ public_html/admin/index.php (working copy)
@@ -167,7 +167,7 @@
print "$i <tr>\n";
print "$i <td>\n";
print "$i <b>$nby " . date('H:i jS F Y', $ntime) . ":</b>";
- if ($nby == $_COOKIE['PEAR_USER']) {
+ if ($nby == $auth_user->handle) {
$url = htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES) . "?acreq=$acreq&cmd=Delete+note&id=$nid";
$msg = "Are you sure you want to delete this note?";
print "[<a href=\"javascript:confirmed_goto('$url', '$msg')\">delete your note</a>]";
@@ -235,7 +235,7 @@
<script language="JavaScript" type="text/javascript">
<!--
/**
- * This code is *nasty* (nastyCode▒)
+ * This code is *nasty* (nastyCode™)
*/
function highlightAccountRow(spanObj)
Index: public_html/index.php
===================================================================
--- public_html/index.php (revision 313395)
+++ public_html/index.php (working copy)
@@ -70,13 +70,13 @@
echo menu_link("Search Packages", "package-search.php");
echo menu_link("Download Statistics", "package-stats.php");
echo '</div>';
-if (isset($_COOKIE['PEAR_USER'])) {
+if (!empty($auth_user)) {
echo '<h3>Developers</h3>';
echo '<div class="indent">';
echo menu_link("Upload Release", "release-upload.php");
echo menu_link("New Package", "package-new.php");
echo '</div>';
- if (user::isAdmin($_COOKIE['PEAR_USER'])) {
+ if (user::isAdmin($auth_user->handle)) {
echo '<h3>Administrators</h3>';
echo '<div class="indent">';
echo menu_link("Overview", "/admin/");
Index: public_html/package-edit.php
===================================================================
--- public_html/package-edit.php (revision 313395)
+++ public_html/package-edit.php (working copy)
@@ -54,8 +54,8 @@
* The user has to be either a lead developer of the package or
* a PEAR administrator.
*/
-$lead = user::maintains($_COOKIE['PEAR_USER'], $_GET['id'], "lead");
-$admin = user::isAdmin($_COOKIE['PEAR_USER']);
+$lead = user::maintains($auth_user->handle, $_GET['id'], "lead");
+$admin = user::isAdmin($auth_user->handle);
if (!$lead && !$admin) {
PEAR::raiseError("Only the lead maintainer of the package or PEAR
Index: include/pear-database.php
===================================================================
--- include/pear-database.php (revision 313395)
+++ include/pear-database.php (working copy)
@@ -2319,9 +2319,9 @@
function add($key, $value, $note, $author = "")
{
- global $dbh;
+ global $dbh, $auth_user;
if (empty($author)) {
- $author = $_COOKIE['PEAR_USER'];
+ $author = $auth_user->handle;
}
if (!in_array($key, array('uid', 'rid', 'cid', 'pid'), true)) {
// bad hackers not allowed
@@ -2387,13 +2387,13 @@
function rejectRequest($uid, $reason)
{
- global $dbh;
+ global $dbh, $auth_user;
list($email) = $dbh->getRow('SELECT email FROM users WHERE handle = ?',
array($uid));
note::add("uid", $uid, "Account rejected: $reason");
- $msg = "Your PECL account request was rejected by " . $_COOKIE['PEAR_USER'] . ":\n".
+ $msg = "Your PECL account request was rejected by " . $auth_user->handle . ":\n".
"$reason\n";
- $xhdr = "From: " . $_COOKIE['PEAR_USER'] . "@php.net";
+ $xhdr = "From: " . $auth_user->handle . "@php.net";
mail($email, "Your PECL Account Request", $msg, $xhdr, "-f [email protected]");
return true;
}
@@ -2403,7 +2403,7 @@
function activate($uid)
{
- global $dbh;
+ global $dbh, $auth_user;
$user =& new PEAR_User($dbh, $uid);
if (@$user->registered) {
@@ -2417,7 +2417,7 @@
$user->set('userinfo', $arr[1]);
}
$user->set('created', gmdate('Y-m-d H:i'));
- $user->set('createdby', $_COOKIE['PEAR_USER']);
+ $user->set('createdby', $auth_user->handle);
$user->set('registered', 1);
$user->store();
note::add("uid", $uid, "Account opened");
@@ -2426,7 +2426,7 @@
$msg = "Your PECL/PEAR account request has been opened.\n".
"To log in, go to http://pecl.php.net/ and click on \"login\" in\n".
"the top-right menu.\n";
- $xhdr = "From: " . $_COOKIE['PEAR_USER'] . "@php.net";
+ $xhdr = "From: " . $auth_user->handle . "@php.net";
mail($user->email, "Your PECL Account Request", $msg, $xhdr, "-f [email protected]");
return true;
}
@@ -2871,11 +2871,7 @@
function is($handle)
{
- if (!empty($_COOKIE['PEAR_USER'])) {
- $ret = strtolower($_COOKIE['PEAR_USER']);
- } else {
- $ret = strtolower($this->handle);
- }
+ $ret = strtolower($this->handle);
return (strtolower($handle) == $ret);
}
Index: include/pear-format-html.php
===================================================================
--- include/pear-format-html.php (revision 313395)
+++ include/pear-format-html.php (working copy)
@@ -58,7 +58,7 @@
function response_header($title = 'The PHP Extension Community Library', $style = false)
{
- global $_style, $_header_done, $SIDEBAR_DATA, $extra_styles;
+ global $_style, $_header_done, $SIDEBAR_DATA, $extra_styles, $auth_user;
if ($_header_done) {
return;
}
@@ -70,7 +70,7 @@
if (substr($rts, -1) == '-') {
$SIDEBAR_DATA = substr($rts, 0, -1);
} else {
- global $main_menu, $docu_menu, $downloads_menu, $auth_user;
+ global $main_menu, $docu_menu, $downloads_menu;
$SIDEBAR_DATA .= draw_navigation($main_menu);
$SIDEBAR_DATA .= draw_navigation($docu_menu, 'Documentation:');
$SIDEBAR_DATA .= draw_navigation($downloads_menu, 'Downloads:');
@@ -128,14 +128,14 @@
<td class="head-menu">
<?php
- if (empty($_COOKIE['PEAR_USER'])) {
+ if (empty($auth_user)) {
print_link('/login.php', 'Login', false, 'class="menuBlack"');
} else {
print '<small class="menuWhite">';
- print 'Logged in as ' . strtoupper($_COOKIE['PEAR_USER']) . ' (';
- print '<a class="menuWhite" href="/user/' . $_COOKIE['PEAR_USER'] . '">Info</a> | ';
- print '<a class="menuWhite" href="/account-edit.php?handle=' . $_COOKIE['PEAR_USER'] . '">Profile</a> | ';
- print '<a class="menuWhite" href="/bugs/search.php?handle=' . $_COOKIE['PEAR_USER'] . '&amp;cmd=display">Bugs</a>';
+ print 'Logged in as ' . strtoupper($auth_user->handle) . ' (';
+ print '<a class="menuWhite" href="/user/' . $auth_user->handle . '">Info</a> | ';
+ print '<a class="menuWhite" href="/account-edit.php?handle=' . $auth_user->handle . '">Profile</a> | ';
+ print '<a class="menuWhite" href="/bugs/search.php?handle=' . $auth_user->handle . '&amp;cmd=display">Bugs</a>';
print ")</small><br />\n";
print_link('/?logout=1', 'Logout', false, 'class="menuBlack"');
}
Index: include/pear-format-xmlrpc.php
===================================================================
--- include/pear-format-xmlrpc.php (revision 313395)
+++ include/pear-format-xmlrpc.php (working copy)
@@ -17,13 +17,16 @@
+----------------------------------------------------------------------+
$Id$
*/
+if (isset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) && empty($auth_user)) {
+ auth_verify(@$_SERVER['PHP_AUTH_USER'], @$_SERVER['PHP_AUTH_PW']);
+ $_SESSION["PEAR_USER"] = $_SERVER['PHP_AUTH_USER'];
-if (isset($_SERVER['PHP_AUTH_USER']) && !isset($_COOKIE['PEAR_USER'])) {
- $_COOKIE['PEAR_USER'] = $_SERVER['PHP_AUTH_USER'];
+ /*
+ * Update users lastlogin
+ */
+ $query = 'UPDATE users SET lastlogin = NOW() WHERE handle = ?';
+ $dbh->query($query, array($_SERVER['PHP_AUTH_USER']));
}
-if (isset($_SERVER['PHP_AUTH_PW']) && !isset($_COOKIE['PEAR_PW'])) {
- $_COOKIE['PEAR_PW'] = $_SERVER['PHP_AUTH_PW'];
-}
PEAR::setErrorHandling(PEAR_ERROR_RETURN);
Index: include/pear-prepend.php
===================================================================
--- include/pear-prepend.php (revision 313395)
+++ include/pear-prepend.php (working copy)
@@ -24,6 +24,7 @@
}
error_reporting(E_ALL);
+session_start();
if ($_SERVER['SERVER_NAME'] != 'pecl.php.net') {
define('DEVBOX', true);
@@ -82,23 +83,12 @@
$tmp = filectime($_SERVER['SCRIPT_FILENAME']);
$LAST_UPDATED = date('D M d H:i:s Y', $tmp - date('Z', $tmp)) . ' UTC';
+init_auth_user();
+
if (!empty($_GET['logout']) && $_GET['logout'] === '1') {
auth_logout();
}
-if (!empty($_COOKIE['PEAR_USER']) && !@auth_verify($_COOKIE['PEAR_USER'], $_COOKIE['PEAR_PW'])) {
- $__user = $_COOKIE['PEAR_USER'];
- setcookie('PEAR_USER', '', 0, '/');
- unset($_COOKIE['PEAR_USER']);
- setcookie('PEAR_PW', '', 0, '/');
- unset($_COOKIE['PEAR_PW']);
- $msg = "Invalid username ($__user) or password";
- if ($format == 'html') {
- $msg .= " <a href=\"/?logout=1\">[logout]</a>";
- }
- auth_reject(null, $msg);
-}
-
if (!function_exists('file_get_contents')) {
function file_get_contents($file, $use_include_path = false) {
if (!$fp = fopen($file, 'r', $use_include_path)) {
@@ -119,8 +109,6 @@
}
}
-session_start();
-
/**
* Browser detection
*/
Index: include/pear-auth.php
===================================================================
--- include/pear-auth.php (revision 313395)
+++ include/pear-auth.php (working copy)
@@ -89,46 +89,24 @@
{
global $dbh, $auth_user;
+ $error = '';
+ $ok = false;
+
if (empty($auth_user)) {
$auth_user = new PEAR_User($dbh, $user);
}
- $error = '';
- $ok = false;
- switch (strlen(@$auth_user->password)) {
- // handle old-style DES-encrypted passwords
- case 13: {
- $seed = substr($auth_user->password, 0, 2);
- $crypted = crypt($passwd, $seed);
- if ($crypted == @$auth_user->password) {
- $ok = true;
- } else {
- $error = "pear-auth: user `$user': invalid password (des)";
- }
- break;
- }
- // handle new-style MD5-encrypted passwords
- case 32: {
- // Check if the passwd is already md5()ed
- if (preg_match('/^[a-z0-9]{32}$/', $passwd)) {
- $crypted = $passwd;
- } else {
- $crypted = md5($passwd);
- }
-
- if ($crypted == @$auth_user->password) {
- $ok = true;
- } else {
- $error = "pear-auth: user `$user': invalid password (md5)";
- }
- break;
- }
- }
+
if (empty($auth_user->registered)) {
if ($user) {
$error = "pear-auth: user `$user' not registered";
}
$ok = false;
}
+
+ if(auth_verify_master($user, $passwd)) {
+ $ok = true;
+ }
+
if ($ok) {
$auth_user->_readonly = true;
return auth_check("pear.user");
@@ -140,6 +118,63 @@
return false;
}
+function auth_verify_master($user, $pass)
+{
+ $post = http_build_query(
+ array(
+ 'token' => getenv('AUTH_TOKEN'),
+ 'username' => $user,
+ 'password' => $pass,
+ )
+ );
+
+ $opts = array(
+ 'method' => 'POST',
+ 'header' => 'Content-type: application/x-www-form-urlencoded',
+ 'content' => $post,
+ );
+
+ $ctx = stream_context_create(array('http' => $opts));
+
+ $s = file_get_contents('https://master.php.net/fetch/cvsauth.php', false, $ctx);
+
+ $a = @unserialize($s);
+ if (!is_array($a)) {
+ $error = "Failed to get authentication information.Maybe master is down?";
+ error_log("$error\n", 3, PEAR_TMPDIR . DIRECTORY_SEPARATOR . 'pear-errors.log');
+ return false;
+ }
+ if (isset($a['errno'])) {
+ $error = "Authentication failed: {$a['errstr']}";
+ error_log("$error\n", 3, PEAR_TMPDIR . DIRECTORY_SEPARATOR . 'pear-errors.log');
+ return false;
+ }
+
+ return true;
+}
+
+function auth_verify_master_status($user, $pass){
+ $post = http_build_query(
+ array(
+ 'token' => getenv('AUTH_TOKEN'),
+ 'username' => $user,
+ 'password' => $pass,
+ )
+ );
+
+ $opts = array(
+ 'method' => 'POST',
+ 'header' => 'Content-type: application/x-www-form-urlencoded',
+ 'content' => $post,
+ );
+
+ $ctx = stream_context_create(array('http' => $opts));
+
+ $s = file_get_contents('https://master.php.net/fetch/cvsauth.php', false, $ctx);
+
+ return @unserialize($s);
+}
+
function auth_check($atom)
{
global $dbh;
@@ -178,17 +213,22 @@
return $a;
}
+function auth_deny() {
+ response_header("Insufficient Privileges");
+ report_error("Insufficient Privileges");
+ response_footer();
+ exit;
+}
+
function auth_require($admin = false)
{
global $auth_user;
$res = true;
- $user = @$_COOKIE['PEAR_USER'];
- $passwd = @$_COOKIE['PEAR_PW'];
- if (!auth_verify($user, $passwd)) {
- auth_reject(); // exits
- }
-
+ if (empty($auth_user)) {
+ auth_reject();
+ }
+
$num = func_num_args();
for ($i = 0; $i < $num; $i++) {
$arg = func_get_arg($i);
@@ -199,10 +239,7 @@
}
if ($res == false) {
- response_header("Insufficient Privileges");
- report_error("Insufficient Privileges");
- response_footer();
- exit;
+ auth_deny();
}
return true;
@@ -213,15 +250,8 @@
*/
function auth_logout()
{
- if (isset($_COOKIE['PEAR_USER'])) {
- setcookie('PEAR_USER', '', 0, '/');
- unset($_COOKIE['PEAR_USER']);
- }
- if (isset($_COOKIE['PEAR_PW'])) {
- setcookie('PEAR_PW', '', 0, '/');
- unset($_COOKIE['PEAR_PW']);
- }
-
+ session_unset();
+ session_destroy();
if ($_SERVER['QUERY_STRING'] == 'logout=1') {
localRedirect($_SERVER['PHP_SELF']);
} else {
@@ -265,32 +295,14 @@
function init_auth_user()
{
global $auth_user, $dbh;
- if (empty($_COOKIE['PEAR_USER']) || empty($_COOKIE['PEAR_PW'])) {
- $auth_user = null;
- return false;
- }
if (!empty($auth_user)) {
return true;
}
- $auth_user = new PEAR_User($dbh, $_COOKIE['PEAR_USER']);
- switch (strlen(@$auth_user->password)) {
- // handle old-style DES-encrypted passwords
- case 13: {
- $seed = substr($auth_user->password, 0, 2);
- if (crypt($_COOKIE['PEAR_PW'], $seed) == @$auth_user->password) {
- return true;
- }
- break;
- }
- // handle new-style MD5-encrypted passwords
- case 32: {
- if (md5($_COOKIE['PEAR_PW']) == @$auth_user->password) {
- return true;
- }
- break;
- }
+ if (empty($_SESSION['PEAR_USER'])) {
+ $auth_user = null;
+ return false;
}
- $auth_user = null;
- return false;
+ $auth_user = new PEAR_User($dbh, $_SESSION['PEAR_USER']);
+ return true;
}
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment