Apply all logins to all features (intentionally did not previously).
This commit is contained in:
parent
53d646b519
commit
59a2d9abaa
|
@ -1279,20 +1279,54 @@ function group_display_name($gname)
|
||||||
return $gname;
|
return $gname;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function verify_logged_in($name) {
|
||||||
|
global $CONFIG, $auth_log;
|
||||||
|
|
||||||
|
$logged_in = false;
|
||||||
|
$ip_pass = false;
|
||||||
|
if (! isset($_SESSION['remote_address'])) {
|
||||||
|
$_SESSION['remote_address'] = $_SERVER['REMOTE_ADDR'];
|
||||||
|
$_SESSION['start_address'] = $_SESSION['remote_address'];
|
||||||
|
$ip_pass = true;
|
||||||
|
} else {
|
||||||
|
if ($_SERVER['REMOTE_ADDR'] != $_SESSION['start_address']) {
|
||||||
|
$ip_pass = false;
|
||||||
|
file_put_contents($auth_log, "\n" . logging_prefix() . " IP addresses changed for: " . $name, FILE_APPEND);
|
||||||
|
} else {
|
||||||
|
$ip_pass = true;
|
||||||
|
file_put_contents($auth_log, "\n" . logging_prefix() . " IP addresses OK for: " . $name, FILE_APPEND);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ($ip_pass && (isset($_SESSION['pass']) && $_SESSION['pass'] === true)) {
|
||||||
|
$logged_in = true;
|
||||||
|
file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION PASS OK for: " . $name, FILE_APPEND);
|
||||||
|
} else {
|
||||||
|
$logged_in = false;
|
||||||
|
file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION PASS expired or not set: " . $name, FILE_APPEND);
|
||||||
|
}
|
||||||
|
if ($CONFIG['anonuser'] == '1') {
|
||||||
|
$logged_in = false;
|
||||||
|
}
|
||||||
|
return $logged_in ;
|
||||||
|
}
|
||||||
|
|
||||||
function set_user_logged_in_cookies($name, $keys) {
|
function set_user_logged_in_cookies($name, $keys) {
|
||||||
|
|
||||||
global $debug_log;
|
global $debug_log;
|
||||||
if( !get_user_config($name, 'encryptionkey')) {
|
$name = trim($name);
|
||||||
|
$name_lc = strtolower($name);
|
||||||
|
|
||||||
|
if( !get_user_config($name_lc, 'encryptionkey')) {
|
||||||
$key = openssl_random_pseudo_bytes(44);
|
$key = openssl_random_pseudo_bytes(44);
|
||||||
set_user_config($name, 'encryptionkey', base64_encode($key));
|
set_user_config($name_lc, 'encryptionkey', base64_encode($key));
|
||||||
file_put_contents($debug_log, "\n" . logging_prefix() . " Created encryptionkey for: " . $name, FILE_APPEND);
|
file_put_contents($debug_log, "\n" . logging_prefix() . " Created encryptionkey for: " . $name, FILE_APPEND);
|
||||||
}
|
}
|
||||||
|
|
||||||
$name = trim($name);
|
|
||||||
$auth_expire = 14400;
|
$auth_expire = 14400;
|
||||||
$authkey = password_hash($name . $keys[0] . get_user_config($name, 'encryptionkey'), PASSWORD_DEFAULT);
|
$authkey = password_hash($name_lc . $keys[0] . get_user_config($name, 'encryptionkey'), PASSWORD_DEFAULT);
|
||||||
$pkey = hash('crc32', get_user_config($name, 'encryptionkey'));
|
$pkey = hash('crc32', get_user_config($name, 'encryptionkey'));
|
||||||
set_user_config(strtolower($name), "pkey", $pkey);
|
set_user_config(strtolower($name), "pkey", $pkey);
|
||||||
|
$_SESSION['pass'] = true;
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
if (navigator.cookieEnabled)
|
if (navigator.cookieEnabled)
|
||||||
|
|
|
@ -69,13 +69,15 @@ if (! isset($_SESSION['remote_address'])) {
|
||||||
file_put_contents($auth_log, "\n" . logging_prefix() . " IP addresses changed for: " . $name, FILE_APPEND);
|
file_put_contents($auth_log, "\n" . logging_prefix() . " IP addresses changed for: " . $name, FILE_APPEND);
|
||||||
} else {
|
} else {
|
||||||
$ip_pass = true;
|
$ip_pass = true;
|
||||||
|
file_put_contents($auth_log, "\n" . logging_prefix() . " IP addresses OK for: " . $name, FILE_APPEND);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if ($ip_pass && (isset($_SESSION['pass']) && $_SESSION['pass'] === true)) {
|
if ($ip_pass && (isset($_SESSION['pass']) && $_SESSION['pass'] === true)) {
|
||||||
$logged_in = true;
|
$logged_in = true;
|
||||||
|
file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION PASS OK for: " . $name, FILE_APPEND);
|
||||||
} else {
|
} else {
|
||||||
$logged_in = false;
|
$logged_in = false;
|
||||||
file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION auth expired or not exist for: " . $name, FILE_APPEND);
|
file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION PASS expired or not set: " . $name, FILE_APPEND);
|
||||||
}
|
}
|
||||||
if ($CONFIG['anonuser'] == '1') {
|
if ($CONFIG['anonuser'] == '1') {
|
||||||
$logged_in = false;
|
$logged_in = false;
|
||||||
|
@ -237,6 +239,7 @@ if ($type == "post") {
|
||||||
$_SESSION['pass'] = true;
|
$_SESSION['pass'] = true;
|
||||||
$logged_in = true;
|
$logged_in = true;
|
||||||
set_user_logged_in_cookies($name, $keys);
|
set_user_logged_in_cookies($name, $keys);
|
||||||
|
file_put_contents($auth_log, "\n" . logging_prefix() . " SET AUTH COOKIES for: " . $name, FILE_APPEND);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// Update cookie times to stay logged in
|
// Update cookie times to stay logged in
|
||||||
|
|
|
@ -166,17 +166,16 @@ $title .= ' - search results for: ' . $_POST['terms'];
|
||||||
include "head.inc";
|
include "head.inc";
|
||||||
|
|
||||||
// Handle Block poster
|
// Handle Block poster
|
||||||
|
$post_username = trim(strtolower($_POST['username']));
|
||||||
if (isset($_POST['block_poster'])) {
|
if (isset($_POST['block_poster'])) {
|
||||||
if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) {
|
if ((password_verify($post_username . $keys[0] . get_user_config($post_username, 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($post_username . $keys[1] . get_user_config($post_username, 'encryptionkey'), $_COOKIE['mail_auth']))) {
|
||||||
$logged_in = true;
|
$logged_in = true;
|
||||||
} else {
|
} else {
|
||||||
if (check_bbs_auth($_POST['username'], $_POST['password'])) {
|
if (check_bbs_auth($post_username, $_POST['password'])) {
|
||||||
if ($ip_pass) {
|
if ($ip_pass) {
|
||||||
$_SESSION['pass'] = true;
|
$_SESSION['pass'] = true;
|
||||||
}
|
}
|
||||||
$authkey = password_hash($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), PASSWORD_DEFAULT);
|
set_user_logged_in_cookies($post_username, $keys);
|
||||||
$pkey = hash('crc32', get_user_config($_POST['username'], 'encryptionkey'));
|
|
||||||
set_user_config(strtolower($_POST['username']), "pkey", $pkey);
|
|
||||||
$logged_in = true;
|
$logged_in = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,39 +19,6 @@ $logfile = $logdir . '/mail.log';
|
||||||
$keyfile = $spooldir . '/keys.dat';
|
$keyfile = $spooldir . '/keys.dat';
|
||||||
$keys = unserialize(file_get_contents($keyfile));
|
$keys = unserialize(file_get_contents($keyfile));
|
||||||
|
|
||||||
// How long should cookie allow user to stay logged in?
|
|
||||||
// 14400 = 4 hours
|
|
||||||
$auth_expire = 14400;
|
|
||||||
$logged_in = false;
|
|
||||||
if (! isset($_POST['username'])) {
|
|
||||||
$_POST['username'] = $_COOKIE['mail_name'];
|
|
||||||
}
|
|
||||||
$name = $_POST['username'];
|
|
||||||
if (! isset($_POST['password'])) {
|
|
||||||
$_POST['password'] = null;
|
|
||||||
}
|
|
||||||
if (! isset($_COOKIE['mail_auth'])) {
|
|
||||||
$_COOKIE['mail_auth'] = null;
|
|
||||||
}
|
|
||||||
if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) {
|
|
||||||
$logged_in = true;
|
|
||||||
} else {
|
|
||||||
if (check_bbs_auth($_POST['username'], $_POST['password'])) {
|
|
||||||
$authkey = password_hash($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), PASSWORD_DEFAULT);
|
|
||||||
?>
|
|
||||||
<script type="text/javascript">
|
|
||||||
if (navigator.cookieEnabled)
|
|
||||||
var authcookie = "<?php echo $authkey; ?>";
|
|
||||||
var savename = "<?php echo stripslashes($name); ?>";
|
|
||||||
var auth_expire = "<?php echo $auth_expire; ?>";
|
|
||||||
var name_expire = "7776000";
|
|
||||||
document.cookie = "mail_auth="+authcookie+"; max-age="+auth_expire+"; path=/";
|
|
||||||
document.cookie = "mail_name="+savename+"; max-age="+name_expire+"; path=/";
|
|
||||||
</script>
|
|
||||||
<?php
|
|
||||||
$logged_in = true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
$title .= ' - Mail';
|
$title .= ' - Mail';
|
||||||
include "head.inc";
|
include "head.inc";
|
||||||
|
|
||||||
|
@ -105,6 +72,11 @@ if (isset($_POST['username'])) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
$logged_in = false;
|
||||||
|
if(trim($name) != '') {
|
||||||
|
$logged_in = verify_logged_in(trim(strtolower($name)));
|
||||||
|
}
|
||||||
|
|
||||||
if ($logged_in !== true) {
|
if ($logged_in !== true) {
|
||||||
echo '<table border="0" align="center" cellpadding="0" cellspacing="1">';
|
echo '<table border="0" align="center" cellpadding="0" cellspacing="1">';
|
||||||
echo '<form name="form1" method="post" action="user.php" enctype="multipart/form-data">';
|
echo '<form name="form1" method="post" action="user.php" enctype="multipart/form-data">';
|
||||||
|
|
|
@ -13,16 +13,21 @@ $logged_in = false;
|
||||||
if (! isset($_POST['username'])) {
|
if (! isset($_POST['username'])) {
|
||||||
$_POST['username'] = $_COOKIE['mail_name'];
|
$_POST['username'] = $_COOKIE['mail_name'];
|
||||||
}
|
}
|
||||||
$name = $_POST['username'];
|
$name = trim(strtolower($_POST['username']));
|
||||||
|
|
||||||
if (! isset($_POST['password'])) {
|
if (! isset($_POST['password'])) {
|
||||||
$_POST['password'] = null;
|
$_POST['password'] = null;
|
||||||
}
|
}
|
||||||
if (! isset($_COOKIE['mail_auth'])) {
|
if (! isset($_COOKIE['mail_auth'])) {
|
||||||
$_COOKIE['mail_auth'] = null;
|
$_COOKIE['mail_auth'] = null;
|
||||||
}
|
}
|
||||||
if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) {
|
|
||||||
|
$logged_in = verify_logged_in(trim(strtolower($name)));
|
||||||
|
if(!$logged_in) {
|
||||||
|
if ((password_verify($name . $keys[0] . get_user_config($name, 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($name . $keys[1] . get_user_config($name, 'encryptionkey'), $_COOKIE['mail_auth']))) {
|
||||||
$logged_in = true;
|
$logged_in = true;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$title .= ' - Upload file';
|
$title .= ' - Upload file';
|
||||||
include "head.inc";
|
include "head.inc";
|
||||||
|
|
|
@ -69,14 +69,16 @@ $logged_in = false;
|
||||||
if (! isset($_POST['username'])) {
|
if (! isset($_POST['username'])) {
|
||||||
$_POST['username'] = $_COOKIE['mail_name'];
|
$_POST['username'] = $_COOKIE['mail_name'];
|
||||||
}
|
}
|
||||||
$name = $_POST['username'];
|
$name = trim(strtolower($_POST['username']));
|
||||||
if (! isset($_POST['password'])) {
|
if (! isset($_POST['password'])) {
|
||||||
$_POST['password'] = null;
|
$_POST['password'] = null;
|
||||||
}
|
}
|
||||||
if (! isset($_COOKIE['mail_auth'])) {
|
if (! isset($_COOKIE['mail_auth'])) {
|
||||||
$_COOKIE['mail_auth'] = null;
|
$_COOKIE['mail_auth'] = null;
|
||||||
}
|
}
|
||||||
if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) {
|
$logged_in = verify_logged_in(trim(strtolower($_POST['username'])));
|
||||||
|
if(!$logged_in) {
|
||||||
|
if ((password_verify($name . $keys[0] . get_user_config($name, 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($name . $keys[1] . get_user_config($name, 'encryptionkey'), $_COOKIE['mail_auth']))) {
|
||||||
$logged_in = true;
|
$logged_in = true;
|
||||||
} else {
|
} else {
|
||||||
if (check_bbs_auth($_POST['username'], $_POST['password'])) {
|
if (check_bbs_auth($_POST['username'], $_POST['password'])) {
|
||||||
|
@ -89,6 +91,7 @@ if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['use
|
||||||
echo 'Authentication Required';
|
echo 'Authentication Required';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (isset($_REQUEST['command']) && $_REQUEST['command'] == 'Configuration') {
|
if (isset($_REQUEST['command']) && $_REQUEST['command'] == 'Configuration') {
|
||||||
echo '<h1 class="np_thread_headline">';
|
echo '<h1 class="np_thread_headline">';
|
||||||
|
|
Loading…
Reference in New Issue