Apply all logins to all features (intentionally did not previously).

This commit is contained in:
Retro_Guy 2024-07-21 06:19:35 -07:00
parent 53d646b519
commit 59a2d9abaa
6 changed files with 75 additions and 59 deletions

View File

@ -1279,20 +1279,54 @@ function group_display_name($gname)
return $gname; return $gname;
} }
function verify_logged_in($name) {
global $CONFIG, $auth_log;
$logged_in = false;
$ip_pass = false;
if (! isset($_SESSION['remote_address'])) {
$_SESSION['remote_address'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['start_address'] = $_SESSION['remote_address'];
$ip_pass = true;
} else {
if ($_SERVER['REMOTE_ADDR'] != $_SESSION['start_address']) {
$ip_pass = false;
file_put_contents($auth_log, "\n" . logging_prefix() . " IP addresses changed for: " . $name, FILE_APPEND);
} else {
$ip_pass = true;
file_put_contents($auth_log, "\n" . logging_prefix() . " IP addresses OK for: " . $name, FILE_APPEND);
}
}
if ($ip_pass && (isset($_SESSION['pass']) && $_SESSION['pass'] === true)) {
$logged_in = true;
file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION PASS OK for: " . $name, FILE_APPEND);
} else {
$logged_in = false;
file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION PASS expired or not set: " . $name, FILE_APPEND);
}
if ($CONFIG['anonuser'] == '1') {
$logged_in = false;
}
return $logged_in ;
}
function set_user_logged_in_cookies($name, $keys) { function set_user_logged_in_cookies($name, $keys) {
global $debug_log; global $debug_log;
if( !get_user_config($name, 'encryptionkey')) { $name = trim($name);
$name_lc = strtolower($name);
if( !get_user_config($name_lc, 'encryptionkey')) {
$key = openssl_random_pseudo_bytes(44); $key = openssl_random_pseudo_bytes(44);
set_user_config($name, 'encryptionkey', base64_encode($key)); set_user_config($name_lc, 'encryptionkey', base64_encode($key));
file_put_contents($debug_log, "\n" . logging_prefix() . " Created encryptionkey for: " . $name, FILE_APPEND); file_put_contents($debug_log, "\n" . logging_prefix() . " Created encryptionkey for: " . $name, FILE_APPEND);
} }
$name = trim($name);
$auth_expire = 14400; $auth_expire = 14400;
$authkey = password_hash($name . $keys[0] . get_user_config($name, 'encryptionkey'), PASSWORD_DEFAULT); $authkey = password_hash($name_lc . $keys[0] . get_user_config($name, 'encryptionkey'), PASSWORD_DEFAULT);
$pkey = hash('crc32', get_user_config($name, 'encryptionkey')); $pkey = hash('crc32', get_user_config($name, 'encryptionkey'));
set_user_config(strtolower($name), "pkey", $pkey); set_user_config(strtolower($name), "pkey", $pkey);
$_SESSION['pass'] = true;
?> ?>
<script type="text/javascript"> <script type="text/javascript">
if (navigator.cookieEnabled) if (navigator.cookieEnabled)

View File

@ -69,13 +69,15 @@ if (! isset($_SESSION['remote_address'])) {
file_put_contents($auth_log, "\n" . logging_prefix() . " IP addresses changed for: " . $name, FILE_APPEND); file_put_contents($auth_log, "\n" . logging_prefix() . " IP addresses changed for: " . $name, FILE_APPEND);
} else { } else {
$ip_pass = true; $ip_pass = true;
file_put_contents($auth_log, "\n" . logging_prefix() . " IP addresses OK for: " . $name, FILE_APPEND);
} }
} }
if ($ip_pass && (isset($_SESSION['pass']) && $_SESSION['pass'] === true)) { if ($ip_pass && (isset($_SESSION['pass']) && $_SESSION['pass'] === true)) {
$logged_in = true; $logged_in = true;
file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION PASS OK for: " . $name, FILE_APPEND);
} else { } else {
$logged_in = false; $logged_in = false;
file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION auth expired or not exist for: " . $name, FILE_APPEND); file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION PASS expired or not set: " . $name, FILE_APPEND);
} }
if ($CONFIG['anonuser'] == '1') { if ($CONFIG['anonuser'] == '1') {
$logged_in = false; $logged_in = false;
@ -237,6 +239,7 @@ if ($type == "post") {
$_SESSION['pass'] = true; $_SESSION['pass'] = true;
$logged_in = true; $logged_in = true;
set_user_logged_in_cookies($name, $keys); set_user_logged_in_cookies($name, $keys);
file_put_contents($auth_log, "\n" . logging_prefix() . " SET AUTH COOKIES for: " . $name, FILE_APPEND);
} }
} else { } else {
// Update cookie times to stay logged in // Update cookie times to stay logged in

View File

@ -166,17 +166,16 @@ $title .= ' - search results for: ' . $_POST['terms'];
include "head.inc"; include "head.inc";
// Handle Block poster // Handle Block poster
$post_username = trim(strtolower($_POST['username']));
if (isset($_POST['block_poster'])) { if (isset($_POST['block_poster'])) {
if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) { if ((password_verify($post_username . $keys[0] . get_user_config($post_username, 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($post_username . $keys[1] . get_user_config($post_username, 'encryptionkey'), $_COOKIE['mail_auth']))) {
$logged_in = true; $logged_in = true;
} else { } else {
if (check_bbs_auth($_POST['username'], $_POST['password'])) { if (check_bbs_auth($post_username, $_POST['password'])) {
if ($ip_pass) { if ($ip_pass) {
$_SESSION['pass'] = true; $_SESSION['pass'] = true;
} }
$authkey = password_hash($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), PASSWORD_DEFAULT); set_user_logged_in_cookies($post_username, $keys);
$pkey = hash('crc32', get_user_config($_POST['username'], 'encryptionkey'));
set_user_config(strtolower($_POST['username']), "pkey", $pkey);
$logged_in = true; $logged_in = true;
} }
} }

View File

@ -19,39 +19,6 @@ $logfile = $logdir . '/mail.log';
$keyfile = $spooldir . '/keys.dat'; $keyfile = $spooldir . '/keys.dat';
$keys = unserialize(file_get_contents($keyfile)); $keys = unserialize(file_get_contents($keyfile));
// How long should cookie allow user to stay logged in?
// 14400 = 4 hours
$auth_expire = 14400;
$logged_in = false;
if (! isset($_POST['username'])) {
$_POST['username'] = $_COOKIE['mail_name'];
}
$name = $_POST['username'];
if (! isset($_POST['password'])) {
$_POST['password'] = null;
}
if (! isset($_COOKIE['mail_auth'])) {
$_COOKIE['mail_auth'] = null;
}
if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) {
$logged_in = true;
} else {
if (check_bbs_auth($_POST['username'], $_POST['password'])) {
$authkey = password_hash($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), PASSWORD_DEFAULT);
?>
<script type="text/javascript">
if (navigator.cookieEnabled)
var authcookie = "<?php echo $authkey; ?>";
var savename = "<?php echo stripslashes($name); ?>";
var auth_expire = "<?php echo $auth_expire; ?>";
var name_expire = "7776000";
document.cookie = "mail_auth="+authcookie+"; max-age="+auth_expire+"; path=/";
document.cookie = "mail_name="+savename+"; max-age="+name_expire+"; path=/";
</script>
<?php
$logged_in = true;
}
}
$title .= ' - Mail'; $title .= ' - Mail';
include "head.inc"; include "head.inc";
@ -105,6 +72,11 @@ if (isset($_POST['username'])) {
} }
} }
} }
$logged_in = false;
if(trim($name) != '') {
$logged_in = verify_logged_in(trim(strtolower($name)));
}
if ($logged_in !== true) { if ($logged_in !== true) {
echo '<table border="0" align="center" cellpadding="0" cellspacing="1">'; echo '<table border="0" align="center" cellpadding="0" cellspacing="1">';
echo '<form name="form1" method="post" action="user.php" enctype="multipart/form-data">'; echo '<form name="form1" method="post" action="user.php" enctype="multipart/form-data">';

View File

@ -13,15 +13,20 @@ $logged_in = false;
if (! isset($_POST['username'])) { if (! isset($_POST['username'])) {
$_POST['username'] = $_COOKIE['mail_name']; $_POST['username'] = $_COOKIE['mail_name'];
} }
$name = $_POST['username']; $name = trim(strtolower($_POST['username']));
if (! isset($_POST['password'])) { if (! isset($_POST['password'])) {
$_POST['password'] = null; $_POST['password'] = null;
} }
if (! isset($_COOKIE['mail_auth'])) { if (! isset($_COOKIE['mail_auth'])) {
$_COOKIE['mail_auth'] = null; $_COOKIE['mail_auth'] = null;
} }
if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) {
$logged_in = verify_logged_in(trim(strtolower($name)));
if(!$logged_in) {
if ((password_verify($name . $keys[0] . get_user_config($name, 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($name . $keys[1] . get_user_config($name, 'encryptionkey'), $_COOKIE['mail_auth']))) {
$logged_in = true; $logged_in = true;
}
} }
$title .= ' - Upload file'; $title .= ' - Upload file';

View File

@ -69,16 +69,18 @@ $logged_in = false;
if (! isset($_POST['username'])) { if (! isset($_POST['username'])) {
$_POST['username'] = $_COOKIE['mail_name']; $_POST['username'] = $_COOKIE['mail_name'];
} }
$name = $_POST['username']; $name = trim(strtolower($_POST['username']));
if (! isset($_POST['password'])) { if (! isset($_POST['password'])) {
$_POST['password'] = null; $_POST['password'] = null;
} }
if (! isset($_COOKIE['mail_auth'])) { if (! isset($_COOKIE['mail_auth'])) {
$_COOKIE['mail_auth'] = null; $_COOKIE['mail_auth'] = null;
} }
if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) { $logged_in = verify_logged_in(trim(strtolower($_POST['username'])));
if(!$logged_in) {
if ((password_verify($name . $keys[0] . get_user_config($name, 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($name . $keys[1] . get_user_config($name, 'encryptionkey'), $_COOKIE['mail_auth']))) {
$logged_in = true; $logged_in = true;
} else { } else {
if (check_bbs_auth($_POST['username'], $_POST['password'])) { if (check_bbs_auth($_POST['username'], $_POST['password'])) {
if ($ip_pass) { if ($ip_pass) {
$_SESSION['pass'] = true; $_SESSION['pass'] = true;
@ -88,6 +90,7 @@ if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['use
} else { } else {
echo 'Authentication Required'; echo 'Authentication Required';
} }
}
} }
if (isset($_REQUEST['command']) && $_REQUEST['command'] == 'Configuration') { if (isset($_REQUEST['command']) && $_REQUEST['command'] == 'Configuration') {