Apply all logins to all features (intentionally did not previously).
This commit is contained in:
parent
53d646b519
commit
59a2d9abaa
|
@ -1279,20 +1279,54 @@ function group_display_name($gname)
|
|||
return $gname;
|
||||
}
|
||||
|
||||
function verify_logged_in($name) {
|
||||
global $CONFIG, $auth_log;
|
||||
|
||||
$logged_in = false;
|
||||
$ip_pass = false;
|
||||
if (! isset($_SESSION['remote_address'])) {
|
||||
$_SESSION['remote_address'] = $_SERVER['REMOTE_ADDR'];
|
||||
$_SESSION['start_address'] = $_SESSION['remote_address'];
|
||||
$ip_pass = true;
|
||||
} else {
|
||||
if ($_SERVER['REMOTE_ADDR'] != $_SESSION['start_address']) {
|
||||
$ip_pass = false;
|
||||
file_put_contents($auth_log, "\n" . logging_prefix() . " IP addresses changed for: " . $name, FILE_APPEND);
|
||||
} else {
|
||||
$ip_pass = true;
|
||||
file_put_contents($auth_log, "\n" . logging_prefix() . " IP addresses OK for: " . $name, FILE_APPEND);
|
||||
}
|
||||
}
|
||||
if ($ip_pass && (isset($_SESSION['pass']) && $_SESSION['pass'] === true)) {
|
||||
$logged_in = true;
|
||||
file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION PASS OK for: " . $name, FILE_APPEND);
|
||||
} else {
|
||||
$logged_in = false;
|
||||
file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION PASS expired or not set: " . $name, FILE_APPEND);
|
||||
}
|
||||
if ($CONFIG['anonuser'] == '1') {
|
||||
$logged_in = false;
|
||||
}
|
||||
return $logged_in ;
|
||||
}
|
||||
|
||||
function set_user_logged_in_cookies($name, $keys) {
|
||||
|
||||
global $debug_log;
|
||||
if( !get_user_config($name, 'encryptionkey')) {
|
||||
$name = trim($name);
|
||||
$name_lc = strtolower($name);
|
||||
|
||||
if( !get_user_config($name_lc, 'encryptionkey')) {
|
||||
$key = openssl_random_pseudo_bytes(44);
|
||||
set_user_config($name, 'encryptionkey', base64_encode($key));
|
||||
set_user_config($name_lc, 'encryptionkey', base64_encode($key));
|
||||
file_put_contents($debug_log, "\n" . logging_prefix() . " Created encryptionkey for: " . $name, FILE_APPEND);
|
||||
}
|
||||
|
||||
$name = trim($name);
|
||||
$auth_expire = 14400;
|
||||
$authkey = password_hash($name . $keys[0] . get_user_config($name, 'encryptionkey'), PASSWORD_DEFAULT);
|
||||
$pkey = hash('crc32', get_user_config($name, 'encryptionkey'));
|
||||
set_user_config(strtolower($name), "pkey", $pkey);
|
||||
$auth_expire = 14400;
|
||||
$authkey = password_hash($name_lc . $keys[0] . get_user_config($name, 'encryptionkey'), PASSWORD_DEFAULT);
|
||||
$pkey = hash('crc32', get_user_config($name, 'encryptionkey'));
|
||||
set_user_config(strtolower($name), "pkey", $pkey);
|
||||
$_SESSION['pass'] = true;
|
||||
?>
|
||||
<script type="text/javascript">
|
||||
if (navigator.cookieEnabled)
|
||||
|
|
|
@ -69,13 +69,15 @@ if (! isset($_SESSION['remote_address'])) {
|
|||
file_put_contents($auth_log, "\n" . logging_prefix() . " IP addresses changed for: " . $name, FILE_APPEND);
|
||||
} else {
|
||||
$ip_pass = true;
|
||||
file_put_contents($auth_log, "\n" . logging_prefix() . " IP addresses OK for: " . $name, FILE_APPEND);
|
||||
}
|
||||
}
|
||||
if ($ip_pass && (isset($_SESSION['pass']) && $_SESSION['pass'] === true)) {
|
||||
$logged_in = true;
|
||||
file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION PASS OK for: " . $name, FILE_APPEND);
|
||||
} else {
|
||||
$logged_in = false;
|
||||
file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION auth expired or not exist for: " . $name, FILE_APPEND);
|
||||
file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION PASS expired or not set: " . $name, FILE_APPEND);
|
||||
}
|
||||
if ($CONFIG['anonuser'] == '1') {
|
||||
$logged_in = false;
|
||||
|
@ -237,6 +239,7 @@ if ($type == "post") {
|
|||
$_SESSION['pass'] = true;
|
||||
$logged_in = true;
|
||||
set_user_logged_in_cookies($name, $keys);
|
||||
file_put_contents($auth_log, "\n" . logging_prefix() . " SET AUTH COOKIES for: " . $name, FILE_APPEND);
|
||||
}
|
||||
} else {
|
||||
// Update cookie times to stay logged in
|
||||
|
|
|
@ -166,17 +166,16 @@ $title .= ' - search results for: ' . $_POST['terms'];
|
|||
include "head.inc";
|
||||
|
||||
// Handle Block poster
|
||||
$post_username = trim(strtolower($_POST['username']));
|
||||
if (isset($_POST['block_poster'])) {
|
||||
if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) {
|
||||
if ((password_verify($post_username . $keys[0] . get_user_config($post_username, 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($post_username . $keys[1] . get_user_config($post_username, 'encryptionkey'), $_COOKIE['mail_auth']))) {
|
||||
$logged_in = true;
|
||||
} else {
|
||||
if (check_bbs_auth($_POST['username'], $_POST['password'])) {
|
||||
if (check_bbs_auth($post_username, $_POST['password'])) {
|
||||
if ($ip_pass) {
|
||||
$_SESSION['pass'] = true;
|
||||
}
|
||||
$authkey = password_hash($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), PASSWORD_DEFAULT);
|
||||
$pkey = hash('crc32', get_user_config($_POST['username'], 'encryptionkey'));
|
||||
set_user_config(strtolower($_POST['username']), "pkey", $pkey);
|
||||
set_user_logged_in_cookies($post_username, $keys);
|
||||
$logged_in = true;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -19,39 +19,6 @@ $logfile = $logdir . '/mail.log';
|
|||
$keyfile = $spooldir . '/keys.dat';
|
||||
$keys = unserialize(file_get_contents($keyfile));
|
||||
|
||||
// How long should cookie allow user to stay logged in?
|
||||
// 14400 = 4 hours
|
||||
$auth_expire = 14400;
|
||||
$logged_in = false;
|
||||
if (! isset($_POST['username'])) {
|
||||
$_POST['username'] = $_COOKIE['mail_name'];
|
||||
}
|
||||
$name = $_POST['username'];
|
||||
if (! isset($_POST['password'])) {
|
||||
$_POST['password'] = null;
|
||||
}
|
||||
if (! isset($_COOKIE['mail_auth'])) {
|
||||
$_COOKIE['mail_auth'] = null;
|
||||
}
|
||||
if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) {
|
||||
$logged_in = true;
|
||||
} else {
|
||||
if (check_bbs_auth($_POST['username'], $_POST['password'])) {
|
||||
$authkey = password_hash($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), PASSWORD_DEFAULT);
|
||||
?>
|
||||
<script type="text/javascript">
|
||||
if (navigator.cookieEnabled)
|
||||
var authcookie = "<?php echo $authkey; ?>";
|
||||
var savename = "<?php echo stripslashes($name); ?>";
|
||||
var auth_expire = "<?php echo $auth_expire; ?>";
|
||||
var name_expire = "7776000";
|
||||
document.cookie = "mail_auth="+authcookie+"; max-age="+auth_expire+"; path=/";
|
||||
document.cookie = "mail_name="+savename+"; max-age="+name_expire+"; path=/";
|
||||
</script>
|
||||
<?php
|
||||
$logged_in = true;
|
||||
}
|
||||
}
|
||||
$title .= ' - Mail';
|
||||
include "head.inc";
|
||||
|
||||
|
@ -105,6 +72,11 @@ if (isset($_POST['username'])) {
|
|||
}
|
||||
}
|
||||
}
|
||||
$logged_in = false;
|
||||
if(trim($name) != '') {
|
||||
$logged_in = verify_logged_in(trim(strtolower($name)));
|
||||
}
|
||||
|
||||
if ($logged_in !== true) {
|
||||
echo '<table border="0" align="center" cellpadding="0" cellspacing="1">';
|
||||
echo '<form name="form1" method="post" action="user.php" enctype="multipart/form-data">';
|
||||
|
|
|
@ -13,15 +13,20 @@ $logged_in = false;
|
|||
if (! isset($_POST['username'])) {
|
||||
$_POST['username'] = $_COOKIE['mail_name'];
|
||||
}
|
||||
$name = $_POST['username'];
|
||||
$name = trim(strtolower($_POST['username']));
|
||||
|
||||
if (! isset($_POST['password'])) {
|
||||
$_POST['password'] = null;
|
||||
}
|
||||
if (! isset($_COOKIE['mail_auth'])) {
|
||||
$_COOKIE['mail_auth'] = null;
|
||||
}
|
||||
if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) {
|
||||
$logged_in = true;
|
||||
|
||||
$logged_in = verify_logged_in(trim(strtolower($name)));
|
||||
if(!$logged_in) {
|
||||
if ((password_verify($name . $keys[0] . get_user_config($name, 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($name . $keys[1] . get_user_config($name, 'encryptionkey'), $_COOKIE['mail_auth']))) {
|
||||
$logged_in = true;
|
||||
}
|
||||
}
|
||||
|
||||
$title .= ' - Upload file';
|
||||
|
|
|
@ -69,24 +69,27 @@ $logged_in = false;
|
|||
if (! isset($_POST['username'])) {
|
||||
$_POST['username'] = $_COOKIE['mail_name'];
|
||||
}
|
||||
$name = $_POST['username'];
|
||||
$name = trim(strtolower($_POST['username']));
|
||||
if (! isset($_POST['password'])) {
|
||||
$_POST['password'] = null;
|
||||
}
|
||||
if (! isset($_COOKIE['mail_auth'])) {
|
||||
$_COOKIE['mail_auth'] = null;
|
||||
}
|
||||
if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) {
|
||||
$logged_in = true;
|
||||
} else {
|
||||
if (check_bbs_auth($_POST['username'], $_POST['password'])) {
|
||||
if ($ip_pass) {
|
||||
$_SESSION['pass'] = true;
|
||||
}
|
||||
set_user_logged_in_cookies($name, $keys);
|
||||
$logged_in = verify_logged_in(trim(strtolower($_POST['username'])));
|
||||
if(!$logged_in) {
|
||||
if ((password_verify($name . $keys[0] . get_user_config($name, 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($name . $keys[1] . get_user_config($name, 'encryptionkey'), $_COOKIE['mail_auth']))) {
|
||||
$logged_in = true;
|
||||
} else {
|
||||
echo 'Authentication Required';
|
||||
if (check_bbs_auth($_POST['username'], $_POST['password'])) {
|
||||
if ($ip_pass) {
|
||||
$_SESSION['pass'] = true;
|
||||
}
|
||||
set_user_logged_in_cookies($name, $keys);
|
||||
$logged_in = true;
|
||||
} else {
|
||||
echo 'Authentication Required';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue