New upstream version 0.6.27
This commit is contained in:
geos_one
@@ -1,13 +1,24 @@
|
||||
<?php defined('SYSPATH') OR die('No direct access allowed.');
|
||||
<?php
|
||||
|
||||
// phpcs:disable PSR1.Classes.ClassDeclaration.MissingNamespace
|
||||
// phpcs:disable PSR1.Files.SideEffects
|
||||
defined('SYSPATH') or die('No direct access allowed.');
|
||||
// phpcs:enable PSR1.Files.SideEffects
|
||||
// phpcs:disable Squiz.Classes.ValidClassName.NotCamelCaps
|
||||
|
||||
class Auth_Multisite_Model {
|
||||
class Auth_Multisite_Model
|
||||
{
|
||||
private $htpasswdPath;
|
||||
|
||||
private $serialsPath;
|
||||
|
||||
private $secretPath;
|
||||
|
||||
private $authFile;
|
||||
|
||||
public function __construct($htpasswdPath, $serialsPath, $secretPath, $loginUrl) {
|
||||
|
||||
public function __construct($htpasswdPath, $serialsPath, $secretPath, $loginUrl)
|
||||
{
|
||||
$this->htpasswdPath = $htpasswdPath;
|
||||
$this->serialsPath = $serialsPath;
|
||||
$this->secretPath = $secretPath;
|
||||
@@ -16,96 +27,120 @@ class Auth_Multisite_Model {
|
||||
// When the auth.serial file exists, use this instead of the htpasswd
|
||||
// for validating the cookie. The structure of the file is equal, so
|
||||
// the same code can be used.
|
||||
if(file_exists($this->serialsPath)) {
|
||||
if (file_exists($this->serialsPath)) {
|
||||
$this->authFile = 'serial';
|
||||
|
||||
} elseif(file_exists($this->htpasswdPath)) {
|
||||
} elseif (file_exists($this->htpasswdPath)) {
|
||||
$this->authFile = 'htpasswd';
|
||||
|
||||
} else {
|
||||
throw new Kohana_exception("error.auth_multisite_missing_htpasswd");
|
||||
throw new Kohana_exception('error.auth_multisite_missing_htpasswd');
|
||||
}
|
||||
|
||||
if(!file_exists($this->secretPath)) {
|
||||
if (!file_exists($this->secretPath)) {
|
||||
$this->redirectToLogin();
|
||||
}
|
||||
}
|
||||
//end __construct()
|
||||
|
||||
private function loadAuthFile($path) {
|
||||
$creds = array();
|
||||
foreach(file($path) AS $line) {
|
||||
if(strpos($line, ':') !== false) {
|
||||
|
||||
private function loadAuthFile($path)
|
||||
{
|
||||
$creds = [];
|
||||
foreach (file($path) as $line) {
|
||||
if (strpos($line, ':') !== false) {
|
||||
list($username, $secret) = explode(':', $line, 2);
|
||||
$creds[$username] = rtrim($secret);
|
||||
$creds[$username] = rtrim($secret);
|
||||
}
|
||||
}
|
||||
return $creds;
|
||||
}
|
||||
//end loadAuthFile()
|
||||
|
||||
private function loadSecret() {
|
||||
|
||||
private function loadSecret()
|
||||
{
|
||||
return trim(file_get_contents($this->secretPath));
|
||||
}
|
||||
//end loadSecret()
|
||||
|
||||
private function generateHash($username, $now, $user_secret) {
|
||||
|
||||
private function generateHash($username, $now, $user_secret)
|
||||
{
|
||||
$secret = $this->loadSecret();
|
||||
return md5($username . $now . $user_secret . $secret);
|
||||
}
|
||||
//end generateHash()
|
||||
|
||||
private function checkAuthCookie($cookieName) {
|
||||
if(!isset($_COOKIE[$cookieName]) || $_COOKIE[$cookieName] == '') {
|
||||
|
||||
private function checkAuthCookie($cookieName)
|
||||
{
|
||||
if (!isset($_COOKIE[$cookieName]) || $_COOKIE[$cookieName] == '') {
|
||||
throw new Exception();
|
||||
}
|
||||
|
||||
list($username, $issueTime, $cookieHash) = explode(':', $_COOKIE[$cookieName], 3);
|
||||
$cookie = $_COOKIE[$cookieName];
|
||||
if ($cookie[0] == '"') {
|
||||
$cookie = trim($cookie, '"');
|
||||
}
|
||||
list($username, $issueTime, $cookieHash) = explode(':', $cookie, 3);
|
||||
|
||||
if($this->authFile == 'htpasswd')
|
||||
if ($this->authFile == 'htpasswd') {
|
||||
$users = $this->loadAuthFile($this->htpasswdPath);
|
||||
else
|
||||
} else {
|
||||
$users = $this->loadAuthFile($this->serialsPath);
|
||||
}
|
||||
|
||||
if(!isset($users[$username])) {
|
||||
if (!isset($users[$username])) {
|
||||
throw new Exception();
|
||||
}
|
||||
$user_secret = $users[$username];
|
||||
|
||||
// Validate the hash
|
||||
if($cookieHash != $this->generateHash($username, $issueTime, $user_secret)) {
|
||||
if ($cookieHash != $this->generateHash($username, $issueTime, $user_secret)) {
|
||||
throw new Exception();
|
||||
}
|
||||
|
||||
// FIXME: Maybe renew the cookie here too
|
||||
|
||||
return $username;
|
||||
}
|
||||
//end checkAuthCookie()
|
||||
|
||||
private function checkAuth() {
|
||||
|
||||
private function checkAuth()
|
||||
{
|
||||
// Loop all cookies trying to fetch a valid authentication
|
||||
// cookie for this installation
|
||||
foreach(array_keys($_COOKIE) AS $cookieName) {
|
||||
if(substr($cookieName, 0, 5) != 'auth_') {
|
||||
foreach (array_keys($_COOKIE) as $cookieName) {
|
||||
if (substr($cookieName, 0, 5) != 'auth_') {
|
||||
continue;
|
||||
}
|
||||
try {
|
||||
$name = $this->checkAuthCookie($cookieName);
|
||||
return $name;
|
||||
} catch(Exception $e) {}
|
||||
} catch (Exception $e) {
|
||||
}
|
||||
}
|
||||
return '';
|
||||
}
|
||||
//end checkAuth()
|
||||
|
||||
private function redirectToLogin() {
|
||||
|
||||
private function redirectToLogin()
|
||||
{
|
||||
header('Location:' . $this->loginUrl . '?_origtarget=' . $_SERVER['REQUEST_URI']);
|
||||
}
|
||||
//end redirectToLogin()
|
||||
|
||||
public function check() {
|
||||
|
||||
public function check()
|
||||
{
|
||||
$username = $this->checkAuth();
|
||||
if($username === '') {
|
||||
if ($username === '') {
|
||||
$this->redirectToLogin();
|
||||
exit(0);
|
||||
}
|
||||
|
||||
return $username;
|
||||
}
|
||||
//end check()
|
||||
}
|
||||
|
||||
?>
|
||||
//end class
|
||||
|
||||
Reference in New Issue
Block a user