Merge branch 'master' of https://github.com/splitbrain/dokuwiki

Conflicts: lib/exe/xmlrpc.php
author: Dominik Eckelmann <deckelmann@gmail.com> 2012-03-14 12:52:36 +0100
committer: Dominik Eckelmann <deckelmann@gmail.com> 2012-03-14 12:52:36 +0100
commit: 3a6d76070be7220b8e5f7c04443aa923bc8cddf2 (patch)
tree: dfd00b5d0c5f58ee313eb376a8cb1ee99512bf83 /inc/auth.php
parent: 03d7247e047c21d2733f837148a1499f56784ae3 (diff)
parent: d0caa5642f6e322a026bd5bdac4585ff1b2f40da (diff)
download: rpg-3a6d76070be7220b8e5f7c04443aa923bc8cddf2.tar.gz
rpg-3a6d76070be7220b8e5f7c04443aa923bc8cddf2.tar.bz2
1 files changed, 51 insertions, 21 deletions
diff --git a/inc/auth.php b/inc/auth.php
index 87e5b5580..1b6b3a689 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -523,18 +523,19 @@ function auth_aclcheck($id,$user,$groups){
         $groups[] = '@ALL';
         //add User
         if($user) $groups[] = $user;
-        //build regexp
-        $regexp   = join('|',$groups);
     }else{
-        $regexp = '@ALL';
+        $groups[] = '@ALL';
     }
 
     //check exact match first
-    $matches = preg_grep('/^'.preg_quote($id,'/').'\s+('.$regexp.')\s+/'.$ci,$AUTH_ACL);
+    $matches = preg_grep('/^'.preg_quote($id,'/').'\s+(\S+)\s+/'.$ci,$AUTH_ACL);
     if(count($matches)){
         foreach($matches as $match){
             $match = preg_replace('/#.*$/','',$match); //ignore comments
             $acl   = preg_split('/\s+/',$match);
+            if (!in_array($acl[1], $groups)) {
+                continue;
+            }
             if($acl[2] > AUTH_DELETE) $acl[2] = AUTH_DELETE; //no admins in the ACL!
             if($acl[2] > $perm){
                 $perm = $acl[2];
@@ -554,20 +555,24 @@ function auth_aclcheck($id,$user,$groups){
     }
 
     do{
-        $matches = preg_grep('/^'.preg_quote($path,'/').'\s+('.$regexp.')\s+/'.$ci,$AUTH_ACL);
+        $matches = preg_grep('/^'.preg_quote($path,'/').'\s+(\S+)\s+/'.$ci,$AUTH_ACL);
         if(count($matches)){
             foreach($matches as $match){
                 $match = preg_replace('/#.*$/','',$match); //ignore comments
                 $acl   = preg_split('/\s+/',$match);
+                if (!in_array($acl[1], $groups)) {
+                    continue;
+                }
                 if($acl[2] > AUTH_DELETE) $acl[2] = AUTH_DELETE; //no admins in the ACL!
                 if($acl[2] > $perm){
                     $perm = $acl[2];
                 }
             }
             //we had a match - return it
-            return $perm;
+            if ($perm != -1) {
+                return $perm;
+            }
         }
-
         //get next higher namespace
         $ns   = getNS($ns);
 
@@ -582,9 +587,6 @@ function auth_aclcheck($id,$user,$groups){
             return AUTH_NONE;
         }
     }while(1); //this should never loop endless
-
-    //still here? return no permissions
-    return AUTH_NONE;
 }
 
 /**
@@ -858,32 +860,60 @@ function act_resendpwd(){
     $token = preg_replace('/[^a-f0-9]+/','',$_REQUEST['pwauth']);
 
     if($token){
-        // we're in token phase
+        // we're in token phase - get user info from token
 
         $tfile = $conf['cachedir'].'/'.$token{0}.'/'.$token.'.pwauth';
         if(!@file_exists($tfile)){
             msg($lang['resendpwdbadauth'],-1);
+            unset($_REQUEST['pwauth']);
             return false;
         }
+        // token is only valid for 3 days
+        if( (time() - filemtime($tfile)) > (3*60*60*24) ){
+            msg($lang['resendpwdbadauth'],-1);
+            unset($_REQUEST['pwauth']);
+            @unlink($tfile);
+            return false;
+        }
+
         $user = io_readfile($tfile);
-        @unlink($tfile);
         $userinfo = $auth->getUserData($user);
         if(!$userinfo['mail']) {
             msg($lang['resendpwdnouser'], -1);
             return false;
         }
 
-        $pass = auth_pwgen();
-        if (!$auth->triggerUserMod('modify', array($user,array('pass' => $pass)))) {
-            msg('error modifying user data',-1);
-            return false;
-        }
 
-        if (auth_sendPassword($user,$pass)) {
-            msg($lang['resendpwdsuccess'],1);
-        } else {
-            msg($lang['regmailfail'],-1);
+        if(!$conf['autopasswd']){ // we let the user choose a password
+            // password given correctly?
+            if(!isset($_REQUEST['pass']) || $_REQUEST['pass'] == '') return false;
+            if($_REQUEST['pass'] != $_REQUEST['passchk']){
+                msg($lang['regbadpass'],-1);
+                return false;
+            }
+            $pass = $_REQUEST['pass'];
+
+            if (!$auth->triggerUserMod('modify', array($user,array('pass' => $pass)))) {
+                msg('error modifying user data',-1);
+                return false;
+            }
+
+        }else{ // autogenerate the password and send by mail
+
+            $pass = auth_pwgen();
+            if (!$auth->triggerUserMod('modify', array($user,array('pass' => $pass)))) {
+                msg('error modifying user data',-1);
+                return false;
+            }
+
+            if (auth_sendPassword($user,$pass)) {
+                msg($lang['resendpwdsuccess'],1);
+            } else {
+                msg($lang['regmailfail'],-1);
+            }
         }
+
+        @unlink($tfile);
         return true;
 
     } else {
author	Dominik Eckelmann <deckelmann@gmail.com>	2012-03-14 12:52:36 +0100
committer	Dominik Eckelmann <deckelmann@gmail.com>	2012-03-14 12:52:36 +0100
commit	3a6d76070be7220b8e5f7c04443aa923bc8cddf2 (patch)
tree	dfd00b5d0c5f58ee313eb376a8cb1ee99512bf83 /inc/auth.php
parent	03d7247e047c21d2733f837148a1499f56784ae3 (diff)
parent	d0caa5642f6e322a026bd5bdac4585ff1b2f40da (diff)
download	rpg-3a6d76070be7220b8e5f7c04443aa923bc8cddf2.tar.gz rpg-3a6d76070be7220b8e5f7c04443aa923bc8cddf2.tar.bz2