diff options
Diffstat (limited to 'inc/auth.php')
| -rw-r--r-- | inc/auth.php | 45 |
1 files changed, 33 insertions, 12 deletions
diff --git a/inc/auth.php b/inc/auth.php index e224b2fb5..d51534e67 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -95,9 +95,10 @@ function auth_setup() { $INPUT->set('http_credentials', true); } - // apply cleaning + // apply cleaning (auth specific user names, remove control chars) if (true === $auth->success) { - $INPUT->set('u', $auth->cleanUser($INPUT->str('u'))); + $INPUT->set('u', $auth->cleanUser(stripctl($INPUT->str('u')))); + $INPUT->set('p', stripctl($INPUT->str('p'))); } if($INPUT->str('authtok')) { @@ -126,6 +127,7 @@ function auth_setup() { * Loads the ACL setup and handle user wildcards * * @author Andreas Gohr <andi@splitbrain.org> + * * @return array */ function auth_loadACL() { @@ -172,7 +174,7 @@ function auth_loadACL() { /** * Event hook callback for AUTH_LOGIN_CHECK * - * @param $evdata + * @param array $evdata * @return bool */ function auth_login_wrapper($evdata) { @@ -228,7 +230,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) { if(!empty($user)) { //usual login - if($auth->checkPass($user, $pass)) { + if(!empty($pass) && $auth->checkPass($user, $pass)) { // make logininfo globally available $INPUT->server->set('REMOTE_USER', $user); $secret = auth_cookiesalt(!$sticky, true); //bind non-sticky to session @@ -279,8 +281,9 @@ function auth_login($user, $pass, $sticky = false, $silent = false) { * token is correct. Will exit with a 401 Status if not. * * @author Andreas Gohr <andi@splitbrain.org> + * * @param string $token The authentication token - * @return boolean true (or will exit on failure) + * @return boolean|null true (or will exit on failure) */ function auth_validateToken($token) { if(!$token || $token != $_SESSION[DOKU_COOKIE]['auth']['token']) { @@ -306,6 +309,7 @@ function auth_validateToken($token) { * NOTE: this is completely unrelated to the getSecurityToken() function * * @author Andreas Gohr <andi@splitbrain.org> + * * @return string The auth token */ function auth_createToken() { @@ -334,7 +338,6 @@ function auth_browseruid() { $ip = clientIP(true); $uid = ''; $uid .= $INPUT->server->str('HTTP_USER_AGENT'); - $uid .= $INPUT->server->str('HTTP_ACCEPT_ENCODING'); $uid .= $INPUT->server->str('HTTP_ACCEPT_CHARSET'); $uid .= substr($ip, 0, strpos($ip, '.')); $uid = strtolower($uid); @@ -350,6 +353,7 @@ function auth_browseruid() { * and stored in this file. * * @author Andreas Gohr <andi@splitbrain.org> + * * @param bool $addsession if true, the sessionid is added to the salt * @param bool $secure if security is more important than keeping the old value * @return string @@ -377,6 +381,7 @@ function auth_cookiesalt($addsession = false, $secure = false) { * @author Mark Seecof * @author Michael Hamann <michael@content-space.de> * @link http://www.php.net/manual/de/function.mt-rand.php#83655 + * * @param int $length number of bytes to get * @return string binary random strings */ @@ -443,6 +448,7 @@ function auth_randombytes($length) { * * @author Michael Samuel * @author Michael Hamann <michael@content-space.de> + * * @param int $min * @param int $max * @return int @@ -514,6 +520,7 @@ function auth_decrypt($ciphertext, $secret) { * off. It also clears session data. * * @author Andreas Gohr <andi@splitbrain.org> + * * @param bool $keepbc - when true, the breadcrumb data is not cleared */ function auth_logoff($keepbc = false) { @@ -554,6 +561,7 @@ function auth_logoff($keepbc = false) { * * @author Andreas Gohr <andi@splitbrain.org> * @see auth_isadmin + * * @param string $user Username * @param array $groups List of groups the user is in * @param bool $adminonly when true checks if user is admin @@ -598,6 +606,7 @@ function auth_ismanager($user = null, $groups = null, $adminonly = false) { * * @author Andreas Gohr <andi@splitbrain.org> * @see auth_ismanager() + * * @param string $user Username * @param array $groups List of groups the user is in * @return bool @@ -612,9 +621,9 @@ function auth_isadmin($user = null, $groups = null) { * * Note: all input should NOT be nameencoded. * - * @param $memberlist string commaseparated list of allowed users and groups - * @param $user string user to match against - * @param $groups array groups the user is member of + * @param string $memberlist commaseparated list of allowed users and groups + * @param string $user user to match against + * @param array $groups groups the user is member of * @return bool true for membership acknowledged */ function auth_isMember($memberlist, $user, array $groups) { @@ -638,6 +647,7 @@ function auth_isMember($memberlist, $user, array $groups) { // compare cleaned values foreach($members as $member) { + if($member == '@ALL' ) return true; if(!$auth->isCaseSensitive()) $member = utf8_strtolower($member); if($member[0] == '@') { $member = $auth->cleanGroup(substr($member, 1)); @@ -676,6 +686,7 @@ function auth_quickaclcheck($id) { * Returns the maximum rights a user has for the given ID or its namespace * * @author Andreas Gohr <andi@splitbrain.org> + * * @triggers AUTH_ACL_CHECK * @param string $id page ID (needs to be resolved and cleaned) * @param string $user Username @@ -698,6 +709,7 @@ function auth_aclcheck($id, $user, $groups) { * DO NOT CALL DIRECTLY, use auth_aclcheck() instead * * @author Andreas Gohr <andi@splitbrain.org> + * * @param array $data event data * @return int permission level */ @@ -830,6 +842,10 @@ function auth_aclcheck_cb($data) { * * @author Andreas Gohr <gohr@cosmocode.de> * @see rawurldecode() + * + * @param string $name + * @param bool $skip_group + * @return string */ function auth_nameencode($name, $skip_group = false) { global $cache_authname; @@ -911,6 +927,7 @@ function auth_pwgen($foruser = '') { * Sends a password to the given user * * @author Andreas Gohr <andi@splitbrain.org> + * * @param string $user Login name of the user * @param string $password The new password in clear text * @return bool true on success @@ -922,7 +939,7 @@ function auth_sendPassword($user, $password) { if(!$auth) return false; $user = $auth->cleanUser($user); - $userinfo = $auth->getUserData($user); + $userinfo = $auth->getUserData($user, $requireGroups = false); if(!$userinfo['mail']) return false; @@ -946,6 +963,7 @@ function auth_sendPassword($user, $password) { * This registers a new user - Data is read directly from $_POST * * @author Andreas Gohr <andi@splitbrain.org> + * * @return bool true on success, false on any error */ function register() { @@ -1127,6 +1145,7 @@ function auth_deleteprofile(){ } } + $deleted = array(); $deleted[] = $INPUT->server->str('REMOTE_USER'); if($auth->triggerUserMod('delete', array($deleted))) { // force and immediate logout including removing the sticky cookie @@ -1184,7 +1203,7 @@ function act_resendpwd() { } $user = io_readfile($tfile); - $userinfo = $auth->getUserData($user); + $userinfo = $auth->getUserData($user, $requireGroups = false); if(!$userinfo['mail']) { msg($lang['resendpwdnouser'], -1); return false; @@ -1236,7 +1255,7 @@ function act_resendpwd() { $user = trim($auth->cleanUser($INPUT->post->str('login'))); } - $userinfo = $auth->getUserData($user); + $userinfo = $auth->getUserData($user, $requireGroups = false); if(!$userinfo['mail']) { msg($lang['resendpwdnouser'], -1); return false; @@ -1277,6 +1296,7 @@ function act_resendpwd() { * is chosen. * * @author Andreas Gohr <andi@splitbrain.org> + * * @param string $clear The clear text password * @param string $method The hashing method * @param string $salt A salt, null for random @@ -1301,6 +1321,7 @@ function auth_cryptPassword($clear, $method = '', $salt = null) { * Verifies a cleartext password against a crypted hash * * @author Andreas Gohr <andi@splitbrain.org> + * * @param string $clear The clear text password * @param string $crypt The hash to compare with * @return bool true if both match |