diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2012-04-15 13:45:45 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2012-04-15 13:45:45 +0200 |
| commit | ae7c596cf4e6a0a09ebcf01fe8ae98789360c5be (patch) | |
| tree | f156252e404e9893922cb5d984fdc646644b6c17 /inc/auth.php | |
| parent | f41c79d730286e8e8c95deb88a4c876e08e278a2 (diff) | |
| parent | 026b314868ee80aca644bf4107f78d8e8052b43e (diff) | |
| download | rpg-ae7c596cf4e6a0a09ebcf01fe8ae98789360c5be.tar.gz rpg-ae7c596cf4e6a0a09ebcf01fe8ae98789360c5be.tar.bz2 | |
Merge branch 'master' into htmlmail
* master: (382 commits)
Romanian language update
Marathi language update
Arabic Language Update
when there's not enough space for images, make sure they stay proportional (might be FS#2480)
added minimal RTL print styles (part of FS#2185)
moved plugins' rtl.css to their style.css counterpart (part of FS#2185)
removed all browser-specific gradients as the recently (in 42ff6730) introduced svg makes them unnecessary
removed comments from accidentally commented lines in tpl_includeFile()
removed obsolete template file
added tpl_includeFile() to core
Make getTitle method in remote interface public
Changed an error code in XML-RPC interface. This error hasn't anything to do with the rest of the -32600 errors.
BG: language update
Korean language update
fixed performance issues with gradient in Firefox (which also added gradient support for IE9) (FS#2447)
deleted very old (and unused) images
added accidentally removed '<?php' back in (was in 57fc5edd)
wrapped X-UA-Compatible meta tag with conditional comments
added explanation to todo in _forms.css
removed problematic 'overflow: hidden' from lists again ('unfixes' FS#1950)
...
Conflicts:
inc/auth.php
inc/load.php
Diffstat (limited to 'inc/auth.php')
| -rw-r--r-- | inc/auth.php | 73 |
1 files changed, 51 insertions, 22 deletions
diff --git a/inc/auth.php b/inc/auth.php index 49346a84f..ed0e2dcf7 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -422,7 +422,7 @@ function auth_isadmin($user=null,$groups=null){ * @param $memberlist string commaseparated list of allowed users and groups * @param $user string user to match against * @param $groups array groups the user is member of - * @returns bool true for membership acknowledged + * @return bool true for membership acknowledged */ function auth_isMember($memberlist,$user,array $groups){ global $auth; @@ -523,18 +523,19 @@ function auth_aclcheck($id,$user,$groups){ $groups[] = '@ALL'; //add User if($user) $groups[] = $user; - //build regexp - $regexp = join('|',$groups); }else{ - $regexp = '@ALL'; + $groups[] = '@ALL'; } //check exact match first - $matches = preg_grep('/^'.preg_quote($id,'/').'\s+('.$regexp.')\s+/'.$ci,$AUTH_ACL); + $matches = preg_grep('/^'.preg_quote($id,'/').'\s+(\S+)\s+/'.$ci,$AUTH_ACL); if(count($matches)){ foreach($matches as $match){ $match = preg_replace('/#.*$/','',$match); //ignore comments $acl = preg_split('/\s+/',$match); + if (!in_array($acl[1], $groups)) { + continue; + } if($acl[2] > AUTH_DELETE) $acl[2] = AUTH_DELETE; //no admins in the ACL! if($acl[2] > $perm){ $perm = $acl[2]; @@ -554,20 +555,24 @@ function auth_aclcheck($id,$user,$groups){ } do{ - $matches = preg_grep('/^'.preg_quote($path,'/').'\s+('.$regexp.')\s+/'.$ci,$AUTH_ACL); + $matches = preg_grep('/^'.preg_quote($path,'/').'\s+(\S+)\s+/'.$ci,$AUTH_ACL); if(count($matches)){ foreach($matches as $match){ $match = preg_replace('/#.*$/','',$match); //ignore comments $acl = preg_split('/\s+/',$match); + if (!in_array($acl[1], $groups)) { + continue; + } if($acl[2] > AUTH_DELETE) $acl[2] = AUTH_DELETE; //no admins in the ACL! if($acl[2] > $perm){ $perm = $acl[2]; } } //we had a match - return it - return $perm; + if ($perm != -1) { + return $perm; + } } - //get next higher namespace $ns = getNS($ns); @@ -582,9 +587,6 @@ function auth_aclcheck($id,$user,$groups){ return AUTH_NONE; } }while(1); //this should never loop endless - - //still here? return no permissions - return AUTH_NONE; } /** @@ -853,32 +855,59 @@ function act_resendpwd(){ $token = preg_replace('/[^a-f0-9]+/','',$_REQUEST['pwauth']); if($token){ - // we're in token phase + // we're in token phase - get user info from token $tfile = $conf['cachedir'].'/'.$token{0}.'/'.$token.'.pwauth'; if(!@file_exists($tfile)){ msg($lang['resendpwdbadauth'],-1); + unset($_REQUEST['pwauth']); return false; } + // token is only valid for 3 days + if( (time() - filemtime($tfile)) > (3*60*60*24) ){ + msg($lang['resendpwdbadauth'],-1); + unset($_REQUEST['pwauth']); + @unlink($tfile); + return false; + } + $user = io_readfile($tfile); - @unlink($tfile); $userinfo = $auth->getUserData($user); if(!$userinfo['mail']) { msg($lang['resendpwdnouser'], -1); return false; } - $pass = auth_pwgen(); - if (!$auth->triggerUserMod('modify', array($user,array('pass' => $pass)))) { - msg('error modifying user data',-1); - return false; - } + if(!$conf['autopasswd']){ // we let the user choose a password + // password given correctly? + if(!isset($_REQUEST['pass']) || $_REQUEST['pass'] == '') return false; + if($_REQUEST['pass'] != $_REQUEST['passchk']){ + msg($lang['regbadpass'],-1); + return false; + } + $pass = $_REQUEST['pass']; - if (auth_sendPassword($user,$pass)) { - msg($lang['resendpwdsuccess'],1); - } else { - msg($lang['regmailfail'],-1); + if (!$auth->triggerUserMod('modify', array($user,array('pass' => $pass)))) { + msg('error modifying user data',-1); + return false; + } + + }else{ // autogenerate the password and send by mail + + $pass = auth_pwgen(); + if (!$auth->triggerUserMod('modify', array($user,array('pass' => $pass)))) { + msg('error modifying user data',-1); + return false; + } + + if (auth_sendPassword($user,$pass)) { + msg($lang['resendpwdsuccess'],1); + } else { + msg($lang['regmailfail'],-1); + } } + + @unlink($tfile); return true; } else { |