From c17acc9f11cd61909a9395b560e759686c7717e6 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sun, 5 Jan 2014 19:09:34 +0100 Subject: AUTH_ACL_CHECK event around ACL checking allows to modify ACL results in the AFTER event or to implement a completely different ACL mechanism in the BEFORE event. --- inc/auth.php | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index b793f5d12..6000ea6d7 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -661,17 +661,39 @@ function auth_quickaclcheck($id) { } /** - * Returns the maximum rights a user has for - * the given ID or its namespace + * Returns the maximum rights a user has for the given ID or its namespace * * @author Andreas Gohr - * + * @triggers AUTH_ACL_CHECK * @param string $id page ID (needs to be resolved and cleaned) * @param string $user Username * @param array|null $groups Array of groups the user is in * @return int permission level */ function auth_aclcheck($id, $user, $groups) { + $data = array( + 'id' => $id, + 'user' => $user, + 'groups' => $groups + ); + + return trigger_event('AUTH_ACL_CHECK', $data, 'auth_aclcheck_cb'); +} + +/** + * default ACL check method + * + * DO NOT CALL DIRECTLY, use auth_aclcheck() instead + * + * @author Andreas Gohr + * @param array $data event data + * @return int permission level + */ +function auth_aclcheck_cb($data) { + $id =& $data['id']; + $user =& $data['user']; + $groups =& $data['groups']; + global $conf; global $AUTH_ACL; /* @var DokuWiki_Auth_Plugin $auth */ -- cgit v1.2.3 From 04d68ae4edcddca8a3c30ed4ce6c72d28440a084 Mon Sep 17 00:00:00 2001 From: Gerrit Uitslag Date: Thu, 20 Feb 2014 14:08:02 +0100 Subject: PHPDocs auth.php --- inc/auth.php | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 6000ea6d7..8fde129aa 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -845,6 +845,12 @@ function auth_nameencode($name, $skip_group = false) { return $cache[$name][$skip_group]; } +/** + * callback encodes the matches + * + * @param array $matches first complete match, next matching subpatterms + * @return string + */ function auth_nameencode_callback($matches) { return '%'.dechex(ord(substr($matches[1],-1))); } @@ -1075,6 +1081,11 @@ function updateprofile() { return false; } +/** + * Delete the current logged-in user + * + * @return bool true on success, false on any error + */ function auth_deleteprofile(){ global $conf; global $lang; -- cgit v1.2.3 From 55a71a16cbfacd3836ca70e37e45f85bd44ceab1 Mon Sep 17 00:00:00 2001 From: Gerrit Uitslag Date: Tue, 4 Mar 2014 21:14:24 +0100 Subject: removed pre PHP 5.2 code wrt setcookie and session setting - moved cookiedir determination in the if-statement --- inc/auth.php | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 8fde129aa..6c4636b2f 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -528,11 +528,7 @@ function auth_logoff($keepbc = false) { $USERINFO = null; //FIXME $cookieDir = empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir']; - if(version_compare(PHP_VERSION, '5.2.0', '>')) { - setcookie(DOKU_COOKIE, '', time() - 600000, $cookieDir, '', ($conf['securecookie'] && is_ssl()), true); - } else { - setcookie(DOKU_COOKIE, '', time() - 600000, $cookieDir, '', ($conf['securecookie'] && is_ssl())); - } + setcookie(DOKU_COOKIE, '', time() - 600000, $cookieDir, '', ($conf['securecookie'] && is_ssl()), true); if($auth) $auth->logOff(); } @@ -1319,11 +1315,8 @@ function auth_setCookie($user, $pass, $sticky) { $cookie = base64_encode($user).'|'.((int) $sticky).'|'.base64_encode($pass); $cookieDir = empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir']; $time = $sticky ? (time() + 60 * 60 * 24 * 365) : 0; //one year - if(version_compare(PHP_VERSION, '5.2.0', '>')) { - setcookie(DOKU_COOKIE, $cookie, $time, $cookieDir, '', ($conf['securecookie'] && is_ssl()), true); - } else { - setcookie(DOKU_COOKIE, $cookie, $time, $cookieDir, '', ($conf['securecookie'] && is_ssl())); - } + setcookie(DOKU_COOKIE, $cookie, $time, $cookieDir, '', ($conf['securecookie'] && is_ssl()), true); + // set session $_SESSION[DOKU_COOKIE]['auth']['user'] = $user; $_SESSION[DOKU_COOKIE]['auth']['pass'] = sha1($pass); -- cgit v1.2.3 From f87b5dbbbad408da775ac4c60ceb9f9666280527 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Wed, 5 Mar 2014 22:04:14 +0000 Subject: use isset() + ?: or error suppression where value may not be set --- inc/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 6c4636b2f..e44e837a7 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -325,7 +325,7 @@ function auth_browseruid() { $uid = ''; $uid .= $_SERVER['HTTP_USER_AGENT']; $uid .= $_SERVER['HTTP_ACCEPT_ENCODING']; - $uid .= $_SERVER['HTTP_ACCEPT_CHARSET']; + $uid .= @$_SERVER['HTTP_ACCEPT_CHARSET']; $uid .= substr($ip, 0, strpos($ip, '.')); $uid = strtolower($uid); return md5($uid); -- cgit v1.2.3 From 585bf44e2b756eac2e1cfce7035ef237bc02a788 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Thu, 6 Mar 2014 19:55:56 +0000 Subject: amend $_SERVER to $INPUT->server --- inc/auth.php | 54 +++++++++++++++++++++++++++++++++++------------------- 1 file changed, 35 insertions(+), 19 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index e44e837a7..2bdc3eb00 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -131,6 +131,8 @@ function auth_setup() { function auth_loadACL() { global $config_cascade; global $USERINFO; + /* @var Input $INPUT */ + global $INPUT; if(!is_readable($config_cascade['acl']['default'])) return array(); @@ -145,10 +147,10 @@ function auth_loadACL() { // substitute user wildcard first (its 1:1) if(strstr($line, '%USER%')){ // if user is not logged in, this ACL line is meaningless - skip it - if (!isset($_SERVER['REMOTE_USER'])) continue; + if (!$INPUT->server->has('REMOTE_USER')) continue; - $id = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id); - $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest); + $id = str_replace('%USER%',cleanID($INPUT->server->str('REMOTE_USER')),$id); + $rest = str_replace('%USER%',auth_nameencode($INPUT->server->str('REMOTE_USER')),$rest); } // substitute group wildcard (its 1:m) @@ -217,6 +219,8 @@ function auth_login($user, $pass, $sticky = false, $silent = false) { global $lang; /* @var DokuWiki_Auth_Plugin $auth */ global $auth; + /* @var Input $INPUT */ + global $INPUT; $sticky ? $sticky = true : $sticky = false; //sanity check @@ -226,7 +230,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) { //usual login if($auth->checkPass($user, $pass)) { // make logininfo globally available - $_SERVER['REMOTE_USER'] = $user; + $INPUT->server->set('REMOTE_USER', $user); $secret = auth_cookiesalt(!$sticky, true); //bind non-sticky to session auth_setCookie($user, auth_encrypt($pass, $secret), $sticky); return true; @@ -253,7 +257,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) { ) { // he has session, cookie and browser right - let him in - $_SERVER['REMOTE_USER'] = $user; + $INPUT->server->set('REMOTE_USER', $user); $USERINFO = $session['info']; //FIXME move all references to session return true; } @@ -288,7 +292,10 @@ function auth_validateToken($token) { } // still here? trust the session data global $USERINFO; - $_SERVER['REMOTE_USER'] = $_SESSION[DOKU_COOKIE]['auth']['user']; + /* @var Input $INPUT */ + global $INPUT; + + $INPUT->server->set('REMOTE_USER',$_SESSION[DOKU_COOKIE]['auth']['user']); $USERINFO = $_SESSION[DOKU_COOKIE]['auth']['info']; return true; } @@ -321,11 +328,14 @@ function auth_createToken() { * @return string a MD5 sum of various browser headers */ function auth_browseruid() { + /* @var Input $INPUT */ + global $INPUT; + $ip = clientIP(true); $uid = ''; - $uid .= $_SERVER['HTTP_USER_AGENT']; - $uid .= $_SERVER['HTTP_ACCEPT_ENCODING']; - $uid .= @$_SERVER['HTTP_ACCEPT_CHARSET']; + $uid .= $INPUT->server->str('HTTP_USER_AGENT'); + $uid .= $INPUT->server->str('HTTP_ACCEPT_ENCODING'); + $uid .= $INPUT->server->str('HTTP_ACCEPT_CHARSET'); $uid .= substr($ip, 0, strpos($ip, '.')); $uid = strtolower($uid); return md5($uid); @@ -511,6 +521,8 @@ function auth_logoff($keepbc = false) { global $USERINFO; /* @var DokuWiki_Auth_Plugin $auth */ global $auth; + /* @var Input $INPUT */ + global $INPUT; // make sure the session is writable (it usually is) @session_start(); @@ -523,8 +535,7 @@ function auth_logoff($keepbc = false) { unset($_SESSION[DOKU_COOKIE]['auth']['info']); if(!$keepbc && isset($_SESSION[DOKU_COOKIE]['bc'])) unset($_SESSION[DOKU_COOKIE]['bc']); - if(isset($_SERVER['REMOTE_USER'])) - unset($_SERVER['REMOTE_USER']); + $INPUT->server->remove('REMOTE_USER'); $USERINFO = null; //FIXME $cookieDir = empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir']; @@ -553,13 +564,16 @@ function auth_ismanager($user = null, $groups = null, $adminonly = false) { global $USERINFO; /* @var DokuWiki_Auth_Plugin $auth */ global $auth; + /* @var Input $INPUT */ + global $INPUT; + if(!$auth) return false; if(is_null($user)) { - if(!isset($_SERVER['REMOTE_USER'])) { + if(!$INPUT->server->has('REMOTE_USER')) { return false; } else { - $user = $_SERVER['REMOTE_USER']; + $user = $INPUT->server->str('REMOTE_USER'); } } if(is_null($groups)) { @@ -651,9 +665,11 @@ function auth_isMember($memberlist, $user, array $groups) { function auth_quickaclcheck($id) { global $conf; global $USERINFO; + /* @var Input $INPUT */ + global $INPUT; # if no ACL is used always return upload rights if(!$conf['useacl']) return AUTH_UPLOAD; - return auth_aclcheck($id, $_SERVER['REMOTE_USER'], $USERINFO['grps']); + return auth_aclcheck($id, $INPUT->server->str('REMOTE_USER'), $USERINFO['grps']); } /** @@ -1058,18 +1074,18 @@ function updateprofile() { } if($conf['profileconfirm']) { - if(!$auth->checkPass($_SERVER['REMOTE_USER'], $INPUT->post->str('oldpass'))) { + if(!$auth->checkPass($INPUT->server->str('REMOTE_USER'), $INPUT->post->str('oldpass'))) { msg($lang['badpassconfirm'], -1); return false; } } - if($result = $auth->triggerUserMod('modify', array($_SERVER['REMOTE_USER'], $changes))) { + if($result = $auth->triggerUserMod('modify', array($INPUT->server->str('REMOTE_USER'), $changes))) { // update cookie and session with the changed data if($changes['pass']) { list( /*user*/, $sticky, /*pass*/) = auth_getCookie(); $pass = auth_encrypt($changes['pass'], auth_cookiesalt(!$sticky, true)); - auth_setCookie($_SERVER['REMOTE_USER'], $pass, (bool) $sticky); + auth_setCookie($INPUT->server->str('REMOTE_USER'), $pass, (bool) $sticky); } return true; } @@ -1105,13 +1121,13 @@ function auth_deleteprofile(){ } if($conf['profileconfirm']) { - if(!$auth->checkPass($_SERVER['REMOTE_USER'], $INPUT->post->str('oldpass'))) { + if(!$auth->checkPass($INPUT->server->str('REMOTE_USER'), $INPUT->post->str('oldpass'))) { msg($lang['badpassconfirm'], -1); return false; } } - $deleted[] = $_SERVER['REMOTE_USER']; + $deleted[] = $INPUT->server->str('REMOTE_USER'); if($auth->triggerUserMod('delete', array($deleted))) { // force and immediate logout including removing the sticky cookie auth_logoff(); -- cgit v1.2.3 From 2046a6546c8ed62b9a7b33305b6201458f2f8291 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Wed, 12 Mar 2014 15:38:28 +0000 Subject: Allow user info to be retrieved without groups Some parts of dokuwiki (e.g. recent changes, old revisions) can requests lots of user info (to provide editor names) without requiring any group information. This change also implements caching of user info by authmysql & authpgsql plugins to avoid repeated querying of the DB to retrieve the same user information. --- inc/auth.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 2bdc3eb00..cbdd7163b 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -922,7 +922,7 @@ function auth_sendPassword($user, $password) { if(!$auth) return false; $user = $auth->cleanUser($user); - $userinfo = $auth->getUserData($user); + $userinfo = $auth->getUserData($user, DokuWiki_Auth_Plugin::IGNORE_GROUPS); if(!$userinfo['mail']) return false; @@ -1184,7 +1184,7 @@ function act_resendpwd() { } $user = io_readfile($tfile); - $userinfo = $auth->getUserData($user); + $userinfo = $auth->getUserData($user, DokuWiki_Auth_Plugin::IGNORE_GROUPS); if(!$userinfo['mail']) { msg($lang['resendpwdnouser'], -1); return false; @@ -1236,7 +1236,7 @@ function act_resendpwd() { $user = trim($auth->cleanUser($INPUT->post->str('login'))); } - $userinfo = $auth->getUserData($user); + $userinfo = $auth->getUserData($user, DokuWiki_Auth_Plugin::IGNORE_GROUPS); if(!$userinfo['mail']) { msg($lang['resendpwdnouser'], -1); return false; -- cgit v1.2.3 From 2dc9e90007f12ac996b0e74479137a9dc6243c3c Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Sun, 4 May 2014 19:20:11 +0100 Subject: KISS - remove class constants for REQUIRE_GROUPS & IGNORE_GROUPS and replace with boolean values --- inc/auth.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index cbdd7163b..5e0d13417 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -922,7 +922,7 @@ function auth_sendPassword($user, $password) { if(!$auth) return false; $user = $auth->cleanUser($user); - $userinfo = $auth->getUserData($user, DokuWiki_Auth_Plugin::IGNORE_GROUPS); + $userinfo = $auth->getUserData($user, $requireGroups = false); if(!$userinfo['mail']) return false; @@ -1184,7 +1184,7 @@ function act_resendpwd() { } $user = io_readfile($tfile); - $userinfo = $auth->getUserData($user, DokuWiki_Auth_Plugin::IGNORE_GROUPS); + $userinfo = $auth->getUserData($user, $requireGroups = false); if(!$userinfo['mail']) { msg($lang['resendpwdnouser'], -1); return false; @@ -1236,7 +1236,7 @@ function act_resendpwd() { $user = trim($auth->cleanUser($INPUT->post->str('login'))); } - $userinfo = $auth->getUserData($user, DokuWiki_Auth_Plugin::IGNORE_GROUPS); + $userinfo = $auth->getUserData($user, $requireGroups = false); if(!$userinfo['mail']) { msg($lang['resendpwdnouser'], -1); return false; -- cgit v1.2.3 From 49cd1ed0c3598adf2be1b42e09281137eb41cc2b Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sat, 26 Jul 2014 08:40:27 +0200 Subject: fix AUTH_USER_CHANGE event in profile updates the triggered event did not allow event handlers to change the passed data --- inc/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 2bdc3eb00..e224b2fb5 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -1080,7 +1080,7 @@ function updateprofile() { } } - if($result = $auth->triggerUserMod('modify', array($INPUT->server->str('REMOTE_USER'), $changes))) { + if($result = $auth->triggerUserMod('modify', array($INPUT->server->str('REMOTE_USER'), &$changes))) { // update cookie and session with the changed data if($changes['pass']) { list( /*user*/, $sticky, /*pass*/) = auth_getCookie(); -- cgit v1.2.3 From e5204a127eaefe66c8334f68edc017671e78fcca Mon Sep 17 00:00:00 2001 From: Jurgen Hart Date: Wed, 30 Jul 2014 16:39:40 +0200 Subject: Added @ALL handeling in auth_isMember --- inc/auth.php | 1 + 1 file changed, 1 insertion(+) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index e224b2fb5..b12800584 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -638,6 +638,7 @@ function auth_isMember($memberlist, $user, array $groups) { // compare cleaned values foreach($members as $member) { + if($member == '@ALL' ) return true; if(!$auth->isCaseSensitive()) $member = utf8_strtolower($member); if($member[0] == '@') { $member = $auth->cleanGroup(substr($member, 1)); -- cgit v1.2.3 From 395c2f0ff3e87977ea2573587a11f4ef294433f2 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Tue, 23 Sep 2014 20:17:49 +0200 Subject: clean user credentials from control chars This is to prevent zero byte attacks on external auth systems as described in http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication --- inc/auth.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index e224b2fb5..7477ae7ef 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -95,9 +95,10 @@ function auth_setup() { $INPUT->set('http_credentials', true); } - // apply cleaning + // apply cleaning (auth specific user names, remove control chars) if (true === $auth->success) { - $INPUT->set('u', $auth->cleanUser($INPUT->str('u'))); + $INPUT->set('u', $auth->cleanUser(stripctl($INPUT->str('u')))); + $INPUT->set('p', stripctl($INPUT->str('p'))); } if($INPUT->str('authtok')) { -- cgit v1.2.3 From 5e9e1054045318cfb23f64db7be36a677dc9481a Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 26 Sep 2014 10:36:05 +0200 Subject: do not allow empty passwords When a username but no password is submitted, the login is denied right away instead of relying on the backend to refuse the login. --- inc/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 7477ae7ef..037f7e78f 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -229,7 +229,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) { if(!empty($user)) { //usual login - if($auth->checkPass($user, $pass)) { + if(!empty($pass) && $auth->checkPass($user, $pass)) { // make logininfo globally available $INPUT->server->set('REMOTE_USER', $user); $secret = auth_cookiesalt(!$sticky, true); //bind non-sticky to session -- cgit v1.2.3 From 59bc3b48fdffb76ee65a4b630be3ffa1f6c20c80 Mon Sep 17 00:00:00 2001 From: Gerrit Uitslag Date: Mon, 29 Sep 2014 21:45:27 +0200 Subject: more scrutinizer issue improvements --- inc/auth.php | 1 + 1 file changed, 1 insertion(+) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index e938830ef..dc2b6cad8 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -1129,6 +1129,7 @@ function auth_deleteprofile(){ } } + $deleted = array(); $deleted[] = $INPUT->server->str('REMOTE_USER'); if($auth->triggerUserMod('delete', array($deleted))) { // force and immediate logout including removing the sticky cookie -- cgit v1.2.3 From 42ea7f447f39fbc2f79eaaec31f8c10ede59c5d0 Mon Sep 17 00:00:00 2001 From: Gerrit Uitslag Date: Wed, 1 Oct 2014 11:30:27 +0200 Subject: Many PHPDocs, some unused and dyn declared vars many PHPDocs some unused variables some dynamically declared variables declared --- inc/auth.php | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index dc2b6cad8..3a6a2f65a 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -127,6 +127,7 @@ function auth_setup() { * Loads the ACL setup and handle user wildcards * * @author Andreas Gohr + * * @return array */ function auth_loadACL() { @@ -173,7 +174,7 @@ function auth_loadACL() { /** * Event hook callback for AUTH_LOGIN_CHECK * - * @param $evdata + * @param array $evdata * @return bool */ function auth_login_wrapper($evdata) { @@ -280,6 +281,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) { * token is correct. Will exit with a 401 Status if not. * * @author Andreas Gohr + * * @param string $token The authentication token * @return boolean true (or will exit on failure) */ @@ -307,6 +309,7 @@ function auth_validateToken($token) { * NOTE: this is completely unrelated to the getSecurityToken() function * * @author Andreas Gohr + * * @return string The auth token */ function auth_createToken() { @@ -351,6 +354,7 @@ function auth_browseruid() { * and stored in this file. * * @author Andreas Gohr + * * @param bool $addsession if true, the sessionid is added to the salt * @param bool $secure if security is more important than keeping the old value * @return string @@ -378,6 +382,7 @@ function auth_cookiesalt($addsession = false, $secure = false) { * @author Mark Seecof * @author Michael Hamann * @link http://www.php.net/manual/de/function.mt-rand.php#83655 + * * @param int $length number of bytes to get * @return string binary random strings */ @@ -444,6 +449,7 @@ function auth_randombytes($length) { * * @author Michael Samuel * @author Michael Hamann + * * @param int $min * @param int $max * @return int @@ -515,6 +521,7 @@ function auth_decrypt($ciphertext, $secret) { * off. It also clears session data. * * @author Andreas Gohr + * * @param bool $keepbc - when true, the breadcrumb data is not cleared */ function auth_logoff($keepbc = false) { @@ -555,6 +562,7 @@ function auth_logoff($keepbc = false) { * * @author Andreas Gohr * @see auth_isadmin + * * @param string $user Username * @param array $groups List of groups the user is in * @param bool $adminonly when true checks if user is admin @@ -599,6 +607,7 @@ function auth_ismanager($user = null, $groups = null, $adminonly = false) { * * @author Andreas Gohr * @see auth_ismanager() + * * @param string $user Username * @param array $groups List of groups the user is in * @return bool @@ -613,9 +622,9 @@ function auth_isadmin($user = null, $groups = null) { * * Note: all input should NOT be nameencoded. * - * @param $memberlist string commaseparated list of allowed users and groups - * @param $user string user to match against - * @param $groups array groups the user is member of + * @param string $memberlist commaseparated list of allowed users and groups + * @param string $user user to match against + * @param array $groups groups the user is member of * @return bool true for membership acknowledged */ function auth_isMember($memberlist, $user, array $groups) { @@ -678,6 +687,7 @@ function auth_quickaclcheck($id) { * Returns the maximum rights a user has for the given ID or its namespace * * @author Andreas Gohr + * * @triggers AUTH_ACL_CHECK * @param string $id page ID (needs to be resolved and cleaned) * @param string $user Username @@ -700,6 +710,7 @@ function auth_aclcheck($id, $user, $groups) { * DO NOT CALL DIRECTLY, use auth_aclcheck() instead * * @author Andreas Gohr + * * @param array $data event data * @return int permission level */ @@ -832,6 +843,10 @@ function auth_aclcheck_cb($data) { * * @author Andreas Gohr * @see rawurldecode() + * + * @param string $name + * @param bool $skip_group + * @return string */ function auth_nameencode($name, $skip_group = false) { global $cache_authname; @@ -913,6 +928,7 @@ function auth_pwgen($foruser = '') { * Sends a password to the given user * * @author Andreas Gohr + * * @param string $user Login name of the user * @param string $password The new password in clear text * @return bool true on success @@ -948,6 +964,7 @@ function auth_sendPassword($user, $password) { * This registers a new user - Data is read directly from $_POST * * @author Andreas Gohr + * * @return bool true on success, false on any error */ function register() { @@ -1280,6 +1297,7 @@ function act_resendpwd() { * is chosen. * * @author Andreas Gohr + * * @param string $clear The clear text password * @param string $method The hashing method * @param string $salt A salt, null for random @@ -1304,6 +1322,7 @@ function auth_cryptPassword($clear, $method = '', $salt = null) { * Verifies a cleartext password against a crypted hash * * @author Andreas Gohr + * * @param string $clear The clear text password * @param string $crypt The hash to compare with * @return bool true if both match -- cgit v1.2.3 From 7e8500eea1e53b1de0e0f70400664afa442cd08d Mon Sep 17 00:00:00 2001 From: Gerrit Uitslag Date: Thu, 2 Oct 2014 14:55:24 +0200 Subject: PHPDocs and some improvements --- inc/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 3a6a2f65a..0342de7be 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -283,7 +283,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) { * @author Andreas Gohr * * @param string $token The authentication token - * @return boolean true (or will exit on failure) + * @return boolean|null true (or will exit on failure) */ function auth_validateToken($token) { if(!$token || $token != $_SESSION[DOKU_COOKIE]['auth']['token']) { -- cgit v1.2.3 From 60aca4b904310fc764389d058c23e7b978b513a3 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Mon, 6 Oct 2014 14:59:03 +0200 Subject: do not use Accept-Encoding in browser UID Since Chrome 37, they send differen accept encodings for POST and GET requests which will break BrowserUID checks as reported in cosmocode/dokuwiki-plugin-oauth/issues/3 See https://code.google.com/p/chromium/issues/detail?id=410559 for official bug report at Google --- inc/auth.php | 1 - 1 file changed, 1 deletion(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index e938830ef..4b1e6ce31 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -335,7 +335,6 @@ function auth_browseruid() { $ip = clientIP(true); $uid = ''; $uid .= $INPUT->server->str('HTTP_USER_AGENT'); - $uid .= $INPUT->server->str('HTTP_ACCEPT_ENCODING'); $uid .= $INPUT->server->str('HTTP_ACCEPT_CHARSET'); $uid .= substr($ip, 0, strpos($ip, '.')); $uid = strtolower($uid); -- cgit v1.2.3 From 79e79377626799a77c11aa7849cb9c64305590c8 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Wed, 7 Jan 2015 10:47:45 +0100 Subject: Remove error supression for file_exists() In an older version of PHP a file_exists() call would issue a warning when the file did not exist. This was fixed in later PHP releases. Since we require PHP 5.3 now, there's no need to supress any error here anymore. This might even give a minor performance boost. --- inc/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index d51534e67..17923ba2a 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -1189,7 +1189,7 @@ function act_resendpwd() { // we're in token phase - get user info from token $tfile = $conf['cachedir'].'/'.$token{0}.'/'.$token.'.pwauth'; - if(!@file_exists($tfile)) { + if(!file_exists($tfile)) { msg($lang['resendpwdbadauth'], -1); $INPUT->remove('pwauth'); return false; -- cgit v1.2.3