| [ Index ] | PHP Cross Reference of Mambo 4.6.5 |
|
| [ Variables ] [ Functions ] [ Classes ] [ Constants ] [ Statistics ] | ||
[Summary view] [Print] [Text view]
1 <?php /* 2 * FCKeditor - The text editor for internet 3 * Copyright (C) 2003-2005 Frederico Caldeira Knabben 4 * 5 * Licensed under the terms of the GNU Lesser General Public License: 6 * http://www.opensource.org/licenses/lgpl-license.php 7 * 8 * For further information visit: 9 * http://www.fckeditor.net/ 10 * 11 * File Name: Default.php 12 * Im not very clued up on authentication but even i can see that anyone 13 * who can spoof an IP could perform a replay attack on this, but its 14 * better than nothing. 15 * There is a 1 hour time out on tokens to help this slightly. 16 * 17 * File Authors: 18 * Grant French (grant@mcpuk.net) 19 */ 20 class Auth { 21 22 function authenticate($data,$fckphp_config) { 23 24 //Hold relevant$fckphp_config vars locally 25 $key=$fckphp_config['auth']['Handler']['SharedKey']; 26 $fckphp_config['authSuccess']=false; 27 28 //Decrypt the data passed to us 29 $decData=""; 30 for ($i=0;$i<strlen($data)-1;$i+=2) $decData.=chr(hexdec($data[$i].$data[$i+1])); 31 32 $decArray=explode("|^SEP^|",$decData); 33 34 if (sizeof($decArray)==4) { 35 //0 = Timestamp 36 //1 = Client IP 37 //2 = Username 38 //3 = MD5 39 if ($decArray[3]==md5($decArray[0]."|^SEP^|".$decArray[1]."|^SEP^|".$decArray[2].$key)) { 40 if (time()-$decArray[0]<3600) { //Token valid for max of 1 hour 41 if ($_SERVER['REMOTE_ADDR']==$decArray[1]) { 42 43 //Set the file root to the users individual one 44 $top=str_replace("//","/",$fckphp_config['basedir'].'/'.$fckphp_config['UserFilesPath']."/users"); 45 $fckphp_config['UserFilesPath']=$fckphp_config['UserFilesPath']."/users/".$decArray[2]; 46 $up=str_replace("//","/",$fckphp_config['basedir'].'/'.$fckphp_config['UserFilesPath']); 47 48 if (!file_exists($top)) { 49 mkdir($top,0777) or die("users folder in UserFilesPath does not exist and could not be created."); 50 chmod($top,0777); 51 } 52 53 //Create folder if it doesnt exist 54 if (!file_exists($up)) { 55 mkdir($up,0777) or die("users/".$decArray[2]." folder in UserFilesPath does not exist and could not be created."); 56 chmod($up,0777); //Just for good measure 57 } 58 59 //Create resource area subfolders if they dont exist 60 foreach ($fckphp_config['ResourceTypes'] as $value) { 61 if (!file_exists("$up/$value")) { 62 mkdir("$up/$value",0777) or die("users/".$decArray[2]."/$value folder in UserFilesPath does not exist and could not be created."); 63 chmod("$up/$value",0777); //Just for good measure 64 } 65 } 66 $fckphp_config['authSuccess']=true; 67 } else { 68 //Not same client as auth token is for 69 } 70 } else { 71 //Token more than an hour old 72 } 73 } else { 74 //Data integrity failed 75 } 76 } else { 77 //Not enough data (decryption failed?) 78 } 79 80 return $fckphp_config; 81 } 82 } 83 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed May 23 00:05:01 2012 | Cross-referenced by PHPXref 0.7 |
| Mambo API: Mambo is Free software released under the GNU/General Public License, Version 2 |