comparison wiki/htdocs/applets/FCKeditor/editor/filemanager/browser/mcpuk/connectors/php/Auth/Default.php @ 0:77665d8e2254

tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0 (automatically generated log message) imported from: moin--main--1.5--base-0
author Thomas Waldmann <tw-public@gmx.de>
date Thu, 22 Sep 2005 15:09:50 +0000
parents
children
comparison
equal deleted inserted replaced
-1:000000000000 0:77665d8e2254
1 <?php
2 /*
3 * FCKeditor - The text editor for internet
4 * Copyright (C) 2003-2005 Frederico Caldeira Knabben
5 *
6 * Licensed under the terms of the GNU Lesser General Public License:
7 * http://www.opensource.org/licenses/lgpl-license.php
8 *
9 * For further information visit:
10 * http://www.fckeditor.net/
11 *
12 * "Support Open Source software. What about a donation today?"
13 *
14 * File Name: Default.php
15 * Im not very clued up on authentication but even i can see that anyone
16 * who can spoof an IP could perform a replay attack on this, but its
17 * better than nothing.
18 * There is a 1 hour time out on tokens to help this slightly.
19 *
20 * File Authors:
21 * Grant French (grant@mcpuk.net)
22 */
23 class Auth {
24
25 function authenticate($data,$fckphp_config) {
26
27 //Hold relevant$fckphp_config vars locally
28 $key=$fckphp_config['auth']['Handler']['SharedKey'];
29 $fckphp_config['authSuccess']=false;
30
31 //Decrypt the data passed to us
32 $decData="";
33 for ($i=0;$i<strlen($data)-1;$i+=2) $decData.=chr(hexdec($data[$i].$data[$i+1]));
34
35 $decArray=explode("|^SEP^|",$decData);
36
37 if (sizeof($decArray)==4) {
38 //0 = Timestamp
39 //1 = Client IP
40 //2 = Username
41 //3 = MD5
42 if ($decArray[3]==md5($decArray[0]."|^SEP^|".$decArray[1]."|^SEP^|".$decArray[2].$key)) {
43 if (time()-$decArray[0]<3600) { //Token valid for max of 1 hour
44 if ($_SERVER['REMOTE_ADDR']==$decArray[1]) {
45
46 //Set the file root to the users individual one
47 $top=str_replace("//","/",$fckphp_config['basedir'].'/'.$fckphp_config['UserFilesPath']."/users");
48 $fckphp_config['UserFilesPath']=$fckphp_config['UserFilesPath']."/users/".$decArray[2];
49 $up=str_replace("//","/",$fckphp_config['basedir'].'/'.$fckphp_config['UserFilesPath']);
50
51 if (!file_exists($top)) {
52 mkdir($top,0777) or die("users folder in UserFilesPath does not exist and could not be created.");
53 chmod($top,0777);
54 }
55
56 //Create folder if it doesnt exist
57 if (!file_exists($up)) {
58 mkdir($up,0777) or die("users/".$decArray[2]." folder in UserFilesPath does not exist and could not be created.");
59 chmod($up,0777); //Just for good measure
60 }
61
62 //Create resource area subfolders if they dont exist
63 foreach ($fckphp_config['ResourceTypes'] as $value) {
64 if (!file_exists("$up/$value")) {
65 mkdir("$up/$value",0777) or die("users/".$decArray[2]."/$value folder in UserFilesPath does not exist and could not be created.");
66 chmod("$up/$value",0777); //Just for good measure
67 }
68 }
69 $fckphp_config['authSuccess']=true;
70 } else {
71 //Not same client as auth token is for
72 }
73 } else {
74 //Token more than an hour old
75 }
76 } else {
77 //Data integrity failed
78 }
79 } else {
80 //Not enough data (decryption failed?)
81 }
82
83 return $fckphp_config;
84 }
85 }
86 ?>