Blame
Date:
Wed Dec 7 05:00:19 2022 UTC
Message:
Daily backup
001
2021-12-17
jrmu
<?php if (!defined('PmWiki')) exit();
002
2021-12-17
jrmu
/* Copyright 2005-2019 Patrick R. Michaud (pmichaud@pobox.com)
003
2021-12-17
jrmu
This file is part of PmWiki; you can redistribute it and/or modify
004
2021-12-17
jrmu
it under the terms of the GNU General Public License as published
005
2021-12-17
jrmu
by the Free Software Foundation; either version 2 of the License, or
006
2021-12-17
jrmu
(at your option) any later version. See pmwiki.php for full details.
007
2021-12-17
jrmu
008
2021-12-17
jrmu
The APR compatible MD5 encryption algorithm in _crypt() below is
009
2021-12-17
jrmu
based on code Copyright 2005 by D. Faure and the File::Passwd
010
2021-12-17
jrmu
PEAR library module by Mike Wallner <mike@php.net>.
011
2021-12-17
jrmu
012
2021-12-17
jrmu
This script enables simple authentication based on username and
013
2021-12-17
jrmu
password combinations. At present this script can authenticate
014
2021-12-17
jrmu
from passwords held in arrays or in .htpasswd-formatted files,
015
2021-12-17
jrmu
but eventually it will support authentication via sources such
016
2021-12-17
jrmu
as LDAP and Active Directory.
017
2021-12-17
jrmu
018
2021-12-17
jrmu
To configure a .htpasswd-formatted file for authentication, do
019
2021-12-17
jrmu
$AuthUser['htpasswd'] = '/path/to/.htpasswd';
020
2021-12-17
jrmu
prior to including this script.
021
2021-12-17
jrmu
022
2021-12-17
jrmu
Individual username/password combinations can also be placed
023
2021-12-17
jrmu
directly in the $AuthUser array, such as:
024
2021-12-17
jrmu
$AuthUser['pmichaud'] = pmcrypt('secret');
025
2021-12-17
jrmu
026
2021-12-17
jrmu
To authenticate against an LDAP server, put the url for
027
2021-12-17
jrmu
the server in $AuthUser['ldap'], as in:
028
2021-12-17
jrmu
$AuthUser['ldap'] = 'ldap://ldap.example.com/ou=People,o=example?uid';
029
2021-12-17
jrmu
030
2021-12-17
jrmu
Script maintained by Petko YOTOV www.pmwiki.org/petko
031
2021-12-17
jrmu
*/
032
2021-12-17
jrmu
033
2021-12-17
jrmu
# let Site.AuthForm know that we're doing user-based authorization
034
2021-12-17
jrmu
$EnableAuthUser = 1;
035
2021-12-17
jrmu
036
2021-12-17
jrmu
if (@$_POST['authid'])
037
2021-12-17
jrmu
AuthUserId($pagename, stripmagic(@$_POST['authid']),
038
2021-12-17
jrmu
stripmagic(@$_POST['authpw']));
039
2021-12-17
jrmu
else SessionAuth($pagename);
040
2021-12-17
jrmu
041
2021-12-17
jrmu
function AuthUserId($pagename, $id, $pw=NULL) {
042
2021-12-17
jrmu
global $AuthUser, $AuthUserPageFmt, $AuthUserFunctions,
043
2021-12-17
jrmu
$AuthId, $MessagesFmt, $AuthUserPat;
044
2021-12-17
jrmu
045
2021-12-17
jrmu
$auth = array();
046
2021-12-17
jrmu
foreach((array)$AuthUser as $k=>$v) $auth[$k] = (array)$v;
047
2021-12-17
jrmu
$authid = '';
048
2021-12-17
jrmu
049
2021-12-17
jrmu
# load information from SiteAdmin.AuthUser (or page in $AuthUserPageFmt)
050
2021-12-17
jrmu
SDV($AuthUserPageFmt, '$SiteAdminGroup.AuthUser');
051
2021-12-17
jrmu
SDVA($AuthUserFunctions, array(
052
2021-12-17
jrmu
'htpasswd' => 'AuthUserHtPasswd',
053
2021-12-17
jrmu
'ldap' => 'AuthUserLDAP',
054
2021-12-17
jrmu
# 'mysql' => 'AuthUserMySQL',
055
2021-12-17
jrmu
$id => 'AuthUserConfig'));
056
2021-12-17
jrmu
057
2021-12-17
jrmu
SDV($AuthUserPat, "/^\\s*([@\\w][^\\s:]*):(.*)/m");
058
2021-12-17
jrmu
foreach ( (array)$AuthUserPageFmt as $aupn) {
059
2021-12-17
jrmu
$pn = FmtPageName($aupn, $pagename);
060
2021-12-17
jrmu
$apage = ReadPage($pn, READPAGE_CURRENT);
061
2021-12-17
jrmu
if ($apage && preg_match_all($AuthUserPat,
062
2021-12-17
jrmu
$apage['text'], $matches, PREG_SET_ORDER)) {
063
2021-12-17
jrmu
foreach($matches as $m) {
064
2021-12-17
jrmu
if (!preg_match_all('/\\bldaps?:\\S+|[^\\s,]+/', $m[2], $v))
065
2021-12-17
jrmu
continue;
066
2021-12-17
jrmu
if ($m[1][0] == '@')
067
2021-12-17
jrmu
foreach($v[0] as $g) $auth[$g][] = $m[1];
068
2021-12-17
jrmu
else $auth[$m[1]] = array_merge((array)@$auth[$m[1]], $v[0]);
069
2021-12-17
jrmu
}
070
2021-12-17
jrmu
}
071
2021-12-17
jrmu
}
072
2021-12-17
jrmu
073
2021-12-17
jrmu
if (func_num_args()==2) $authid = $id;
074
2021-12-17
jrmu
else
075
2021-12-17
jrmu
foreach($AuthUserFunctions as $k => $fn)
076
2021-12-17
jrmu
if (@$auth[$k] && $fn($pagename, $id, $pw, $auth[$k], $authlist))
077
2021-12-17
jrmu
{ $authid = $id; break; }
078
2021-12-17
jrmu
079
2021-12-17
jrmu
if (!$authid) { $GLOBALS['InvalidLogin'] = 1; return; }
080
2021-12-17
jrmu
if (!isset($AuthId)) $AuthId = $authid;
081
2021-12-17
jrmu
$authlist["id:$authid"] = 1;
082
2021-12-17
jrmu
$authlist["id:-$authid"] = -1;
083
2021-12-17
jrmu
foreach(preg_grep('/^@/', (array)@$auth[$authid]) as $g)
084
2021-12-17
jrmu
$authlist[$g] = 1;
085
2021-12-17
jrmu
foreach(preg_grep('/^@/', (array)@$auth['*']) as $g)
086
2021-12-17
jrmu
$authlist[$g] = 1;
087
2021-12-17
jrmu
foreach(preg_grep('/^@/', array_keys($auth)) as $g) # useless? PITS:01201
088
2021-12-17
jrmu
if (in_array($authid, $auth[$g])) $authlist[$g] = 1;
089
2021-12-17
jrmu
if ($auth['htgroup']) {
090
2021-12-17
jrmu
foreach(AuthUserHtGroup($pagename, $id, $pw, $auth['htgroup']) as $g)
091
2021-12-17
jrmu
$authlist["@$g"] = 1;
092
2021-12-17
jrmu
}
093
2021-12-17
jrmu
foreach(preg_grep('/^@/', (array)@$auth["-$authid"]) as $g)
094
2021-12-17
jrmu
unset($authlist[$g]);
095
2021-12-17
jrmu
SessionAuth($pagename, array('authid' => $authid, 'authlist' => $authlist));
096
2021-12-17
jrmu
}
097
2021-12-17
jrmu
098
2021-12-17
jrmu
099
2021-12-17
jrmu
function AuthUserConfig($pagename, $id, $pw, $pwlist) {
100
2021-12-17
jrmu
foreach ((array)$pwlist as $chal)
101
2021-12-17
jrmu
if (_crypt($pw, $chal) == $chal) return true;
102
2021-12-17
jrmu
return false;
103
2021-12-17
jrmu
}
104
2021-12-17
jrmu
105
2021-12-17
jrmu
106
2021-12-17
jrmu
function AuthUserHtPasswd($pagename, $id, $pw, $pwlist) {
107
2021-12-17
jrmu
foreach ((array)$pwlist as $f) {
108
2021-12-17
jrmu
$fp = fopen($f, "r"); if (!$fp) continue;
109
2021-12-17
jrmu
while ($x = fgets($fp, 1024)) {
110
2021-12-17
jrmu
$x = rtrim($x);
111
2021-12-17
jrmu
@list($i, $c, $r) = explode(':', $x, 3);
112
2021-12-17
jrmu
if ($i == $id && _crypt($pw, $c) == $c) { fclose($fp); return true; }
113
2021-12-17
jrmu
}
114
2021-12-17
jrmu
fclose($fp);
115
2021-12-17
jrmu
}
116
2021-12-17
jrmu
return false;
117
2021-12-17
jrmu
}
118
2021-12-17
jrmu
119
2021-12-17
jrmu
120
2021-12-17
jrmu
function AuthUserHtGroup($pagename, $id, $pw, $pwlist) {
121
2021-12-17
jrmu
$groups = array();
122
2021-12-17
jrmu
foreach ((array)$pwlist as $f) {
123
2021-12-17
jrmu
$fp = fopen($f, 'r'); if (!$fp) continue;
124
2021-12-17
jrmu
while ($x = fgets($fp, 4096)) {
125
2021-12-17
jrmu
if (preg_match('/^(\\w[^\\s:]+)\\s*:(.*)$/', trim($x), $match)) {
126
2021-12-17
jrmu
$glist = preg_split('/[\\s,]+/', $match[2], -1, PREG_SPLIT_NO_EMPTY);
127
2021-12-17
jrmu
if (in_array($id, $glist)) $groups[$match[1]] = 1;
128
2021-12-17
jrmu
}
129
2021-12-17
jrmu
}
130
2021-12-17
jrmu
fclose($fp);
131
2021-12-17
jrmu
}
132
2021-12-17
jrmu
return array_keys($groups);
133
2021-12-17
jrmu
}
134
2021-12-17
jrmu
135
2021-12-17
jrmu
136
2021-12-17
jrmu
function AuthUserLDAP($pagename, $id, $pw, $pwlist) {
137
2021-12-17
jrmu
global $AuthLDAPBindDN, $AuthLDAPBindPassword, $AuthLDAPReferrals;
138
2021-12-17
jrmu
if (!$pw) return false;
139
2021-12-17
jrmu
if (!function_exists('ldap_connect'))
140
2021-12-17
jrmu
Abort('authuser: LDAP authentication requires PHP ldap functions','ldapfn');
141
2021-12-17
jrmu
foreach ((array)$pwlist as $ldap) {
142
2021-12-17
jrmu
if (!preg_match('!(ldaps?://[^/]+)/(.*)$!', $ldap, $match))
143
2021-12-17
jrmu
continue;
144
2021-12-17
jrmu
## connect to the LDAP server
145
2021-12-17
jrmu
list($z, $url, $path) = $match;
146
2021-12-17
jrmu
$ds = ldap_connect($url);
147
2021-12-17
jrmu
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
148
2021-12-17
jrmu
if(isset($AuthLDAPReferrals)) # *NOT* IsEnabled
149
2021-12-17
jrmu
ldap_set_option($ds, LDAP_OPT_REFERRALS, $AuthLDAPReferrals);
150
2021-12-17
jrmu
## For Active Directory, don't specify a path and we simply
151
2021-12-17
jrmu
## attempt to bind with the username and password directly
152
2021-12-17
jrmu
if (!$path && @ldap_bind($ds, $id, $pw)) { ldap_close($ds); return true; }
153
2021-12-17
jrmu
## Otherwise, we use Apache-style urls for LDAP authentication
154
2021-12-17
jrmu
## Split the path into its search components
155
2021-12-17
jrmu
list($basedn, $attr, $sub, $filter) = explode('?', $path);
156
2021-12-17
jrmu
if (!$attr) $attr = 'uid';
157
2021-12-17
jrmu
if (!$sub) $sub = 'one';
158
2021-12-17
jrmu
if (!$filter) $filter = '(objectClass=*)';
159
2021-12-17
jrmu
$binddn = @$AuthLDAPBindDN;
160
2021-12-17
jrmu
$bindpw = @$AuthLDAPBindPassword;
161
2021-12-17
jrmu
if (ldap_bind($ds, $binddn, $bindpw)) {
162
2021-12-17
jrmu
## Search for the appropriate uid
163
2021-12-17
jrmu
$fn = ($sub == 'sub') ? 'ldap_search' : 'ldap_list';
164
2021-12-17
jrmu
$sr = $fn($ds, $basedn, "(&$filter($attr=$id))", array($attr));
165
2021-12-17
jrmu
$x = ldap_get_entries($ds, $sr);
166
2021-12-17
jrmu
## If we find a unique id, bind to it for success
167
2021-12-17
jrmu
if ($x['count'] == 1) {
168
2021-12-17
jrmu
$dn = $x[0]['dn'];
169
2021-12-17
jrmu
if (@ldap_bind($ds, $dn, $pw)) { ldap_close($ds); return true; }
170
2021-12-17
jrmu
}
171
2021-12-17
jrmu
}
172
2021-12-17
jrmu
ldap_close($ds);
173
2021-12-17
jrmu
}
174
2021-12-17
jrmu
return false;
175
2021-12-17
jrmu
}
176
2021-12-17
jrmu
177
2021-12-17
jrmu
178
2021-12-17
jrmu
# The _crypt function provides support for SHA1 encrypted passwords
179
2021-12-17
jrmu
# (keyed by '{SHA}') and Apache MD5 encrypted passwords (keyed by
180
2021-12-17
jrmu
# '$apr1$'); otherwise it just calls PHP's crypt() for the rest.
181
2021-12-17
jrmu
# The APR MD5 encryption code was contributed by D. Faure.
182
2021-12-17
jrmu
183
2021-12-17
jrmu
function _crypt($plain, $salt=null) {
184
2021-12-17
jrmu
if (strncmp($salt, '{SHA}', 5) == 0)
185
2021-12-17
jrmu
return '{SHA}'.base64_encode(pack('H*', sha1($plain)));
186
2021-12-17
jrmu
if (strncmp($salt, '$apr1$', 6) == 0) {
187
2021-12-17
jrmu
preg_match('/^\\$apr1\\$([^$]+)/', $salt, $match);
188
2021-12-17
jrmu
$salt = $match[1];
189
2021-12-17
jrmu
$length = strlen($plain);
190
2021-12-17
jrmu
$context = $plain . '$apr1$' . $salt;
191
2021-12-17
jrmu
$binary = pack('H32', md5($plain . $salt . $plain));
192
2021-12-17
jrmu
for($i = $length; $i > 0; $i -= 16)
193
2021-12-17
jrmu
$context .= substr($binary, 0, min(16, $i));
194
2021-12-17
jrmu
for($i = $length; $i > 0; $i >>= 1)
195
2021-12-17
jrmu
$context .= ($i & 1) ? chr(0) : $plain[0];
196
2021-12-17
jrmu
$binary = pack('H32', md5($context));
197
2021-12-17
jrmu
for($i = 0; $i < 1000; $i++) {
198
2021-12-17
jrmu
$new = ($i & 1) ? $plain : $binary;
199
2021-12-17
jrmu
if ($i % 3) $new .= $salt;
200
2021-12-17
jrmu
if ($i % 7) $new .= $plain;
201
2021-12-17
jrmu
$new .= ($i & 1) ? $binary : $plain;
202
2021-12-17
jrmu
$binary = pack('H32', md5($new));
203
2021-12-17
jrmu
}
204
2021-12-17
jrmu
$q = '';
205
2021-12-17
jrmu
for ($i = 0; $i < 5; $i++) {
206
2021-12-17
jrmu
$k = $i + 6;
207
2021-12-17
jrmu
$j = $i + 12;
208
2021-12-17
jrmu
if ($j == 16) $j = 5;
209
2021-12-17
jrmu
$q = $binary[$i].$binary[$k].$binary[$j] . $q;
210
2021-12-17
jrmu
}
211
2021-12-17
jrmu
$q = chr(0).chr(0).$binary[11] . $q;
212
2021-12-17
jrmu
$q = strtr(strrev(substr(base64_encode($q), 2)),
213
2021-12-17
jrmu
'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',
214
2021-12-17
jrmu
'./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz');
215
2021-12-17
jrmu
return "\$apr1\$$salt\$$q";
216
2021-12-17
jrmu
}
217
2021-12-17
jrmu
if (md5($plain) == $salt) return $salt;
218
2021-12-17
jrmu
return pmcrypt($plain, $salt);
219
2021-12-17
jrmu
}
IRCNow