From: garvinhicking Date: Mon, 15 May 2006 08:23:15 +0000 (+0000) Subject: hooky X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=b5e3177bc62d0d47cd16b0e25d232960abc612c7;p=s9y.git hooky --- diff --git a/include/functions_config.inc.php b/include/functions_config.inc.php index 1eb7c84..d481c9d 100644 --- a/include/functions_config.inc.php +++ b/include/functions_config.inc.php @@ -364,6 +364,68 @@ function serendipity_login($use_external = true) { } } +/** + * Perform user authentication routine + * + * If a user is already authenticated via session data, this bypasses some routines. + * After a user has ben authenticated, several SESSION variables ar set. + * If the authentication fails, the session is destroyed. + * + * @access public + * @param string The username to check + * @param string The password to check (may contain plaintext or MD5 hash) + * @param boolean Indicates whether the input password is already in MD5 format (TRUE) or not (FALSE). + * @param boolean Indicates whether to query external plugins for authentication + * @return boolean True on success, False on error + */ +function serendipity_authenticate_author($username = '', $password = '', $is_md5 = false, $use_external = true) { + global $serendipity; + + if (isset($_SESSION['serendipityUser']) && isset($_SESSION['serendipityPassword']) && isset($_SESSION['serendipityAuthedUser']) && $_SESSION['serendipityAuthedUser'] == true) { + $username = $_SESSION['serendipityUser']; + $password = $_SESSION['serendipityPassword']; + // For safety reasons when multiple blogs are installed on the same host, we need to check the current author each time to not let him log into a different blog with the same sessiondata + $is_md5 = true; + } + + if ($username != '') { + if ($use_external) { + serendipity_plugin_api::hook_event('backend_auth', $is_md5, array('username' => $username, 'password' => $password)); + } + + if ($is_md5 === false && !empty($password)) { + $password = md5($password); + } + + $query = "SELECT DISTINCT + email, authorid, userlevel, right_publish + FROM + {$serendipity['dbPrefix']}authors + WHERE + username = '" . serendipity_db_escape_string($username) . "' + AND password = '" . serendipity_db_escape_string($password) . "'"; + $row = serendipity_db_query($query, true, 'assoc'); + + if (is_array($row)) { + serendipity_setCookie('old_session', session_id()); + $_SESSION['serendipityUser'] = $serendipity['serendipityUser'] = $username; + $_SESSION['serendipityPassword'] = $serendipity['serendipityPassword'] = $password; + $_SESSION['serendipityEmail'] = $serendipity['serendipityEmail'] = $row['email']; + $_SESSION['serendipityAuthorid'] = $serendipity['authorid'] = $row['authorid']; + $_SESSION['serendipityUserlevel'] = $serendipity['serendipityUserlevel'] = $row['userlevel']; + $_SESSION['serendipityAuthedUser'] = $serendipity['serendipityAuthedUser'] = true; + $_SESSION['serendipityRightPublish']= $serendipity['serendipityRightPublish'] = $row['right_publish']; + serendipity_load_configuration($serendipity['authorid']); + return true; + } else { + $_SESSION['serendipityAuthedUser'] = false; + @session_destroy(); + } + } + + return false; +} + /** * Check if a user is logged in * @@ -450,68 +512,6 @@ function serendipity_deleteCookie($name) { unset($serendipity['COOKIE'][$name]); } -/** - * Perform user authentication routine - * - * If a user is already authenticated via session data, this bypasses some routines. - * After a user has ben authenticated, several SESSION variables ar set. - * If the authentication fails, the session is destroyed. - * - * @access public - * @param string The username to check - * @param string The password to check (may contain plaintext or MD5 hash) - * @param boolean Indicates whether the input password is already in MD5 format (TRUE) or not (FALSE). - * @param boolean Indicates whether to query external plugins for authentication - * @return boolean True on success, False on error - */ -function serendipity_authenticate_author($username = '', $password = '', $is_md5 = false, $use_external = true) { - global $serendipity; - - if (isset($_SESSION['serendipityUser']) && isset($_SESSION['serendipityPassword']) && isset($_SESSION['serendipityAuthedUser']) && $_SESSION['serendipityAuthedUser'] == true) { - $username = $_SESSION['serendipityUser']; - $password = $_SESSION['serendipityPassword']; - // For safety reasons when multiple blogs are installed on the same host, we need to check the current author each time to not let him log into a different blog with the same sessiondata - $is_md5 = true; - } - - if ($username != '') { - if ($use_external) { - serendipity_plugin_api::hook_event('backend_auth', $is_md5, array('username' => $username, 'password' => $password)); - } - - if ($is_md5 === false && !empty($password)) { - $password = md5($password); - } - - $query = "SELECT DISTINCT - email, authorid, userlevel, right_publish - FROM - {$serendipity['dbPrefix']}authors - WHERE - username = '" . serendipity_db_escape_string($username) . "' - AND password = '" . serendipity_db_escape_string($password) . "'"; - $row = serendipity_db_query($query, true, 'assoc'); - - if (is_array($row)) { - serendipity_setCookie('old_session', session_id()); - $_SESSION['serendipityUser'] = $serendipity['serendipityUser'] = $username; - $_SESSION['serendipityPassword'] = $serendipity['serendipityPassword'] = $password; - $_SESSION['serendipityEmail'] = $serendipity['serendipityEmail'] = $row['email']; - $_SESSION['serendipityAuthorid'] = $serendipity['authorid'] = $row['authorid']; - $_SESSION['serendipityUserlevel'] = $serendipity['serendipityUserlevel'] = $row['userlevel']; - $_SESSION['serendipityAuthedUser'] = $serendipity['serendipityAuthedUser'] = true; - $_SESSION['serendipityRightPublish']= $serendipity['serendipityRightPublish'] = $row['right_publish']; - serendipity_load_configuration($serendipity['authorid']); - return true; - } else { - $_SESSION['serendipityAuthedUser'] = false; - @session_destroy(); - } - } - - return false; -} - /** * Performs a check whether an iframe for the admin section shall be emitted *