*/ if (!defined('PmWiki')) exit(); /* * FAST Membership - Simple AuthUser addon's for PmWiki * Modified from MembershipForm by D.Faure (dfaure@cpan.org) * By Caveman (editor@fast.st) * * Page flexibility and name collision protection by Ben Wilson * * You can redistribute it and/or modify it under the terms of the GNU General * Public License as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. * * See http://www.pmwiki.org/wiki/Cookbook/FAST Membership & MembershipForm for info. */ # If the admin hasn't configured any password entries, just return. if (!$AuthUser) return; global $AuthUser, $HandleActions; foreach((array)($AuthUser['htpasswd']) as $f) { SDV($MembershipFile, $f); break; } SDVA($MembershipFmt, array( 'created' => "

$['%s' has been created.]

", 'exists' =>"$[Member already exists. Please try again:]", 'deleted' => "

$['%s' has been deleted.]

", 'no_user' => "

$[no user name specified.]

", 'unmatched' => "

$[passwords don't match.]

", 'renamed' => "

$['%s' has been renamed to '%s'.]

", 'updated' => "

$['%s' password has been updated.]

", )); $HandleActions['postadmhtpasswd'] = 'HandleMembershipAdmForm'; $HandleActions['postusrhtpasswd'] = 'HandleMembershipUsrForm'; $HandleActions['postnewhtpasswd'] = 'HandleMembershipNewForm'; SDV($_enteredName, ''); SDV($_selectedName, 0); SDV($MembershipCreatedPage,'Site.Created'); Markup('membershipform', 'directive', '/$:membership(.*?):$/ei', "MembershipForm('$1')"); SDV($MembershipAuth, "admin"); function MembershipForm($i) { global $MembershipAuth, $MembershipUsrAuth, $AuthId, $pagename; global $MembershipCreatedPage; $args = parseArgs($i); if ($args['page']) $MembershipCreatedPage = $args['page']; if(RetrieveAuthPage($pagename, $MembershipAuth, false)) return MembershipAdmForm($pagename); else if (@$AuthId) return MembershipUsrForm($pagename); else return MembershipNewForm($pagename); } function MembershipUsrForm($pagename) { global $_enteredName; $_enteredName = $GLOBALS["AuthId"]; return FmtPageName(" (:messages:) (:input form '\$PageUrl':)(:input hidden action postusrhtpasswd:) (:table border='0':) (:cellnr:)$[Name]:\n(:input text logname value='$_enteredName':)\n(:cell:)$[Old Password]:\n(:input password passwd0 value='':) (:cellnr:)\n(:cell:)$[New Password]:\n(:input password passwd '':) (:cellnr:)\n(:cell:)$[again]:\n(:input password passwd2 '':)\n(:cell valign='bottom':)(:input submit change value='$[Change Password]':) (:tableend:)(:input end:)", $pagename); } function HandleMembershipUsrForm($pagename) { global $MembershipFile, $MessagesFmt, $MembershipFmt; $msg = ''; if($_REQUEST['change']) { $user = $_REQUEST['logname']; $arr = LoadMembership($MembershipFile); for($i = 0; $i < count($arr); $i++) { if($user == $arr[$i][0]) { $plain = $_REQUEST['passwd0']; $old = $arr[$i][1]; if(!($old || $plain) || _crypt($plain, $old) == $old) { $plain = $_REQUEST['passwd']; if($plain != $_REQUEST['passwd2']) { $msg = $MembershipFmt['unmatched']; break; } $pw = ''; if($plain) { $salt = (!$old || !strncmp($old, '$apr1$', 6)) ? '$apr1$' . substr(md5(microtime() . mt_rand(10000, 32000)), 0, 8) : null; $pw = _crypt($plain, $salt); } $arr[$i][1] = $pw; SaveMembership($MembershipFile, $arr); $msg = sprintf($MembershipFmt['updated'], $user); } break; } } } $MessagesFmt[] = FmtPageName($msg, $pagename); HandleBrowse($pagename); exit; } function MembershipNewForm($pagename) { global $MembershipFile, $_selectedName, $_enteredName; global $MembershipCreatedPage; $arr = LoadMembership($MembershipFile); return FmtPageName(" (:messages:) (:input form '\$PageUrl':)(:input hidden action postnewhtpasswd:) (:table border='0':) (:cellnr:)\n(:cell:)$[Name]:\n(:input text logname value='$_enteredName':)\n(:cell:)$[Password]:\n(:input password passwd value='':)\n (:cellnr colspan='2':)\n(:cell:)$[again]:\n(:input password passwd2 '':)\n(:cell valign='bottom':)(:input submit create value='$[Create]':)\n (:cellnr colspan='2':)\n(:cell colspan='2':)(:input hidden pwtype value='1':)(:input hidden redirect value='$MembershipCreatedPage':) (:tableend:)(:input end:)", $pagename); } function HandleMembershipNewForm($pagename) { global $MembershipFile, $MessagesFmt, $MembershipFmt; $msg = ''; $arr = LoadMembership($MembershipFile); if($_REQUEST['create']) { $redirect_page = $_REQUEST['redirect']; $newName = GetMembershipFormName($pagename); $newPass = GetMembershipFormPasswd($pagename); for($i = 0; $i < count($arr); $i++) if($newName == $arr[$i][0]) { unset($newName); $msg = sprintf($MembershipFmt['exists'], $user); $MessagesFmt[] = FmtPageName($msg, $pagename); HandleBrowse($pagename); exit; } $arr[] = array($newName, $newPass); SaveMembership($MembershipFile, $arr); $msg = sprintf($MembershipFmt['created'], $user); HandleBrowse($redirect_page); exit; } } function MembershipAdmForm($pagename) { global $MembershipFile, $_selectedName, $_enteredName; $arr = LoadMembership($MembershipFile); $out = array(); $out[] = FmtPageName(" (:messages:) (:input form '\$PageUrl':)(:input hidden action postadmhtpasswd:) (:table border='0':) (:cellnr:)\n(:cell:)'''$[Name]'''\n(:cell:)'''$[Password]'''\n(:cell:)'''$[Comment]'''\n", $pagename); foreach($arr as $i => $u) { $out[] = "\n(:cellnr:)(:input radio idx value='$i' "; $out[] = ($i == $_selectedName) ? "checked='on'" : ''; $out[] = ":)\n(:cell:)$u[0]\n(:cell:)[@$u[1]@]\n(:cell:)$u[2]\n"; } $out[] = "(:cellnr:)\n(:cell:)(:input submit rename value='$[Rename]':)\n(:cell:)(:input submit setpw value='$[Set Password]':)\n(:cell:)(:input submit delete value='$[Delete]':)\n (:cellnr:)\n(:cell:)$[Name]:\n(:input text logname value='$_enteredName':)\n(:cell:)$[Password]:\n(:input password passwd value='':)\n (:cellnr colspan='2':)\n(:cell:)$[again]:\n(:input password passwd2 '':)\n(:cell valign='bottom':)(:input submit create value='$[Create]':)\n (:cellnr colspan='2':)\n(:cell colspan='2':)(:input radio pwtype value='0':)crypt (:input radio pwtype value='1' checked='on':)apr1\n (:tableend:)(:input end:)"; return implode('', $out); } function HandleMembershipAdmForm($pagename) { global $MembershipFile, $MessagesFmt, $MembershipFmt; $msg = ''; $arr = LoadMembership($MembershipFile); if($_REQUEST['create']) { $newName = GetMembershipFormName($pagename); $newPass = GetMembershipFormPasswd($pagename); $arr[] = array($newName, $newPass); SaveMembership($MembershipFile, $arr); $msg = sprintf($MembershipFmt['created'], $newName); } elseif($_REQUEST['delete']) { $oldName = $arr[$_REQUEST['idx']][0]; unset($arr[$_REQUEST['idx']]); SaveMembership($MembershipFile, $arr); $msg = sprintf($MembershipFmt['deleted'], $oldName); } elseif($_REQUEST['rename']) { $oldName = $arr[$_REQUEST['idx']][0]; $newName = GetMembershipFormName($pagename); $arr[$_REQUEST['idx']][0] = $newName; SaveMembership($MembershipFile, $arr); $msg = sprintf($MembershipFmt['renamed'], $oldName, $newName); } elseif($_REQUEST['setpw']) { $oldName = $arr[$_REQUEST['idx']][0]; $newPass = GetMembershipFormPasswd($pagename); $arr[$_REQUEST['idx']][1] = $newPass; SaveMembership($MembershipFile, $arr); $msg = sprintf($MembershipFmt['updated'], $oldName); } $MessagesFmt[] = FmtPageName($msg, $pagename); HandleBrowse($pagename); exit; } function GetMembershipFormName($pagename) { global $_selectedName, $MessagesFmt, $MembershipFmt; $user = $_REQUEST['logname']; if(!$user) { $_selectedName = $_REQUEST['idx']; $MessagesFmt[] = $MembershipFmt['no_user']; HandleBrowse($pagename); exit; } return $user; } function GetMembershipFormPasswd($pagename) { global $_selectedName, $_enteredName, $MessagesFmt, $MembershipFmt; $plain = $_REQUEST['passwd']; if($plain != $_REQUEST['passwd2']) { $_selectedName = $_REQUEST['idx']; $_enteredName = $_REQUEST['logname']; $MessagesFmt[] = $MembershipFmt['unmatched']; HandleBrowse($pagename); exit; } $pw = ''; if($plain) { $salt = $_REQUEST['pwtype'] ? '$apr1$' . substr(md5(microtime() . mt_rand(10000, 32000)), 0, 8) : null; $pw = _crypt($plain, $salt); } return $pw; } function LoadMembership($f) { $arr = array(); $fp = fopen($f, "r"); if($fp) { while($l = fgets($fp, 1024)) { $l = rtrim($l); $arr[] = explode(':', $l, 3); } fclose($fp); } return $arr; } function SaveMembership($f, $arr) { ignore_user_abort(true); $fp = fopen($f, "w+"); if(flock($fp, LOCK_EX)) { foreach($arr as $u) fputs($fp, "$u[0]:$u[1]" . ($u[2] ? ":$u[2]" : '') . "\n"); flock($fp, LOCK_UN); // release the lock } fclose($fp); ignore_user_abort(false); }