Only in securesite-4.7-nax.3/: dialog.tpl.php diff -r -u -F '^function' securesite/securesite.inc securesite-4.7-nax.3/securesite.inc --- securesite/securesite.inc 2006-10-18 03:03:00.000000000 +0200 +++ securesite-4.7-nax.3/securesite.inc 2006-04-06 00:30:34.000000000 +0200 @@ -1,109 +1,59 @@ Enter your username or your e-mail address.

-
- -
-
-
- -
-'; +/* returns complete form for login */ +function _securesite_login_form() { + return '
'. + '

'.variable_get('securesite_login_form', t('Enter your '.variable_get('site_name', 'local').' username and password.')).'

'.theme_status_messages().' +
+
+ +
'; } -function _securesite_user_pass() { - global $base_url; - $edit = $_POST['edit']; - if ($edit['name'] && !($account = user_load(array('name' => $edit['name'], 'status' => 1)))) { - $error = 1; - } - else if ($edit['mail'] && !($account = user_load(array('mail' => $edit['mail'], 'status' => 1)))) { - $error = 1; +/* returns complete form for password reset request -if- securesite_request_form var exists */ +function _securesite_request_form() { + if ($formMsg = variable_get('securesite_request_form', t('Enter your username or your e-mail address.'))) { + return '
'. + '

'.$formMsg.'

'.theme_status_messages().' +
+
+ +
'; } - if ($account) { - $from = variable_get('site_mail', ini_get('sendmail_from')); - $pass = user_password(); - - // Save new password: - user_save($account, array('pass' => $pass)); + return ''; +} - // Mail new password: - $variables = array('%username' => $account->name, '%site' => variable_get('site_name', 'drupal'), '%password' => $pass, '%uri' => $base_url, '%uri_brief' => substr($base_url, strlen('http://')), '%mailto' => $account->mail, '%date' => format_date(time()), '%login_uri' => url('user', NULL, NULL, TRUE), '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE)); - $subject = _user_mail_text('pass_subject', $variables); - $body = _user_mail_text('pass_body', $variables); - $headers = "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"; - $mail_success = user_mail($account->mail, $subject, $body, $headers); - if ($mail_success) { - watchdog('user', securesite_t('Password mailed to %name at %email.', array('%name' => securesite_theme_placeholder($account->name), '%email' => securesite_theme_placeholder($account->mail)))); - $_SESSION['securesite_sent'] = TRUE; - } - else { - watchdog('user', securesite_t('Error mailing password to %name at %email.', array('%name' => securesite_theme_placeholder($account->name), '%email' => securesite_theme_placeholder($account->mail))), WATCHDOG_ERROR); - print t('Unable to send mail. Please contact the site admin.'); - } - securesite_goto(); - } +/* prints dialog page, should be moved to theme.inc and expanded for error reporting and no DB connection */ +function dialog_page($content) { + + // Display themed dialog + $themes = list_themes(); + $theme = variable_get('theme_default', 'bluemarine'); + $dialog_file = dirname($themes[$theme]->filename) .'/securesite-dialog.tpl.php'; + if (file_exists($dialog_file)) { + include ($dialog_file); + } else { - if ($error) { - print variable_get('securesite_error message', 'The name or the mail address is not recognized'); - } - // Display form: - $form = variable_get('securesite_request_form', _securesite_request_form()); - $form .= ''; - print '
'. $form .'
'; + // Display default dialog + print ' + + +'. variable_get('site_name', 'drupal') .' + + +
'. $content .'
+'; } - exit; -} - -function _securesite_settings() { - $options =array(t('Enabled on only the listed pages.'), t('Enabled on every page except the listed pages.') ); - $form['securesite_enabled'] = array( - '#type' => 'radios', - '#title' => t('Enable HTTP authorization'), - '#options' => $options, - '#default_value' => variable_get('securesite_enabled', 0), - ); - - $description = t("Enter one page per line as Drupal paths. The '*' character is a wildcard. Example paths are '%blog' for the blog page and %blog-wildcard for every personal blog. %front is the front page.", array('%blog' => theme('placeholder', 'blog'), '%blog-wildcard' => theme('placeholder', 'blog/*'), '%front' => theme('placeholder', ''))); - - $form['securesite_pages'] = array( - '#type' => 'textarea', - '#title' => t('Enable securesite for specific pages'), - '#default_value' => variable_get('securesite_pages', ''), - '#description' => $description - ); - /* - $form['securesite_guest_name'] = array( - '#type' => 'textfield', - '#title' => t('Guest user'), - '#default_value' => variable_get('securesite_guest_name', ''), - '#size' => 16, - '#maxlength' => 40, - '#description' => t('Leave empty for no guest access'), - ); - $form['securesite_guest_pass'] = array( - '#type' => 'textfield', - '#title' => t('Guest password'), - '#default_value' => variable_get('securesite_guest_pass', ''), - '#size' => 16, - '#maxlength' => 40, - );*/ - $form['securesite_request_form'] = array( - '#type' => 'textarea', - '#title' => t('HTML for the Request new password form'), - '#default_value' => variable_get('securesite_request_form', _securesite_request_form()), - '#cols' => 60, - '#rows' => 10, - ); - $form['securesite_request_error'] = array( - '#type' => 'textfield', - '#title' => t('Error message for the Request new password form'), - '#default_value' => variable_get('securesite_request_error', 'The name or the mail address is not recognized'), - '#size' => 60, - '#maxlength' => 100, - ); - return $form; } +?> \ No newline at end of file diff -r -u -F '^function' securesite/securesite.module securesite-4.7-nax.3/securesite.module --- securesite/securesite.module 2006-10-18 03:03:00.000000000 +0200 +++ securesite-4.7-nax.3/securesite.module 2006-10-19 00:39:33.000000000 +0200 @@ -1,5 +1,4 @@ 'fieldset', + '#title' => t('Authentication') + ); + $form['authentication']['securesite_enabled'] = array( + '#type' => 'radios', + '#title' => t('Secure Site'), + '#default_value' => variable_get('securesite_enabled', 0), + '#options' => array( + t('Disabled'), + t('Enabled with web browser HTTP-AUTH security'), + t('Enabled with HTML login form') + ), + '#description' => t('HTTP-AUTH requires PHP to be installed as an Apache module. At least one role must also have permission under access control page.', array('%access' => url('admin/access'))) + ); + $form['authentication']['securesite_guest_name'] = array( + '#type' => 'textfield', + '#title' => t('Guest User'), + '#default_value' => variable_get('securesite_guest_name', ''), + '#length' => 30, + '#maxlength' => 40, + '#description' => t('Guests can access the secured site without an account. Leave empty for no guest access') + ); + $form['authentication']['v'] = array( + '#type' => 'textfield', + '#title' => t('Guest Password'), + '#default_value' => variable_get('securesite_guest_pass', ''), + '#length' => 30, + '#maxlength' => 40, + '#description' => t('Leave empty for no guest access') + ); + $form['authentication']['securesite_realm'] = array( + '#type' => 'textfield', + '#title' => t('Authentication realm'), + '#default_value' => variable_get('securesite_realm', variable_get('site_name', '')), + '#length' => 30, + '#maxlength' => 40, + '#description' => t('Authentication realm used when asking for credentials.') + ); + + // HTML Login form Settings + $form['login_form'] = array( + '#type' => 'fieldset', + '#title' => t('HTML Login form') + ); + $form['login_form']['securesite_login_form'] = array( + '#type' => 'textarea', + '#title' => t('Message for HTML Login form'), + '#default_value' => variable_get('securesite_login_form', t('Enter your '.variable_get('site_name', 'local'))), + '#length' => 60, + '#height' => 3, + '#description' => t('Authentication realm used when asking for credentials.') + ); + $form['login_form']['securesite_request_form'] = array( + '#type' => 'textarea', + '#title' => t('Message for Request Password Reset form'), + '#default_value' => variable_get('securesite_request_form', t('Enter your username or your e-mail address.')), + '#length' => 60, + '#height' => 3, + '#description' => t('Leave empty to not process password resets through this module.') + ); + + // Bypass Login Filter Pages Settings + $form['filter_pages'] = array( + '#type' => 'fieldset', + '#title' => t('Bypass Login Filter Pages') + ); + $form['filter_pages']['securesite_filter_pages'] = array( + '#type' => 'textarea', + '#title' => t('Pages'), + '#default_value' => variable_get('securesite_filter_pages', ''), + '#length' => 60, + '#height' => 3, + '#description' => t("Enter one page per line as Drupal paths. The '*' character is a wildcard. Example paths are 'blog' for the blog page and 'blog/*' for every personal blog.") + ); + $form['filter_pages']['statistics_ip_filter_check'] = array( + '#type' => 'checkbox', + '#title' => t('Session IP Check'), + '#default_value' => variable_get('statistics_ip_filter_check', FALSE), + '#description' => t("Check if a session exists for the users IP address before bypassing the login. Works for embedded video as media players does not have a session, but the user requesting to play the video does. Anonymous User role will require the appropriate permission to the pages being bypassed.") + ); + + return $form; +} +function securesite_init() { global $user, $base_url; - - #$guest_name = variable_get('securesite_guest_name', ''); - #$guest_pass = variable_get('securesite_guest_pass', ''); - $edit = array('name'=> $_SERVER['PHP_AUTH_USER'], 'pass' => $_SERVER['PHP_AUTH_PW']); - - if (!module_hook('user', 'authenticate')) { - drupal_load('module', 'user'); + + $guest_name = variable_get('securesite_guest_name', ''); + $guest_pass = variable_get('securesite_guest_pass', ''); + $securesite_enabled = variable_get('securesite_enabled', 0); + + if (!$securesite_enabled || strstr(request_uri(),'cron.php')) { + return; + } + + if ($securesite_enabled == 2 && !empty($_POST)) { + $edit = $_POST['edit']; + } + elseif($securesite_enabled == 1) { + $edit = array('name'=> $_SERVER['PHP_AUTH_USER'], 'pass' => $_SERVER['PHP_AUTH_PW']); } - if (!securesite_page_match() || ($user->uid && user_access('access site'))) { + + if (!empty($guest_name) && $guest_name == $edit['name'] && $guest_pass == $edit['pass']) { return; } - - if (!empty($_POST)) { - securesite_user_pass(); + + if (!module_hook('user', 'deny')) { + drupal_load('module', 'user'); } - - $account = user_authenticate($edit['name'], $edit['pass']); - - if ($account->uid && user_access('access site', $account)) { - watchdog('user', securesite_t('Session opened for %name.', array('%name' => securesite_theme_placeholder($user->name)))); - user_login_submit('user_login', $edit); - $_SESSION['securesite_auth'] = TRUE; + + if (($user->uid == 1) || ($user->uid && user_access('access site'))) { + return; } - else { - _securesite_auth(); - exit; + + if ($check_name = securesite_filter_check()) { + return; } -} -function securesite_page_match($refresh = false) { - static $page_match = null; - if (is_null($page_match) || $refresh) { - $pages = variable_get('securesite_pages', FALSE); - if ($pages) { - $path = drupal_get_path_alias($_GET['q']); - $regexp = '/^('. preg_replace(array('/(\r\n?|\n)/', '/\\\\\*/', '/(^|\|)\\\\($|\|)/'), array('|', '.*', '\1'. preg_quote(variable_get('site_frontpage', 'node'), '/') .'\2'), preg_quote($pages, '/')) .')$/'; - $page_match = preg_match($regexp, $path); - return (variable_get('securesite_enabled', 0) ? !$page_match : $page_match); - } - else { - $page_match = variable_get('securesite_enabled', 0); - } + if (!drupal_is_denied('user', $edit['name']) && ($account = user_authenticate($edit['name'], $edit['pass'])) && user_access('access site', $account)) { + $user = $account; + watchdog('user', t('Session opened for %name.', array('%name' => securesite_theme_placeholder($user->name)))); + db_query("UPDATE {users} SET login = '%d' WHERE uid = '%s'", time(), $user->uid); + user_module_invoke('login', $edit, $user); + securesite_goto(); + } + else { + securesite_user_auth(); } - return $page_match; } function securesite_user($op, &$edit, &$user) { - if ($op == 'logout' && $_SESSION['securesite_auth']) { - unset($_SESSION['securesite_auth']); - _securesite_auth(); - module_invoke_all('exit', request_uri()); + if ($op == 'logout') { + module_invoke_all('exit', request_uri()); + //unset($GLOBALS['user']); + $GLOBALS['user'] = user_load(array('uid' => 0)); + + if (variable_get('securesite_enabled', 0) == 1) { + securesite_user_auth(); + } + else { + // redirect first to browser prevent caching problems + securesite_goto(); + } } } -function _securesite_auth() { - header('WWW-Authenticate: Basic realm="'. str_replace("\n", ' ', (variable_get('site_name', 'local'))) .'"'); - header('HTTP/1.0 401 Unauthorized'); - securesite_user_pass(); -} - - function securesite_goto() { global $base_url; + $url = (arg(0) == 'logout' ? $base_url : request_uri()); if (ini_get('session.use_trans_sid') && session_id() && !strstr($url, session_id())) { $url .= (strstr($url, '?') && !strstr($url, $sid) ? '&' : '?'). session_name() .'='. session_id(); - } - module_invoke_all('exit', $url); + } header('Location: '. $url); -} - -function securesite_t($string, $args = 0) { - if (!$args) { - return $string; - } - else { - return strtr($string, $args); - } + exit; } function securesite_theme_placeholder($text) { return ''. htmlspecialchars($text, ENT_QUOTES) .''; } -function securesite_settings() { +function securesite_user_auth() { + global $user, $base_url; include('securesite.inc'); - return _securesite_settings(); + $edit = $_POST['edit']; + unset($content); + + if ($_POST['securesite_login_form'] && $edit['name'] && $edit['pass']) { + watchdog('user', t('Login attempt failed for %name.', array('%name' => securesite_theme_placeholder($edit['name'])))); + drupal_set_message(t('Sorry. Unrecognized username or password.'), 'error'); + } + + if ($_POST['securesite_request_form'] && $edit['name'] && $edit['mail']) { + if (!$account = user_load(array('name' => $edit['name'], 'status' => 1))) { + drupal_set_message(t('Sorry. Unrecognized username or e-mail address.'), 'error'); + } + elseif (!$account = user_load(array('mail' => $edit['mail'], 'status' => 1))) { + drupal_set_message(t('Sorry. Unrecognized username or e-mail address.'), 'error'); + } + } + + if ($account->uid) { + $from = variable_get('site_mail', ini_get('sendmail_from')); + $pass = user_password(); + // Save new password: + user_save($account, array('pass' => $pass)); + // Mail new password: + $variables = array('%username' => $account->name, '%site' => variable_get('site_name', 'drupal'), '%login_url' => user_pass_reset_url($account), '%uri' => $base_url, '%uri_brief' => substr($base_url, strlen('http://')), '%mailto' => $account->mail, '%date' => format_date(time()), '%login_uri' => url('user', NULL, NULL, TRUE), '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE)); + + $subject = _user_mail_text('pass_subject', $variables); + $body = _user_mail_text('pass_body', $variables); + $headers = "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"; + $mail_success = user_mail($account->mail, $subject, $body, $headers); + + if ($mail_success) { + watchdog('user', t('Password mailed to %name at %email.', array('%name' => securesite_theme_placeholder($account->name), '%email' => securesite_theme_placeholder($account->mail)))); + drupal_set_message(t('Your password and further instructions have been sent to your e-mail address.')); + } + else { + watchdog('user', t('Error mailing password to %name at %email.', array('%name' => securesite_theme_placeholder($account->name), '%email' => securesite_theme_placeholder($account->mail))), WATCHDOG_ERROR); + drupal_set_message(t('Unable to send mail. Please contact the site admin.', 'error')); + } + //nowhere to go!! //securesite_goto(); + } + + if (variable_get('securesite_enabled',0) == 2) { + $content = _securesite_login_form(); + } + $content .= _securesite_request_form(); + + if (variable_get('securesite_enabled', 0) == 1 && !$account->uid) { + header('WWW-Authenticate: Basic realm="'. variable_get('securesite_realm', variable_get('site_name', 'local')) .'"'); + header('HTTP/1.0 401 Unauthorized'); + } + + dialog_page($content); + drupal_set_title('login'); + module_invoke_all('exit', request_uri()); + exit; +} + +function securesite_filter_check() { + + // Ignore page if requested (code used form block filter code.) + $pages = variable_get('securesite_filter_pages', ''); + + if ($pages) { + $path = drupal_get_path_alias($_GET['q']); + $regexp = '/^('. preg_replace(array('/(\r\n?|\n)/', '/\\\\\*/', '/(^|\|)\\\\($|\|)/'), array('|', '.*', '\1'. preg_quote(variable_get('site_frontpage', 'node'), '/') .'\2'), preg_quote($pages, '/')) .')$/'; + $page_match = !(preg_match($regexp, $path)); + if (preg_match($regexp, $path)) { + if (variable_get('statistics_ip_filter_check', false)) { + return securesite_session_ip_check(); + } + else { + return true; + } + } + else { + return false; + } + } + } -function securesite_user_pass() { - include('securesite.inc'); - _securesite_user_pass(); +function securesite_session_ip_check() { + $result = db_query("SELECT u.name FROM users u INNER JOIN sessions s ON u.uid=s.uid WHERE s.hostname='%s' AND s.uid <> 0", $_SERVER['REMOTE_ADDR']); + if ($s = db_fetch_array($result)) { + return $s['name']; + } + else { + return false; + } } +?>