Sindbad~EG File Manager
<?php
/*
* Gallery - a web based photo album viewer and editor
* Copyright (C) 2000-2007 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
/* HTTP auth status codes */
define('HTTPAUTH_STATUS_MISSING_AUTHORIZATION', 0x00000002);
define('HTTPAUTH_STATUS_REWRITE_MODULE_DISABLED', 0x00000004);
define('HTTPAUTH_STATUS_BAD_REWRITE_PARSER', 0x00000008);
define('HTTPAUTH_STATUS_AUTHORIZATION_RULE_DISABLED', 0x00000010);
define('HTTPAUTH_STATUS_ERROR_UNKNOWN', 0x80000000);
/**
* HTTP auth helper class.
* @package HttpAuth
* @subpackage Classes
* @author Jack Bates <ms419@freezone.co.uk>
* @version $Revision: 15853 $
* @static
*/
class HttpAuthHelper /* extends HttpAuthInterface_1_0 */ {
/**
* Check this module's configuration.
* @return array object GalleryStatus a status code
* int HTTP auth status code
*/
function checkConfiguration() {
global $gallery;
$urlGenerator =& $gallery->getUrlGenerator();
$code = 0x00000000;
/* Check that Gallery can access HTTP usernames and passwords */
list ($ret, $success) = HttpAuthHelper::checkHttpAuth();
if ($ret) {
return array($ret, null);
}
/* Check for causes why Gallery can't access HTTP usernames and passwords */
if (!$success) {
list ($ret, $moduleStatus) = GalleryCoreApi::fetchPluginList('module');
if ($ret) {
return array($ret, null);
}
if (empty($moduleStatus['rewrite']['active'])) {
$code |= HTTPAUTH_STATUS_REWRITE_MODULE_DISABLED;
} else {
list ($ret, $rewriteApi) = GalleryCoreApi::newFactoryInstance('RewriteApi');
if ($ret) {
return array($ret, null);
}
if (!isset($rewriteApi)) {
return array(GalleryCoreApi::error(ERROR_CONFIGURATION_REQUIRED), null);
}
list ($ret, $isCompatible) = $rewriteApi->isCompatibleWithApi(array(1, 1));
if ($ret) {
return array($ret, null);
}
if (!$isCompatible) {
return array(GalleryCoreApi::error(ERROR_CONFIGURATION_REQUIRED), null);
}
if ($rewriteApi->getParserType() != 'preGallery') {
$code |= HTTPAUTH_STATUS_BAD_REWRITE_PARSER;
} else {
list ($ret, $activeRules) = $rewriteApi->fetchActiveRulesForModule('httpauth');
if ($ret) {
return array($ret, null);
}
if (!in_array('authorization', $activeRules)) {
$code |= HTTPAUTH_STATUS_AUTHORIZATION_RULE_DISABLED;
}
}
}
/* No causes found for why Gallery can't access HTTP usernames and passwords! */
if (!$code) {
$code |= HTTPAUTH_STATUS_ERROR_UNKNOWN;
}
$code |= HTTPAUTH_STATUS_MISSING_AUTHORIZATION;
}
return array(null, $code);
}
/**
* Check that Gallery can access HTTP usernames and passwords.
* @return array object GalleryStatus a status code
* boolean true if Gallery can access HTTP usernames and passwords
*/
function checkHttpAuth() {
global $gallery;
$urlGenerator =& $gallery->getUrlGenerator();
/*
* Only check if the HTTP auth plugin is enabled. Otherwise, access to HTTP usernames and
* passwords is not required.
*/
list ($ret, $params) = GalleryCoreApi::fetchAllPluginParameters('module', 'httpauth');
if ($ret) {
return array($ret, null);
}
if (empty($params['httpAuthPlugin'])) {
return array(null, true);
}
/*
* Use the Basic auth-type for tests. PHP does not define auth variables for arbitrary
* auth-types.
*/
list ($status, $headers, $body) = GalleryCoreApi::requestWebPage($urlGenerator->generateUrl(
array('view' => 'httpauth.HttpAuthWorks'),
array('forceFullUrl' => true,
'htmlEntities' => false)),
'GET', array('Authorization' => 'Basic ' . base64_encode('USERNAME:PASSWORD')));
return array(null, trim($body) == "Basic\nUSERNAME\nPASSWORD");
}
/**
* Get the HTTP authtype, username, and password using either the PHP server variables or the
* authorization request variable.
* @return array string HTTP authtype
* string HTTP username
* string HTTP password
*/
function getHttpAuth() {
$authtype = GalleryUtilities::getServerVar('AUTH_TYPE');
$username = GalleryUtilities::getServerVar('PHP_AUTH_USER');
$password = GalleryUtilities::getServerVar('PHP_AUTH_PW');
$authorization = GalleryUtilities::getRequestVariables('authorization');
if (empty($authorization)) {
/* IIS ISAPI PHP defines HTTP_AUTHORIZATION */
$authorization = GalleryUtilities::getServerVar('HTTP_AUTHORIZATION');
}
if (!empty($authorization)) {
list ($authtype, $authdata) = explode(' ', $authorization);
list ($username, $password) = explode(':', base64_decode($authdata));
}
/* AUTH_TYPE is often not defined, assume a default. */
if (!empty($username) && empty($authtype)) {
$authtype = 'Basic';
}
return array($authtype, $username, $password);
}
/**
* Common code from HttpAuthPlugin::getUser and ServerAuthPlugin::getUser.
*
* Potentially filters authentication type and username with regular expressions before
* returning active user.
*
* @param string authentication type (Basic, Negotiate, etc.)
* @param string username
* @return array object GalleryStatus a status code
* object GalleryUser the active user or null
*/
function getUser($authtype, $username) {
list ($ret, $params) = GalleryCoreApi::fetchAllPluginParameters('module', 'httpauth');
if ($ret) {
return array($ret, null);
}
if (!empty($params['regexAuthPlugin'])) {
if (!preg_match($params['authtypePattern'], $authtype)) {
/* Reject authentication type */
return array(null, null);
}
if (!preg_match($params['usernamePattern'], $username)) {
/* Reject username */
return array(null, null);
}
$username =
preg_replace($params['usernamePattern'], $params['usernameReplace'], $username);
}
if (empty($username)) {
return array(null, null);
}
/* Ignore disabled users, since we don't have a facility for showing an error */
list ($ret, $isDisabled) = GalleryCoreApi::isDisabledUsername($username);
if ($ret) {
return array($ret, null);
}
if ($isDisabled) {
return array(null, null);
}
list ($ret, $user) = GalleryCoreApi::fetchUserByUsername($username);
/* ERROR_MISSING_OBJECT check to suppress error if username doesn't exist */
if ($ret && !($ret->getErrorCode() & ERROR_MISSING_OBJECT)) {
return array($ret, null);
}
return array(null, $user);
}
/**
* Regenerate the session if this request might the initial login (active auth vs passive auth).
* @param object GalleryUser $authenticatedUser user authenticated for this request
* @return object GalleryStatus a status code
*/
function regenerateSessionIfNecessary($authenticatedUser) {
global $gallery;
$session =& $gallery->getSession();
$oldUserId = $session->getUserId();
if (isset($authenticatedUser) && $oldUserId != $authenticatedUser->getId()) {
/* This *may* be an initial authentication. We need to regenerate the session. */
$ret = $session->regenerate();
if ($ret) {
return $ret;
}
}
return null;
}
/**
* Adds the given pair of username / password to the given URL as HTTP auth user:pass@hostname.
* @param string $url An absolute URL
* @param string $username
* @param string $password
*/
function addHttpAuthToUrl($url, $username, $password) {
$components = parse_url($url);
$components['user'] = $username;
$components['pass'] = $password;
return HttpAuthHelper::_buildUrl($components);
}
/**
* Removes user:pass from the given URL.
* @param string $url An absolute URL
*/
function stripHttpAuthFromUrl($url) {
$components = parse_url($url);
unset($components['user']);
unset($components['pass']);
return HttpAuthHelper::_buildUrl($components);
}
/**
* @see HttpAuthInterface_1_0::getConfiguration
*/
function getConfiguration() {
list ($ret, $params) = GalleryCoreApi::fetchAllPluginParameters('module', 'httpauth');
if ($ret) {
return array($ret, null, null, null);
}
return array(null, !empty($params['httpAuthPlugin']), !empty($params['serverAuthPlugin']),
!empty($params['useGlobally']));
}
/**
* @see HttpAuthInterface_1_0::setConfiguration
*/
function setConfiguration($enableHttpAuth, $enableServerAuth=false, $useGlobally=false) {
list ($ret, $module) = GalleryCoreApi::loadPlugin('module', 'httpauth');
if ($ret) {
return $ret;
}
foreach (array('httpAuthPlugin' => $enableHttpAuth,
'serverAuthPlugin' => $enableServerAuth,
'useGlobally' => $useGlobally) as $key => $value) {
$ret = $module->setParameter($key, $value);
if ($ret) {
return $ret;
}
}
$ret = GalleryCoreApi::unregisterFactoryImplementationsByModuleId('httpauth');
if ($ret) {
return $ret;
}
$ret = $module->performFactoryRegistrations();
if ($ret) {
return $ret;
}
return null;
}
/**
* @see HttpAuthInterface_1_0::requestAuthentication
*/
function requestAuthentication($ignoreUseGloballyFlag=true) {
list ($ret, $params) = GalleryCoreApi::fetchAllPluginParameters('module', 'httpauth');
if ($ret) {
return $ret;
}
if (empty($params['httpAuthPlugin'])) {
return null;
}
if (!$ignoreUseGloballyFlag && empty($params['useGlobally'])) {
return null;
}
GalleryUtilities::setResponseHeader('HTTP/1.0 401 Unauthorized', false);
GalleryUtilities::setResponseHeader("WWW-Authenticate: Basic realm='$params[authName]'",
false);
return null;
}
/**
* Build a URL from its components.
* @param array $components URL components in the format of parse_url
* @access private
*/
function _buildUrl($components) {
$url = '';
if (!empty($components['scheme']) && !empty($components['host'])) {
$auth = '';
if (!empty($components['user'])) {
$auth = $components['user'];
if (!empty($components['pass'])) {
$auth .= ':' . $components['pass'];
}
$auth .= '@';
}
$url = sprintf('%s://%s%s', $components['scheme'], $auth, $components['host']);
}
if (!empty($components['path'])) {
$url .= $components['path'];
}
if (!empty($components['query'])) {
$url .= '?' . $components['query'];
}
if (!empty($components['fragment'])) {
$url .= '#' . $components['fragment'];
}
return $url;
}
}
?>
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists