2050 $is_everyone = ( $row['target_type'] == ACL_TYPE_GROUP && $row['target_id'] == 1 ); |
2050 $is_everyone = ( $row['target_type'] == ACL_TYPE_GROUP && $row['target_id'] == 1 ); |
2051 $this->acl_merge_with_current($rules, $is_everyone); |
2051 $this->acl_merge_with_current($rules, $is_everyone); |
2052 } while ( $row = $db->fetchrow() ); |
2052 } while ( $row = $db->fetchrow() ); |
2053 } |
2053 } |
2054 |
2054 |
|
2055 // Cache the sitewide permissions for later use |
|
2056 $this->acl_base_cache = $this->perms; |
|
2057 |
2055 // Eliminate types that don't apply to this namespace |
2058 // Eliminate types that don't apply to this namespace |
2056 foreach ( $this->perms AS $i => $perm ) |
2059 foreach ( $this->perms AS $i => $perm ) |
2057 { |
2060 { |
2058 if ( !in_array ( $paths->namespace, $this->acl_scope[$i] ) && !in_array('All', $this->acl_scope[$i]) ) |
2061 if ( !in_array ( $paths->namespace, $this->acl_scope[$i] ) && !in_array('All', $this->acl_scope[$i]) ) |
2059 { |
2062 { |
2060 unset($this->perms[$i]); |
2063 unset($this->perms[$i]); |
2061 } |
2064 } |
2062 } |
2065 } |
2063 |
|
2064 // Cache the sitewide permissions for later use |
|
2065 $this->acl_base_cache = $this->perms; |
|
2066 |
2066 |
2067 // Build a query to grab ACL info |
2067 // Build a query to grab ACL info |
2068 $bs = 'SELECT rules,target_type,target_id FROM '.table_prefix.'acl WHERE ( '; |
2068 $bs = 'SELECT rules,target_type,target_id FROM '.table_prefix.'acl WHERE ( '; |
2069 $q = Array(); |
2069 $q = Array(); |
2070 $q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$this->user_id.' )'; |
2070 $q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$this->user_id.' )'; |
2366 v = \'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087\'; |
2366 v = \'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087\'; |
2367 break; |
2367 break; |
2368 } |
2368 } |
2369 var testpassed = ' . ( ( isset($_GET['use_crypt']) && $_GET['use_crypt']=='0') ? 'false; // CRYPTO-AUTH DISABLED ON USER REQUEST // ' : '' ) . '( ct == v && md5_vm_test() ); |
2369 var testpassed = ' . ( ( isset($_GET['use_crypt']) && $_GET['use_crypt']=='0') ? 'false; // CRYPTO-AUTH DISABLED ON USER REQUEST // ' : '' ) . '( ct == v && md5_vm_test() ); |
2370 var frm = document.forms.'.$form_name.'; |
2370 var frm = document.forms.'.$form_name.'; |
2371 if(testpassed) |
|
2372 { |
|
2373 frm.'.$use_crypt.'.value = \'yes\'; |
|
2374 var cryptkey = frm.'.$crypt_key.'.value; |
|
2375 frm.'.$crypt_key.'.value = hex_md5(cryptkey); |
|
2376 cryptkey = hexToByteArray(cryptkey); |
|
2377 if(!cryptkey || ( ( typeof cryptkey == \'string\' || typeof cryptkey == \'object\' ) ) && cryptkey.length != keySizeInBits / 8 ) |
|
2378 { |
|
2379 if ( frm._login ) frm._login.disabled = true; |
|
2380 len = ( typeof cryptkey == \'string\' || typeof cryptkey == \'object\' ) ? \'\\nLen: \'+cryptkey.length : \'\'; |
|
2381 alert(\'The key is messed up\\nType: \'+typeof(cryptkey)+len); |
|
2382 } |
|
2383 } |
|
2384 function runEncryption() |
2371 function runEncryption() |
2385 { |
2372 { |
|
2373 var frm = document.forms.'.$form_name.'; |
2386 if(testpassed) |
2374 if(testpassed) |
2387 { |
2375 { |
2388 var frm = document.forms.'.$form_name.'; |
2376 frm.'.$use_crypt.'.value = \'yes\'; |
|
2377 var cryptkey = frm.'.$crypt_key.'.value; |
|
2378 frm.'.$crypt_key.'.value = hex_md5(cryptkey); |
|
2379 cryptkey = hexToByteArray(cryptkey); |
|
2380 if(!cryptkey || ( ( typeof cryptkey == \'string\' || typeof cryptkey == \'object\' ) ) && cryptkey.length != keySizeInBits / 8 ) |
|
2381 { |
|
2382 if ( frm._login ) frm._login.disabled = true; |
|
2383 len = ( typeof cryptkey == \'string\' || typeof cryptkey == \'object\' ) ? \'\\nLen: \'+cryptkey.length : \'\'; |
|
2384 alert(\'The key is messed up\\nType: \'+typeof(cryptkey)+len); |
|
2385 } |
2389 pass = frm.'.$pw_field.'.value; |
2386 pass = frm.'.$pw_field.'.value; |
2390 chal = frm.'.$challenge.'.value; |
2387 chal = frm.'.$challenge.'.value; |
2391 challenge = hex_md5(pass + chal) + chal; |
2388 challenge = hex_md5(pass + chal) + chal; |
2392 frm.'.$challenge.'.value = challenge; |
2389 frm.'.$challenge.'.value = challenge; |
2393 pass = stringToByteArray(pass); |
2390 pass = stringToByteArray(pass); |
2462 */ |
2459 */ |
2463 |
2460 |
2464 var $perms = Array(); |
2461 var $perms = Array(); |
2465 |
2462 |
2466 /** |
2463 /** |
|
2464 * Array to track which default permissions are being used |
|
2465 * @var array |
|
2466 * @access private |
|
2467 */ |
|
2468 |
|
2469 var $acl_defaults_used = Array(); |
|
2470 |
|
2471 /** |
2467 * Constructor. |
2472 * Constructor. |
2468 * @param string $page_id The ID of the page to check |
2473 * @param string $page_id The ID of the page to check |
2469 * @param string $namespace The namespace of the page to check. |
2474 * @param string $namespace The namespace of the page to check. |
2470 * @param array $acl_types List of ACL types |
2475 * @param array $acl_types List of ACL types |
2471 * @param array $acl_descs List of human-readable descriptions for permissions (associative) |
2476 * @param array $acl_descs List of human-readable descriptions for permissions (associative) |
2475 |
2480 |
2476 function Session_ACLPageInfo($page_id, $namespace, $acl_types, $acl_descs, $acl_deps, $base) |
2481 function Session_ACLPageInfo($page_id, $namespace, $acl_types, $acl_descs, $acl_deps, $base) |
2477 { |
2482 { |
2478 global $db, $session, $paths, $template, $plugins; // Common objects |
2483 global $db, $session, $paths, $template, $plugins; // Common objects |
2479 |
2484 |
2480 $this->perms = $session->acl_merge_complete($acl_types, $base); |
|
2481 $this->acl_deps = $acl_deps; |
2485 $this->acl_deps = $acl_deps; |
2482 $this->acl_types = $acl_types; |
2486 $this->acl_types = $acl_types; |
2483 $this->acl_descs = $acl_descs; |
2487 $this->acl_descs = $acl_descs; |
|
2488 |
|
2489 $this->perms = $acl_types; |
|
2490 $this->perms = $session->acl_merge_complete($this->perms, $base); |
2484 |
2491 |
2485 // Build a query to grab ACL info |
2492 // Build a query to grab ACL info |
2486 $bs = 'SELECT rules FROM '.table_prefix.'acl WHERE ( '; |
2493 $bs = 'SELECT rules FROM '.table_prefix.'acl WHERE ( '; |
2487 $q = Array(); |
2494 $q = Array(); |
2488 $q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$session->user_id.' )'; |
2495 $q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$session->user_id.' )'; |
2500 $q = $session->sql($bs); |
2507 $q = $session->sql($bs); |
2501 if ( $row = $db->fetchrow() ) |
2508 if ( $row = $db->fetchrow() ) |
2502 { |
2509 { |
2503 do { |
2510 do { |
2504 $rules = $session->string_to_perm($row['rules']); |
2511 $rules = $session->string_to_perm($row['rules']); |
2505 $this->perms = $session->acl_merge($this->perms, $rules); |
2512 $is_everyone = ( $row['target_type'] == ACL_TYPE_GROUP && $row['target_id'] == 1 ); |
|
2513 $this->acl_merge_with_current($rules, $is_everyone); |
2506 } while ( $row = $db->fetchrow() ); |
2514 } while ( $row = $db->fetchrow() ); |
2507 } |
2515 } |
2508 |
2516 |
2509 $this->page_id = $page_id; |
2517 $this->page_id = $page_id; |
2510 $this->namespace = $namespace; |
2518 $this->namespace = $namespace; |
2517 * @return bool True if allowed, false if denied or if an error occured |
2525 * @return bool True if allowed, false if denied or if an error occured |
2518 */ |
2526 */ |
2519 |
2527 |
2520 function get_permissions($type, $no_deps = false) |
2528 function get_permissions($type, $no_deps = false) |
2521 { |
2529 { |
|
2530 // echo '<pre>' . print_r($this->perms, true) . '</pre>'; |
2522 global $db, $session, $paths, $template, $plugins; // Common objects |
2531 global $db, $session, $paths, $template, $plugins; // Common objects |
2523 if ( isset( $this->perms[$type] ) ) |
2532 if ( isset( $this->perms[$type] ) ) |
2524 { |
2533 { |
2525 if ( $this->perms[$type] == AUTH_DENY ) |
2534 if ( $this->perms[$type] == AUTH_DENY ) |
2526 $ret = false; |
2535 $ret = false; |
2609 } |
2618 } |
2610 } |
2619 } |
2611 return true; |
2620 return true; |
2612 } |
2621 } |
2613 |
2622 |
|
2623 /** |
|
2624 * Merges the ACL array sent with the current permissions table, deciding precedence based on whether defaults are in effect or not. |
|
2625 * @param array The array to merge into the master ACL list |
|
2626 * @param bool If true, $perm is treated as the "new default" |
|
2627 * @param int 1 if this is a site-wide ACL, 2 if page-specific. Defaults to 2. |
|
2628 */ |
|
2629 |
|
2630 function acl_merge_with_current($perm, $is_everyone = false, $scope = 2) |
|
2631 { |
|
2632 foreach ( $this->perms as $i => $p ) |
|
2633 { |
|
2634 if ( isset($perm[$i]) ) |
|
2635 { |
|
2636 if ( $is_everyone && !$this->acl_defaults_used[$i] ) |
|
2637 continue; |
|
2638 // Decide precedence |
|
2639 if ( isset($this->acl_defaults_used[$i]) ) |
|
2640 { |
|
2641 //echo "$i: default in use, overriding to: {$perm[$i]}<br />"; |
|
2642 // Defaults are in use, override |
|
2643 $this->perms[$i] = $perm[$i]; |
|
2644 $this->acl_defaults_used[$i] = ( $is_everyone ); |
|
2645 } |
|
2646 else |
|
2647 { |
|
2648 //echo "$i: default NOT in use"; |
|
2649 // Defaults are not in use, merge as normal |
|
2650 if ( $this->perms[$i] != AUTH_DENY ) |
|
2651 { |
|
2652 //echo ", but overriding"; |
|
2653 $this->perms[$i] = $perm[$i]; |
|
2654 } |
|
2655 //echo "<br />"; |
|
2656 } |
|
2657 } |
|
2658 } |
|
2659 } |
|
2660 |
2614 } |
2661 } |
2615 |
2662 |
2616 ?> |
2663 ?> |