forked from extern/egroupware
added password check to shares
This commit is contained in:
parent
cf9326391c
commit
3f50472828
@ -99,16 +99,7 @@ class egw_digest_auth
|
||||
(preg_match('/[^\x20-\x7F]/', $password) || strpos($password, '\\x') !== false) &&
|
||||
!$GLOBALS['egw']->auth->authenticate($username, $password, 'text'))
|
||||
{
|
||||
// replace \x encoded non-ascii chars in password, as they are used eg. by Thunderbird for German umlauts
|
||||
if (strpos($password, '\\x') !== false)
|
||||
{
|
||||
$password = preg_replace_callback('/\\\\x([0-9A-F]{2})/i', function($matches){
|
||||
return chr(hexdec($matches[1]));
|
||||
}, $password);
|
||||
}
|
||||
// try translating the password from iso-8859-1 to utf-8
|
||||
$password = translation::convert($password, 'iso-8859-1');
|
||||
//error_log(__METHOD__."() Fixed non-ascii password of user '$username' from '$_SERVER[PHP_AUTH_PW]' to '$password'");
|
||||
self::decode_password($password);
|
||||
}
|
||||
// create session without session cookie (session->create(..., true), as we use pseudo sessionid from credentials
|
||||
if (!isset($username) || !($sessionid = $GLOBALS['egw']->session->create($username, $password, 'text', true)))
|
||||
@ -126,6 +117,32 @@ class egw_digest_auth
|
||||
return $sessionid;
|
||||
}
|
||||
|
||||
/**
|
||||
* Decode password containing non-ascii chars
|
||||
*
|
||||
* @param string &$password
|
||||
* @return boolean true if conversation happend, false if there was no need for a conversation
|
||||
*/
|
||||
public static function decode_password(&$password)
|
||||
{
|
||||
// if given password contains non-ascii chars AND we can not authenticate with it
|
||||
if (preg_match('/[^\x20-\x7F]/', $password) || strpos($password, '\\x') !== false)
|
||||
{
|
||||
// replace \x encoded non-ascii chars in password, as they are used eg. by Thunderbird for German umlauts
|
||||
if (strpos($password, '\\x') !== false)
|
||||
{
|
||||
$password = preg_replace_callback('/\\\\x([0-9A-F]{2})/i', function($matches){
|
||||
return chr(hexdec($matches[1]));
|
||||
}, $password);
|
||||
}
|
||||
// try translating the password from iso-8859-1 to utf-8
|
||||
$password = translation::convert($password, 'iso-8859-1');
|
||||
//error_log(__METHOD__."() Fixed non-ascii password of user '$username' from '$_SERVER[PHP_AUTH_PW]' to '$password'");
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if digest auth is available for a given realm (and user): do we use cleartext passwords
|
||||
*
|
||||
|
@ -16,7 +16,6 @@
|
||||
* Token generation uses openssl_random_pseudo_bytes, if available, otherwise
|
||||
* mt_rand based auth::randomstring is used.
|
||||
*
|
||||
* @todo UI to create shares
|
||||
* @todo handle existing user sessions eg. by mounting share under it's token into vfs and redirect to regular filemanager
|
||||
* @todo handle mounts inside shared directory (they get currently lost)
|
||||
* @todo handle absolute symlinks (wont work as we use share as root)
|
||||
@ -138,7 +137,19 @@ class egw_sharing
|
||||
echo "Requested resource '/".htmlspecialchars($token)."' does NOT exist!\n";
|
||||
common::egw_exit();
|
||||
}
|
||||
// ToDo: password check, if required
|
||||
|
||||
// check password, if required
|
||||
if ($share['share_passwd'] && (empty($_SERVER['PHP_AUTH_PW']) ||
|
||||
!auth::compare_password($_SERVER['PHP_AUTH_PW'], $share['share_passwd'], 'crypt')))
|
||||
{
|
||||
$realm = 'EGroupware share '.$share['share_token'];
|
||||
header('WWW-Authenticate: Basic realm="'.$realm.'"');
|
||||
$status = '401 Unauthorized';
|
||||
header("HTTP/1.1 $status");
|
||||
header("X-WebDAV-Status: $status", true);
|
||||
echo "<html>\n<head>\n<title>401 Unauthorized</title>\n<body>\nAuthorization failed.\n</body>\n</html>\n";
|
||||
common::egw_exit();
|
||||
}
|
||||
|
||||
// create session without checking auth: create(..., false, false)
|
||||
if (!($sessionid = $GLOBALS['egw']->session->create('anonymous', '', 'text', false, false)))
|
||||
|
Loading…
Reference in New Issue
Block a user