<?php
/**
* phlyMail Config authentication module
* @package phlyMail Nahariya 4.0+, Branch MessageCenter
* @subpackage Config interface
* @copyright 2002-2010 phlyLabs, Berlin (http://phlylabs.de)
* @version 4.0.7mod1 2010-11-08
*/
// Only valid within phlyMail
if (!defined('_IN_PHM_')) die();
$WPloggedin = 0;
$still_blocked = 0;
$special = isset($_REQUEST['special']) ? $_REQUEST['special'] : false;
// Anchoring point for DB update script
if (!isset($_REQUEST['ignore_runonce']) && file_exists('runonce.php') && is_readable('runonce.php')) {
require('runonce.php');
$state = @unlink('runonce.php');
if (!$state) {
$error = ('de' == $WP_conf['language'])
? 'Update der Intallation erfolgreich. Bitte löschen Sie runonce.php aus dem Hautpverzeichnis von phlyMail.'
: 'Installation update successfull. Please delete runonce.php from the main folder of phlyMail.';
$ignore_runonce = 1;
$_PM_['core']['pass_through'][] = 'ignore_runonce';
}
}
//
if (isset($_REQUEST['WPuser']) && isset($_REQUEST['WPpass'])) {
list($uid, $realpass) = $DB->adm_auth($_REQUEST['WPuser']);
$failure = $DB->get_admfail($uid);
// Automatisches Verblassen von Fehleingaben
if ($failure['fail_count'] < $_PM_['auth']['countonfail']) {
if ($failure['fail_time'] < (date('U') - 600)) $DB->reset_admfail($uid);
} else {
if ($failure['fail_time'] < (date('U') - ($_PM_['auth']['lockonfail'] * 60))) {
$DB->reset_admfail($uid);
} else $still_blocked = 1;
}
if (isset($_REQUEST['secure']) && $_REQUEST['secure']) {
$soll = md5($realpass.$_SESSION['otp']);
if ($soll != $_REQUEST['secure']) {
if ($still_blocked != 1) $DB->set_admfail($uid);
$uid = false;
}
unset($_SESSION['otp']);
} elseif ($_REQUEST['WPpass']) {
if (md5($_REQUEST['WPpass']) != $realpass) {
if ($still_blocked != 1) $DB->set_admfail($uid);
$uid = false;
}
} else {
$uid = false;
}
if ($still_blocked == 1) $error = $WP_msg['stillblocked'];
elseif ($uid != false) {
$_SESSION['phM_uid'] = $uid;
$_SESSION['phM_username'] = $_REQUEST['WPuser'];
$_SESSION['phM_adminsession'] = 'true';
$WPloggedin = 1;
$DB->set_admlogintime($_SESSION['phM_uid']);
$PHM = $DB->get_admdata($uid);
unset($PHM['password']);
list($read, $write) = unserialize(base64_decode($PHM['permissions']));
// Permissions of that administrative user
$_SESSION['phM_perm_read'] = (isset($read) && is_array($read)) ? array_flip($read) : array();
$_SESSION['phM_perm_write'] = (isset($write) && is_array($write)) ? array_flip($write) : array();
// Might be a super admin
$_SESSION['phM_superroot'] = (isset($PHM['is_root']) && $PHM['is_root'] == 'yes');
header('Location: '.PHP_SELF.'?'.give_passthrough(1));
exit();
} else {
$error = $WP_msg['wrongauth'];
sleep($_PM_['auth']['waitonfail']);
}
}
if ($WPloggedin != 1) {
$action = 'auth';
$WP_once['load_tpl_auth'] = 'do.it!';
if ('lost_pw' == $special) {
if (isset($_REQUEST['user']) && $_REQUEST['user']) {
list ($uid, $realpass, $email) = $DB->adm_auth($_REQUEST['user']);
if (!$uid) {
$error = $WP_msg['notknown'];
} elseif (!$email || !strstr($email, '@')) {
$uid = false;
$error = $WP_msg['AuthLostNoEmail'];
}
if (isset($uid) && $uid) {
$newpass = mk_secure_password();
$DB->upd_admin(array
('uid' => $uid
,'email' => $email
,'username' => $_REQUEST['user']
,'password' => $newpass
));
$DB->reset_admfail($uid);
auth_mail_password(array
('subject' => $WP_msg['AuthLostMailSubj']
,'body' => $WP_msg['AuthLostMailBody']
,'password' => $newpass
,'email' => $email
));
$tpl = new FXL_Template(CONFIGPATH.'/templates/auth.forgotten.tpl');
$tpl->fill_block('okay', array
('msg_okay' => $WP_msg['AuthPWSent']
,'msg_back' => $WP_msg['backLI']
,'login' => htmlspecialchars(PHP_SELF.'?'.give_passthrough())
));
return;
}
}
$tpl = new FXL_Template(CONFIGPATH.'/templates/auth.forgotten.tpl');
$t_q = $tpl->get_block('query');
$t_q->assign(array
('PHP_SELF' => htmlspecialchars(PHP_SELF.'?whattodo=check&special=lost_pw&'.give_passthrough())
,'msg_popuser' => $WP_msg['popuser']
,'msg_lost_pw' => $WP_msg['AuthLostPW']
,'msg_enter' => $WP_msg['AuthLostEnterName']
,'msg_send' => $WP_msg['AuthLostSend']
,'user' => isset($_REQUEST['user']) ? phm_entities($_REQUEST['user']) : ''
));
if (isset($error) && $error) $t_q->fill_block('error', 'error', $error);
$tpl->assign('query', $t_q);
return;
}
$_SESSION['otp'] = md5($_SERVER['REMOTE_ADDR']).time().getmypid();
$tpl = new FXL_Template(CONFIGPATH.'/templates/auth.login.tpl');
$tpl->assign(array
('PHP_SELF' => PHP_SELF.'?'.give_passthrough()
,'msg_authenticate' => $WP_msg['authenticate']
,'msg_popuser' => $WP_msg['popuser']
,'msg_poppass' => $WP_msg['poppass']
,'msg_login' => $WP_msg['login']
,'msg_lost_pw' => $WP_msg['AuthLostPW']
,'otp' => $_SESSION['otp']
));
if (isset($error) && $error != '') {
$tpl_e = $tpl->get_block('error');
$tpl_e->assign('error', $error);
$tpl->assign('error', $tpl_e);
}
}
function mk_secure_password()
{
$charmap = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!_.+,:;$';
$maxchar = strlen($charmap)-1;
$pwd = '';
for ($i = 0; $i < 8; ++$i) $pwd .= $charmap{(rand(0, $maxchar))};
return $pwd;
}
function auth_mail_password($input)
{
global $_PM_; // Since we need it virtuallay everywhere in this function
require_once($_PM_['path']['lib'].'/pop3.inc.php');
require_once($_PM_['path']['lib'].'/phm_streaming_smtp.php');
require_once($_PM_['path']['lib'].'/phm_streaming_sendmail.php');
require_once($_PM_['path']['lib'].'/phm_streaming_mailparser.php');
require_once($_PM_['path']['lib'].'/message.encode.php');
require_once($_PM_['path']['lib'].'/idna_convert.class.php');
$providername = (isset($_PM_['core']['provider_name']) && $_PM_['core']['provider_name'] != '') ? $_PM_['core']['provider_name'] : 'phlyMail';
$body = str_replace('$2', $input['password'], str_replace('$1', $providername, phm_stripslashes($input['body'])));
$from = isset($_PM_['core']['systememail']) && $_PM_['core']['systememail'] ? $_PM_['core']['systememail'] : $input['email'];
$to = $input['email'];
$subject = str_replace('$1', $providername, phm_stripslashes($input['subject']));
if (preg_match('![\x80-\xff]!', $body)) {
$bodylines = explode(LF, $body);
$body = '';
foreach ($bodylines as $value) $body .= phm_quoted_printable_encode($value.CRLF);
$body_qp = 'true';
}
$header = create_messageheader(array('from' => $from, 'to' => $to, 'subject' => $subject));
$to = mailparser::parse_email_address($to);
if ($_PM_['core']['send_method'] == 'sendmail') {
$header = str_replace(CRLF, LF, $header);
$body = str_replace(CRLF, LF, $body);
$LE = LF;
$sendmail = preg_replace('!\ \-t!', '', $_PM_['core']['sendmail']).' -t';
$sm = new phm_streaming_sendmail($sendmail);
if ($moep = $sm->get_last_error() && $moep) return;
}
if ($_PM_['core']['send_method'] == 'smtp') {
$LE = CRLF;
$from = mailparser::parse_email_address($from);
if (isset($_PM_['core']['fix_smtp_host']) && $_PM_['core']['fix_smtp_host']) {
$smtp_host = $_PM_['core']['fix_smtp_host'];
$smtp_port = ($_PM_['core']['fix_smtp_port']) ? $_PM_['core']['fix_smtp_port'] : 25;
$smtp_user = (isset($_PM_['core']['fix_smtp_user'])) ? $_PM_['core']['fix_smtp_user'] : false;
$smtp_pass = (isset($_PM_['core']['fix_smtp_pass'])) ? $_PM_['core']['fix_smtp_pass'] : false;
} else {
return;
}
//
$sm = new phm_streaming_smtp($smtp_host, $smtp_port, $smtp_user, $smtp_pass);
$sm->open_server($from[0], $to[0]);
}
if ($sm) {
$sm->put_data_to_stream($header);
if (isset($body_qp) && 'true' == $body_qp) {
$sm->put_data_to_stream('MIME-Version: 1.0'.$LE);
$sm->put_data_to_stream('Content-Type: text/plain; charset=utf-8'.$LE);
$sm->put_data_to_stream('Content-Transfer-Encoding: quoted-printable'.$LE);
}
$sm->put_data_to_stream($LE);
$sm->put_data_to_stream($body);
$sm->finish_transfer();
$sm->close();
}
}
?>