Location: PHPKode > projects > phlyMail Lite > phlymail/config/mod.auth.php
<?php
/**
 * phlyMail Config authentication module
 * @package phlyMail Nahariya 4.0+, Branch MessageCenter
 * @subpackage Config interface
 * @copyright 2002-2010 phlyLabs, Berlin (http://phlylabs.de)
 * @version 4.0.7mod1 2010-11-08
 */
// Only valid within phlyMail
if (!defined('_IN_PHM_')) die();

$WPloggedin = 0;
$still_blocked = 0;
$special = isset($_REQUEST['special']) ? $_REQUEST['special'] : false;
// Anchoring point for DB update script
if (!isset($_REQUEST['ignore_runonce']) && file_exists('runonce.php') && is_readable('runonce.php')) {
    require('runonce.php');
    $state = @unlink('runonce.php');
    if (!$state) {
        $error = ('de' == $WP_conf['language'])
                ? 'Update der Intallation erfolgreich. Bitte löschen Sie runonce.php aus dem Hautpverzeichnis von phlyMail.'
                : 'Installation update successfull. Please delete runonce.php from the main folder of phlyMail.';
        $ignore_runonce = 1;
        $_PM_['core']['pass_through'][] = 'ignore_runonce';
    }
}
//
if (isset($_REQUEST['WPuser']) && isset($_REQUEST['WPpass'])) {
    list($uid, $realpass) = $DB->adm_auth($_REQUEST['WPuser']);
    $failure = $DB->get_admfail($uid);
    // Automatisches Verblassen von Fehleingaben
    if ($failure['fail_count'] < $_PM_['auth']['countonfail']) {
        if ($failure['fail_time'] < (date('U') - 600)) $DB->reset_admfail($uid);
    } else {
        if ($failure['fail_time'] < (date('U') - ($_PM_['auth']['lockonfail'] * 60))) {
            $DB->reset_admfail($uid);
        } else $still_blocked = 1;
    }
    if (isset($_REQUEST['secure']) && $_REQUEST['secure']) {
        $soll = md5($realpass.$_SESSION['otp']);
        if ($soll != $_REQUEST['secure']) {
            if ($still_blocked != 1) $DB->set_admfail($uid);
            $uid = false;
        }
        unset($_SESSION['otp']);
    } elseif ($_REQUEST['WPpass']) {
        if (md5($_REQUEST['WPpass']) != $realpass) {
            if ($still_blocked != 1) $DB->set_admfail($uid);
            $uid = false;
        }
    } else {
        $uid = false;
    }
    if ($still_blocked == 1) $error = $WP_msg['stillblocked'];
    elseif ($uid != false) {
        $_SESSION['phM_uid'] = $uid;
        $_SESSION['phM_username'] = $_REQUEST['WPuser'];
        $_SESSION['phM_adminsession'] = 'true';
        $WPloggedin = 1;
        $DB->set_admlogintime($_SESSION['phM_uid']);
        $PHM = $DB->get_admdata($uid);
        unset($PHM['password']);
        list($read, $write) = unserialize(base64_decode($PHM['permissions']));
        // Permissions of that administrative user
        $_SESSION['phM_perm_read']  = (isset($read) && is_array($read))   ? array_flip($read)  : array();
        $_SESSION['phM_perm_write'] = (isset($write) && is_array($write)) ? array_flip($write) : array();
        // Might be a super admin
        $_SESSION['phM_superroot']  = (isset($PHM['is_root']) && $PHM['is_root'] == 'yes');
        header('Location: '.PHP_SELF.'?'.give_passthrough(1));
        exit();
    } else {
        $error = $WP_msg['wrongauth'];
        sleep($_PM_['auth']['waitonfail']);
    }
}

if ($WPloggedin != 1) {
    $action = 'auth';
    $WP_once['load_tpl_auth'] = 'do.it!';
    if ('lost_pw' == $special) {
        if (isset($_REQUEST['user']) && $_REQUEST['user']) {
            list ($uid, $realpass, $email) = $DB->adm_auth($_REQUEST['user']);
            if (!$uid) {
                $error = $WP_msg['notknown'];
            } elseif (!$email || !strstr($email, '@')) {
                $uid = false;
                $error = $WP_msg['AuthLostNoEmail'];
            }
            if (isset($uid) && $uid) {
                $newpass = mk_secure_password();
                $DB->upd_admin(array
                        ('uid' => $uid
                        ,'email' => $email
                        ,'username' => $_REQUEST['user']
                        ,'password' => $newpass
                        ));
                $DB->reset_admfail($uid);
                auth_mail_password(array
                        ('subject' => $WP_msg['AuthLostMailSubj']
                        ,'body' => $WP_msg['AuthLostMailBody']
                        ,'password' => $newpass
                        ,'email' => $email
                        ));
                $tpl = new FXL_Template(CONFIGPATH.'/templates/auth.forgotten.tpl');
                $tpl->fill_block('okay', array
                        ('msg_okay' => $WP_msg['AuthPWSent']
                        ,'msg_back' => $WP_msg['backLI']
                        ,'login' => htmlspecialchars(PHP_SELF.'?'.give_passthrough())
                        ));
                return;
            }
        }
        $tpl = new FXL_Template(CONFIGPATH.'/templates/auth.forgotten.tpl');
        $t_q = $tpl->get_block('query');
        $t_q->assign(array
                ('PHP_SELF' => htmlspecialchars(PHP_SELF.'?whattodo=check&special=lost_pw&'.give_passthrough())
                ,'msg_popuser' => $WP_msg['popuser']
                ,'msg_lost_pw' => $WP_msg['AuthLostPW']
                ,'msg_enter' => $WP_msg['AuthLostEnterName']
                ,'msg_send' => $WP_msg['AuthLostSend']
                ,'user' => isset($_REQUEST['user']) ? phm_entities($_REQUEST['user']) : ''
                ));
        if (isset($error) && $error) $t_q->fill_block('error', 'error', $error);
        $tpl->assign('query', $t_q);
        return;
    }
    $_SESSION['otp'] = md5($_SERVER['REMOTE_ADDR']).time().getmypid();

    $tpl = new FXL_Template(CONFIGPATH.'/templates/auth.login.tpl');
    $tpl->assign(array
            ('PHP_SELF' => PHP_SELF.'?'.give_passthrough()
            ,'msg_authenticate' => $WP_msg['authenticate']
            ,'msg_popuser' => $WP_msg['popuser']
            ,'msg_poppass' => $WP_msg['poppass']
            ,'msg_login' => $WP_msg['login']
            ,'msg_lost_pw' => $WP_msg['AuthLostPW']
            ,'otp' => $_SESSION['otp']
            ));
    if (isset($error) && $error != '') {
        $tpl_e = $tpl->get_block('error');
        $tpl_e->assign('error', $error);
        $tpl->assign('error', $tpl_e);
    }
}

function mk_secure_password()
{
    $charmap = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!_.+,:;$';
    $maxchar = strlen($charmap)-1;
    $pwd = '';
    for ($i = 0; $i < 8; ++$i) $pwd .= $charmap{(rand(0, $maxchar))};
    return $pwd;
}

function auth_mail_password($input)
{
    global $_PM_; // Since we need it virtuallay everywhere in this function
    require_once($_PM_['path']['lib'].'/pop3.inc.php');
    require_once($_PM_['path']['lib'].'/phm_streaming_smtp.php');
    require_once($_PM_['path']['lib'].'/phm_streaming_sendmail.php');
    require_once($_PM_['path']['lib'].'/phm_streaming_mailparser.php');
    require_once($_PM_['path']['lib'].'/message.encode.php');
    require_once($_PM_['path']['lib'].'/idna_convert.class.php');

    $providername = (isset($_PM_['core']['provider_name']) && $_PM_['core']['provider_name'] != '') ? $_PM_['core']['provider_name'] : 'phlyMail';
    $body = str_replace('$2', $input['password'], str_replace('$1', $providername, phm_stripslashes($input['body'])));
    $from = isset($_PM_['core']['systememail']) && $_PM_['core']['systememail'] ? $_PM_['core']['systememail'] : $input['email'];
    $to = $input['email'];
    $subject = str_replace('$1', $providername, phm_stripslashes($input['subject']));

    if (preg_match('![\x80-\xff]!', $body)) {
        $bodylines = explode(LF, $body);
        $body = '';
        foreach ($bodylines as $value) $body .= phm_quoted_printable_encode($value.CRLF);
        $body_qp = 'true';
    }
    $header = create_messageheader(array('from' => $from, 'to' => $to, 'subject' => $subject));
    $to = mailparser::parse_email_address($to);
    if ($_PM_['core']['send_method'] == 'sendmail') {
        $header = str_replace(CRLF, LF, $header);
        $body = str_replace(CRLF, LF, $body);
        $LE = LF;
        $sendmail = preg_replace('!\ \-t!', '', $_PM_['core']['sendmail']).' -t';
        $sm = new phm_streaming_sendmail($sendmail);
        if ($moep = $sm->get_last_error() && $moep) return;
    }
    if ($_PM_['core']['send_method'] == 'smtp') {
        $LE = CRLF;
        $from = mailparser::parse_email_address($from);
        if (isset($_PM_['core']['fix_smtp_host']) && $_PM_['core']['fix_smtp_host']) {
            $smtp_host = $_PM_['core']['fix_smtp_host'];
            $smtp_port = ($_PM_['core']['fix_smtp_port']) ? $_PM_['core']['fix_smtp_port'] : 25;
            $smtp_user = (isset($_PM_['core']['fix_smtp_user'])) ? $_PM_['core']['fix_smtp_user'] : false;
            $smtp_pass = (isset($_PM_['core']['fix_smtp_pass'])) ? $_PM_['core']['fix_smtp_pass'] : false;
        } else {
            return;
        }
        //
        $sm = new phm_streaming_smtp($smtp_host, $smtp_port, $smtp_user, $smtp_pass);
        $sm->open_server($from[0], $to[0]);
    }
    if ($sm) {
        $sm->put_data_to_stream($header);
        if (isset($body_qp) && 'true' == $body_qp) {
            $sm->put_data_to_stream('MIME-Version: 1.0'.$LE);
            $sm->put_data_to_stream('Content-Type: text/plain; charset=utf-8'.$LE);
            $sm->put_data_to_stream('Content-Transfer-Encoding: quoted-printable'.$LE);
        }
        $sm->put_data_to_stream($LE);
        $sm->put_data_to_stream($body);

        $sm->finish_transfer();
        $sm->close();
    }
}
?>
Return current item: phlyMail Lite