Geeklog
[ class tree: Geeklog ] [ index: Geeklog ] [ all elements ]
Packages:
Geeklog
Calendar
kses
Links
net-geeklog-search
Polls
Spam-X
StaticPages
XMLSitemap


Files:
404.php
article.php
association.php
atom.feed.class.php
auth.inc.php
bigdump.php
block.php
calendar.class.php
comment.php
config-install.php
config.class.php
config.php
configinfo.php
configuration.php
consumer.php
database.php
directory.php
downloader.class.php
event.php
feedparserbase.class.php
functions.php
getimage.php
group.php
help.php
httpclient.php
index.php
index.php
index.php
index.php
index.php
index.php
info.php
install-plugins.php
install_defaults.php
interface.php
LDAP.auth.class.php
lib-admin.php
lib-comment.php
lib-common.php
lib-custom.php
lib-database.php
lib-install.php
lib-mbyte.php
lib-pingback.php
lib-plugins.php
lib-security.php
lib-sessions.php
lib-story.php
lib-syndication.php
lib-trackback.php
lib-upgrade.php
lib-user.php
lib-webservices.php
listfactory.class.php
LiveJournal.auth.class.php
mail.php
migrate.php
moderation.php
mssql.class.php
mssql_1.4.1_to_1.5.0.php
mssql_1.5.0_to_1.5.1.php
mssql_1.5.1_to_1.5.2.php
mssql_1.5.2_to_1.6.0.php
mssql_1.6.0_to_1.6.1.php
mssql_1.6.1_to_1.6.2.php
mssql_install.php
mssql_tableanddata.php
mysql.class.php
mysql_1.2.5-1_to_1.3.php
mysql_1.3.1_to_1.3.2.php
mysql_1.3.2-1_to_1.3.3.php
mysql_1.3.3_to_1.3.4.php
mysql_1.3.4_to_1.3.5.php
mysql_1.3.5_to_1.3.6.php
mysql_1.3.7_to_1.3.8.php
mysql_1.3.8_to_1.3.9.php
mysql_1.3.9_to_1.3.10.php
mysql_1.3.10_to_1.3.11.php
mysql_1.3.11_to_1.4.0.php
mysql_1.3_to_1.3.1.php
mysql_1.4.0_to_1.4.1.php
mysql_1.4.1_to_1.5.0.php
mysql_1.5.0_to_1.5.1.php
mysql_1.5.1_to_1.5.2.php
mysql_1.5.2_to_1.6.0.php
mysql_1.6.0_to_1.6.1.php
mysql_1.6.1_to_1.6.2.php
mysql_install.php
mysql_tableanddata.php
navbar.class.php
oid_parse.php
oid_util.php
openidhelper.class.php
parserfactory.class.php
pgsql.class.php
pgsql_install.php
pgsql_tableanddata.php
pingback.php
plugin.class.php
plugins.php
profiles.php
rdf.feed.class.php
rss.feed.class.php
sanitize.class.php
search.php
searchcriteria.class.php
sectest.php
server.php
stats.php
story.class.php
story.php
submit.php
success.php
switchlang.php
syndication.php
template.class.php
timer.class.php
timezoneconfig.class.php
topic.php
trackback.php
trackback.php
trustroot.php
unpacker.class.php
upload.class.php
url.class.php
user.php
users.php
usersettings.php

Classes:
AbstractConsumerAssociationManager
ActionHandler
Association
Atom03
Atom10
Calendar
CalendarDay
CheckAuthRequired
config
ConsumerAssociation
ConsumerAssociationManager
ConsumerRequest
ConsumerResponse
DataBase
database
DiffieHellman
DiffieHelmanAssociator
downloader
DumbAssociationManager
ErrorFromServer
FeedParserBase
FeedParserFactory
HTTPClient
InvalidLogin
LDAP
ListFactory
LiveJournal
navbar
oidParse
oidUtil
oidUtilPhpBigInt
oidUtilPhpSha1
OpenIDConsumer
OpenIDConsumerHelper
OpenIDServer
ParanoidHTTPClient
Plugin
RDF
Request
RSS0x
RSS20
sanitizer
SearchCriteria
ServerAssociationStore
ServerResponse
SimpleActionHandler
SimpleConsumer
SimpleHTTPClient
Story
Template
timerobject
TimeZoneConfig
TrustRoot
unpacker
upload
url
UserCancelled
UserSetupNeeded
ValidLogin

Procedural File: lib-security.php

Source Location: /system/lib-security.php



Page Details:







CSRF_TOKEN [line 77]

CSRF_TOKEN = '_glsectoken'

[ Top ]


USER_ACCOUNT_ACTIVE [line 73]

USER_ACCOUNT_ACTIVE = 3

[ Top ]


USER_ACCOUNT_AWAITING_ACTIVATION [line 71]

USER_ACCOUNT_AWAITING_ACTIVATION = 1

[ Top ]


USER_ACCOUNT_AWAITING_APPROVAL [line 72]

USER_ACCOUNT_AWAITING_APPROVAL = 2

[ Top ]


USER_ACCOUNT_DISABLED [line 70]

USER_ACCOUNT_DISABLED = 0
This is the security library for Geeklog. This is used to implement Geeklog's *nix-style security system.

Programming notes: For items you need security on you need the following for each record in your database: owner_id | mediumint(8) group_id | mediumint(8) perm_owner | tinyint(1) unsigned perm_group | tinyint(1) unsigned perm_members | tinyint(1) unsigned perm_anon | tinyint(1) unsigned

For display one function can handle most needs: function SEC_hasAccess($owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon) A call to this function will allow you to determine if the current user should see the item.

For the admin screen several functions will make life easier: function SEC_getPermissionsHTML($perm_owner,$perm_group,$perm_members,$perm_anon) This function displays the permissions widget with arrays for each permission function SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon) This function takes the permissions from the previous function and converts them into an integer for saving back to the database.



[ Top ]



SEC_addUserToGroup [line 909]

boolean SEC_addUserToGroup( string $uid, string $gname)

Add user to a group

work in progress

Rather self explanitory shortcut function Is this the right place for this, Dirk?




Tags:

return:  status, true or false.
author:  Trinity L Bays, trinity93 AT gmail DOT com


Parameters

string   $uid   Their user id
string   $gname   The group name
[ Top ]


SEC_authenticate [line 704]

int SEC_authenticate( string $username, string $password, &$uid, int $uid)

Attempt to login a user.

Checks a users username and password against the database. Returns users status.




Tags:

return:  user status, -1 for fail.


Parameters

string   $username   who is logging in?
string   $password   what they claim is their password
int   $uid   This is an OUTPUT param, pass by ref, sends back UID inside it.
   &$uid  
[ Top ]


SEC_buildAccessSql [line 959]

string SEC_buildAccessSql( [string $clause = 'AND'])

Common function used to build group access SQL



Tags:

return:  Formatted SQL string to be appended in calling script SQL statement


Parameters

string   $clause   Optional parm 'WHERE' - default is 'AND'
[ Top ]


SEC_checkToken [line 1142]

boolean SEC_checkToken( )

Check a security token.

Checks the POST and GET data for a security token, if one exists, validates that it's for this user and URL. If the token is not valid, it asks the user to re-authenticate and resends the request if authentication was successful.




Tags:

return:  true if the token is valid; does not return if not!
see:  SECINT_checkToken
link:  http://wiki.geeklog.net/index.php/Re-Authentication_for_expired_Tokens


[ Top ]


SEC_checkUserStatus [line 748]

int SEC_checkUserStatus( int $userid)

Return the current user status for a user.

NOTE: May not return for banned/non-approved users.




Tags:

return:  user status, 0-3


Parameters

int   $userid   Valid uid value.
[ Top ]


SEC_collectRemoteAuthenticationModules [line 875]

array SEC_collectRemoteAuthenticationModules( )

Return available modules for Remote Authentication



Tags:

return:  Names of available remote authentication modules


[ Top ]


SEC_createToken [line 1088]

string SEC_createToken( [int $ttl = 1200])

Generate a security token.

This generates and stores a one time security token. Security tokens are added to forms and urls in the admin section as a non-cookie double-check that the admin user really wanted to do that...




Tags:

return:  Generated token, it'll be an MD5 hash (32chars)
see:  SEC_checkToken()


Parameters

int   $ttl   Time to live for token in seconds. Default is 20 minutes.
[ Top ]


SEC_encryptPassword [line 1071]

string SEC_encryptPassword( string $password)

Encrypt password

For now, this is only a wrapper function to get all the direct calls to md5() out of the core code so that we can switch to another method of encoding / encrypting our passwords in some future release ...




Tags:

return:  encrypted password


Parameters

string   $password   the password to encrypt, in clear text
[ Top ]


SEC_filterPermissions [line 1511]

array SEC_filterPermissions( array $A)

Prepare an array of the standard permission values

This helper functions does the following: 1) filter permission values, e.g. after a POST request 2) translates the permission checkbox arrays into numerical values 3) ensures that all the standard permission entries are set, so you don't have to check with isset() all the time

  1.  $PERM SEC_filterPermissions($_POST);
  2.  if ($PERM['perm_anon'!= 0...




Tags:

return:  array of only the 6 standard permission values
see:  SEC_getPermissionValues()


Parameters

array   $A   array to filter on, e.g. $_POST
[ Top ]


SEC_getFeatureGroup [line 653]

int SEC_getFeatureGroup( string $feature, [int $uid = ''])

Return the group to a given feature.

Scenario: We have a feature and we want to know from which group the user got this feature. Always returns the lowest group ID, in case the feature has been inherited from more than one group.




Tags:

return:  group ID or 0


Parameters

string   $feature   the feature, e.g 'story.edit'
int   $uid   (optional) user ID
[ Top ]


SEC_getGroupDropdown [line 1031]

string SEC_getGroupDropdown( int $group_id, int $access)

Create a group dropdown

Creates the group dropdown menu that's used on pretty much every admin page




Tags:

return:  HTML for the dropdown


Parameters

int   $group_id   current group id (to be selected)
int   $access   access permission
[ Top ]


SEC_getPermissionsHTML [line 425]

string SEC_getPermissionsHTML( int $perm_owner, int $perm_group, int $perm_members, int $perm_anon)

Shows security control for an object

This will return the HTML needed to create the security control seen on the admin screen for GL objects (i.e. stories, etc)




Tags:

return:  needed HTML (table) in HTML $perm_owner = array of permissions [edit,read], etc edit = 1 if permission, read = 2 if permission


Parameters

int   $perm_owner   Permissions the owner has 1 = edit 2 = read 3 = read/edit
int   $perm_group   Permission the group has
int   $perm_members   Permissions logged in members have
int   $perm_anon   Permissions anonymous users have
[ Top ]


SEC_getPermissionValue [line 610]

int SEC_getPermissionValue( array $perm_x)

Converts permission array into numeric value

This function converts an array of permissions for either the owner/group/members/anon and returns the numeric equivalent. This is typically called by the admin screens to prepare the permissions to be save to the database




Tags:

return:  int representation of a permission array 2 = read 3 = edit/read
see:  SEC_getPermissionValues()


Parameters

array   $perm_x   Array of permission values
[ Top ]


SEC_getPermissionValues [line 554]

array SEC_getPermissionValues( array $perm_owner, array $perm_group, array $perm_members, array $perm_anon)

Converts permissions to numeric values

This function will take all permissions for an object and get the numeric value that can then be used to save the database.




Tags:

return:  returns numeric equivalent for each permissions array (2 = read, 3=edit/read)
see:  SEC_getPermissionValue()
see:  SEC_getPermissionsHTML()


Parameters

array   $perm_owner   Array of owner permissions These arrays are set up by SEC_getPermissionsHTML
array   $perm_group   Array of group permissions
array   $perm_members   Array of member permissions
array   $perm_anon   Array of anonymous user permissions
[ Top ]


SEC_getTokenExpiryNotice [line 1420]

string SEC_getTokenExpiryNotice( string $token, [string $extra_msg = ''])

Create a message informing the user when the security token is about to expire

This message is only created for Remote Users who logged in using OpenID, since the re-authentication does not work with OpenID.




Tags:

return:  formatted HTML of message
see:  SEC_checkToken()


Parameters

string   $token   the token
string   $extra_msg   (optional) additional text to include in notice
[ Top ]


SEC_getTokenExpiryTime [line 1387]

int SEC_getTokenExpiryTime( string $token)

Get a token's expiry time



Tags:

return:  UNIX timestamp of the expiry time or 0


Parameters

string   $token   the token we're looking for
[ Top ]


SEC_getUserGroups [line 95]

array SEC_getUserGroups( [int $uid = ''])

Returns the groups a user belongs to

This is part of the GL security implementation. This function returns all the groups a user belongs to. This function is called recursively as groups can belong to other groups

Note: this is an expensive function -- if you are concerned about speed it should only be used once at the beginning of a page. The resulting array $_GROUPS can then be used through out the page.




Tags:

return:  Associative Array grp_name -> ug_main_grp_id of group ID's user belongs to


Parameters

int   $uid   User ID to get information for. If empty current user.
[ Top ]


SEC_getUserPermissions [line 487]

string SEC_getUserPermissions( [int $grp_id = ''], [int $uid = ''])

Gets everything a user has permissions to within the system

This is part of the Geeklog security implementation. This function will get all the permissions the current user has. Calls itself recursively.




Tags:

return:  returns comma delimited list of features the user has access to


Parameters

int   $grp_id   DO NOT USE (Used for recursion) Current group function is working on
int   $uid   User to check, if empty current user.
[ Top ]


SEC_groupIsRemoteUserAndHaveAccess [line 171]

boolean SEC_groupIsRemoteUserAndHaveAccess( groupid $groupid, groups $groups)

Checks to see if a user has admin access to the "Remote Users" group

Admin users will probably not be members, but, User Admin, Root, and group admin will have access to it. However, we can not be sure what the group id for "Remote User" group is, because it's a later static group, and upgraded systems could have it in any id slot.




Parameters

groupid   $groupid   int The id of a group, which might be the remote users group
groups   $groups   array Array of group ids the user has access to.
[ Top ]


SEC_hasAccess [line 314]

int SEC_hasAccess( int $owner_id, int $group_id, int $perm_owner, int $perm_group, int $perm_members, int $perm_anon)

Checks if current user has access to the given object

This function takes the access info from a Geeklog object and let's us know if they have access to the object returns 3 for read/edit, 2 for read only and 0 for no access




Tags:

return:  returns 3 for read/edit 2 for read only 0 for no access


Parameters

int   $owner_id   ID of the owner of object
int   $group_id   ID of group object belongs to
int   $perm_owner   Permissions the owner has
int   $perm_group   Permissions the gorup has
int   $perm_members   Permissions logged in members have
int   $perm_anon   Permissions anonymous users have
[ Top ]


SEC_hasAccess2 [line 1556]

int SEC_hasAccess2( array $A)

Helper function for when you want to call SEC_hasAccess and have all the values to check in an array.



Tags:

return:  returns 3 for read/edit 2 for read only 0 for no access
see:  SEC_hasAccess()


Parameters

array   $A   array with the standard permission values
[ Top ]


SEC_hasRights [line 358]

boolean SEC_hasRights( string|array $features, [string $operator = 'AND'])

Checks if current user has rights to a feature

Takes either a single feature or an array of features and returns an array of whether the user has those rights




Tags:

return:  Return true if current user has access to feature(s), otherwise false.


Parameters

string|array   $features   Features to check
string   $operator   Either 'and' or 'or'. Default is 'and'. Used if checking more than one feature.
[ Top ]


SEC_hasTopicAccess [line 283]

int SEC_hasTopicAccess( string $tid)

Checks to see if current user has access to a topic

Checks to see if current user has access to a topic




Tags:

return:  returns 3 for read/edit 2 for read only 0 for no access


Parameters

string   $tid   ID for topic to check on
[ Top ]


SEC_inGroup [line 211]

boolean SEC_inGroup( string $grp_to_verify, [int $uid = ''], [string $cur_grp_id = ''])

Determines if user belongs to specified group

This is part of the Geeklog security implementation. This function looks up whether a user belongs to a specified group




Tags:

return:  true if user is in group, otherwise false


Parameters

string   $grp_to_verify   Group we want to see if user belongs to
int   $uid   ID for user to check. If empty current user.
string   $cur_grp_id   NOT USED Current group we are working with in hierarchy
[ Top ]


SEC_isModerator [line 257]

boolean SEC_isModerator( )

Determines if current user is a moderator of any kind

Checks to see if this user is a moderator for any of the GL features OR GL plugins




Tags:

return:  returns if user has any .moderate rights


[ Top ]


SEC_loginForm [line 1592]

string SEC_loginForm( [array $use_config = array()])

Displays a login form

This is the version of the login form displayed in the content area of the page (not the side bar). It will present all options (remote authentication

  • including OpenID, new registration link, etc.) according to the current
configuration settings.




Tags:

return:  HTML of the login form


Parameters

array   $use_config   options to override some of the defaults
[ Top ]


SEC_loginRequiredForm [line 1568]

string SEC_loginRequiredForm( )

Display a "to access this area you need to be logged in" message



Tags:

return:  HTML for the message


[ Top ]


SEC_remoteAuthentication [line 803]

int SEC_remoteAuthentication( &$loginname, string $passwd, $service, &$uid, string $loginname, string $server, string $uid)

Check to see if we can authenticate this user with a remote server

A user has not managed to login localy, but has an @ in their user name and we have enabled distributed authentication. Firstly, try to see if we have cached the module that we used to authenticate them when they signed up (i.e. they've actualy changed their password elsewhere and we need to synch.) If not, then try to authenticate them with /every/ authentication module. If this suceeds, create a user for them.




Tags:

return:  user status, -1 for fail.


Parameters

string   $loginname   Their username
string   $passwd   The password entered
string   $server   The server portion of $username
string   $uid   OUTPUT parameter, pass it by ref to get uid back.
   &$loginname  
   $service  
   &$uid  
[ Top ]


SEC_removeFeatureFromDB [line 990]

void SEC_removeFeatureFromDB( string $feature_name, [boolean $logging = false])

Remove a feature from the database entirely.

This function can be used by plugins during uninstall.




Parameters

string   $feature_name   name of the feature, e.g. 'foo.edit'
boolean   $logging   whether to log progress in error.log
[ Top ]


SEC_setCookie [line 1463]

void SEC_setCookie( string $name, string $value, [int $expire = 0], [string $path = null], [string $domain = null], [boolean $secure = null])

Set a cookie using the HttpOnly flag

Use this function to set "important" cookies (session, password, ...). Browsers that support the HttpOnly flag will not allow JavaScript access to such a cookie.




Tags:

link:  http://blog.mattmecham.com/2006/09/12/http-only-cookies-without-php-52/


Parameters

string   $name   cookie name
string   $value   cookie value
int   $expire   expire time
string   $path   path on the server or $_CONF['cookie_path']
string   $domain   domain or $_CONF['cookiedomain']
boolean   $secure   whether to use HTTPS or $_CONF['cookiesecure']
[ Top ]


SEC_setDefaultPermissions [line 924]

void SEC_setDefaultPermissions( &$A, [array $use_permissions = array ()], array $A)

Set default permissions for an object



Parameters

array   $A   target array
array   $use_permissions   permissions to set
   &$A  
[ Top ]


Documentation generated on Wed, 10 Mar 2010 02:07:23 -0500 by phpDocumentor 1.4.3