Commit 9a9af1b6 authored by Ad Schellevis's avatar Ad Schellevis

(legacy) spaces, curly braces etc in auth.inc

parent b83aa0d8
<?php <?php
/* /*
Copyright (C) 2014 Deciso B.V. Copyright (C) 2014-2016 Deciso B.V.
Copyright (C) 2010 Ermal Luçi Copyright (C) 2010 Ermal Luçi
Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com> Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com>
Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com> Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com>
...@@ -50,10 +50,10 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][ ...@@ -50,10 +50,10 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][
$found_host = false; $found_host = false;
/* Either a IPv6 address with or without a alternate port */ /* Either a IPv6 address with or without a alternate port */
if(strstr($_SERVER['HTTP_HOST'], "]")) { if (strstr($_SERVER['HTTP_HOST'], "]")) {
$http_host_port = explode("]", $_SERVER['HTTP_HOST']); $http_host_port = explode("]", $_SERVER['HTTP_HOST']);
/* v6 address has more parts, drop the last part */ /* v6 address has more parts, drop the last part */
if(count($http_host_port) > 1) { if (count($http_host_port) > 1) {
array_pop($http_host_port); array_pop($http_host_port);
$http_host = str_replace(array("[", "]"), "", implode(":", $http_host_port)); $http_host = str_replace(array("[", "]"), "", implode(":", $http_host_port));
} else { } else {
...@@ -63,19 +63,23 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][ ...@@ -63,19 +63,23 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][
$http_host = explode(":", $_SERVER['HTTP_HOST']); $http_host = explode(":", $_SERVER['HTTP_HOST']);
$http_host = $http_host[0]; $http_host = $http_host[0];
} }
if(is_ipaddr($http_host) or $_SERVER['SERVER_ADDR'] == "127.0.0.1" or if (is_ipaddr($http_host) || $_SERVER['SERVER_ADDR'] == "127.0.0.1" ||
strcasecmp($http_host, "localhost") == 0 or $_SERVER['SERVER_ADDR'] == "::1") strcasecmp($http_host, "localhost") == 0 or $_SERVER['SERVER_ADDR'] == "::1") {
$found_host = true; $found_host = true;
if(strcasecmp($http_host, $config['system']['hostname'] . "." . $config['system']['domain']) == 0 or }
strcasecmp($http_host, $config['system']['hostname']) == 0) if (strcasecmp($http_host, $config['system']['hostname'] . "." . $config['system']['domain']) == 0 ||
strcasecmp($http_host, $config['system']['hostname']) == 0) {
$found_host = true; $found_host = true;
}
if (isset($config['dyndnses']['dyndns']) && !$found_host) if (isset($config['dyndnses']['dyndns']) && !$found_host) {
foreach($config['dyndnses']['dyndns'] as $dyndns) foreach($config['dyndnses']['dyndns'] as $dyndns) {
if(strcasecmp($dyndns['host'], $http_host) == 0) { if (strcasecmp($dyndns['host'], $http_host) == 0) {
$found_host = true; $found_host = true;
break; break;
} }
}
}
if (isset($config['dnsupdates']['dnsupdate']) && !$found_host) { if (isset($config['dnsupdates']['dnsupdate']) && !$found_host) {
foreach ($config['dnsupdates']['dnsupdate'] as $rfc2136) { foreach ($config['dnsupdates']['dnsupdate'] as $rfc2136) {
...@@ -96,8 +100,8 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][ ...@@ -96,8 +100,8 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][
} }
} }
if($found_host == false) { if ($found_host == false) {
if(!security_checks_disabled()) { if (!security_checks_disabled()) {
display_error_form("501", sprintf(gettext("A potential %sDNS Rebind attack%s has been detected.%sTry to access the router by IP address instead of by hostname."),'<a href="http://en.wikipedia.org/wiki/DNS_rebinding">','</a>','<br />')); display_error_form("501", sprintf(gettext("A potential %sDNS Rebind attack%s has been detected.%sTry to access the router by IP address instead of by hostname."),'<a href="http://en.wikipedia.org/wiki/DNS_rebinding">','</a>','<br />'));
exit; exit;
} }
...@@ -106,10 +110,10 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][ ...@@ -106,10 +110,10 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][
} }
// If the HTTP_REFERER is something other than ourselves then disallow. // If the HTTP_REFERER is something other than ourselves then disallow.
if(function_exists("display_error_form") && !isset($config['system']['webgui']['nohttpreferercheck'])) { if (function_exists("display_error_form") && !isset($config['system']['webgui']['nohttpreferercheck'])) {
if(isset($_SERVER['HTTP_REFERER'])) { if (isset($_SERVER['HTTP_REFERER'])) {
if(file_exists('/tmp/setupwizard_lastreferrer')) { if (file_exists('/tmp/setupwizard_lastreferrer')) {
if($_SERVER['HTTP_REFERER'] == file_get_contents('/tmp/setupwizard_lastreferrer')) { if ($_SERVER['HTTP_REFERER'] == file_get_contents('/tmp/setupwizard_lastreferrer')) {
unlink('/tmp/setupwizard_lastreferrer'); unlink('/tmp/setupwizard_lastreferrer');
header("Refresh: 1; url=index.php"); header("Refresh: 1; url=index.php");
echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">"; echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">";
...@@ -120,15 +124,17 @@ if(function_exists("display_error_form") && !isset($config['system']['webgui'][' ...@@ -120,15 +124,17 @@ if(function_exists("display_error_form") && !isset($config['system']['webgui']['
$found_host = false; $found_host = false;
$referrer_host = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST); $referrer_host = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST);
$referrer_host = str_replace(array("[", "]"), "", $referrer_host); $referrer_host = str_replace(array("[", "]"), "", $referrer_host);
if($referrer_host) { if ($referrer_host) {
if(strcasecmp($referrer_host, $config['system']['hostname'] . "." . $config['system']['domain']) == 0 if (strcasecmp($referrer_host, $config['system']['hostname'] . "." . $config['system']['domain']) == 0 ||
|| strcasecmp($referrer_host, $config['system']['hostname']) == 0) strcasecmp($referrer_host, $config['system']['hostname']) == 0) {
$found_host = true; $found_host = true;
}
if (!empty($config['system']['webgui']['althostnames']) && !$found_host) { if (!empty($config['system']['webgui']['althostnames']) && !$found_host) {
$althosts = explode(" ", $config['system']['webgui']['althostnames']); $althosts = explode(" ", $config['system']['webgui']['althostnames']);
foreach ($althosts as $ah) { foreach ($althosts as $ah) {
if(strcasecmp($referrer_host, $ah) == 0) { if (strcasecmp($referrer_host, $ah) == 0) {
$found_host = true; $found_host = true;
break; break;
} }
...@@ -153,23 +159,24 @@ if(function_exists("display_error_form") && !isset($config['system']['webgui'][' ...@@ -153,23 +159,24 @@ if(function_exists("display_error_form") && !isset($config['system']['webgui']['
} }
} }
if(!$found_host) { if (!$found_host) {
$found_host = isAuthLocalIP($referrer_host); $found_host = isAuthLocalIP($referrer_host);
if($referrer_host == "127.0.0.1" || $referrer_host == "localhost") { if ($referrer_host == "127.0.0.1" || $referrer_host == "localhost") {
// allow SSH port forwarded connections and links from localhost // allow SSH port forwarded connections and links from localhost
$found_host = true; $found_host = true;
} }
} }
} }
if($found_host == false) { if ($found_host == false) {
if(!security_checks_disabled()) { if (!security_checks_disabled()) {
display_error_form("501", "An HTTP_REFERER was detected other than what is defined in System -> Advanced (" . htmlspecialchars($_SERVER['HTTP_REFERER']) . "). You can disable this check if needed in System -> Advanced -> Admin."); display_error_form("501", "An HTTP_REFERER was detected other than what is defined in System -> Advanced (" . htmlspecialchars($_SERVER['HTTP_REFERER']) . "). You can disable this check if needed in System -> Advanced -> Admin.");
exit; exit;
} }
$security_passed = false; $security_passed = false;
} }
} else } else {
$security_passed = false; $security_passed = false;
}
} }
if (function_exists("display_error_form") && $security_passed) { if (function_exists("display_error_form") && $security_passed) {
...@@ -215,7 +222,6 @@ function index_groups() ...@@ -215,7 +222,6 @@ function index_groups()
global $config, $groupindex; global $config, $groupindex;
$groupindex = array(); $groupindex = array();
if (isset($config['system']['group'])) { if (isset($config['system']['group'])) {
$i = 0; $i = 0;
foreach($config['system']['group'] as $groupent) { foreach($config['system']['group'] as $groupent) {
...@@ -242,7 +248,7 @@ function index_users() ...@@ -242,7 +248,7 @@ function index_users()
} }
return ($userindex); return ($userindex);
} }
function &getUserEntry($name) function &getUserEntry($name)
{ {
...@@ -259,10 +265,13 @@ function &getUserEntryByUID($uid) ...@@ -259,10 +265,13 @@ function &getUserEntryByUID($uid)
{ {
global $config; global $config;
if (is_array($config['system']['user'])) if (is_array($config['system']['user'])) {
foreach ($config['system']['user'] as & $user) foreach ($config['system']['user'] as & $user) {
if ($user['uid'] == $uid) if ($user['uid'] == $uid) {
return $user; return $user;
}
}
}
return false; return false;
} }
...@@ -307,23 +316,24 @@ function get_user_privileges(&$user) ...@@ -307,23 +316,24 @@ function get_user_privileges(&$user)
$privs = array_merge($privs, $group['priv']); $privs = array_merge($privs, $group['priv']);
} }
} }
return $privs; return $privs;
} }
function userHasPrivilege($userent, $privid = false) { function userHasPrivilege($userent, $privid = false)
{
if (!$privid || !is_array($userent)) if (!$privid || !is_array($userent)) {
return false; return false;
}
$privs = get_user_privileges($userent); $privs = get_user_privileges($userent);
if (!is_array($privs)) if (!is_array($privs)) {
return false; return false;
}
if (!in_array($privid, $privs)) if (!in_array($privid, $privs)) {
return false; return false;
}
return true; return true;
} }
...@@ -512,7 +522,6 @@ function local_user_get_groups($user, $all = false) ...@@ -512,7 +522,6 @@ function local_user_get_groups($user, $all = false)
sort($groups); sort($groups);
return $groups; return $groups;
} }
function local_user_set_groups($user, $new_groups = null) function local_user_set_groups($user, $new_groups = null)
...@@ -618,7 +627,6 @@ function local_group_del($group) ...@@ -618,7 +627,6 @@ function local_group_del($group)
function ldap_setup_caenv($authcfg) function ldap_setup_caenv($authcfg)
{ {
unset($caref); unset($caref);
if (empty($authcfg['ldap_caref']) || !strstr($authcfg['ldap_urltype'], "SSL")) { if (empty($authcfg['ldap_caref']) || !strstr($authcfg['ldap_urltype'], "SSL")) {
...@@ -645,25 +653,30 @@ function ldap_setup_caenv($authcfg) ...@@ -645,25 +653,30 @@ function ldap_setup_caenv($authcfg)
} }
function is_account_expired($username) { function is_account_expired($username)
{
$user = getUserEntry($username); $user = getUserEntry($username);
if (isset($user['expires']) && !empty($user['expires'])) { if (isset($user['expires']) && !empty($user['expires'])) {
if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($user['expires'])))) if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($user['expires'])))) {
return true; return true;
} }
}
return false; return false;
} }
function is_account_disabled($username) { function is_account_disabled($username)
{
$user = getUserEntry($username); $user = getUserEntry($username);
if (isset($user['disabled'])) if (isset($user['disabled'])) {
return true; return true;
}
return false; return false;
} }
function auth_get_authserver($name) { function auth_get_authserver($name)
{
global $config; global $config;
if ($name == "Local Database") { if ($name == "Local Database") {
...@@ -674,7 +687,6 @@ function auth_get_authserver($name) { ...@@ -674,7 +687,6 @@ function auth_get_authserver($name) {
); );
} }
if (isset($config['system']['authserver']) && is_array($config['system']['authserver'])) { if (isset($config['system']['authserver']) && is_array($config['system']['authserver'])) {
foreach ($config['system']['authserver'] as $authcfg) { foreach ($config['system']['authserver'] as $authcfg) {
if ($authcfg['name'] == $name) { if ($authcfg['name'] == $name) {
...@@ -696,7 +708,6 @@ function auth_get_authserver($name) { ...@@ -696,7 +708,6 @@ function auth_get_authserver($name) {
if (empty($authcfg['ldap_bindpw'])) { if (empty($authcfg['ldap_bindpw'])) {
$authcfg['ldap_bindpw'] = null; $authcfg['ldap_bindpw'] = null;
} }
} }
return $authcfg; return $authcfg;
} }
...@@ -704,7 +715,8 @@ function auth_get_authserver($name) { ...@@ -704,7 +715,8 @@ function auth_get_authserver($name) {
} }
} }
function auth_get_authserver_list() { function auth_get_authserver_list()
{
global $config; global $config;
$list = array(); $list = array();
...@@ -720,8 +732,8 @@ function auth_get_authserver_list() { ...@@ -720,8 +732,8 @@ function auth_get_authserver_list() {
return $list; return $list;
} }
function authenticate_user($username, $password, $authcfg = NULL) { function authenticate_user($username, $password, $authcfg = NULL)
{
if (empty($authcfg)) { if (empty($authcfg)) {
$authName = 'Local Database'; $authName = 'Local Database';
} else { } else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment