Source for file Default.php

Documentation is available at Default.php

  1. <?php /*
  2.  * FCKeditor - The text editor for internet
  3.  * Copyright (C) 2003-2005 Frederico Caldeira Knabben
  4.  * 
  5.  * Licensed under the terms of the GNU Lesser General Public License:
  6.  *         http://www.opensource.org/licenses/lgpl-license.php
  7.  * 
  8.  * For further information visit:
  9.  *         http://www.fckeditor.net/
  10.  * 
  11.  * File Name: Default.php
  12.  *     Im not very clued up on authentication but even i can see that anyone 
  13.  *     who can spoof an IP could perform a replay attack on this, but its 
  14.  *     better than nothing. 
  15.  *     There is a 1 hour time out on tokens to help this slightly.
  16.  * 
  17.  * File Authors:
  18.  *         Grant French (grant@mcpuk.net)
  19.  */
  20. class Auth {
  21.     
  22.     function authenticate($data,$fckphp_config{
  23.  
  24.         //Hold relevant$fckphp_config vars locally
  25.         $key=$fckphp_config['auth']['Handler']['SharedKey'];
  26.         $fckphp_config['authSuccess']=false;
  27.         
  28.         //Decrypt the data passed to us
  29.         $decData="";
  30.         for ($i=0;$i<strlen($data)-1;$i+=2$decData.=chr(hexdec($data[$i].$data[$i+1]));
  31.         
  32.         $decArray=explode("|^SEP^|",$decData);
  33.         
  34.         if (sizeof($decArray)==4{
  35.             //0 = Timestamp
  36.             //1 = Client IP
  37.             //2 = Username
  38.             //3 = MD5
  39.             if ($decArray[3]==md5($decArray[0]."|^SEP^|".$decArray[1]."|^SEP^|".$decArray[2].$key)) {
  40.                 if (time()-$decArray[0]<3600//Token valid for max of 1 hour
  41.                     if ($_SERVER['REMOTE_ADDR']==$decArray[1]{
  42.                         
  43.                         //Set the file root to the users individual one
  44.                         $top=str_replace("//","/",$fckphp_config['basedir'].'/'.$fckphp_config['UserFilesPath']."/users");
  45.                         $fckphp_config['UserFilesPath']=$fckphp_config['UserFilesPath']."/users/".$decArray[2];
  46.                         $up=str_replace("//","/",$fckphp_config['basedir'].'/'.$fckphp_config['UserFilesPath']);
  47.                         
  48.                         if (!file_exists($top)) {
  49.                             mkdir($top,0777or die("users folder in UserFilesPath does not exist and could not be created.");
  50.                             chmod($top,0777);
  51.                         }
  52.                         
  53.                         //Create folder if it doesnt exist
  54.                         if (!file_exists($up)) {
  55.                             mkdir($up,0777or die("users/".$decArray[2]." folder in UserFilesPath does not exist and could not be created.");
  56.                             chmod($up,0777)//Just for good measure
  57.                         }
  58.                         
  59.                         //Create resource area subfolders if they dont exist
  60.                         foreach ($fckphp_config['ResourceTypes'as $value{
  61.                             if (!file_exists("$up/$value")) {
  62.                                 mkdir("$up/$value",0777or die("users/".$decArray[2]."/$value folder in UserFilesPath does not exist and could not be created.");
  63.                                 chmod("$up/$value",0777)//Just for good measure
  64.                             }
  65.                         }
  66.                         $fckphp_config['authSuccess']=true;
  67.                     else {
  68.                         //Not same client as auth token is for
  69.                     }
  70.                 else {
  71.                     //Token more than an hour old
  72.                 }
  73.             else {
  74.                 //Data integrity failed
  75.             }
  76.         else {
  77.             //Not enough data (decryption failed?)
  78.         }
  79.         
  80.         return $fckphp_config;
  81.     }
  82. }
  83. ?>

Documentation generated on Mon, 05 May 2008 16:19:14 +0400 by phpDocumentor 1.4.0