kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

translating comments of m_hta.php to english + misc fopen() checks

This commit is contained in:
Benjamin Sonntag 2009-11-30 05:02:53 +00:00
parent 2441ba9936
commit 161a04cebb
6 changed files with 203 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
bureau/class/m_admin.php
View File

@ -190,7 +190,6 @@ class m_admin {
*
*/
function get_list($all=0,$creator=0) {
// PATCHBEN pour ne voir que les comptes que l'on a créé (sauf admin)
global $err,$mem,$cuid;
$err->log("admin","get_list");
if (!$this->enabled) {
@ -259,7 +258,7 @@ class m_admin {
*/
function checkcreator($uid) {
global $err,$mem,$db,$cuid;
// DONE PATCHBEN Check that the current user is editing one of it's own account !
// Check that the current user is editing one of it's own account !
// but ADMIN (always uid 2000) is almighty
if ($cuid==2000) {
return true;
@ -342,9 +341,6 @@ class m_admin {
$db->query("SELECT count(*) AS cnt FROM membres WHERE login='$login';");
$db->next_record();
if (!$db->f("cnt")) {
// [ML] ATTENTION: ce code recycle les uid de comptes supprimes
// ne cause pas vraiment de bug, mais c'est une mauvaise pratique, et
// risque que deux comptes aient le meme uid si crees exactement en meme temps
$db->query("SELECT m.uid+1 as nextid FROM membres m LEFT JOIN membres n ON m.uid=n.uid-1 WHERE n.uid IS NULL ORDER BY 1 LIMIT 0,1");
if (!$db->next_record()) {
$uid=2000;
@ -1019,6 +1015,100 @@ EOF;
return $db->f("login");
}
/* ----------------------------------------------------------------- */
/**
* List the password policies currently installed in the policy table
*
* @return array an indexed array of associative array from the MySQL "policy" table
*
*/
function listPasswordPolicies() {
global $db,$classes;
$tmp1=array();
$tmp2=array();
$policies=array();
$db->query("SELECT * FROM policy;");
while ($db->next_record()) {
$tmp1[$db->Record["name"]]=$db->Record;
}
foreach($classes as $c) {
if (method_exists($GLOBALS[$c],"alternc_password_policy")) {
$res=$GLOBALS[$c]->alternc_password_policy(); // returns an array
foreach($res as $k=>$v) {
$tmp2[$k]=$v;
}
}
}
foreach($tmp2 as $k=>$v) {
if (!isset($tmp1[$k])) {
// Default policy :
$db->query("INSERT INTO policy SET name='".addslashes($k)."', minsize=0, maxsize=64, classcount=0, allowlogin=0;");
$tmp1[$k]=array(
"minsize"=>0, "maxsize"=>64, "classcount"=>0, "allowlogin"=>0
);
}
$policies[$k]=$tmp1[$k];
$policies[$k]["description"]=_($v);
unset($tmp1[$k]);
}
foreach ($tmp1 as $k=>$v) {
// Delete disabled modules :
$db->query("DELETE FROM policy WHERE name='".addslashes($k)."';");
}
return $policies;
}
/* ----------------------------------------------------------------- */
/**
* Change a password policy for one kind of password
*
* @param $policy string Name of the policy to edit
* @param $minsize integer Minimum Password size
* @param $maxsize integer Maximum Password size
* @param $classcount integer How many class of characters must this password have
* @param $allowlogin boolean Do we allow the password to be like the login ?
* @return boolean TRUE if the policy has been edited, or FALSE if an error occured.
*
*/
function editPolicy($policy,$minsize,$maxsize,$classcount,$allowlogin) {
global $db;
$minsize=intval($minsize);
$maxsize=intval($maxsize);
$classcount=intval($classcount);
$allowlogin=intval($allowlogin);
$db->query("SELECT * FROM policy WHERE name='".addslashes($policy)."';");
if (!$db->next_record()) {
return false; // Policy not found
}
if ($minsize<0 || $minsize>64 || $maxsize<0 || $maxsize>64 || $maxsize<$minsize || $classcount<0 || $classcount>4) {
return false; // Incorrect policy ...
}
$allowlogin=($allowlogin)?1:0;
$db->query("UPDATE policy SET minsize=$minsize, maxsize=$maxsize, classcount=$classcount, allowlogin=$allowlogin WHERE name='".addslashes($policy)."';");
return true;
}
/* ----------------------------------------------------------------- */
/**
* Check a password and a login for a specific policy
*
* @param $policy string Name of the policy to check for
* @param $login The login that will be set
* @param $password The password we have to check
* @return boolean TRUE if the password if OK for this login and this policy, FALSE if it is not.
*
*/
function checkPolicy($policy,$login,$password) {
global $db;
}
} /* Classe ADMIN */
?>

10
bureau/class/m_ftp.php
View File

@ -46,6 +46,16 @@ class m_ftp {
return "ftp";
}
/* ----------------------------------------------------------------- */
/**
* Password kind used in this class (hook for admin class)
*/
function alternc_password_policy() {
return array("ftp"=>"FTP accounts");
}
/* ----------------------------------------------------------------- */
/** Retourne la liste des comptes FTP du compte hébergé
* Retourne la liste des comptes FTP sous forme de tableau indexé de

109
bureau/class/m_hta.php
View File

@ -27,30 +27,32 @@
Purpose of file:
----------------------------------------------------------------------
*/
/**
* Classe de gestion des dossiers protégés par .htaccess apache
* This class handle folder web restricted access through .htaccess/.htpassword
* files.
*
* Cette classe permet de gérer les dossiers protégés par login/pass
* par le système .htaccess d'apache.
* Copyleft {@link http://alternc.net/ AlternC Team}
*
* @copyright AlternC-Team 2002-11-01 http://alternc.net/
* @copyright AlternC-Team 2002-11-01 http://alternc.org/
*
*/
class m_hta {
/*---------------------------------------------------------------------------*/
/**
* Constructeur de la classe m_webaccess, initialise le membre
* Constructor
*/
function m_webaccess() {
}
/*---------------------------------------------------------------------------*/
/**
* Crée un dossier à protéger (.htaccess et .htpasswd)
* @param string $dir Répertoire relatif au dossier de l'utilisateur
* @return boolean TRUE si le dossier a été protégé avec succès, FALSE sinon
* Create a protected folder (.htaccess et .htpasswd)
* @param string $dir Folder to protect (relative to user root)
* @return boolean TRUE if the folder has been protected, or FALSE if an error occurred
*/
function CreateDir($dir) {
global $mem,$bro,$err;
@ -78,10 +80,11 @@ class m_hta {
return true;
}
/*---------------------------------------------------------------------------*/
/**
* Retourne la liste de tous les dossiers de l'utilisateur contenant un .htpasswd
* @return array Tableau contenant la liste des dossiers protégés de l'utilisateur
* Returns the list of all user folder currently protected by a .htpasswd file
* @return array Array containing user folder list
*/
function ListDir() {
global $err,$mem;
@ -100,11 +103,12 @@ class m_hta {
return $r;
}
/*---------------------------------------------------------------------------*/
/**
* Retourne TRUE si le dossier paramètre est protégé.
* @param string $dir Dossier dont on souhaite vérifier la protection
* @return TRUE si le dossier est protégé, FALSE sinon
* Tells if a folder is protected.
* @param string $dir Folder to check
* @return TRUE if the folder is protected, or FALSE if it is not
*/
function is_protected($dir){
global $mem,$err;
@ -119,11 +123,12 @@ class m_hta {
}
}
/*---------------------------------------------------------------------------*/
/**
* Retourne la liste des utilisateurs autorisés dans le dossier
* @param string $dir Dossier dont on souhaite obtenir la liste des user/pass
* @return array Tableau contenant la liste des logins du .htpasswd ou FALSE.
* Returns the list of login for a protected folder.
* @param string $dir The folder to lookup (relative to user root)
* @return array An array containing the list of logins from the .htpasswd file, or FALSE
*/
function get_hta_detail($dir) {
global $mem,$err;
@ -134,10 +139,12 @@ class m_hta {
return false;
}
*/ }
$file = fopen("$absolute/.htpasswd","r");
$file = @fopen("$absolute/.htpasswd","r");
$i=0;
$res=array();
fseek($file,0);
if (!$file) {
return false;
}
// TODO: Tester la validité du .htpasswd
while (!feof($file)) {
$s=fgets($file,1024);
@ -151,11 +158,12 @@ class m_hta {
return $res;
}
/*---------------------------------------------------------------------------*/
/**
* Déprotège un dossier
* @param string $dir Dossier à déprotéger
* @return boolean TRUE si le dossier a été déprotégé, FALSE sinon
* Unprotect a folder
* @param string $dir Folder to unprotect, relative to user root
* @return boolean TRUE if the folder has been unprotected, or FALSE if an error occurred
*/
function DelDir($dir) {
global $mem,$bro,$err;
@ -176,13 +184,14 @@ class m_hta {
return true;
}
/*---------------------------------------------------------------------------*/
/**
* Ajoute un utilisateur à un dossier protégé.
* @param string $login Utilisateur à ajouter
* @param string $password Mot de passe à ajouter (en clair)
* @param string $dir Dossier concerné
* @return boolean TRUE si l'utilisateur a été ajouté avec succès, FALSE sinon
* Add a user to a protected folder
* @param string $login The user login to add
* @param string $password The password to add (cleartext)
* @param string $dir The folder we add it to (relative to user root).
* @return boolean TRUE if the user has been added, or FALSE if an error occurred
*/
function add_user($user,$password,$dir) {
global $err, $bro;
@ -193,7 +202,11 @@ class m_hta {
return false;
}
if (checkloginmail($user)){
$file = fopen("$absolute/.htpasswd","a+");
$file = @fopen("$absolute/.htpasswd","a+");
if (!$file) {
$err->raise("hta",12);
return false;
}
fseek($file,0);
while (!feof($file)) {
$s=fgets($file,1024);
@ -216,12 +229,13 @@ class m_hta {
}
}
/*---------------------------------------------------------------------------*/
/**
* Supprime un ou plusieurs utilisateurs d'un dossier protégé.
* @param array $lst Tableau des logins à supprimer.
* @param string $dir Dossier dans lequel on souhaite supprimer des utilisateurs
* @return boolean TRUE si les utilisateurs ont été supprimés avec succès, FALSE sinon
* Delete a user from a protected folder.
* @param array $lst An array with login to delete.
* @param string $dir The folder, relative to user root, where we want to delete users.
* @return boolean TRUE if users has been deleted, or FALSE if an error occurred.
*/
function del_user($lst,$dir) {
global $bro,$err;
@ -234,6 +248,10 @@ class m_hta {
touch("$absolute/.htpasswd.new");
$file = fopen("$absolute/.htpasswd","r");
$newf = fopen("$absolute/.htpasswd.new","a");
if (!$file || !$newf) {
$err->raise("hta",12);
return false;
}
reset($lst);
fseek($file,0);
while (!feof($file)) {
@ -251,13 +269,14 @@ class m_hta {
return true;
}
/*---------------------------------------------------------------------------*/
/**
* Change le mot de passe d'un utilisateur d'un dossier protégé.
* @param string $user Utilisateur dont on souhaite changer le mot de passe
* @param string $newpass Nouveau mot de passe de cet utilisateur
* @param string $dir Dossier protégé concerné
* @return boolean TRUE si le mot de passe a été changé avec succès, FALSE sinon
* Change the password of a user in a protected folder
* @param string $user The users whose password should be changed
* @param string $newpass The new password of this user
* @param string $dir The folder, relative to user root, in which we will change a password
* @return boolean TRUE if the password has been changed, or FALSE if an error occurred
*/
function change_pass($user,$newpass,$dir) {
global $bro,$err;
@ -270,6 +289,10 @@ class m_hta {
touch("$absolute/.htpasswd.new");
$file = fopen("$absolute/.htpasswd","r");
$newf = fopen("$absolute/.htpasswd.new","a");
if (!$file || !$newf) {
$err->raise("hta",12);
return false;
}
while (!feof($file)) {
$s=fgets($file,1024);
$t=explode(":",$s);
@ -285,11 +308,12 @@ class m_hta {
return true;
}
/*---------------------------------------------------------------------------*/
/**
* Vérifie la validité des lignes d'un .htaccess existant.
* @param string $absolute Dossier que l'on souhaite vérifier
* @return boolean TRUE si le dossier est correctement protégé par un .htaccess, FALSE sinon
* Check that a .htaccess file is valid (for authentication)
* @param string $absolute Folder we want to check (relative to user root)
* @return boolean TRUE is the .htaccess is protecting this folder, or FALSE else
* @access private
*/
function _reading_htaccess($absolute) {
@ -298,6 +322,9 @@ class m_hta {
$file = fopen("$absolute/.htaccess","r+");
$lignes=array(1,1,1);
$errr=0;
if (!$file) {
return false;
}
while (!feof($file) && !$errr) {
$s=fgets($file,1024);
if (substr($s,0,12)!="RewriteCond " && substr($s,0,14)!="ErrorDocument " && substr($s,0,12)!="RewriteRule " && substr($s,0,14)!="RewriteEngine " && trim($s)!="") {
@ -324,6 +351,8 @@ class m_hta {
return true;
}
} /* CLASS m_webaccess */
} /* CLASS m_hta */
?>

8
bureau/class/m_mail.php
View File

@ -55,6 +55,14 @@ class m_mail {
}
/**
* Password kind used in this class (hook for admin class)
*/
function alternc_password_policy() {
return array("pop"=>"POP/IMAP account passwords");
}
/* ----------------------------------------------------------------- */
/** Returns the list of mail-hosted domains for a user
* @return array indexed array of hosted domains

9
bureau/class/m_mem.php
View File

@ -50,6 +50,15 @@ class m_mem {
function m_mem() {
}
/* ----------------------------------------------------------------- */
/**
* Password kind used in this class (hook for admin class)
*/
function alternc_password_policy() {
return array("mem"=>"AlternC's account password");
}
/* ----------------------------------------------------------------- */
/** Check that the current user is an admnistrator.
* @return boolean TRUE if we are super user, or FALSE if we are not.

12
bureau/class/m_mysql.php
View File

@ -55,6 +55,18 @@ class m_mysql {
return array("mysql","mysql_users");
}
/* ----------------------------------------------------------------- */
/**
* Password kind used in this class (hook for admin class)
*/
function alternc_password_policy() {
return array("mysql_users"=>"MySQL users");
}
/*---------------------------------------------------------------------------*/
/** Get the list of the database for the current user.
* @return array returns an associative array as follow : <br>