Nemcio/Kleeja
1
0
Fork 0
mirror of https://github.com/kleeja-official/kleeja.git synced 2025-12-15 20:49:41 +01:00
Code Issues Packages Projects Releases Activity

fixes

Browse Source
This commit is contained in:
Abdulrahman
2019-05-23 20:52:00 +03:00
parent fb023a4018
commit d9155f915c
5 changed files with 1 additions and 788 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
includes/adm/a_configs.php
View File

@@ -153,27 +153,8 @@ while ($row=$SQL->fetch_array($result))
}
elseif ($row['name'] == 'user_system')
{
//get auth types
//fix previous choices in old kleeja
if (in_array($con['user_system'], ['2', '3', '4']))
{
$con['user_system'] = str_replace(['2', '3', '4'], ['phpbb', 'vb', 'mysmartbb'], $con['user_system']);
}
$authtypes .= '<option value="1"' . ($con['user_system']=='1' ? ' selected="selected"' : '') . '>' . $lang['NORMAL'] . '</option>' . "\n";
if ($dh = @opendir(PATH . 'includes/auth_integration'))
{
while (($file = readdir($dh)) !== false)
{
if (strpos($file, '.php') !== false)
{
$file = trim(str_replace('.php', '', $file));
$authtypes .= '<option value="' . $file . '"' . ($con['user_system'] == $file ? ' selected="selected"' : '') . '>' . $file . '</option>' . "\n";
}
}
@closedir($dh);
}
continue;
}
is_array($plugin_run_result = Plugins::getInstance()->run('while_fetch_adm_config', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook

115
includes/auth_integration/api.php
View File

@@ -1,115 +0,0 @@
<?php
/**
*
* @package auth
* @copyright (c) 2007 Kleeja.com
* @license ./docs/license.txt
*
*/
//no for directly open
if (! defined('IN_COMMON'))
{
exit();
}
function kleeja_auth_login ($name, $pass, $hashed = false, $expire, $loginadm = false, $return_username = false)
{
global $lang, $config, $usrcp, $userinfo;
global $script_path, $script_api_key, $script_cp1256;
//URL must be begin with http://
if (empty($script_path) || $script_path[0] != 'h')
{
big_error('Forum URL must be begin with http://', sprintf($lang['SCRIPT_AUTH_PATH_WRONG'], 'API'));
}
//api key is the key to make the query between the remote script and kleeja more secure !
//this must be changed in the real use
if (empty($script_api_key))
{
big_error('api key', 'To connect to the remote script you have to write the API key ...');
}
$pass = empty($script_cp1256) || ! $script_cp1256 ? $pass : $usrcp->kleeja_utf8($pass, false);
$name = empty($script_cp1256) || ! $script_cp1256 || $hashed ? $name : $usrcp->kleeja_utf8($name, false);
// @see file : docs/kleeja_(vb,mysmartbb,phpbb)_api.txt
$api_http_query = 'api_key=' . base64_encode($script_api_key) . '&' . ($hashed ? 'userid' : 'username') . '=' . urlencode($name) . '&pass=' . base64_encode($pass);
//if only username, let tell him in the query
$api_http_query .= $return_username ? '&return_username=1' : '';
//get it
$remote_data = FetchFile::make($script_path . '?' . $api_http_query)->get();
//no responde
//empty or can not connect
if ($remote_data == false || empty($remote_data))
{
return false;
}
//see kleeja_api.php file
//split the data , the first one is always 0 or 1
//0 : error
//1: ok
$user_info = explode('%|%', base64_decode($remote_data));
//omg, it's 0 , 0 : error, lets die here
if ((int) $user_info[0] == 0)
{
return false;
}
//
//if we want username only we have to return it quickly and die here
//
if ($return_username)
{
return empty($script_cp1256) || ! $script_cp1256 ? $user_info[1] : $usrcp->kleeja_utf8($user_info[1]);
}
//
//when loggin to admin, we just want a check, no data setup ..
//
if (! $loginadm)
{
define('USER_ID', $user_info[1]);
define('GROUP_ID', 3);
define('USER_NAME', empty($script_cp1256) || ! $script_cp1256 ? $user_info[2] : $usrcp->kleeja_utf8($user_info[2]));
define('USER_MAIL', $user_info[3]);
define('USER_ADMIN', ((int) $user_info[5] == 1) ? 1 : 0);
}
//user ifo
//and this must be filled with user data comming from url
$userinfo = [];
$userinfo['group_id'] = GROUP_ID;
$user_y = base64_encode(serialize(['id'=>USER_ID, 'name'=>USER_NAME, 'mail'=>USER_MAIL, 'last_visit'=>time()]));
//add cookies
if (! $loginadm)
{
$usrcp->kleeja_set_cookie('ulogu', $usrcp->en_de_crypt($user_info[1] . '|' . $user_info[4] . '|' . $expire . '|' . sha1(md5($config['h_key'] . $user_info[4]) . $expire) . '|' . GROUP_ID . '|' . $user_y), $expire);
}
//no need after now
unset($pass);
//yes ! he is a real user
return true;
}
//
//return username
//
function kleeja_auth_username ($user_id)
{
return kleeja_auth_login($user_id, false, false, false, false, true);
}
//<-- EOF

58
includes/auth_integration/index.html
View File

@@ -1,58 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256"/>
<title>Powered by Kleeja</title>
<style type="text/css">* {
font-size: 100%;
margin: 0;
padding: 0;
color: #CECFCE;
}
body {
font-family: Tahoma, Arial, sans-serif;
font-size: 100%;
color: #69788E;
margin: 10px 30px;
background: #F7F7F7;
}
a:link, a:visited {
text-decoration: none;
color: #CECFCE;
}
a:active, a:hover {
text-decoration: underline;
color: #111;
}
h1 {
font-family: "Trebuchet MS", Helvetica, sans-serif;
font-size: 1.70em;
font-weight: normal;
color: #333333;
margin-top: 0;
margin-bottom: 10px;
}
.content_box {
border: 1px dashed #CECFCE;
background: #FFFFFF;
padding: 10px;
margin-right: auto;
margin-left: auto;
}</style>
</head>
<body title="&#1603;&#1604;&#1610;&#1580;&#1575;"><br/>
<div class="content_box">
<p>
<a target="_blank" href="http://www.kleeja.com" title="kleeja"></a>
</p>
<br/>
<h1><span style="font-size:250%;color:#D80000;">403 - Access forbidden!</span></h1></div>
<br/>
<div class="content_box"style="font-size: 140%">Powered by Kleeja</div>
</body>
</html>

358
includes/auth_integration/phpbb.php
View File

@@ -1,358 +0,0 @@
<?php
/**
*
* @package auth
* @copyright (c) 2007 Kleeja.com
* @license ./docs/license.txt
*
*/
//no for directly open
if (! defined('IN_COMMON'))
{
exit();
}
//
//Path of config file in phpBB3
//
if (! defined('SCRIPT_CONFIG_PATH'))
{
define('SCRIPT_CONFIG_PATH', '/config.php');
}
function kleeja_auth_login ($name, $pass, $hashed = false, $expire, $loginadm = false, $return_name = false)
{
global $lang, $config, $usrcp, $userinfo;
global $script_path, $script_encoding, $script_srv, $script_db, $script_user, $script_pass, $script_prefix;
//check for last slash /
if (isset($script_path))
{
if (isset($script_path[strlen($script_path)]) && $script_path[strlen($script_path)] == '/')
{
$script_path = substr($script_path, 0, strlen($script_path));
}
//get some useful data from phbb config file
if (file_exists(PATH . $script_path . SCRIPT_CONFIG_PATH))
{
include PATH . $script_path . SCRIPT_CONFIG_PATH;
$forum_srv = $dbhost;
$forum_db = $dbname;
$forum_user = $dbuser;
$forum_pass = $dbpasswd;
$forum_prefix = $table_prefix;
if (empty($dbhost))
{
$forum_srv = 'localhost';
}
if (! empty($dbport))
{
$forum_srv .= ':' . $dbport;
}
}
else
{
big_error('Forum path is not correct', sprintf($lang['SCRIPT_AUTH_PATH_WRONG'], 'phpBB3'));
}
}
else
{
$forum_srv = $script_srv;
$forum_db = $script_db;
$forum_user = $script_user;
$forum_pass = $script_pass;
$forum_prefix = $script_prefix;
}
//if no variables of db
if (empty($forum_srv) || empty($forum_user) || empty($forum_db))
{
return;
}
//conecting ...
$SQLBB = new KleejaDatabase($forum_srv, $forum_user, $forum_pass, $forum_db, true);
$SQLBB->set_names('utf8');
unset($forum_pass); // We do not need this any longer
//get utf tools
global $phpbb_root_path, $phpEx;
$phpbb_root_path = PATH . $script_path . '/';
$phpEx = 'php';
define('IN_PHPBB', true);
include_once PATH . $script_path . '/includes/utf/utf_tools.' . $phpEx;
$row_leve = 'user_type';
$admin_level = 3;
$query2 = [
'SELECT' => '*',
'FROM' => "`{$forum_prefix}users`",
];
$query2['WHERE'] = $hashed ? 'user_id=' . intval($name) . " AND user_password='" . $SQLBB->real_escape($pass) . "' " : "username_clean='" . $SQLBB->real_escape(utf8_clean_string($name)) . "'";
if ($return_name)
{
$query2['SELECT'] = 'username';
$query2['WHERE'] = 'user_id=' . intval($name);
}
$query = '';
if (! $hashed)
{
$result2 = $SQLBB->build($query2);
while ($row=$SQLBB->fetch_array($result2))
{
$SQLBB->freeresult($result2);
if ($return_name)
{
return $row['username'];
}
else
{
if (phpbb_check_hash($pass, $row['user_password']))
{
$query = $query2;
}
}
}
}
else
{
$query = $query2;
}
if (empty($query))
{
$SQLBB->close();
return false;
}
is_array($plugin_run_result = Plugins::getInstance()->run('qr_select_usrdata_phpbb_usr_class', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook
$result = $SQLBB->build($query);
if ($SQLBB->num_rows($result) != 0)
{
while ($row=$SQLBB->fetch_array($result))
{
if ($SQLBB->num_rows($SQLBB->query("SELECT ban_userid FROM `{$forum_prefix}banlist` WHERE ban_userid=" . intval($row['user_id']))) == 0)
{
if (! $loginadm)
{
define('USER_ID', $row['user_id']);
define('GROUP_ID', ($row[$row_leve] == $admin_level ? '1' : '3'));
define('USER_NAME', $row['username']);
define('USER_MAIL', $row['user_email']);
if ($row[$row_leve] == $admin_level)
{
define('USER_ADMIN', true);
}
}
$userinfo = $row;
$userinfo['group_id'] = ($row[$row_leve] == $admin_level ? '1' : '3');
$user_y = base64_encode(serialize(['id'=>$row['user_id'], 'name'=>$row['username'], 'mail'=>$row['user_email'], 'last_visit'=>time()]));
if (! $hashed && ! $loginadm)
{
$usrcp->kleeja_set_cookie('ulogu', $usrcp->en_de_crypt(
$row['user_id'] . '|' .
$row['user_password'] . '|' .
$expire . '|' .
sha1(md5($config['h_key'] . $row['user_password']) . $expire) . '|' .
($row[$row_leve] == $admin_level ? '1' : '3') . '|' .
$user_y
), $expire);
}
is_array($plugin_run_result = Plugins::getInstance()->run('qr_while_usrdata_phpbb_usr_class', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook
}
else
{
//he is banned from phpBB
$SQLBB->freeresult($result);
unset($pass);
$SQLBB->close();
return false;
}
}
$SQLBB->freeresult($result);
unset($pass);
$SQLBB->close();
return true;
}
else
{
$SQLBB->freeresult($result);
$SQLBB->close();
return false;
}
//dont know why they come here !
return false;
}
function kleeja_auth_username ($user_id)
{
return kleeja_auth_login($user_id, false, false, 0, false, true);
}
/**
* Check for correct password
* @param mixed $password
* @param mixed $hash
*/
function phpbb_check_hash($password, $hash)
{
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
if (strlen($hash) == 34)
{
return (_hash_crypt_private($password, $hash, $itoa64) === $hash) ? true : false;
}
return (md5($password) === $hash) ? true : false;
}
/**
* Generate salt for hash generation
* @param mixed $input
* @param mixed $itoa64
* @param mixed $iteration_count_log2
*/
function _hash_gensalt_private($input, &$itoa64, $iteration_count_log2 = 6)
{
if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31)
{
$iteration_count_log2 = 8;
}
$output = '$H$';
$output .= $itoa64[min($iteration_count_log2 + ((PHP_VERSION >= 5) ? 5 : 3), 30)];
$output .= _hash_encode64($input, 6, $itoa64);
return $output;
}
/**
* Encode hash
* @param mixed $input
* @param mixed $count
* @param mixed $itoa64
*/
function _hash_encode64($input, $count, &$itoa64)
{
$output = '';
$i = 0;
do
{
$value = ord($input[$i++]);
$output .= $itoa64[$value & 0x3f];
if ($i < $count)
{
$value |= ord($input[$i]) << 8;
}
$output .= $itoa64[($value >> 6) & 0x3f];
if ($i++ >= $count)
{
break;
}
if ($i < $count)
{
$value |= ord($input[$i]) << 16;
}
$output .= $itoa64[($value >> 12) & 0x3f];
if ($i++ >= $count)
{
break;
}
$output .= $itoa64[($value >> 18) & 0x3f];
} while ($i < $count);
return $output;
}
/**
* The crypt function/replacement
* @param mixed $password
* @param mixed $setting
* @param mixed $itoa64
*/
function _hash_crypt_private($password, $setting, &$itoa64)
{
$output = '*';
// Check for correct hash
if (substr($setting, 0, 3) != '$H$')
{
return $output;
}
$count_log2 = strpos($itoa64, $setting[3]);
if ($count_log2 < 7 || $count_log2 > 30)
{
return $output;
}
$count = 1 << $count_log2;
$salt = substr($setting, 4, 8);
if (strlen($salt) != 8)
{
return $output;
}
/**
* We're kind of forced to use MD5 here since it's the only
* cryptographic primitive available in all versions of PHP
* currently in use. To implement our own low-level crypto
* in PHP would result in much worse performance and
* consequently in lower iteration counts and hashes that are
* quicker to crack (by non-PHP code).
*/
if (PHP_VERSION >= 5)
{
$hash = md5($salt . $password, true);
do
{
$hash = md5($hash . $password, true);
} while (--$count);
}
else
{
$hash = pack('H*', md5($salt . $password));
do
{
$hash = pack('H*', md5($hash . $password));
} while (--$count);
}
$output = substr($setting, 0, 12);
$output .= _hash_encode64($hash, 16, $itoa64);
return $output;
}

237
includes/auth_integration/vb.php
View File

@@ -1,237 +0,0 @@
<?php
/**
*
* @package auth
* @copyright (c) 2007 Kleeja.com
* @license ./docs/license.txt
*
*/
//no for directly open
if (! defined('IN_COMMON'))
{
exit();
}
//
//Path of config file in vb
//
if (! defined('SCRIPT_CONFIG_PATH'))
{
define('SCRIPT_CONFIG_PATH', '/includes/config.php');
}
function kleeja_auth_login ($name, $pass, $hashed = false, $expire, $loginadm = false, $return_name = false)
{
global $lang, $config, $usrcp, $userinfo;
global $script_path, $script_cp1256, $script_srv, $script_db, $script_user, $script_pass, $script_prefix, $script_db_charset;
if (isset($script_path))
{
//check for last slash
if (isset($script_path[strlen($script_path)]) && $script_path[strlen($script_path)] == '/')
{
$script_path = substr($script_path, 0, strlen($script_path));
}
$configExists = false;
if (file_exists(PATH . $script_path . SCRIPT_CONFIG_PATH))
{
$configPath = PATH . $script_path . SCRIPT_CONFIG_PATH;
$configExists = true;
}
elseif (file_exists(PATH . $script_path . '/core/includes/config.php'))
{
$configPath = PATH . $script_path . '/core/includes/config.php';
$configExists = true;
$isVB5 = true;
}
//get some useful data from vb config file
if ($configExists)
{
require_once $configPath;
//
//get config from config file
//
$forum_srv = $config['MasterServer']['servername'];
$forum_db = $config['Database']['dbname'];
$forum_user = $config['MasterServer']['username'];
$forum_pass = $config['MasterServer']['password'];
$forum_prefix = $config['Database']['tableprefix'];
if ($config['MasterServer']['port'] != 3306)
{
$forum_srv .= ':' . $config['MasterServer']['port'];
}
//some people change their db charset
if (isset($config['Mysqli']['charset']))
{
$forum_db_charset = $config['Mysqli']['charset'];
}
}
else
{
big_error('Forum path is not correct', sprintf($lang['SCRIPT_AUTH_PATH_WRONG'], 'Vbulletin'));
}
}
else
{
//
//custom config data
//
$forum_srv = $script_srv;
$forum_db = $script_db;
$forum_user = $script_user;
$forum_pass = $script_pass;
$forum_prefix = $script_prefix;
//some people change their db charset
if (isset($script_db_charset))
{
$forum_db_charset = $script_db_charset;
}
}
if (empty($forum_srv) || empty($forum_user) || empty($forum_db))
{
return;
}
$SQLVB = new KleejaDatabase($forum_srv, $forum_user, $forum_pass, $forum_db, true);
if (isset($forum_db_charset))
{ //config
$SQLVB->set_names($forum_db_charset);
}
else
{ //auto
$SQLVB->set_names('latin1');
}
unset($forum_pass); // We do not need this any longer
$pass = empty($script_cp1256) || ! $script_cp1256 ? $pass : $usrcp->kleeja_utf8($pass, false);
$name = empty($script_cp1256) || ! $script_cp1256 || $hashed ? $name : $usrcp->kleeja_utf8($name, false);
$query_salt = [
'SELECT' => $hashed ? '*' : ($isVB5 ? 'token' : 'salt'),
'FROM' => "`{$forum_prefix}user`",
];
$query_salt['WHERE'] = $hashed ? 'userid=' . intval($name) . ' AND ' . ($isVB5 ? 'token' : 'password') . "='" . $SQLVB->real_escape($pass) . "' AND usergroupid != '8'" : "username='" . $SQLVB->real_escape($name) . "' AND usergroupid != '8'";
//if return only name let's ignore the above
if ($return_name)
{
$query_salt['SELECT'] = 'username';
$query_salt['WHERE'] = 'userid=' . intval($name);
}
is_array($plugin_run_result = Plugins::getInstance()->run('qr_select_usrdata_vb_usr_class', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook
$result_salt = $SQLVB->build($query_salt);
if ($SQLVB->num_rows($result_salt) > 0)
{
while ($row1=$SQLVB->fetch_array($result_salt))
{
if ($return_name)
{
return empty($script_cp1256) || ! $script_cp1256 ? $row1['username'] : $usrcp->kleeja_utf8($row1['username']);
}
if (! $hashed)
{
$pass = ! $isVB5
? md5(md5($pass) . $row1['salt']) // without normal md5
: crypt(md5($pass), $row1['token']);
$query = [
'SELECT' => '*',
'FROM' => "`{$forum_prefix}user`",
'WHERE' => "username='" . $SQLVB->real_escape($name) . "' AND " . ($isVB5 ? 'token' : 'password') . "='" . $SQLVB->real_escape($pass) . "' AND usergroupid != '8'"
];
$result = $SQLVB->build($query);
if ($SQLVB->num_rows($result) != 0)
{
while ($row=$SQLVB->fetch_array($result))
{
if (! $loginadm)
{
define('USER_ID', $row['userid']);
define('GROUP_ID', ($row['usergroupid'] == 6 ? 1 : 3));
define('USER_NAME', empty($script_cp1256) || ! $script_cp1256 ? $row['username'] : $usrcp->kleeja_utf8($row['username']));
define('USER_MAIL', $row['email']);
define('USER_ADMIN', ($row['usergroupid'] == 6 ? 1 : 0));
}
//define('LAST_VISIT',$row['last_visit']);
$userinfo = $row;
$userinfo['group_id'] = ($row['usergroupid'] == 6 ? 1 : 3);
$user_y = base64_encode(serialize(['id'=>$row['userid'], 'name'=>USER_NAME, 'mail'=>$row['email'], 'last_visit'=>time()]));
$hash_key_expire = sha1(md5($config['h_key'] . ($isVB5 ? $row['token'] : $row['password'])) . $expire);
if (! $loginadm)
{
$usrcp->kleeja_set_cookie('ulogu', $usrcp->en_de_crypt(
$row['userid'] . '|' .
($isVB5 ? $row['token'] : $row['password']) . '|' .
$expire . '|' .
$hash_key_expire . '|' .
($row['usergroupid'] == 6 ? 1 : 3) . '|' .
$user_y
), $expire);
}
is_array($plugin_run_result = Plugins::getInstance()->run('qr_while_usrdata_vb_usr_class', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook
}
$SQLVB->freeresult($result);
}//nums_sql2
else
{
$SQLVB->close();
return false;
}
}
else
{
if (! $loginadm)
{
define('USER_ID', $row1['userid']);
define('USER_NAME', empty($script_cp1256) || ! $script_cp1256 ? $row1['username'] : $usrcp->kleeja_utf8($row1['username']));
define('USER_MAIL', $row1['email']);
define('USER_ADMIN', ($row1['usergroupid'] == 6) ? 1 : 0);
define('GROUP_ID', ($row1['usergroupid'] == 6) ? 1 : 3);
$userinfo = $row1;
$userinfo['group_id'] = ($row1['usergroupid'] == 6 ? 1 : 3);
}
}
}//whil1
$SQLVB->freeresult($result_salt);
unset($pass);
$SQLVB->close();
return true;
}
else
{
$SQLVB->close();
return false;
}
}
function kleeja_auth_username ($user_id)
{
return kleeja_auth_login($user_id, false, true, 0, false, true);
}