- Timestamp:
- Aug 12, 2015 12:22:54 AM (9 years ago)
- Location:
- trunk/lib
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Auth_SQL.inc.php
r535 r541 627 627 && !empty($_SESSION['_auth_sql'][$this->_ns]['username']) 628 628 && isset($_SESSION['_auth_sql'][$this->_ns]['login_datetime']) 629 && strtotime($_SESSION['_auth_sql'][$this->_ns]['login_datetime']) > time() - $this->_params['login_timeout']629 && strtotime($_SESSION['_auth_sql'][$this->_ns]['login_datetime']) > (time() - $this->_params['login_timeout']) 630 630 && isset($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) 631 && strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) > time() - $this->_params['idle_timeout']631 && strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) > (time() - $this->_params['idle_timeout']) 632 632 && $remote_ip_is_matched 633 633 ) { … … 650 650 } else if (isset($_SESSION['_auth_sql'][$this->_ns]['authenticated']) && true === $_SESSION['_auth_sql'][$this->_ns]['authenticated']) { 651 651 // User is authenticated, but login has expired. 652 if (strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) > time() - 43200) {652 if (strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) > (time() - 43200)) { 653 653 // Only raise message if last session is less than 12 hours old. 654 654 $app->raiseMsg(_("Your session has expired. You need to log-in again."), MSG_NOTICE, __FILE__, __LINE__); … … 657 657 // Log the reason for login expiration. 658 658 $expire_reasons = array(); 659 if ( empty($_SESSION['_auth_sql'][$this->_ns]['username'])) {659 if (!isset($_SESSION['_auth_sql'][$this->_ns]['username']) || empty($_SESSION['_auth_sql'][$this->_ns]['username'])) { 660 660 $expire_reasons[] = 'username not found'; 661 661 } 662 if ( strtotime($_SESSION['_auth_sql'][$this->_ns]['login_datetime']) <= time() - $this->_params['login_timeout']) {662 if (!isset($_SESSION['_auth_sql'][$this->_ns]['login_datetime']) || strtotime($_SESSION['_auth_sql'][$this->_ns]['login_datetime']) <= (time() - $this->_params['login_timeout'])) { 663 663 $expire_reasons[] = sprintf('login_timeout expired (%s older than %s seconds ago)', $_SESSION['_auth_sql'][$this->_ns]['login_datetime'], $this->_params['login_timeout']); 664 664 } 665 if ( strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) <= time() - $this->_params['idle_timeout']) {665 if (!isset($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) || strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) <= (time() - $this->_params['idle_timeout'])) { 666 666 $expire_reasons[] = sprintf('idle_timeout expired (%s older than %s seconds ago)', $_SESSION['_auth_sql'][$this->_ns]['last_access_datetime'], $this->_params['idle_timeout']); 667 667 } 668 if ( $_SESSION['_auth_sql'][$this->_ns]['remote_ip'] != getRemoteAddr()) {668 if (!isset($_SESSION['_auth_sql'][$this->_ns]['remote_ip']) || $_SESSION['_auth_sql'][$this->_ns]['remote_ip'] != getRemoteAddr()) { 669 669 if ($this->getParam('match_remote_ip') && !$this->get('match_remote_ip_exempt') && !$user_in_trusted_network) { 670 670 // There are three cases when a remote IP match will be the cause of a session termination: … … 679 679 $app->logMsg(sprintf('User_id %s (%s) session expired: %s', $this->get('user_id'), $this->get('username'), join(', ', $expire_reasons)), LOG_INFO, __FILE__, __LINE__); 680 680 } else { 681 $app->logMsg(' No authenticated token in _SESSION', LOG_DEBUG, __FILE__, __LINE__);681 $app->logMsg('Session is not authenticated', LOG_DEBUG, __FILE__, __LINE__); 682 682 } 683 683 … … 943 943 switch ($hash_type) { 944 944 case self::ENCRYPT_CRYPT : 945 return $this->encryptPassword($password, $encrypted_password ) == $encrypted_password;945 return $this->encryptPassword($password, $encrypted_password, $hash_type) == $encrypted_password; 946 946 947 947 case self::ENCRYPT_PLAINTEXT : … … 950 950 case self::ENCRYPT_SHA1 : 951 951 case self::ENCRYPT_SHA1_HARDENED : 952 default : 953 return $this->encryptPassword($password) == $encrypted_password; 952 return $this->encryptPassword($password, $encrypted_password, $hash_type) == $encrypted_password; 954 953 955 954 case self::ENCRYPT_PASSWORD_BCRYPT : 956 955 case self::ENCRYPT_PASSWORD_DEFAULT : 957 956 return password_verify($password, $encrypted_password); 958 } 959 960 $app->logMsg(sprintf('Unknown hash type: %s', $hash_type), LOG_WARNING, __FILE__, __LINE__); 961 return false; 957 958 default : 959 $app->logMsg(sprintf('Unknown hash type: %s', $hash_type), LOG_WARNING, __FILE__, __LINE__); 960 return false; 961 } 962 962 963 } 963 964 -
trunk/lib/Prefs.inc.php
r526 r541 87 87 'user_id' => null, 88 88 89 // How long before we force a reload of the persistent prefs data? 3 600 = once every hour.90 'load_timeout' => 3 600,89 // How long before we force a reload of the persistent prefs data? 300 = every five minutes. 90 'load_timeout' => 300, 91 91 92 92 // Name of database table to store prefs. -
trunk/lib/Utilities.inc.php
r534 r541 215 215 * @access public 216 216 * @param string $text Text to search for URLs. 217 * @param bool $strict True to only include URLs starting with a scheme (http:// ftp:// im://), or false to include URLs starting with 'www.'. 217 218 * @param mixed $length Number of characters to truncate URL, or NULL to disable truncating. 218 219 * @param string $delim Delimiter to append, indicate truncation. 219 220 * @return string Same input text, but URLs hyperlinked. 220 221 * @author Quinn Comendant <quinn@strangecode.com> 221 * @version 1.0222 * @version 2.0 222 223 * @since 22 Mar 2015 23:29:04 223 224 */ 224 function hyperlinkTxt($text, $length=null, $delim='âŠ') 225 { 226 return preg_replace_callback( 227 // Inspired by @stephenhay's regex from https://mathiasbynens.be/demo/url-regex 228 // Here we capture the full URL into the first match and only the first X characters into the second match. 229 sprintf('@\b(?<!")(?<!\')(?<!=)(((?:https?|s?ftps?)://[^\s/$.?#].[^\s]{0,%s})[^\s]*)@iS', $length), 230 // Use an anonymous function to decide when to append the delim. 231 // Also encode special chars with oTxt(). 232 function ($m) use ($length, $delim) { 233 if (is_null($length) || $m[1] == $m[2]) { 234 // If not truncating, or URL was not truncated. 235 return sprintf('<a href="%s">%s</a>', oTxt($m[1]), oTxt($m[1])); 236 } else { 237 // Truncated URL. 238 return sprintf('<a href="%s">%s%s</a>', oTxt($m[1]), oTxt(trim($m[2])), $delim); 239 } 240 }, 241 $text 225 function hyperlinkTxt($text, $strict=false, $length=null, $delim='âŠ') 226 { 227 // Capture the full URL into the first match and only the first X characters into the second match. 228 // This will match URLs not preceeded by " ' or = (URLs inside an attribute) or ` (Markdown quoted) or double-scheme (http://http://www.asdf.com) 229 // Valid URL characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~:/?#[]@!$&'()*+,;= 230 $regex = '@ 231 \b # Start with a word-boundary. 232 (?<!"|\'|=|>|`|[\w-]{2}://) # Negative look-behind to exclude URLs already in <a> tag, Markdown quoted, or double SCHEME:// 233 ( # Begin match 1 234 ( # Begin match 2 235 (?:[\w-]{2,}://%s) # URL starts with SCHEME:// or www. (if strict = false) 236 [^\s/$.?#]+ # Any domain-valid characters 237 \. # At least one point 238 [^\s"`<>]{1,%s} # Match 2 is limited to a maximum of LENGTH valid URL characters 239 ) 240 [^\s"`<>]* # Match 1 continues with any further valid URL characters 241 [^\P{Any}%s\sâŠ<>«»"ââ] # Final character not a space or common end-of-sentence punctuation (.,:;?!, etc). Using double negation set, see http://stackoverflow.com/a/4786560/277303 242 ) 243 @Suxi 244 '; 245 $regex = sprintf($regex, 246 ($strict ? '' : '|www\.'), // Strict=false allows URLs beginning with www. 247 $length, 248 ($strict ? '' : '?!.,:;)\'-') // Strict=false excludes these characters from set of the last character of URL. 242 249 ); 250 251 // Use a callback function to decide when to append the delim. 252 // Also encode special chars with oTxt(). 253 return preg_replace_callback($regex, function ($m) use ($length, $delim) { 254 $url = $m[1]; 255 $truncated_url = $m[2]; 256 $absolute_url = preg_replace('!^www\.!', 'http://www.', $url); 257 if (is_null($length) || $url == $truncated_url) { 258 // If not truncating, or URL was not truncated. 259 $display_url = preg_replace('!^[\w-]{2,}://!', '', $url); 260 return sprintf('<a href="%s">%s</a>', oTxt($absolute_url), $display_url); 261 } else { 262 // Truncated URL. 263 $display_url = preg_replace('!^[\w-]{2,}://!', '', trim($truncated_url)); 264 return sprintf('<a href="%s">%s%s</a>', oTxt($absolute_url), $display_url, $delim); 265 } 266 }, $text); 243 267 } 244 268 … … 452 476 function URLSlug($str) 453 477 { 454 $slug = preg_replace(array('/ [^\w]+/', '/^-+|-+$/'), array('-', ''), $str);478 $slug = preg_replace(array('/\W+/u', '/^-+|-+$/'), array('-', ''), $str); 455 479 $slug = strtolower($slug); 456 480 return $slug;
Note: See TracChangeset
for help on using the changeset viewer.