includes/auth.php

   1 <?php
   2 // No direct call
   3 if( !defined( 'YOURLS_ABSPATH' ) ) die();
   4
   5 $auth = yourls_is_valid_user();
   6
   7 if( $auth !== true ) {
   8
   9         // API mode,
  10         if ( yourls_is_API() ) {
  11                 $format = ( isset($_REQUEST['format']) ? $_REQUEST['format'] : 'xml' );
  12                 $callback = ( isset($_REQUEST['callback']) ? $_REQUEST['callback'] : '' );
  13                 yourls_api_output( $format, array(
  14                         'simple' => $auth,
  15                         'message' => $auth,
  16                         'errorCode' => 403,
  17                         'callback' => $callback,
  18                 ) );
  19
  20         // Regular mode
  21         } else {
  22                 yourls_login_screen( $auth );
  23         }
  24
  25         die();
  26 }
  27
  28 yourls_do_action( 'auth_successful' );
  29
  30 /*
  31  * The following code is a shim that helps users store passwords securely in config.php
  32  * by storing a password hash and removing the plaintext.
  33  *
  34  * TODO: Remove this once real user management is implemented
  35  */
  36
  37 // Did we just fail at encrypting passwords ?
  38 if ( isset( $_GET['dismiss'] ) && $_GET['dismiss'] == 'hasherror' ) {
  39         yourls_update_option( 'defer_hashing_error', time() + 86400 * 7 ); // now + 1 week
  40
  41 } else {
  42
  43         // Encrypt passwords that are clear text
  44         if ( !defined( 'YOURLS_NO_HASH_PASSWORD' ) && yourls_has_cleartext_passwords() ) {
  45                 $hash = yourls_hash_passwords_now( YOURLS_CONFIGFILE );
  46                 if ( $hash === true ) {
  47                         // Hashing succesful. Remove flag from DB if any.
  48                         if( yourls_get_option( 'defer_hashing_error' ) )
  49                                 yourls_delete_option( 'defer_hashing_error' );
  50                 } else {
  51                         // It failed, display message for first time or if last time was a week ago
  52                         if ( time() > yourls_get_option( 'defer_hashing_error' ) or !yourls_get_option( 'defer_hashing_error' ) ) {
  53                                 $message  = yourls_s( 'Could not auto-encrypt passwords. Error was: "%s".', $hash );
  54                                 $message .= ' ';
  55                                 $message .= yourls_s( '<a href="%s">Get help</a>.', 'http://yourls.org/userpassword' );
  56                                 $message .= '</p><p>';
  57                                 $message .= yourls_s( '<a href="%s">Click here</a> to dismiss this message for one week.', '?dismiss=hasherror' );
  58
  59                                 yourls_add_notice( $message );
  60                         }
  61                 }
  62         }
  63 }