3
* FCKeditor - The text editor for internet
4
* Copyright (C) 2003-2005 Frederico Caldeira Knabben
6
* Licensed under the terms of the GNU Lesser General Public License:
7
* http://www.opensource.org/licenses/lgpl-license.php
9
* For further information visit:
10
* http://www.fckeditor.net/
12
* "Support Open Source software. What about a donation today?"
14
* File Name: Default.php
15
* Im not very clued up on authentication but even i can see that anyone
16
* who can spoof an IP could perform a replay attack on this, but its
17
* better than nothing.
18
* There is a 1 hour time out on tokens to help this slightly.
21
* Grant French (grant@mcpuk.net)
25
function authenticate($data,$fckphp_config) {
27
//Hold relevant$fckphp_config vars locally
28
$key=$fckphp_config['auth']['Handler']['SharedKey'];
29
$fckphp_config['authSuccess']=false;
31
//Decrypt the data passed to us
33
for ($i=0;$i<strlen($data)-1;$i+=2) $decData.=chr(hexdec($data[$i].$data[$i+1]));
35
$decArray=explode("|^SEP^|",$decData);
37
if (sizeof($decArray)==4) {
42
if ($decArray[3]==md5($decArray[0]."|^SEP^|".$decArray[1]."|^SEP^|".$decArray[2].$key)) {
43
if (time()-$decArray[0]<3600) { //Token valid for max of 1 hour
44
if ($_SERVER['REMOTE_ADDR']==$decArray[1]) {
46
//Set the file root to the users individual one
47
$top=str_replace("//","/",$fckphp_config['basedir'].'/'.$fckphp_config['UserFilesPath']."/users");
48
$fckphp_config['UserFilesPath']=$fckphp_config['UserFilesPath']."/users/".$decArray[2];
49
$up=str_replace("//","/",$fckphp_config['basedir'].'/'.$fckphp_config['UserFilesPath']);
51
if (!file_exists($top)) {
52
mkdir($top,0777) or die("users folder in UserFilesPath does not exist and could not be created.");
56
//Create folder if it doesnt exist
57
if (!file_exists($up)) {
58
mkdir($up,0777) or die("users/".$decArray[2]." folder in UserFilesPath does not exist and could not be created.");
59
chmod($up,0777); //Just for good measure
62
//Create resource area subfolders if they dont exist
63
foreach ($fckphp_config['ResourceTypes'] as $value) {
64
if (!file_exists("$up/$value")) {
65
mkdir("$up/$value",0777) or die("users/".$decArray[2]."/$value folder in UserFilesPath does not exist and could not be created.");
66
chmod("$up/$value",0777); //Just for good measure
69
$fckphp_config['authSuccess']=true;
71
//Not same client as auth token is for
74
//Token more than an hour old
77
//Data integrity failed
80
//Not enough data (decryption failed?)
83
return $fckphp_config;
b'\\ No newline at end of file'