From a412cf5d8057d9876f04bbfbe4d87d42d45f475e Mon Sep 17 00:00:00 2001 From: padams Date: Fri, 8 Sep 2006 05:15:06 +0000 Subject: [PATCH] added authentication plugin scheme for authenticating user when they -- This line, and those below, will be ignored-- M owa_click.php M conf/query_strings.ini M wp_plugin.php A owa_base.php M owa_template.php A owa_user.php M public/admin/options.php M public/admin/install.php AM public/i/user_icon_large.jpg AM public/i/user_icon_small.jpg M public/reports/document_report.php M public/reports/traffic_report.php M public/reports/visitor_report.php M public/reports/visitors_report.php M public/reports/session_report.php M public/reports/click_report.php M public/reports/feeds_report.php M public/reports/dashboard_report.php M public/reports/content_report.php M public/reports/index.php A public/login.php M owa_settings_class.php A plugins/event_handlers/observer_password_reset.php A plugins/auth A plugins/auth/simple.php A plugins/auth/none.php M plugins/install/mysql/owa_install_update_to_1_0.php M plugins/install/mysql/owa_install_base.php A owa_auth.php A templates/status.tpl A templates/password_reset_request_email.tpl A templates/reset_password_form.tpl A templates/options_user_roster.tpl M templates/error.tpl A templates/login_form.tpl A templates/request_password_form.tpl A templates/password_reset_email.tpl A templates/options_edit_user_profile.tpl M templates/css.tpl M templates/options.tpl A templates/installer_set_admin_user.tpl M owa_lib.php M owa_report.php --- conf/query_strings.ini | 1 + owa_auth.php | 125 ++++++++ owa_base.php | 65 ++++ owa_click.php | 6 +- owa_lib.php | 123 ++++++++ owa_report.php | 22 +- owa_settings_class.php | 6 +- owa_template.php | 1 + owa_user.php | 298 ++++++++++++++++++ plugins/auth/none.php | 72 +++++ plugins/auth/simple.php | 274 ++++++++++++++++ .../observer_password_reset.php | 149 +++++++++ plugins/install/mysql/owa_install_base.php | 25 +- .../mysql/owa_install_update_to_1_0.php | 28 +- public/admin/install.php | 24 +- public/admin/options.php | 90 ++++-- public/i/user_icon_large.jpg | Bin 0 -> 19662 bytes public/i/user_icon_small.jpg | Bin 0 -> 18160 bytes public/login.php | 189 +++++++++++ public/reports/click_report.php | 4 + public/reports/content_report.php | 5 + public/reports/dashboard_report.php | 24 +- public/reports/document_report.php | 4 + public/reports/feeds_report.php | 4 + public/reports/index.php | 6 +- public/reports/session_report.php | 4 + public/reports/traffic_report.php | 4 + public/reports/visitor_report.php | 4 + public/reports/visitors_report.php | 4 + templates/css.tpl | 2 + templates/error.tpl | 4 +- templates/installer_set_admin_user.tpl | 51 +++ templates/login_form.tpl | 43 +++ templates/options.tpl | 2 + templates/options_edit_user_profile.tpl | 46 +++ templates/options_user_roster.tpl | 33 ++ templates/password_reset_email.tpl | 1 + templates/password_reset_request_email.tpl | 6 + templates/request_password_form.tpl | 32 ++ templates/reset_password_form.tpl | 39 +++ templates/status.tpl | 9 + wp_plugin.php | 1 + 42 files changed, 1784 insertions(+), 46 deletions(-) create mode 100644 owa_auth.php create mode 100644 owa_base.php create mode 100644 owa_user.php create mode 100644 plugins/auth/none.php create mode 100644 plugins/auth/simple.php create mode 100644 plugins/event_handlers/observer_password_reset.php create mode 100644 public/i/user_icon_large.jpg create mode 100644 public/i/user_icon_small.jpg create mode 100644 public/login.php create mode 100644 templates/installer_set_admin_user.tpl create mode 100644 templates/login_form.tpl create mode 100644 templates/options_edit_user_profile.tpl create mode 100644 templates/options_user_roster.tpl create mode 100644 templates/password_reset_email.tpl create mode 100644 templates/password_reset_request_email.tpl create mode 100644 templates/request_password_form.tpl create mode 100644 templates/reset_password_form.tpl create mode 100644 templates/status.tpl diff --git a/conf/query_strings.ini b/conf/query_strings.ini index 606fcfe7a..28086a59e 100644 --- a/conf/query_strings.ini +++ b/conf/query_strings.ini @@ -35,6 +35,7 @@ [\?(?:.+&|)sc=(.+?)(?:&|$)] [\?(?:.+&|)search=(.+?)(?:&|$)] [\?(?:.+&|)search2=(.+?)(?:&|$)] +[\?(?:.+&|)searchfor=(.+?)(?:&|$)] [\?(?:.+&|)searchText=(.+?)(?:&|$)] [\?(?:.+&|)srch=(.+?)(?:&|$)] [\?(?:.+&|)string=(.+?)(?:&|$)] diff --git a/owa_auth.php b/owa_auth.php new file mode 100644 index 000000000..67e63e6e0 --- /dev/null +++ b/owa_auth.php @@ -0,0 +1,125 @@ + + * @copyright Copyright © 2006 Peter Adams + * @license http://www.gnu.org/copyleft/gpl.html GPL v2.0 + * @category owa + * @package owa + * @version $Revision$ + * @since owa 1.0.0 + */ +class owa_auth extends owa_base { + + /** + * User object + * + * @var unknown_type + */ + var $u; + + /** + * Array of permission roles that users can have + * + * @var array + */ + var $roles; + + /** + * Database Access Object + * + * @var unknown_type + */ + var $db; + + var $status_msg; + + /** + * Abstract class Constructor + * + * @return owa_auth + */ + function owa_auth() { + + $this->owa_base(); + $this->setRoles(); + + return; + + } + + /** + * Sets the permission levels of each role. + * + */ + function setRoles() { + + $this->roles = array('admin' => array('level' => 10, 'label' => 'Administrator'), + 'viewer' => array('level' => 2, 'label' => 'Report Viewer'), + 'guest' => array('level' => 1, 'label' => 'Guest') + + ); + + return; + + } + + /** + * Looks up the priviledge level for a particular role + * + * @param unknown_type $role + * @return unknown + */ + function getLevel($role) { + + return $this->roles['role']['level']; + } + + function authenticateUser() { + + return; + } + + /** + * Creates the concrete auth class + * + * @return object + */ + function &get_instance() { + + $config = &owa_settings::get_settings(); + return owa_lib::singleton($config['plugin_dir'].'/auth/', + 'owa_auth_', + $config['authentication']); + } + + function setCookies() { + + setcookie($this->config['ns'].'u', $this->u->user_id, time()+3600*24*365*30, '/', $_SERVER['SERVER_NAME']); + setcookie($this->config['ns'].'p', $this->u->password, time()+3600*24*365*30, '/', $_SERVER['SERVER_NAME']); + + return; + } + +} + + +?> \ No newline at end of file diff --git a/owa_base.php b/owa_base.php new file mode 100644 index 000000000..f1409d6ee --- /dev/null +++ b/owa_base.php @@ -0,0 +1,65 @@ + + * @copyright Copyright © 2006 Peter Adams + * @license http://www.gnu.org/copyleft/gpl.html GPL v2.0 + * @category owa + * @package owa + * @version $Revision$ + * @since owa 1.0.0 + */ +class owa_base { + + /** + * Configuration + * + * @var array + */ + var $config; + + /** + * Error Logger + * + * @var object + */ + var $e; + + /** + * Base Constructor + * + * @return owa_base + */ + function owa_base() { + + $this->config = &owa_settings::get_settings(); + $this->e = &owa_error::get_instance(); + + return; + } + +} + + +?> \ No newline at end of file diff --git a/owa_click.php b/owa_click.php index 28bd0f770..2dfc6567b 100644 --- a/owa_click.php +++ b/owa_click.php @@ -65,12 +65,14 @@ function process() { //$this->properties['os'] = $this->determine_os($this->properties['ua']); //$this->properties['os_id'] = $this->set_string_guid($this->properties['os']); + + // Make document id - $this->properties['page_url']= $this->stripDocumentUrl($this->properties['page_url']); + $this->properties['page_url']= $this->stripDocumentUrl(base64_decode($this->properties['page_url'])); $this->properties['document_id'] = $this->set_string_guid($this->properties['page_url']); //$this->setDocumentProperties($this->properties['page_url']); - $this->properties['target_url'] = $this->stripDocumentUrl($this->properties['target_url']); + $this->properties['target_url'] = $this->stripDocumentUrl(base64_decode($this->properties['target_url'])); $this->properties['target_id'] = $this->set_string_guid($this->properties['target_url']); // Resolve host name if ($this->config['resolve_hosts'] = true): diff --git a/owa_lib.php b/owa_lib.php index fe1303df3..7c7a84a31 100644 --- a/owa_lib.php +++ b/owa_lib.php @@ -456,6 +456,129 @@ function inputFilter($array) { } + /** + * Generic Factory method + * + * @param string $class_dir + * @param string $class_prefix + * @param string $class_name + * @param array $conf + * @return object + */ + function &factory($class_dir, $class_prefix, $class_name, $conf = array()) { + + $class_dir = strtolower($class_dir); + $classfile = $class_dir . $class_name . '.php'; + $class = $class_prefix . $class_name; + + /* + * Attempt to include a version of the named class, but don't treat + * a failure as fatal. The caller may have already included their own + * version of the named class. + */ + if (!class_exists($class)): + include_once $classfile; + endif; + + /* If the class exists, return a new instance of it. */ + if (class_exists($class)): + $obj = &new $class($conf); + return $obj; + endif; + + $null = null; + return $null; + } + + /** + * Generic Object Singleton + * + * @param string $class_dir + * @param string $class_prefix + * @param string $class_name + * @param array $conf + * @return object + */ + function &singleton($class_dir, $class_prefix, $class_name, $conf = array()) { + + static $instance; + + if (!isset($instance)): + $instance = &owa_lib::factory($class_dir, $class_prefix, $class_name, $conf = array()); + endif; + + return $instance; + } + + /** + * 301 HTP redirect the user to a new url + * + * @param string $url + */ + function redirectBrowser($url) { + + // 301 redirect to URL + header ('Location: '.$url); + header ('HTTP/1.0 301 Moved Permanently'); + return; + } + + /** + * Generates a link between admin screens + * + * @param array $query_params + * @return string + */ + function makeAdminLink($admin_page, $query_params = null, $make_query_string = true) { + + if ($make_query_string == true): + $get = owa_lib::makeLinkQueryString($query_params); + else: + $get = ''; + endif; + + //Return URL + return sprintf($this->config['inter_admin_link_template'], + $this->config['admin_url'], + $admin_page, + $get); + } + + function makeLinkQueryString($query_params) { + + $new_query_params = array(); + + //Load params passed by caller + if (!empty($this->caller_params)): + foreach ($this->caller_params as $name => $value) { + if (!empty($value)): + $new_query_params[$name] = $value; + endif; + } + endif; + + // Load overrides + if (!empty($query_params)): + foreach ($query_params as $name => $value) { + if (!empty($value)): + $new_query_params[$name] = $value; + endif; + } + endif; + + // Construct GET request + if (!empty($new_query_params)): + foreach ($new_query_params as $name => $value) { + if (!empty($value)): + $get .= $name . "=" . $value . "&"; + endif; + } + endif; + + return $get; + + } + } ?> diff --git a/owa_report.php b/owa_report.php index 7ed47b12d..4779940b5 100644 --- a/owa_report.php +++ b/owa_report.php @@ -22,6 +22,7 @@ require_once 'owa_api.php'; require_once 'owa_lib.php'; require_once 'owa_site.php'; +require_once 'owa_auth.php'; /** * Web Analytics Report @@ -99,6 +100,8 @@ class owa_report { */ var $prefs = array(); + var $auth; + /** * Constructor * @@ -109,9 +112,18 @@ function owa_report() { $this->config = &owa_settings::get_settings(); + // User authentication object + $this->auth = &owa_auth::get_instance(); + // Gets full set of params from URL - $this->_setParams(owa_lib::getRestparams()); - + + //if (empty($_POST['go_params'])): + $this->_setParams(owa_lib::getRestparams()); + //else: + // parse_str($_POST['go_params'], $post_params); + // $this->setParams($post_params); + //endif; + // Get default and user override display preferences. $this->prefs = $this->getPrefs(); @@ -215,6 +227,12 @@ function getSitesList() { } + function authenticateUser($role) { + + return $this->auth->authenticateUser($role); + + } + } ?> diff --git a/owa_settings_class.php b/owa_settings_class.php index 90046d075..fed99d1c3 100644 --- a/owa_settings_class.php +++ b/owa_settings_class.php @@ -111,6 +111,7 @@ function &get_settings() { $config['action_url'] = $OWA_CONFIG['public_url']."/action.php"; $config['images_url'] = $OWA_CONFIG['public_url']."/i"; $config['reporting_url'] = $OWA_CONFIG['public_url']."/reports/index.php"; + $config['home_url'] = $OWA_CONFIG['public_url']."/reports/index.php?page=dashboard_report.php"; $config['admin_url'] = $OWA_CONFIG['public_url']."/admin/index.php"; endif; @@ -158,6 +159,7 @@ function get_default_config() { 'impressions_table' => 'impressions', 'clicks_table' => 'clicks', 'exits_table' => 'exits', + 'users_table' => 'users', 'db_class' => '', 'db_type' => '', 'db_name' => OWA_DB_NAME, @@ -211,7 +213,9 @@ function get_default_config() { 'owa_rss_url' => 'http://www.openwebanalytics.com/?feed=rss2', 'use_summary_tables' => false, 'summary_framework' => '', - 'click_drawing_mode' => 'center_on_page' + 'click_drawing_mode' => 'center_on_page', + 'log_clicks' => true, + 'authentication' => 'simple' ); } diff --git a/owa_template.php b/owa_template.php index 7d271ad78..35c8998cc 100644 --- a/owa_template.php +++ b/owa_template.php @@ -18,6 +18,7 @@ require_once(OWA_INCLUDE_DIR.'/template_class.php'); require_once(OWA_BASE_DIR.'/owa_lib.php'); +require_once(OWA_BASE_DIR.'/owa_settings_class.php'); /** * OWA Wrapper for template class diff --git a/owa_user.php b/owa_user.php new file mode 100644 index 000000000..16984a2da --- /dev/null +++ b/owa_user.php @@ -0,0 +1,298 @@ + + * @copyright Copyright © 2006 Peter Adams + * @license http://www.gnu.org/copyleft/gpl.html GPL v2.0 + * @category owa + * @package owa + * @version $Revision$ + * @since owa 1.0.0 + */ +class owa_user extends owa_base { + + /** + * GUID for each user object + * + * @var int + */ + var $user_id; + + /** + * encrypted password + * + * @var string + */ + var $password; + + /** + * Priviledge Role + * + * @var string + */ + var $role; + + /** + * Display name + * + * @var string + */ + var $real_name; + + /** + * Email address + * + * @var string + */ + var $email_address; + + /** + * authentication key generated when user forgets their password. + * Used in forgot password email. + * + * @var string + */ + var $temp_passkey; + + /** + * Date the user was created + * + * @var int + */ + var $creation_date; + + /** + * Date the user object was last updated + * + * @var int + */ + var $last_update_date; + + /** + * Database access object + * + * @var object + */ + var $db; + + function owa_user() { + + $this->owa_base(); + $this->db = &owa_db::get_instance(); + + return; + } + + /** + * Base select sql statement + * + * @param string $constraint + * @return string + */ + function selectUser($constraint) { + + return sprintf(" SELECT + user_id, + password, + role, + real_name, + email_address, + temp_passkey, + creation_date, + last_update_date + FROM + %s + %s", + $this->config['ns'].$this->config['users_table'], + $constraint); + + } + + /** + * DOA method for looking up a user by their user_id + * + * @param int $user_id + * @return object + */ + function getUserByPK($user_id) { + + $constraint = sprintf("WHERE user_id = '%s'", $user_id); + return $this->getUser($constraint); + } + + /** + * DOA method for looking up user by temp passkey + * + * @param string $key + * @return object + */ + function getUserByTempPasskey($key) { + + $constraint = sprintf("WHERE temp_passkey = '%s'", $key); + return $this->getUser($constraint); + + } + + /** + * DOA method for looking up user by email address + * + * @param string $email_address + * @return object + */ + function getUserByEmail($email_address) { + + $constraint = sprintf("WHERE email_address = '%s'", $email_address); + return $this->getUser($constraint); + } + + /** + * Base DOA method for retrieving a single user from the DB. + * + * @param string $constraint + * @return object + */ + function getUser($constraint) { + + $user = $this->db->get_row($this->selectUser($constraint)); + + if ($user): + + $this->_setAttributes($user); + return true; + else: + return false; + endif; + + } + + /** + * DOA Method for returnign an array of all users + * + * @return unknown + */ + function getAllUsers() { + + return $user = $this->db->get_results($this->selectUser('')); + + } + + + /** + * Sets user object attributes + * + * @param unknown_type $array + */ + function _setAttributes($array) { + + foreach ($array as $n => $v) { + + $this->$n = $v; + + } + + return; + } + + /** + * Saves user object to the DB + * + * @return boolean + */ + function save() { + + $check = $this->db->get_row(sprintf("SELECT + user_id + FROM + %s + WHERE + user_id = '%s'", + $this->config['ns'].$this->config['users_table'], + $this->user_id + )); + + if (empty($check)): + + return $this->db->query(sprintf("INSERT INTO %s ( + user_id, + password, + role, + real_name, + email_address, + temp_passkey, + creation_date, + last_update_date) + VALUES + ('%s', '%s', '%s', '%s', '%s', '%d', '%d')", + $this->config['ns'].$this->config['users_table'], + $this->user_id, + $this->password, + $this->role, + $this->real_name, + $this->email_address, + $this->temp_passkey, + time(), + time())); + else: + return "primary_key_exists"; + endif; + + } + + /** + * Updates already existing user object + * + * @return boolean + */ + function update() { + + return $this->db->query(sprintf("UPDATE + %s + SET + user_id = '%s', + password = '%s', + role = '%s', + real_name = '%s', + email_address = '%s', + temp_passkey = '%s', + creation_date = '%s', + last_update_date = '%s' + WHERE + user_id = '%s'", + $this->config['ns'].$this->config['users_table'], + $this->user_id, + $this->password, + $this->role, + $this->real_name, + $this->email_address, + $this->temp_passkey, + $this->creation_date, + time(), + $this->user_id)); + + + } + + +} + +?> \ No newline at end of file diff --git a/plugins/auth/none.php b/plugins/auth/none.php new file mode 100644 index 000000000..47e093b2e --- /dev/null +++ b/plugins/auth/none.php @@ -0,0 +1,72 @@ + + * @copyright Copyright © 2006 Peter Adams + * @license http://www.gnu.org/copyleft/gpl.html GPL v2.0 + * @category owa + * @package owa + * @version $Revision$ + * @since owa 1.0.0 + */ + +class owa_auth_none extends owa_auth { + + function owa_auth_none($role) { + + $this->owa_auth(); + + return; + } + + /** + * Used to auth a new browser that has no cookies set + * + * @param string $user_id + * @param string $password + * @return boolean + */ + function authenticateNewBrowser($user_id, $password) { + + return; + } + + + /** + * Used by controllers to check if the user exists and if they are priviledged. + * + * @param string $necessary_role + */ + function authenticateUser($necessary_role) { + + return; + + } + + + +} + + +?> \ No newline at end of file diff --git a/plugins/auth/simple.php b/plugins/auth/simple.php new file mode 100644 index 000000000..d74ee6b45 --- /dev/null +++ b/plugins/auth/simple.php @@ -0,0 +1,274 @@ + + * @copyright Copyright © 2006 Peter Adams + * @license http://www.gnu.org/copyleft/gpl.html GPL v2.0 + * @category owa + * @package owa + * @version $Revision$ + * @since owa 1.0.0 + */ + +class owa_auth_simple extends owa_auth { + + function owa_auth_simple($role) { + + $this->owa_auth(); + $this->eq = &eventQueue::get_instance(); + + return; + } + + /** + * Simple Password Encryption Scheme + * + * @param string $password + * @return string + */ + function encryptPassword($password) { + + return md5(strtolower($password).strlen($password)); + } + + /** + * Used to auth a new browser that has no cookies set + * + * @param string $user_id + * @param string $password + * @return boolean + */ + function authenticateNewBrowser($user_id, $password) { + + $this->e->debug("Login attempt from ". $user_id); + + $is_user = $this->isUser($user_id, $this->encryptPassword($password)); + + if ($is_user == true): + $this->setCookies(); + return true; + else: + return false; + endif; + + return; + } + + /** + * Checks to see if the user credentials match a real user object in the DB + * + * @param string $user_id + * @param string $password + * @return boolean + */ + function isUser($user_id, $password) { + + // md5 password + + // fetch user credenticals from the db + $this->u = new owa_user; + $this->u->getUserByPK($user_id); + + //$this->e->debug('Password-hash: '.$password); + //$this->e->debug('Password-db : '.$this->u->password); + + if (($user_id == $this->u->user_id)): + if ($password === $this->u->password): + return true; + else: + return false; + endif; + else: + return false; + endif; + } + + /** + * Checks to see if the user has appropriate priviledges + * + * @param string $necessary_role + * @return boolean + */ + function isPriviledged($necessary_role) { + + // compare priviledge levels + if ($this->getLevel($this->u->role) >= $this->getLevel($necessary_role)): + // authenticated + return true;; + else: + // not high enough priviledge level + return false; + endif; + + } + + /** + * Looks up user by temporary Passkey Column in db + * + * @param unknown_type $key + * @return unknown + */ + function authenticateUserTempPasskey($key) { + + $this->u = new owa_user; + $this->u->getUserByTempPasskey($key); + + if (!empty($this->u->user_id)): + return true; + else: + $this->showResetPasswordErrorPage; + endif; + + } + + /** + * Used by controllers to check if the user exists and if they are priviledged. + * + * @param string $necessary_role + */ + function authenticateUser($necessary_role) { + + if (!empty($_COOKIE[$this->config['ns'].'u']) && (!empty($_COOKIE[$this->config['ns'].'p']))): + $user_id = $_COOKIE[$this->config['ns'].'u']; + $password = $_COOKIE[$this->config['ns'].'p']; + else: + $this->showLoginPage(); + endif; + + $is_user = $this->isUser($user_id, $password); + + if ($is_user == true): + $priviledged = $this->isPriviledged($necessary_role); + if ($priviledged == true): + return; + else: + $this->showPriviledgeErrorPage(); + endif; + else: + $this->showLoginErrorPage(); + endif; + + return; + + } + + /** + * Send user to the Login page Controller + * + * @param array $params + */ + + function showLoginPage($params = array()) { + + $url = $this->config['public_url'].'/login.php?page=login&go='.urlencode(owa_lib::get_current_url()); + $this->redirectToUrl($url); + return; + + } + + /** + * Shown when the user does not enough priviledges + * + */ + function showPriviledgeErrorPage() { + + $url = $this->config['public_url'].'/login.php?page=not_priviledged'; + $this->redirectToUrl($url); + return; + + } + + function showLoginErrorPage() { + + $url = $this->config['public_url'].'/login.php?page=bad_pass&go='.urlencode(owa_lib::get_current_url()); + $this->redirectToUrl($url); + return; + + } + + /** + * Shown after the temp passkey is found in the database + * + */ + function showResetPasswordPage() { + + $url = $this->config['public_url'].'/login.php?page=reset_password'; + $this->redirectToUrl($url); + return; + } + + /** + * Shown when the temp passkey is not found in the DB + * + */ + function showResetPasswordErrorPage() { + $url = $this->config['public_url'].'/login.php?page=reset_password_error'; + $this->redirectToUrl($url); + return; + } + + /** + * Shown when the temp passkey has been set nd mailed. + * + */ + function showRequestNewPasswordSuccessPage() { + $url = $this->config['public_url'].'/login.php?page=request_password_success'; + $this->redirectToUrl($url); + return; + } + + function redirectToUrl($url) { + + header ('Location: '.$url); + header ('HTTP/1.0 301 Moved Permanently'); + + return; + } + + function setTempPasskey($email_address) { + + $this->u = new owa_user; + $this->u->getUserByEmail($email_address); + + + + if (!empty($this->u->user_id)): + + $this->eq->log(array('email_address' => $this->u->email_address), 'user.set_temp_passkey'); + return true; + //$this->showRequestNewPasswordSuccessPage(); + else: + return false; + //$this->showResetPasswordErrorPage(); + endif; + + return; + + } + + +} + + +?> \ No newline at end of file diff --git a/plugins/event_handlers/observer_password_reset.php b/plugins/event_handlers/observer_password_reset.php new file mode 100644 index 000000000..60f079b9f --- /dev/null +++ b/plugins/event_handlers/observer_password_reset.php @@ -0,0 +1,149 @@ + + * @copyright Copyright © 2006 Peter Adams + * @license http://www.gnu.org/copyleft/gpl.html GPL v2.0 + * @category owa + * @package owa + * @version $Revision$ + * @since owa 1.0.0 + */ + +class Log_observer_password_reset extends owa_observer { + + /** + * Email that mail should go to + * + * @var string + */ + var $_to; + + /** + * Subject of email + * + * @var string + */ + var $_subject; + + /** + * Constructor + * + * @param string $priority + * @param array $conf + * @return Log_observer_announce + */ + function Log_observer_password_reset($priority, $conf) { + + // Call the base class constructor. + $this->owa_observer($priority); + + // Configure the observer to listen for event types + $this->_event_type = array('user.set_temp_passkey', 'user.reset_password'); + + return; + } + + /** + * Notify Event Handler + * + * @param unknown_type $event + * @access public + */ + function notify($event) { + + $this->m = $event['message']; + + switch ($event['event_type']) { + case "user.set_temp_passkey": + $this->setTempPasskey(); + break; + case "user.reset_password": + $this->resetPassword(); + break; + } + + return; + } + + function setTempPasskey() { + + $u = new owa_user; + $u->getUserByEmail($this->m['email_address']); + $u->temp_passkey = md5($u->user_id.time().rand()); + $status = $u->update(); + + // Create mail msg template + if ($status == true): + + $msg = new owa_template(); + + $msg->set_template('password_reset_request_email.tpl'); + $msg->set('key', $u->temp_passkey); + $email = $msg->fetch(); + + //send mail + + mail($u->email_address, + "Request for Password Reset", + $email); + + $this->e->debug('sending password reset request mail to: '.$u->email_address); + endif; + + return; + + } + + function resetPassword() { + + $u = new owa_user; + $u->getUserByTempPasskey($this->m['key']); + $u->temp_passkey = ''; + $u->password = $this->m['password']; + $status = $u->update(); + + if ($status == true): + + $msg = new owa_template(); + + $msg->set_template('password_reset_email.tpl'); + $msg->set('ip', $this->m['ip']); + $email = $msg->fetch(); + + //send mail + + mail($u->email_address, + "Password Reset", + $email); + + $this->e->debug('sending password reset mail to: '.$u->email_address); + endif; + + + return; + } +} + +?> diff --git a/plugins/install/mysql/owa_install_base.php b/plugins/install/mysql/owa_install_base.php index 406cc2beb..7f542712d 100644 --- a/plugins/install/mysql/owa_install_base.php +++ b/plugins/install/mysql/owa_install_base.php @@ -89,7 +89,8 @@ function owa_install_base() { $this->config['visitors_table'], $this->config['impressions_table'], $this->config['clicks_table'], - $this->config['exits_table'] + $this->config['exits_table'], + $this->config['users_table'] ); return; } @@ -166,6 +167,9 @@ function create($table) { case $this->config['exits_table']: return $this->create_exits_table(); break; + case $this->config['users_table']: + return $this->create_users_table(); + break; } @@ -466,6 +470,7 @@ function create_referers_table() { } + function create_documents_table() { return $this->db->query( @@ -482,18 +487,22 @@ function create_documents_table() { } - function create_exits_table() { + function create_users_table() { return $this->db->query( sprintf(" CREATE TABLE %1\$s ( - id BIGINT, - url varchar(255), - page_title varchar(255), - page_type varchar(255), - PRIMARY KEY (id) + user_id varchar(255), + password VARCHAR(255), + role VARCHAR(255), + real_name VARCHAR(255), + email_address VARCHAR(255), + temp_passkey VARCHAR(255), + creation_date BIGINT, + last_update_date BIGINT, + PRIMARY KEY (user_id) )", - $this->config['ns'].$this->config['exits_table']) + $this->config['ns'].$this->config['users_table']) ); } diff --git a/plugins/install/mysql/owa_install_update_to_1_0.php b/plugins/install/mysql/owa_install_update_to_1_0.php index b3251189e..d58ba70fe 100644 --- a/plugins/install/mysql/owa_install_update_to_1_0.php +++ b/plugins/install/mysql/owa_install_update_to_1_0.php @@ -76,7 +76,8 @@ class owa_install_update_to_1_0 extends owa_install { function owa_install_update_to_1_0() { $this->owa_install(); $this->tables = array( $this->config['impressions_table'], - $this->config['clicks_table'] + $this->config['clicks_table'], + $this->config['users_table'] ); return; } @@ -119,6 +120,10 @@ function create($table) { return $this->create_impressions_table(); break; + case $this->config['users_table']: + return $this->create_users_table(); + break; + } return; @@ -177,6 +182,27 @@ function create_impressions_table() { } + function create_users_table() { + + return $this->db->query( + sprintf(" + CREATE TABLE %1\$s ( + user_id varchar(255), + password VARCHAR(255), + role VARCHAR(255), + real_name VARCHAR(255), + email_address VARCHAR(255), + temp_passkey VARCHAR(255), + creation_date BIGINT, + last_update_date BIGINT, + PRIMARY KEY (user_id) + )", + $this->config['ns'].$this->config['users_table']) + ); + + } + + function update_schema_version() { $check = $this->db->get_row(sprintf("SELECT value from %s where id = 'packages'", diff --git a/public/admin/install.php b/public/admin/install.php index 2420b0d48..0b93a0d76 100644 --- a/public/admin/install.php +++ b/public/admin/install.php @@ -20,6 +20,8 @@ require_once(OWA_BASE_DIR.'/owa_php.php'); require_once(OWA_BASE_DIR.'/owa_template.php'); require_once(OWA_BASE_DIR.'/owa_installer.php'); +require_once(OWA_BASE_DIR.'/owa_user.php'); +require_once(OWA_BASE_DIR.'/owa_lib.php'); /** * OWA Installation Script @@ -113,6 +115,11 @@ $page->set('page_title', 'Installation Error'); $body->set('page_h1', 'There was an Error During Installation'); break; + case "set_admin_user": + $body_tpl = 'installer_admin_user.tpl'; + $page->set('page_title', 'Administrator Account Profile Setup'); + $body->set('page_h1', 'Setup your profile by filling in the fields below.'); + break; } @@ -133,8 +140,8 @@ // Package specific msg $status_msg = $install_status; endif; - $body->set('page_h1', 'Installation Complete'); - $body_tpl = 'installer_success.tpl'; + $body->set('page_h1', 'Set Administrator User Profile'); + $body_tpl = 'installer_set_admin_user.tpl'; else: $status_msg = 'The installation failed. See error log for details.'; $body->set('page_h1', 'Installation Problem'); @@ -142,6 +149,19 @@ endif; break; + + case "set_admin_profile": + $params = owa_lib::inputFilter($_GET); + $u = new owa_user; + $u->user_id = $params['user_id']; + $u->password = md5($params['password']); + $u->real_name = $params['real_name']; + $u->email_address = $params['email_address']; + $u->role = 'admin'; + $u->save(); + $body->set('page_h1', 'Installation Complete'); + $body_tpl = 'installer_success.tpl'; + break; } // Global Template assignments diff --git a/public/admin/options.php b/public/admin/options.php index 0bb9db850..5cda073cf 100644 --- a/public/admin/options.php +++ b/public/admin/options.php @@ -21,6 +21,10 @@ require_once(OWA_BASE_DIR.'/owa_template.php'); require_once(OWA_BASE_DIR.'/owa_site.php'); require_once(OWA_BASE_DIR.'/owa_news.php'); +require_once(OWA_BASE_DIR.'/owa_lib.php'); +require_once(OWA_BASE_DIR.'/owa_user.php'); +require_once(OWA_BASE_DIR.'/owa_auth.php'); + /** * OWA Options Admin interface * @@ -33,8 +37,18 @@ * @since owa 1.0.0 */ +// Create instance of OWA $owa = new owa_php; +$auth = &owa_auth::get_instance(); + +// Clean Input arrays +if ($_POST): + $params = owa_lib::inputFilter($_POST); +else: + $params = owa_lib::inputFilter($_GET); +endif; + // Create Template Objects $page = & new owa_template; $body = & new owa_template; @@ -42,25 +56,55 @@ $body_tpl = 'options.tpl';// This is the inner template $body->set('page_title', 'OWA Options'); -switch ($_GET['owa_page']) { - - case "manage_sites": - $body_tpl = 'options_manage_sites.tpl'; - $site = new owa_site; - $sites = $site->getAllSites(); - $body->set('sites', $sites); - break; - -} +if ($params['owa_page']): + + switch ($params['owa_page']) { + + case "manage_sites": + $auth->authenticateUser('admin'); + $body_tpl = 'options_manage_sites.tpl'; + $site = new owa_site; + $sites = $site->getAllSites(); + $body->set('sites', $sites); + break; + case "user_roster": + $auth->authenticateUser('admin'); + $body_tpl = 'options_user_roster.tpl'; + $u = new owa_user; + $users = $u->getAllUsers(); + $body->set('users', $users); + break; + case "user_roster_success": + $auth->authenticateUser('admin'); + $body_tpl = 'options_user_roster.tpl'; + $u = new owa_user; + $users = $u->getAllUsers(); + $body->set('users', $users); + $body->set('status', 'User profile Saved Successfully.'); + break; + case "edit_user_profile": + $auth->authenticateUser('admin'); + $body_tpl = 'options_edit_user_profile.tpl'; + $u = new owa_user; + $u->getUserByPK($params['user_id']); + $body->set('user', get_object_vars($u)); + $body->set('roles', $auth->roles); + $body->set('page_title', 'OWA - Edit User Profile'); + $body->set('headline', 'Edit User Profile'); + break; + } -switch ($_POST['action']) { +endif; + + +switch ($params['action']) { case "add_site": $site = new owa_site; - $site->name = $_POST['name']; - $site->description = $_POST['description']; - $site->site_family = $_POST['site_family']; + $site->name = $params['name']; + $site->description = $params['description']; + $site->site_family = $params['site_family']; $site_id = $site->addNewSite(); if ($site_id != false): @@ -86,10 +130,6 @@ $owa->reset_config(); break; - -} - -switch ($_GET['action']) { case "get_tag": $status_msg = ""; @@ -101,6 +141,20 @@ $body->set('tag', $tag); break; + + case "edit_user_profile": + $u = new owa_user; + $u->getUserByPK($params['user_id']); + $u->email_address = $params['email_address']; + $u->real_name = $params['real_name']; + $u->role = $params['role']; + $u->update(); + + $t = new owa_template(); + $url = $t->make_admin_link('options.php', array('owa_page' => 'user_roster_success')); + owa_lib::redirectBrowser($url); + + break; } //Fetch latest OWA news diff --git a/public/i/user_icon_large.jpg b/public/i/user_icon_large.jpg new file mode 100644 index 0000000000000000000000000000000000000000..0ddf2e8c1e3f8b00a3d26a117cf4411755b66ccd GIT binary patch literal 19662 zcmeG^30M@z(!IOfAc|r<63vPnVuXd|SXdE6KtMr|L%~FO%kBURd$~I+hf%zuF)_cv zBOb}qsG#w9@u^XaL{SqFjqfQaDiTE_-Us4^25?@@?2WLI9DeW5+u_@p?&|95s_L5R zp6;TF^TcJ;W6bF2(TGN;p(yx6#1(Vfh&*8iLb0)EC_=~zS<-qU2Bc{4hiLtgIh95z zo%W_SolP5}#-Rg_H-bAF06#g6O{EKQ7KrenwCUl1 zM_v{*hMGqUeK}|Yb#l;L_2mGasQION(zUc1H7at3yb~Si@*c9IWJ(K*MRejmvZr!L zFbgQqh&nV6*;!dxSzFmzTiZF<+Soeu?rvw-y?5VUy?XcR)z`s}y3`LfAAPyo2D>NMWGH6bS?m%NW(1?p5wi)pQEd;nUr%{($ zWCj?DnYo3fm9>p6n1f*<4bd5z!XAibMq|*;=;oFdR^|*lA1HKSm<{UbZ5}$F*UM?@ zY_^4C(YhU@20QmoIF#<=E1y#pX6dpd@xhfQzQXT~^*iUfhA&MLL>%6L`}e6%{uz6? zYu@*#l~*5)c3W2b!8gl)IMeXBWcQJpYfmO*Oq>7N#yu5huRrBPPRz_*uwql`(Q`MN z9T1%k+?r85Sz4I;Q7jDd?r8=bOm*sI&YoT5NOEu}q3VH;bNUteoF!q2z4;2?CKn5m z0ZUiE!_~mVhCYIbWPcp{S<6D_9JuLNATA&~2Gynm3PDejmLwN^vhh24|G$;jH5V7B z4v5|6vh0%v`PHMx%>O>&!HmlRdEI(DFG(z0ymU$!$ET<=XkPMyh5W7i%i^k^KF@hv zc*|pBz=(C<&v9{KM*|*l>Pd3smhM#xnT#JEz84^U{6Fd!!&{aAD0M%vc~Q+W%LOeP-W@i5 z=H~>;Z4Nm(X>E1|fyUH-=UjZuwdl=F<1puC1R|;$xeMK#TSFEmFJH5+&6z;ktqg9Ky5(!$z3#}JJ#NGzxC_e*RU)tWLz!+K|cpkgCv3Z(iB`D3s|*s#&j$2ea@r zp(I0^rkcsT+Q4NnEe#c9D-}2rsUqH6(g@!qikZIQ|NlAwjame0IZvnK&u@yt(lRwpX7H@ zug0mrJk1AfzREn`D9;^D^mQ}Tb~AlFyVo;(J!n_D6yAdW3Da#aXD7Dn;T>RLc50LE z1kB-dY`cMmV3X}qAFQg+U9HdVlI=qGMT4(~g^qaAagXDPbzj;#Z`PsVYuv&sdRtGK z*fUqKf&X9&mdOPF3j=&- zV(Ja@$%)Ju(;!doa{M8Kym|^48XpboD&)SO=3`$w5AyQzWP>&9CVR%FlCb?Y4LFo;EMhz8qGd$+f!t=v2+NQ4T8L5O~dK9aak+-F$O z6BwE1Ll~`8IE$wAJbefiz9N8{5QxH{!ej~wNRvS=+AGTn^`m`CWtm#wO9_gHdla~b zI=F-k${{J!sC{Qws?1(jF=Q4}?MQc{U}Uh$Knk;;VV?1b%3D)+xY1O#Y^XeNO4e~x z?PuF)Ij7oWJfU!+5Gx}CNc<=GE7OAv!ZgO9zZAbk*c2>b09zw6%M4*U4JsmNQ9e8 zRx*nqjs_uL_;p80q(B&wqckK$d?ZB@NQn>+AejKCT7bLZrEfDN6;0rh7E2#N15~q1 zW+h6I2p*(R7U@!@M4*UE&*no;T`z%;dqa*i6O;t;RU)Y*lT4FW43>fG=SSgEu{uw& zk&v0CDJNO8P>6(lOff+eqktUEpdE9n48T3%XGvwE!}VxeX3C{XnE}WG;tDc_5=^2L zLmj(_M3Oq}r~(Y~-FQk|8i`3TIru~JRYOVO;MB-ADr6EumPCs)neh0t(z=r6y>6u|tkyNgyTn82XQIXmL zsDj2xC8Vycaj7g$i7POTVUT4uA~2+vpmym}91Q9uxGi*XR(o{nJsm<4Lw4|^g*>3r zs`t);O4HOH%#q5G22H1Gk@$$w1UFKNq@j|=`vpRS9|ODw^@XrIQ=pzHQ1ALvQ=r~o zDNs-48wSC-M5EE8imj|nk^5(PJJgd0Vi3uzL}a$`~` zc+Lp7l-PJC4r4}+5NASsq6a%*7&Ai->(;qac@9Jh`nv%^xgdj^5I$N>4ss*h^dbjy zeLSV|OqO?GU?9tj&0@1X0K-F(4{=&~9umc1XpLe+n4+y_Ag(Zlk`@}WVNy+nV+v|j z8@_;;WYavDi{K;NluDt1%i*zoyxG3MXof#Tt9c93J$U{;0*~}SOu+Z{;;?yw3^yC5 zx=9QI(K~LGEYUQ}WCoF0E;U9ag2u66Uv{8xpg)Hl=oiFlUk21w`0>I#Oq3EX6k`(d zYc1FhBK#=i_63GDQuS&C>etXK08Ow+(e+gEC#XlJ*OLZa0tKKP9~Sh<>tRF_vfpuM z$uz}!J*I_mqaZ|8D$fswZ!ry?7WR7B$AuZ4m>F53$26Jc>IM3d>jp2uNNb^hDG+fa z6)DMJM~EI}X>j$yTHMr*arMDkTpen%M2H82)l$v11HT^Cfv@Yh&oxevG(lz%|ur|^TQ&TxsDiCJmze;62Ol@Uwny`D$d!_37xEcZ!>o73} zM;lE23r8paq@u^Z8vC{NLTs$@eh`Z(Z$NcLY%Dii%2$Hl!=uB4Rbz`l$_MwXdjnOD z+9$)9qo%|)B=&mb74Wsf%HTtc8ova57AC?-nH2EGdaI=s@VOaO@OrRN4DmCpY#9c@ zqdI8E{HmNc44E)^vb4i7X~}>7Woo2LIyR}xq^>S$pi9Um>oTdUOB(1BvdOwk>gtjP zx`b@9E|a>tq=7CWo2<*Et}bbyOUNecGO4Re8t4-8Z?!HP-GV+QfmQrmSgzMQ)ng>N zEkK>>p*l0;mF{%i1>qy=ORpw*h6P;%f90p%sUC0)hVE1kOE}eIJ+Ns(hm$F^m!*}3 zxtTS?2F^RN1+WDJ+Se9B5yO&hMYBdWwmlG?#(;A@7$iq@3u`3}PW*5%?`bi}vX>LG z@^%bm5AJO}e$*R0XP-U^Q)l;0FLDW6x8s4UuiU2Jp(;POD~bMdnwG2&Pf|pT=0x&` zBu|*wf9K)qpC1b5;!EdY8+Ltv`l@?C#v|p>KyFm@n3U8>nOVZ@X}Nj%1s}{`@ZrLb zmM#Bm#mZHyi%T|c`fBr*Z+7n~-TUpnAC6QUtvq)8OwHMI=W8!CT)Teb=B?Y0pFC}T z_WTzRpFD@ejA3qOW@cewE(Vqz;2aWjZwutqD|Eaio98&yYSiq(MZFW&rN7~0y~FuX zRhaxipDS~G;W(1M{P3prJ6-+yCHY4P+-wwcmyX6sev>if1kStLn0?;1ZWQ>(Va*Vm6DbB;mWV}R-V84EHFA%n7?q<=5LSH-g-WiJ7!XL!AGmN z>^pwp_AiD9htyxK-`70F^`|wcVd=Bx`}?cL-(@XLx$8H1++ZyJ&=;FG<<5Vd*W4hM!Vn%l9{pU9^h-e%+!skBo?j@O$g@Iri7? za8O99>!gDBj-Rf)HvZ%%srb%a?#)wfpPZW7|NR5(x$a|~#>RbGylLzFsJbN4(u$q* zPoAeu1fDjvG*7uhR8f3IWH#LMIW}v(PYr)_){P}!#J8PVHS|udi_65t13oI=eAeA5 z@U00GzKeWo>(^U$xL^L@yPd=2E!*+187e z$jh#sw5i{$it2I4eu*hcWQsZ0&p|g}0Wsas;DXj#yG{_2wcWAfyI zHrc5epN#vgXz*td(-v|1|0AcV@#6I2H*Q}VFmc}l<=*W5&*2!Bo7{bos?px)S_qU^mcO*^+m5;l8AyIsM zTY}4!;nSQUa~cAcI*1#M;n@_ z+~QSF7qZ{o)bG3Dig$KS8(3fGv}RMzlVs1fgN-9w7FDgzzIU~()YC63E7u|~|N8t{ zEp$9e!%N__NDJDPey)RS#vmjsO!dco7Xt~n3lFVyePafRa#j-5Z*Y8^0Lnt zyuee}wmvymcy2LCy5-xwg*PHr5$NRP+_pTDjo*Z0n}(&f{kw(r&6bw>M$X4~UtCJt z_ptEG@<)Zz4L^Qe|8W|{=h^ccZsa!Sv~kWB_9PIt;C|u!)AembK$UA7{kC~Dynu6a z_O9*z%in_tlm^`OtZ%+nc-f9XcMpOY-KlRp4l3(MpxRj!qxH)PG|PuTyT~5hUReGP zoZyv7pbQ4t5d@k!@dY~h;)ErradC4?b9wC`uvO`cH`}ffsC?avMNjGpG^%_*fwtvR H>aYC|6Pz{; literal 0 HcmV?d00001 diff --git a/public/i/user_icon_small.jpg b/public/i/user_icon_small.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b920a061ce33d588db90393ebc04089182e72fca GIT binary patch literal 18160 zcmeG^3wTpS){~@3oAd#t<+-1jmPfGPpXSkbHVyVkiv(($LSeuC`EHV%G&IQ#$qj8` zU6zNUuKp|!Mchx6hq}7%iijw>E~5BAWq%6-qQ4K2RbUqcQ9%*&pPA&|JetPF2j8xn z+b{RdoH=vmoHOU1nLBejfwux5prKP6n;VfpC_qi{hXO}MA2jqhYzP^Rs0bmHfzk!T zkO)!&_(Os*NKDcQnFT-N)AIzALO4Re(IB{^tKjDqXh}LB(koXuP+F+&7I?k^KWGtC z4L)nEjG30VbTTaC>tsCgx;D9yvN+s0i?nKWxlUcF(^SYcYMr`NrzwMaqWc8Fb^`%~ z?i2F#^Y0V!=@Ed3FNr`D;!zSQhhS`24#C7oIY1{Neg(xsp0@DeAh~GX1Mzfu8f6ig z=GGaJFmMLtkQ}o91}F#u@1W%6%ttlhLR?hq-RKFnP3jlg#siLafL&XAWa|=rU}LAk_@pZs{{&jMQH`Y zG~$};sl3AZOSF>wRU03x9XEb>>uz&Nsds5#UHXL8ZD)_3v-rwJY}&SLV*MJEwc+{A zZ28Fj?Z@a(A7B2$0sn{R8x?D}+_?RYJ#QZW?EWWSJoxv|XWACrbms#*UOM#A7Zp=x z*}GS)d+^DZ4}W|i7YT*HZ5rVzT_P?cEEH&lr2z-?3-iR zUDr0;;wwEjL4p}bpIG+%eqdtrNNYoTIZGeoSs0iDMVN)a+bBy!+RR0h(Pxi*{rgE> z4ZnKYZyS<*B<4K6gPht8B(N{qX}^x0asxNIzPsdHvVjMbFw@k1Trj zG?ljXxtwt)?s@;v1y}Qo+SRXJe$;mQuXlaeZCFH&UmHMyH~!gOi9{6$<>b6^@^62- zZqcs3d(W@{VO!lY3lF`2yPOb1?4eLQS!{P)@rojMd?`R~NRM8kLoW zlMOO`LH&$6)9jW8xyR}7vGSJo+G)*o@g6rdn%hir zAf{3^OfQrdcCxHTr&4uycNbF_z1YIIFrrV@;$=Lvm+hSfRFzPn*veW9p}k-;QG5Z^ z>aef|nN;6J_Zomih?vI<{-n5tveS)>*F{0n*u;1p3mG>{Ia_I;UWM_YTBv&b`mDp! zMYF{gFHNzGm#ZVy`&b}vk8KV>F3Jr}0%iz9CQV4#!P2f8ub1i#lcsPM7=wx&YXi{u zcHuA)VBKk`(CSqrf$1jX$l`R+ZkA^Ukdu)$F>M!Pt*2NzlDHM}2JG^c>Pn@i!lWtJ zm6hu>Rde(zQuM9-`dFaQ=%nnCRH5r>=mmpXui}zKp(;+JdKIT;XlJnYGsBBjL$UBu zaE@@QWCk~IMNLaUnmbPMGD{To+EO{$TJei1@cqcg2LkC7*I@HJAx|Y$dITmhN)?IaQqfIYw&ZI_t{C=E_7cr_-a__Xu*zqI^_y~X@|X8T*K$w!XUkEvBy>1 z!uZ%Wi`U@+mmXg0NcaYSe~+6;L~N}gM%HKvC3c*}R+ z!+w9DVLj|OBKs7eKjOIlFJ{28!VX};1B~JWfK!7zYz`#$z(24Bdpy?vgaLjaF(U@~ z_BQ#n)F6*{Iew5qJ~RcaX=#Ra6}<1qeeCn|Aho(!3)UQ->?N8?!uHz&_~e_$Sh~W5 zY?RYStMJ}dqN;4KCt~6nfA@+jHj1ns%C!tf?zEf$pfdjjv~09E#o;SZHhi8 zI88`pvq6ay?hp|Immmb$xc+V)q9yP-aOZGv+=&1w!w@3lMaU!Mfe4zom*@m8j$0J? zK4nBRm^5^2NN+gyCY;M4IjjfJiSXLsFN8T3poqk{1a&tCXGLvr3(AVK2!cZp!tpyp zkRSOFjl5_sav%$0kQ-7?L;=JOaMA+YqpwJt!Bn_t93CqYfdhuv#aXxC>4XOsN@8aG zZmVyGd7cGwp?a+rRs%U~CddRqLr%tR$7y^`qit+tzLsTNp*&%u)!xaKW7Z@-r^7<~ zW;&<&ASZ}wM@-59JPdy6B-30UK|9^<%~W_Pd}?Rzn-64m+vpjLii3`q{Ruc4J=1KjW1NgPLbo(Wyt8H-Nd(@B^Z%7UL@@>!A&zIVAKEeLrqY>GjH7Lr;R9|>QA z8&)DN#m1{gNDTBK8f_HBlBJ^0QqgB0eerJ)eMT(00PGhbJkEg4V1w$%0-NYDjR2L){e4m1&S31P5k`@9-M~OmFWo}{7@b)@sG9GNan)siQj`O$)tr+rsH4%fc>8l~sY`+{V!Ih{ z7ev36D}bQaYSXpWH-^YTu38Zh4cA>#%y{i8O;uHuO089CwMxKH`g$Sus7LAcjf2(* z8;%aXT9mks4k9fyB$Jb->S-TYsfAg+95+qD_{vr*{Cv2{`{B9d)oHmqdt4gcNE3{Q* zdR1&0P!Hm_IC^MjN4>*EyYUwY#D#^BV+*2d%#Nr5ac+b>sS!~CnowcUBUJGtsK*o0 zlTlp)1)!V~74*rKVT6mVj^9}xt~jE{c$lsU!Y&zauK~U+e;1HLk< z178=v&p9WEO;E0foURUU_s}>ZGb#cz6m$AG^4GcMIOCm>2#Em9)W#qM5cws&8aY4o}t3^dSX)Kcu-dIgYTB}88BLUe4 zhYMmtRP#JE1Vo0R@%arpZx}LR@Ko``F}CC%|4KEIl#WyCN~tR;4J3t}vaXc6lF~p@ z$SLbesVgZBB!!%^u9Uix(m+zkDeFq9D=7^mg`Bdkl)94AKvKxx)w*Qi1%28LtN7ip zTpw}#!nJr?fE>RNJltSVcVYN~kciL~Q4=3FAmreKenuR>0Ou8ik6#eM@e7-PO^FbW z5a6%$42d{RDw4s$6qx{)h@gGG5Q;?U!VG~F$ufr`p+E!&Fo-ZmLW$HbfTJ05#ls{8 z>3M}HLz7>l9XDKheeDQpe96ex`AbHbS52tf_}JNrrC!qiy9&&#m56Z}K%X zR!p%>YM(i4%(mzEAN$n0j9s&w-u(Cr2R^)}(stfoRHbWbp4u^cj=j?{Z$WoY@4_2z zT5xfDS?bSi+BUIlw5hzos*w4Xt!ZR2zwNYtX2tRw3B%{F z8MAiFc6@Tg9l@g`CQX@TtK?6Q2p=8M)X~{<^Id;<>Xo-nT&!xI?dZK_{X;wV9y$4C zk#6doc?)m7`{Acwef!i`(I-5-`^jGyjr;l5`8{{v@R#4c_>1++em;J^>}LJ3J2%|4 z;npRsw_o>&W#S!Qo+vudu`0Vd|AU9VTIoM?%L9i_?|c7=ZJ)Yjw;j5!V0hu)wXg2J zzUm%t$Nw$fuxr9?tJAl)HqV`U;QoR!V~f6|XqTbs_=W#IwZHn(qyE4f@3d`w=Dj~| zFTbtl)_s3m`NE;sX57Bd_4Va4=lU`G9{>HlSJ_^vshM?M_K5cEv9+7lpL}@8JEpeR z&;4!np8x&XqDR@R4~h=w?c8yQDcoGW;<-2btpE7pPex_-Rb!96e(dUA^Ms zy=PZ$JGgn)n!T6abCo}N`eFdRyW#TTrvrUQ3c9)+)Ry~~F*~Nq=4IWWAFcc4UU6CR z)QnEYhrcZ_8h`oZrawQhbX(c5@xG$h#_U)(X32#!&mLaL>-iCO;>K>rxI z%YWvv%LnJ4yZYGGyH~uoctHTIfOB8IIjea8^12Jl&g@zlKtsRzB!Fa>uHG3y6E5Ab Q*nj-;K7-)~tgj>g51uu{NB{r; literal 0 HcmV?d00001 diff --git a/public/login.php b/public/login.php new file mode 100644 index 000000000..e794ebc01 --- /dev/null +++ b/public/login.php @@ -0,0 +1,189 @@ + + * @copyright Copyright © 2006 Peter Adams + * @license http://www.gnu.org/copyleft/gpl.html GPL v2.0 + * @category owa + * @package owa + * @version $Revision$ + * @since owa 1.0.0 + */ + +// Instantiate OWA +$owa = new owa_php; + +// Clean Input arrays +if ($_POST): + $params = owa_lib::inputFilter($_POST); +else: + $params = owa_lib::inputFilter($_GET); +endif; + +// Decode the redirect URL +$params['go'] = urldecode($params['go']); + + +// page controllers + +if (!empty($params['page'])): + + $page = & new owa_template($params); + $page->set_template($owa->config['report_wrapper']); + $body = & new owa_template($params); + + switch ($params['page']) { + + case "login": + $params['user_id'] = $_COOKIE['u']; + $body->set_template('login_form.tpl');// This is the inner template + $body->set('headline', 'Please login using the from below'); + $body->set('u', $_COOKIE['u']); + + if (!empty($params['go'])): + + $body->set('go', $params['go']); + else: + $body->set('go', $page->config['home_url']); + endif; + + $body->set('status_msg', ''); + + break; + + case "bad_pass": + $params['user_id'] = $_COOKIE['u']; + $body->set_template('login_form.tpl');// This is the inner template + $body->set('headline', 'Login Failed'); + $body->set('u', $_COOKIE['u']); + + if (!empty($params['go'])): + + $body->set('go', $params['go']); + else: + $body->set('go', $page->config['home_url']); + endif; + + $body->set('status_msg', 'Your Password or user name was not correct.'); + + break; + + case "not_priviledged": + print "you are not priviledege to access the requested resource."; + break; + case "request_new_password": + $body->set_template('request_password_form.tpl');// This is the inner template + $body->set('headline', 'Type in the email addressthat you registered with'); + $body->set('u', $_COOKIE['u']); + break; + case "request_new_password_success": + $body->set_template('status.tpl');// This is the inner template + $body->set('headline', 'Almost done!'); + $body->set('status_msg', 'An e-mail has been sent to your address with further instructions.'); + break; + case "request_new_password_error": + $body->set_template('error.tpl');// This is the inner template + $body->set('page_h1', 'Houston, we have a problem...'); + $body->set('error_msg', 'The e-mail address that you entered was not found in our database.'); + break; + case "reset_password": + + $auth = & owa_auth::get_instance(); + $status = $auth->authenticateUserTempPasskey($params['k']); + + $body->set_template('reset_password_form.tpl');// This is the inner template + $body->set('headline', 'Choose a new password...'); + $body->set('key', $params['k']); + $body->set('status_msg', ''); + break; + case "reset_password_success": + $body->set_template('status.tpl');// This is the inner template + $body->set('page_h1', 'Success!'); + $body->set('status_msg', 'Your Password has been changed.'); + break; + + } + + $page->set('content', $body); + echo $page->fetch(); + +endif; + + +// Action controllers +if (!empty($params['action'])): + + switch ($params['action']) { + + case "auth": + $owa->e->debug('performing authentication'); + $auth = &owa_auth::get_instance(); + $status = $auth->authenticateNewBrowser($params['user_id'], $params['password']); + + if ($status == true): + $url = $params['go']; + else: + $url = $_SERVER['PHP_SELF'].'?page=bad_pass&'.$params['go']; + endif; + break; + case "request_new_password": + $auth = &owa_auth::get_instance(); + $status = $auth->setTempPasskey($params['email_address']); + + if ($status == true): + $url = $_SERVER['PHP_SELF'].'?page=request_new_password_success'; + else: + $url = $_SERVER['PHP_SELF'].'?page=request_new_password_error'; + endif; + break; + case "reset_password": + $auth = & owa_auth::get_instance(); + $status = $auth->authenticateUserTempPasskey($params['k']); + + //check to see if psswords match + + // log to event queue + if ($status == true): + $eq = & eventQueue::get_instance(); + $new_password = array('key' => $params['k'], 'password' => $auth->encryptPassword($params['password']), 'ip' => $_SERVER['REMOTE_ADDR']); + $eq->log($new_password, 'user.reset_password'); + + $url = $_SERVER['PHP_SELF'].'?page=reset_password_success'; + + endif; + + break; + + } + // 301 redirect to URL + header ('Location: '.$url); + header ('HTTP/1.0 301 Moved Permanently'); + return; + +endif; + +?> diff --git a/public/reports/click_report.php b/public/reports/click_report.php index f2ffc0ef9..6ba61d2a6 100644 --- a/public/reports/click_report.php +++ b/public/reports/click_report.php @@ -17,6 +17,7 @@ // require_once(OWA_BASE_DIR.'/owa_report.php'); +require_once(OWA_BASE_DIR.'/owa_auth.php'); /** * Document Report @@ -30,6 +31,9 @@ * @since owa 1.0.0 */ +$auth = &owa_auth::get_instance(); +$auth->authenticateUser('viewer'); + $report = new owa_report; // Setup the templates diff --git a/public/reports/content_report.php b/public/reports/content_report.php index 7f72dd8e1..32285f8d5 100644 --- a/public/reports/content_report.php +++ b/public/reports/content_report.php @@ -17,6 +17,7 @@ // require_once(OWA_BASE_DIR.'/owa_report.php'); +require_once(OWA_BASE_DIR.'/owa_auth.php'); /** * Content Report @@ -30,7 +31,11 @@ * @since owa 1.0.0 */ +$auth = &owa_auth::get_instance(); +$auth->authenticateUser('viewer'); + $report = new owa_report; +$report->authenticateUser('viewer'); // Setup the templates diff --git a/public/reports/dashboard_report.php b/public/reports/dashboard_report.php index dfae4d3f3..2b0d84fcb 100644 --- a/public/reports/dashboard_report.php +++ b/public/reports/dashboard_report.php @@ -18,17 +18,25 @@ require_once(OWA_BASE_DIR.'/owa_report.php'); require_once(OWA_BASE_DIR.'/owa_news.php'); +require_once(OWA_BASE_DIR.'/owa_auth.php'); + +/** + * Dashboard Report + * + * @author Peter Adams + * @copyright Copyright © 2006 Peter Adams + * @license http://www.gnu.org/copyleft/gpl.html GPL v2.0 + * @category owa + * @package owa + * @version $Revision$ + * @since owa 1.0.0 + */ + +$auth = &owa_auth::get_instance(); +$auth->authenticateUser('viewer'); $report = new owa_report; -// Set the reporting period -/* -if (!empty($report->params['period'])): - $report->set_period($report->params['period']); -else: - $report->set_period('today'); -endif; - */ // Setup the templates $body = & new owa_template($report->params); diff --git a/public/reports/document_report.php b/public/reports/document_report.php index 8f7f55183..3f4789270 100644 --- a/public/reports/document_report.php +++ b/public/reports/document_report.php @@ -17,6 +17,7 @@ // require_once(OWA_BASE_DIR.'/owa_report.php'); +require_once(OWA_BASE_DIR.'/owa_auth.php'); /** * Document Report @@ -30,6 +31,9 @@ * @since owa 1.0.0 */ +$auth = &owa_auth::get_instance(); +$auth->authenticateUser('viewer'); + $report = new owa_report; // Setup the templates diff --git a/public/reports/feeds_report.php b/public/reports/feeds_report.php index dbb08bb08..d73649355 100644 --- a/public/reports/feeds_report.php +++ b/public/reports/feeds_report.php @@ -17,6 +17,7 @@ // require_once(OWA_BASE_DIR.'/owa_report.php'); +require_once(OWA_BASE_DIR.'/owa_auth.php'); /** * Feeds Report @@ -30,6 +31,9 @@ * @since owa 1.0.0 */ +$auth = &owa_auth::get_instance(); +$auth->authenticateUser('viewer'); + $report = new owa_report; // Setup the templates diff --git a/public/reports/index.php b/public/reports/index.php index 7a7681f6b..00b4d8999 100644 --- a/public/reports/index.php +++ b/public/reports/index.php @@ -18,7 +18,8 @@ include_once '../set_env.php'; include_once OWA_BASE_DIR.'/owa_php.php'; - +include_once OWA_BASE_DIR.'/owa_lib.php'; +include_once OWA_BASE_DIR.'/owa_auth.php'; /** * Generic Report Controler * @@ -32,7 +33,8 @@ */ //$config['report_wrapper'] = ''; -$owa = new owa($config); +$owa = new owa($config); include_once($owa->config['reporting_dir'].$_GET['page']); + ?> \ No newline at end of file diff --git a/public/reports/session_report.php b/public/reports/session_report.php index ba27e5ad2..4fc3c7b6e 100644 --- a/public/reports/session_report.php +++ b/public/reports/session_report.php @@ -17,6 +17,7 @@ // require_once(OWA_BASE_DIR.'/owa_report.php'); +require_once(OWA_BASE_DIR.'/owa_auth.php'); /** * Session Report @@ -30,6 +31,9 @@ * @since owa 1.0.0 */ +$auth = &owa_auth::get_instance(); +$auth->authenticateUser('viewer'); + $report = new owa_report; // Setup the templates diff --git a/public/reports/traffic_report.php b/public/reports/traffic_report.php index 2d7e64c41..8a72fa8cc 100644 --- a/public/reports/traffic_report.php +++ b/public/reports/traffic_report.php @@ -17,6 +17,7 @@ // require_once(OWA_BASE_DIR.'/owa_report.php'); +require_once(OWA_BASE_DIR.'/owa_auth.php'); /** * Traffic Report @@ -30,6 +31,9 @@ * @since owa 1.0.0 */ +$auth = &owa_auth::get_instance(); +$auth->authenticateUser('viewer'); + $report = new owa_report; // Setup the templates diff --git a/public/reports/visitor_report.php b/public/reports/visitor_report.php index cd56cbc93..961dc1a55 100644 --- a/public/reports/visitor_report.php +++ b/public/reports/visitor_report.php @@ -17,6 +17,7 @@ // require_once(OWA_BASE_DIR.'/owa_report.php'); +require_once(OWA_BASE_DIR.'/owa_auth.php'); /** * Visitor Report @@ -30,6 +31,9 @@ * @since owa 1.0.0 */ +$auth = &owa_auth::get_instance(); +$auth->authenticateUser('viewer'); + $report = new owa_report; // Setup the templates diff --git a/public/reports/visitors_report.php b/public/reports/visitors_report.php index 1549c8198..7128d7537 100644 --- a/public/reports/visitors_report.php +++ b/public/reports/visitors_report.php @@ -17,6 +17,7 @@ // require_once(OWA_BASE_DIR.'/owa_report.php'); +require_once(OWA_BASE_DIR.'/owa_auth.php'); /** * Visitors Report @@ -30,6 +31,9 @@ * @since owa 1.0.0 */ +$auth = &owa_auth::get_instance(); +$auth->authenticateUser('viewer'); + $report = new owa_report; // Setup the templates diff --git a/templates/css.tpl b/templates/css.tpl index 21afe1c3e..31d9d2822 100644 --- a/templates/css.tpl +++ b/templates/css.tpl @@ -74,6 +74,8 @@ fieldset{margin: 7px;} .owa_banner {background-color: #cccccc; padding:4px; font-weight:bold;} .visible {display:;} .invisible {display:none;} +.status {color: #ffffff; border: 2px solid #000000; padding: 5px; background-color: green; font-size: 14px; font-weight:bold;} + #admin_nav{font-size:12px;} #keywords{width:400px;} diff --git a/templates/error.tpl b/templates/error.tpl index 615357eac..2b5e7c9a4 100644 --- a/templates/error.tpl +++ b/templates/error.tpl @@ -1,8 +1,8 @@

-

- +
+
diff --git a/templates/installer_set_admin_user.tpl b/templates/installer_set_admin_user.tpl new file mode 100644 index 000000000..e4744766f --- /dev/null +++ b/templates/installer_set_admin_user.tpl @@ -0,0 +1,51 @@ + + +

+ +
+ +
+ +
+ +
+ Set your the Admin User Profile for your Installation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
User Name
Password
Password
Real Name
Email Address
+ +
+ +
+ +
+ \ No newline at end of file diff --git a/templates/login_form.tpl b/templates/login_form.tpl new file mode 100644 index 000000000..28fd23712 --- /dev/null +++ b/templates/login_form.tpl @@ -0,0 +1,43 @@ + + +

+ +
+ +
+ +
+ +
+ Login + + + + + + + + + + + + + + + + + + + + +
User Name
Password
+ + +
+ Forgot your password? +
+ +
+ +
+ \ No newline at end of file diff --git a/templates/options.tpl b/templates/options.tpl index a24505fe8..3cdf5e018 100644 --- a/templates/options.tpl +++ b/templates/options.tpl @@ -8,6 +8,8 @@ diff --git a/templates/options_edit_user_profile.tpl b/templates/options_edit_user_profile.tpl new file mode 100644 index 000000000..74e49e59b --- /dev/null +++ b/templates/options_edit_user_profile.tpl @@ -0,0 +1,46 @@ + + + + + +
+ +OWA User Accounts + + + + + + + + + + + + + + + + + + + + + + + +
UserRoleE-mail AddressOptions
+ + + + Delete user?
+ + + +
+ +
diff --git a/templates/options_user_roster.tpl b/templates/options_user_roster.tpl new file mode 100644 index 000000000..d247ea201 --- /dev/null +++ b/templates/options_user_roster.tpl @@ -0,0 +1,33 @@ + + + + +
+ + + +
+ +OWA User Accounts + + + + + + + + + + $value):?> + + + + + + + + + +
UserRoleLast UpdatedOptions
Edit
+ +
diff --git a/templates/password_reset_email.tpl b/templates/password_reset_email.tpl new file mode 100644 index 000000000..1669c592f --- /dev/null +++ b/templates/password_reset_email.tpl @@ -0,0 +1 @@ +Your OWA password was successfully changed on from IP address . diff --git a/templates/password_reset_request_email.tpl b/templates/password_reset_request_email.tpl new file mode 100644 index 000000000..6121e51b0 --- /dev/null +++ b/templates/password_reset_request_email.tpl @@ -0,0 +1,6 @@ +Someone, hopefully you, has requested a reset of their OWA password. + +If this message was generated in error, please disregard. If not, please click on the link below +to complete the process. + +config['public_url'].'/login.php?page=reset_password&k='.$key;?> \ No newline at end of file diff --git a/templates/request_password_form.tpl b/templates/request_password_form.tpl new file mode 100644 index 000000000..df42d8e51 --- /dev/null +++ b/templates/request_password_form.tpl @@ -0,0 +1,32 @@ + + +

+ +
+ +
+ +
+ +
+ Login + + + + + + + + + + + +
E-mail Address
+ + +
+ +
+ +
+ \ No newline at end of file diff --git a/templates/reset_password_form.tpl b/templates/reset_password_form.tpl new file mode 100644 index 000000000..25f74bf2a --- /dev/null +++ b/templates/reset_password_form.tpl @@ -0,0 +1,39 @@ + + +

+ +
+ +
+ +
+ +
+ Login + + + + + + + + + + + + + + + + + + +
New Password
Re-type your Password
+ + +
+ +
+ +
+ \ No newline at end of file diff --git a/templates/status.tpl b/templates/status.tpl new file mode 100644 index 000000000..7ba8d9405 --- /dev/null +++ b/templates/status.tpl @@ -0,0 +1,9 @@ +

+

+

+

+ +
+ + + \ No newline at end of file diff --git a/wp_plugin.php b/wp_plugin.php index 7025846ac..efdd63e87 100644 --- a/wp_plugin.php +++ b/wp_plugin.php @@ -41,6 +41,7 @@ $owa_config['action_url'] = get_bloginfo('url').'/index.php'; $owa_config['inter_report_link_template'] = '%s/%s&%s'; $owa_config['inter_admin_link_template'] = '%s/%s&%s'; +$owa_config['authentication'] = 'none'; // Needed to avoid a fetch of configuration from db during installation if (($_GET['action'] == 'activate') && ($_GET['plugin'] == 'owa/wp_plugin.php')):