Details | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
226 | daniel-mar | 1 | <?php |
2 | |||
3 | # todo: via post erhalten |
||
4 | $cfg_auth_passwords = array(); |
||
5 | $cfg_auth_passwords[] = 'marie,marie'; |
||
6 | $cfg_auth_passwords[] = 'vierzig'; |
||
7 | $cfg_auth_passwords[] = 'johnl17'; |
||
8 | |||
9 | if (!headers_sent()) header('Content-Type: text/plain'); |
||
10 | echo output(__DIR__ . '/.volcano_db/*', $cfg_auth_passwords); |
||
11 | |||
12 | # --- |
||
13 | |||
14 | # todo fut: oop |
||
15 | function check_auth($auth_passwords, $auth_objs) { |
||
16 | foreach ($auth_objs as &$auth_obj) { |
||
17 | $auth_method = $auth_obj[0]; |
||
18 | $auth_data = $auth_obj[1]; |
||
19 | |||
20 | $auth_method = strtolower($auth_method); |
||
21 | |||
22 | foreach ($auth_passwords as $p) { |
||
23 | if ($auth_method == 'plain') { |
||
24 | if ($p == $auth_data) return true; |
||
25 | } else if ($auth_method == 'md5') { |
||
26 | if (md5($p) == strtolower($auth_data)) return true; |
||
27 | } else if ($auth_method == 'md5-salt') { |
||
28 | $auth_data_ary = explode(':', $auth_data, 2); |
||
29 | $auth_data_salt = $auth_data_ary[0]; |
||
30 | $auth_data_hash = $auth_data_ary[1]; |
||
31 | if (md5($auth_data_salt.$p) == strtolower($auth_data_hash)) return true; |
||
32 | } else if ($auth_method == 'sha1') { |
||
33 | if (sha1($p) == strtolower($auth_data)) return true; |
||
34 | } else if ($auth_method == 'sha1-salt') { |
||
35 | $auth_data_ary = explode(':', $auth_data, 2); |
||
36 | $auth_data_salt = $auth_data_ary[0]; |
||
37 | $auth_data_hash = $auth_data_ary[1]; |
||
38 | if (sha1($auth_data_salt.$p) == strtolower($auth_data_hash)) return true; |
||
39 | } else { |
||
40 | # todo exception |
||
41 | } |
||
42 | } |
||
43 | unset($p); |
||
44 | } |
||
45 | |||
46 | return false; |
||
47 | } |
||
48 | |||
49 | function output($wildcard, $cfg_auth_passwords = array()) { |
||
50 | $file = file_glob($wildcard, FILE_IGNORE_NEW_LINES); |
||
51 | |||
52 | $auth_array = array(); |
||
53 | foreach ($file as &$f) { |
||
54 | preg_match_all('@^\s*([^:\s]+):(\S*)(\.){0,1}([^.\s]*)\s+READ-AUTH\s+([^:\s]+):(\S+)\s*$@isU', $f, $m, PREG_SET_ORDER); |
||
55 | |||
56 | foreach ($m as $x) { |
||
57 | $nid = $x[1]; |
||
58 | $parent = $x[2]; |
||
59 | $dot = $x[3]; |
||
60 | $child = $x[4]; |
||
61 | $auth_method = $x[5]; |
||
62 | $auth_data = $x[6]; |
||
63 | |||
64 | $regex = ''; |
||
65 | if ($parent == '' && $child == '') { |
||
66 | $regex = '@^\s*'.preg_quote($nid, '@').':(.*)$@isU'; |
||
67 | $replace = '# CONFIDENTIAL MATERIAL REDACTED DUE TO MISSING AUTHENTIFICATION'; |
||
68 | $auth_array[$regex][$replace][] = array($auth_method, $auth_data); |
||
69 | } else { |
||
70 | $regex = '@^\s*('.preg_quote($nid, '@').':'.preg_quote($parent, '@').')\s+(DELEGATION)\s+('.preg_quote($child, '@').')(|\s+.*)$@isU'; |
||
71 | # todo option ob man delegation pub oder nicht pub machen will |
||
72 | $replace = '\1 \2 ???'; |
||
73 | $auth_array[$regex][$replace][] = array($auth_method, $auth_data); |
||
74 | |||
75 | $regex = '@^\s*'.preg_quote($nid, '@').':'.preg_quote($parent.$dot.$child, '@').'\s+(.*)$@isU'; |
||
76 | $replace = '# CONFIDENTIAL MATERIAL REDACTED DUE TO MISSING AUTHENTIFICATION'; |
||
77 | $auth_array[$regex][$replace][] = array($auth_method, $auth_data); |
||
78 | } |
||
79 | } |
||
80 | } |
||
81 | |||
82 | global $cfg_auth_passwords; |
||
83 | |||
84 | $forbidden_regex = array(); |
||
85 | foreach ($auth_array as $search => &$tmp1) { |
||
86 | foreach ($tmp1 as $replace => &$auth_objs) { |
||
87 | if (!check_auth($cfg_auth_passwords, $auth_objs)) { |
||
88 | $forbidden_regex[$search] = $replace; |
||
89 | } |
||
90 | } |
||
91 | } |
||
92 | |||
93 | var_dump($forbidden_regex); |
||
94 | |||
95 | foreach ($file as &$f) { |
||
96 | foreach ($forbidden_regex as $search => &$replace) { |
||
97 | $num = 0; |
||
98 | $f = preg_replace($search, $replace, $f, -1, $num); |
||
99 | if ($num > 0) {echo '!!!'; break;} |
||
100 | } |
||
101 | } |
||
102 | |||
103 | return implode("\n", $file); |
||
104 | } |
||
105 | |||
106 | function file_glob($wildcard, $flags = 0, $context = null) { |
||
107 | $files = glob($wildcard); |
||
108 | sort($files); |
||
109 | |||
110 | $res = array(); |
||
111 | foreach ($files as $file) { |
||
112 | $bn = basename($file); |
||
113 | if ($bn[0] == '.') continue; // ., .., or .htaccess |
||
114 | $res = array_merge($res, file($file, $flags, $context)); |
||
115 | } |
||
116 | unset($file); |
||
117 | unset($files); |
||
118 | |||
119 | return $res; |
||
120 | } |
||
121 | |||
122 | ?> |