Details | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 226 | daniel-mar | 1 | <?php |
| 2 | |||
| 3 | # todo: via post erhalten |
||
| 4 | $cfg_auth_passwords = array(); |
||
| 5 | $cfg_auth_passwords[] = 'marie,marie'; |
||
| 6 | $cfg_auth_passwords[] = 'vierzig'; |
||
| 7 | $cfg_auth_passwords[] = 'johnl17'; |
||
| 8 | |||
| 9 | if (!headers_sent()) header('Content-Type: text/plain'); |
||
| 10 | echo output(__DIR__ . '/.volcano_db/*', $cfg_auth_passwords); |
||
| 11 | |||
| 12 | # --- |
||
| 13 | |||
| 14 | # todo fut: oop |
||
| 15 | function check_auth($auth_passwords, $auth_objs) { |
||
| 16 | foreach ($auth_objs as &$auth_obj) { |
||
| 17 | $auth_method = $auth_obj[0]; |
||
| 18 | $auth_data = $auth_obj[1]; |
||
| 19 | |||
| 20 | $auth_method = strtolower($auth_method); |
||
| 21 | |||
| 22 | foreach ($auth_passwords as $p) { |
||
| 23 | if ($auth_method == 'plain') { |
||
| 24 | if ($p == $auth_data) return true; |
||
| 25 | } else if ($auth_method == 'md5') { |
||
| 26 | if (md5($p) == strtolower($auth_data)) return true; |
||
| 27 | } else if ($auth_method == 'md5-salt') { |
||
| 28 | $auth_data_ary = explode(':', $auth_data, 2); |
||
| 29 | $auth_data_salt = $auth_data_ary[0]; |
||
| 30 | $auth_data_hash = $auth_data_ary[1]; |
||
| 31 | if (md5($auth_data_salt.$p) == strtolower($auth_data_hash)) return true; |
||
| 32 | } else if ($auth_method == 'sha1') { |
||
| 33 | if (sha1($p) == strtolower($auth_data)) return true; |
||
| 34 | } else if ($auth_method == 'sha1-salt') { |
||
| 35 | $auth_data_ary = explode(':', $auth_data, 2); |
||
| 36 | $auth_data_salt = $auth_data_ary[0]; |
||
| 37 | $auth_data_hash = $auth_data_ary[1]; |
||
| 38 | if (sha1($auth_data_salt.$p) == strtolower($auth_data_hash)) return true; |
||
| 39 | } else { |
||
| 40 | # todo exception |
||
| 41 | } |
||
| 42 | } |
||
| 43 | unset($p); |
||
| 44 | } |
||
| 45 | |||
| 46 | return false; |
||
| 47 | } |
||
| 48 | |||
| 49 | function output($wildcard, $cfg_auth_passwords = array()) { |
||
| 50 | $file = file_glob($wildcard, FILE_IGNORE_NEW_LINES); |
||
| 51 | |||
| 52 | $auth_array = array(); |
||
| 53 | foreach ($file as &$f) { |
||
| 54 | preg_match_all('@^\s*([^:\s]+):(\S*)(\.){0,1}([^.\s]*)\s+READ-AUTH\s+([^:\s]+):(\S+)\s*$@isU', $f, $m, PREG_SET_ORDER); |
||
| 55 | |||
| 56 | foreach ($m as $x) { |
||
| 57 | $nid = $x[1]; |
||
| 58 | $parent = $x[2]; |
||
| 59 | $dot = $x[3]; |
||
| 60 | $child = $x[4]; |
||
| 61 | $auth_method = $x[5]; |
||
| 62 | $auth_data = $x[6]; |
||
| 63 | |||
| 64 | $regex = ''; |
||
| 65 | if ($parent == '' && $child == '') { |
||
| 66 | $regex = '@^\s*'.preg_quote($nid, '@').':(.*)$@isU'; |
||
| 67 | $replace = '# CONFIDENTIAL MATERIAL REDACTED DUE TO MISSING AUTHENTIFICATION'; |
||
| 68 | $auth_array[$regex][$replace][] = array($auth_method, $auth_data); |
||
| 69 | } else { |
||
| 70 | $regex = '@^\s*('.preg_quote($nid, '@').':'.preg_quote($parent, '@').')\s+(DELEGATION)\s+('.preg_quote($child, '@').')(|\s+.*)$@isU'; |
||
| 71 | # todo option ob man delegation pub oder nicht pub machen will |
||
| 72 | $replace = '\1 \2 ???'; |
||
| 73 | $auth_array[$regex][$replace][] = array($auth_method, $auth_data); |
||
| 74 | |||
| 75 | $regex = '@^\s*'.preg_quote($nid, '@').':'.preg_quote($parent.$dot.$child, '@').'\s+(.*)$@isU'; |
||
| 76 | $replace = '# CONFIDENTIAL MATERIAL REDACTED DUE TO MISSING AUTHENTIFICATION'; |
||
| 77 | $auth_array[$regex][$replace][] = array($auth_method, $auth_data); |
||
| 78 | } |
||
| 79 | } |
||
| 80 | } |
||
| 81 | |||
| 82 | global $cfg_auth_passwords; |
||
| 83 | |||
| 84 | $forbidden_regex = array(); |
||
| 85 | foreach ($auth_array as $search => &$tmp1) { |
||
| 86 | foreach ($tmp1 as $replace => &$auth_objs) { |
||
| 87 | if (!check_auth($cfg_auth_passwords, $auth_objs)) { |
||
| 88 | $forbidden_regex[$search] = $replace; |
||
| 89 | } |
||
| 90 | } |
||
| 91 | } |
||
| 92 | |||
| 93 | var_dump($forbidden_regex); |
||
| 94 | |||
| 95 | foreach ($file as &$f) { |
||
| 96 | foreach ($forbidden_regex as $search => &$replace) { |
||
| 97 | $num = 0; |
||
| 98 | $f = preg_replace($search, $replace, $f, -1, $num); |
||
| 99 | if ($num > 0) {echo '!!!'; break;} |
||
| 100 | } |
||
| 101 | } |
||
| 102 | |||
| 103 | return implode("\n", $file); |
||
| 104 | } |
||
| 105 | |||
| 106 | function file_glob($wildcard, $flags = 0, $context = null) { |
||
| 107 | $files = glob($wildcard); |
||
| 108 | sort($files); |
||
| 109 | |||
| 110 | $res = array(); |
||
| 111 | foreach ($files as $file) { |
||
| 112 | $bn = basename($file); |
||
| 113 | if ($bn[0] == '.') continue; // ., .., or .htaccess |
||
| 114 | $res = array_merge($res, file($file, $flags, $context)); |
||
| 115 | } |
||
| 116 | unset($file); |
||
| 117 | unset($files); |
||
| 118 | |||
| 119 | return $res; |
||
| 120 | } |
||
| 121 | |||
| 122 | ?> |