[geeklog-cvs] geeklog: More comments & code cleanup

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Tue Dec 29 08:00:29 EST 2009 

changeset 7542:31fb5b9f8065
url:  http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/31fb5b9f8065
user: Dirk Haun <dirk at haun-online.de>
date: Sun Dec 20 18:29:31 2009 +0100
description:
More comments & code cleanup

diffstat:

 system/lib-security.php |  191 +++++++++++++++++++++++++++--------------------
 1 files changed, 108 insertions(+), 83 deletions(-)

diffs (227 lines):

diff -r b0a8ca4b2947 -r 31fb5b9f8065 system/lib-security.php
--- a/system/lib-security.php	Sun Dec 20 16:52:42 2009 +0100
+++ b/system/lib-security.php	Sun Dec 20 18:29:31 2009 +0100
@@ -1120,27 +1120,34 @@
 }
 
 /**
-  * Check a security token.
-  *
-  * Checks the POST and GET data for a security token, if one exists, validates that it's for this
-  * user and URL.
-  *
-  * @return boolean     true if the token is valid and for this user.
-  */
+* Check a security token.
+*
+* Checks the POST and GET data for a security token, if one exists, validates
+* that it's for this user and URL. If the token is not valid, it asks the user
+* to re-authenticate and re-sends the request if authentication was successful.
+*
+* @return   boolean     true if the token is valid; does not return if not!
+*
+*/
 function SEC_checkToken()
 {
+    global $LANG20;
+
     if (SECINT_checkToken()) {
         return true;
     }
 
+    /**
+    * Token not valid (probably expired): Ask user to authenticate again
+    */
     $returnurl = COM_getCurrentUrl();
     $method = strtoupper($_SERVER['REQUEST_METHOD']);
     $postdata = serialize($_POST);
     $getdata = serialize($_GET);
 
-    $display = COM_siteHeader('menu')
+    $display = COM_siteHeader('menu', $LANG20[1])
              . COM_showMessageText('The security token for this operation has expired. Please authenticate again to continue.')
-             . SECINT_loginform($returnurl, $method, $postdata, $getdata)
+             . SECINT_authform($returnurl, $method, $postdata, $getdata)
              . COM_siteFooter();
 
     COM_output($display);
@@ -1149,80 +1156,13 @@
     // we don't return from here
 }
 
-function SECINT_loginform($returnurl, $method, $postdata = '', $getdata = '')
-{
-    global $_CONF, $LANG01, $LANG04;
-
-    $retval = '';
-
-    $user_templates = new Template($_CONF['path_layout'] . 'users');
-    $user_templates->set_file('login', 'loginform.thtml');
-    $user_templates->set_var('xhtml', XHTML);
-    $user_templates->set_var('site_url', $_CONF['site_url']);
-    $user_templates->set_var('site_admin_url', $_CONF['site_admin_url']);
-    $user_templates->set_var('layout_url', $_CONF['layout_url']);
-
-    $user_templates->set_var('lang_newreglink', '');
-    $user_templates->set_var('lang_forgetpassword', '');
-
-    $user_templates->set_var('lang_login', $LANG04[80]);
-    $user_templates->set_var('lang_username', $LANG04[2]);
-    $user_templates->set_var('lang_password', $LANG01[57]);
-
-    $user_templates->set_var('start_block_loginagain', COM_startBlock('Security Token Expired'));
-    $user_templates->set_var('end_block', COM_endBlock());
-
-    $services = ''; // 3rd party remote authentification.
-    if ($_CONF['user_login_method']['3rdparty'] && !$_CONF['usersubmission']) {
-        $modules = SEC_collectRemoteAuthenticationModules();
-        if (count($modules) > 0) {
-            if (!$_CONF['user_login_method']['standard'] &&
-                    (count($modules) == 1)) {
-                $select = '<input type="hidden" name="service" value="'
-                        . $modules[0] . '"' . XHTML . '>' . $modules[0];
-            } else {
-                // Build select
-                $select = '<select name="service">';
-                if ($_CONF['user_login_method']['standard']) {
-                    $select .= '<option value="">' .  $_CONF['site_name']
-                            . '</option>';
-                }
-                foreach ($modules as $service) {
-                    $select .= '<option value="' . $service . '">' . $service
-                            . '</option>';
-                }
-                $select .= '</select>';
-            }
-
-            $user_templates->set_file('services', 'services.thtml');
-            $user_templates->set_var('lang_service', $LANG04[121]);
-            $user_templates->set_var('select_service', $select);
-            $user_templates->parse('output', 'services');
-            $services = $user_templates->finish($user_templates->get_var('output'));
-        }
-    }
-
-    // (ab)use {services} for some hidden fields
-    $services .= '<input type="hidden" name="mode" value="tokenexpired"'
-              . XHTML . '>' . LB;
-    $services .= '<input type="hidden" name="token_returnurl" value="'
-              . urlencode($returnurl) . '"' . XHTML . '>' . LB;
-    $services .= '<input type="hidden" name="token_postdata" value="'
-              . urlencode($postdata) . '"' . XHTML . '>' . LB;
-    $services .= '<input type="hidden" name="token_getdata" value="'
-              . urlencode($getdata) . '"' . XHTML . '>' . LB;
-    $services .= '<input type="hidden" name="token_requestmethod" value="'
-              . $method . '"' . XHTML . '>' . LB;
-    $user_templates->set_var('services', $services);
-    $user_templates->set_var('openid_login', ''); // TBD
-
-    $user_templates->parse('output', 'login');
-
-    $retval .= $user_templates->finish($user_templates->get_var('output'));
-
-    return $retval;
-}
-
+/**
+* Helper function: Actual check of the security token
+*
+* @return   boolean     true if the token is valid and for this user.
+* @access   private
+*
+*/
 function SECINT_checkToken()
 {
     global $_USER, $_TABLES, $_DB_dbms;
@@ -1278,6 +1218,91 @@
 }
 
 /**
+* Helper function: Display loginform and ask user to authenticate again
+*
+* @param    string  $returnurl  URL to return to after authentication
+* @param    string  $method     original request method: POST or GET
+* @param    string  $postdata   serialized POST data
+* @param    string  $getdata    serialized GET data
+* @return   string              HTML for the authentication form
+* @access   private
+*
+*/ 
+function SECINT_authform($returnurl, $method, $postdata = '', $getdata = '')
+{
+    global $_CONF, $LANG01, $LANG04, $LANG20;
+
+    $retval = '';
+
+    $authform = new Template($_CONF['path_layout'] . 'users');
+    $authform->set_file('login', 'loginform.thtml');
+    $authform->set_var('xhtml', XHTML);
+    $authform->set_var('site_url', $_CONF['site_url']);
+    $authform->set_var('site_admin_url', $_CONF['site_admin_url']);
+    $authform->set_var('layout_url', $_CONF['layout_url']);
+
+    $authform->set_var('lang_newreglink', '');
+    $authform->set_var('lang_forgetpassword', '');
+
+    $authform->set_var('lang_login', $LANG04[80]);
+    $authform->set_var('lang_username', $LANG04[2]);
+    $authform->set_var('lang_password', $LANG01[57]);
+
+    $authform->set_var('start_block_loginagain', COM_startBlock($LANG20[1]));
+    $authform->set_var('end_block', COM_endBlock());
+
+    $services = ''; // 3rd party remote authentification.
+    if ($_CONF['user_login_method']['3rdparty'] && !$_CONF['usersubmission']) {
+        $modules = SEC_collectRemoteAuthenticationModules();
+        if (count($modules) > 0) {
+            if (!$_CONF['user_login_method']['standard'] &&
+                    (count($modules) == 1)) {
+                $select = '<input type="hidden" name="service" value="'
+                        . $modules[0] . '"' . XHTML . '>' . $modules[0];
+            } else {
+                // Build select
+                $select = '<select name="service">';
+                if ($_CONF['user_login_method']['standard']) {
+                    $select .= '<option value="">' .  $_CONF['site_name']
+                            . '</option>';
+                }
+                foreach ($modules as $service) {
+                    $select .= '<option value="' . $service . '">' . $service
+                            . '</option>';
+                }
+                $select .= '</select>';
+            }
+
+            $authform->set_file('services', 'services.thtml');
+            $authform->set_var('lang_service', $LANG04[121]);
+            $authform->set_var('select_service', $select);
+            $authform->parse('output', 'services');
+            $services = $authform->finish($authform->get_var('output'));
+        }
+    }
+
+    // (ab)use {services} for some hidden fields
+    $services .= '<input type="hidden" name="mode" value="tokenexpired"'
+              . XHTML . '>' . LB;
+    $services .= '<input type="hidden" name="token_returnurl" value="'
+              . urlencode($returnurl) . '"' . XHTML . '>' . LB;
+    $services .= '<input type="hidden" name="token_postdata" value="'
+              . urlencode($postdata) . '"' . XHTML . '>' . LB;
+    $services .= '<input type="hidden" name="token_getdata" value="'
+              . urlencode($getdata) . '"' . XHTML . '>' . LB;
+    $services .= '<input type="hidden" name="token_requestmethod" value="'
+              . $method . '"' . XHTML . '>' . LB;
+    $authform->set_var('services', $services);
+    $authform->set_var('openid_login', ''); // TBD
+
+    $authform->parse('output', 'login');
+
+    $retval .= $authform->finish($authform->get_var('output'));
+
+    return $retval;
+}
+
+/**
 * Get a token's expiry time
 *
 * @param    string  $token  the token we're looking for

More information about the geeklog-cvs mailing list