diff options
| -rw-r--r-- | core/views/welcome_syscheck.html.php | 3 | ||||
| -rw-r--r-- | modules/auth/config/auth.php | 37 | ||||
| -rw-r--r-- | modules/auth/config/basic_auth.php | 35 | ||||
| -rw-r--r-- | modules/auth/css/login.css | 44 | ||||
| -rw-r--r-- | modules/auth/helpers/auth_installer.php | 62 | ||||
| -rw-r--r-- | modules/auth/js/login.js | 68 | ||||
| -rw-r--r-- | modules/auth/libraries/Auth.php | 88 | ||||
| -rw-r--r-- | modules/auth/libraries/drivers/Auth.php | 37 | ||||
| -rw-r--r-- | modules/auth/libraries/drivers/Auth/Basic.php | 146 | ||||
| -rw-r--r-- | modules/auth/models/password.php | 22 | ||||
| -rw-r--r-- | modules/auth/tests/Auth_Installer_Test.php | 36 | ||||
| -rw-r--r-- | modules/auth/views/login.html.php | 26 | ||||
| -rw-r--r-- | modules/gallery_unit_test/controllers/test.php | 2 |
13 files changed, 0 insertions, 606 deletions
diff --git a/core/views/welcome_syscheck.html.php b/core/views/welcome_syscheck.html.php index 8eed89de..7d972689 100644 --- a/core/views/welcome_syscheck.html.php +++ b/core/views/welcome_syscheck.html.php @@ -51,9 +51,6 @@ <tr> </tr> </table> - <p> - <i><b>Note</b>: install the user module before installing the auth module!</i> - </p> <? endif; ?> </div> <? endif ?> diff --git a/modules/auth/config/auth.php b/modules/auth/config/auth.php deleted file mode 100644 index b63cc114..00000000 --- a/modules/auth/config/auth.php +++ /dev/null @@ -1,37 +0,0 @@ -<?php defined("SYSPATH") or die("No direct script access."); -/** - * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2008 Bharat Mediratta - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. - */ - -/** - * Name of the driver to be used for handling user authentication and password management - */ -$config['driver'] = 'Basic'; - -/** - * Set the auto-login (remember me) cookie lifetime, in seconds. The default - * lifetime is two weeks. - */ -$config['lifetime'] = 1209600; - -/** - * Array of modules that this module depends on. - * - * Not currently used, but provided for documentation purposes - */ -$config['depends'] = array('user'); diff --git a/modules/auth/config/basic_auth.php b/modules/auth/config/basic_auth.php deleted file mode 100644 index 9b45153e..00000000 --- a/modules/auth/config/basic_auth.php +++ /dev/null @@ -1,35 +0,0 @@ -<?php defined("SYSPATH") or die("No direct script access."); -/** - * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2008 Bharat Mediratta - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. - */ - -/** - * Type of hash to use for passwords. Any algorithm supported by the hash function - * can be used here. Note that the length of your password is determined by the - * hash type + the number of salt characters. - * @see http://php.net/hash - * @see http://php.net/hash_algos - */ -$config['hash_method'] = 'sha1'; - -/** - * Defines the hash offsets to insert the salt at. The password hash length - * will be increased by the total number of offsets. - */ -$config['salt_pattern'] = '1, 3, 5, 9, 14, 15, 20, 21, 28, 30'; - diff --git a/modules/auth/css/login.css b/modules/auth/css/login.css deleted file mode 100644 index 6aff3e80..00000000 --- a/modules/auth/css/login.css +++ /dev/null @@ -1,44 +0,0 @@ -@CHARSET "UTF-8"; -#backgroundPopup { - display:none; - position:fixed; - _position:absolute; /* hack for internet explorer 6*/ - height:100%; - width:100%; - top:0; - left:0; - background:#000000; - border:1px solid #cecece; - z-index:1; -} -#gLoginPopup { - display:none; - position:fixed; - _position:absolute; /* hack for internet explorer 6*/ - height:384px; - width:408px; - background:#FFFFFF; - border:2px solid #cecece; - z-index:2; - padding:12px; - font-size:13px; -} -#gLoginPopup h1 { - text-align:left; - color:#6FA5FD; - font-size:22px; - font-weight:700; - border-bottom:1px dotted #D3D3D3; - padding-bottom:2px; - margin-bottom:20px; -} -#gLoginPopupClose { - font-size:14px; - line-height:14px; - right:6px; - top:4px; - position:absolute; - color:#6fa5fd; - font-weight:700; - display:block; -}
\ No newline at end of file diff --git a/modules/auth/helpers/auth_installer.php b/modules/auth/helpers/auth_installer.php deleted file mode 100644 index ebd8712e..00000000 --- a/modules/auth/helpers/auth_installer.php +++ /dev/null @@ -1,62 +0,0 @@ -<?php defined("SYSPATH") or die("No direct script access."); -/** - * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2008 Bharat Mediratta - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. - */ -class auth_installer { - public static function install() { - Kohana::log("debug", "auth_installer::install"); - $db = Database::instance(); - try { - $base_version = ORM::factory("module")->where("name", "auth")->find()->version; - } catch (Exception $e) { - if ($e->getCode() == E_DATABASE_ERROR) { - $base_version = 0; - } else { - Kohana::log("error", $e); - throw $e; - } - } - Kohana::log("debug", "base_version: $base_version"); - - if ($base_version == 0) { - $db->query("CREATE TABLE IF NOT EXISTS `passwords` ( - `id` int(9) NOT NULL auto_increment, - `user_id` int(9) NOT NULL, - `password` varchar(1128) NOT NULL, - `logins` int(10) unsigned NOT NULL default '0', - `last_login` int(10) unsigned NOT NULL default '0', - PRIMARY KEY (`id`), - UNIQUE KEY (`user_id`)) - ENGINE=InnoDB DEFAULT CHARSET=utf8;"); - - $user_module = ORM::factory("module")->where("name", "auth")->find(); - $user_module->name = "auth"; - $user_module->version = 1; - $user_module->save(); - - $user = ORM::factory("user")->where("name", "admin")->find(); - Auth::instance()->set_user_password($user->id, "admin"); - } - } - - public static function uninstall() { - $db = Database::instance(); - $db->query("DROP TABLE IF EXISTS `passwords`;"); - ORM::factory("module")->where("name", "auth")->find()->delete(); - } -}
\ No newline at end of file diff --git a/modules/auth/js/login.js b/modules/auth/js/login.js deleted file mode 100644 index db344d6f..00000000 --- a/modules/auth/js/login.js +++ /dev/null @@ -1,68 +0,0 @@ -//SETTING UP OUR POPUP -//0 means disabled; 1 means enabled; -var popupStatus = 0; - -//loading popup with jQuery magic! -function loadPopup(){ - //loads popup only if it is disabled - if(popupStatus==0){ - $("#backgroundPopup").css({"opacity": "0.7"}); - $("#backgroundPopup").fadeIn("slow"); - $("#gLoginPopup").fadeIn("slow"); - popupStatus = 1; - } -} - -//disabling popup with jQuery magic! -function disablePopup(){ - //disables popup only if it is enabled - if(popupStatus==1){ - $("#backgroundPopup").fadeOut("slow"); - $("#gLoginPopup").fadeOut("slow"); - popupStatus = 0; - } -} - -//centering popup -function centerPopup(){ - //request data for centering - var windowWidth = document.documentElement.clientWidth; - var windowHeight = document.documentElement.clientHeight; - var popupHeight = $("#gLoginPopup").height(); - var popupWidth = $("#gLoginPopup").width(); - //centering - $("#gLoginPopup").css({ - "position": "absolute", - "top": windowHeight/2-popupHeight/2, - "left": windowWidth/2-popupWidth/2 - }); - //only need force for IE6 - $("#backgroundPopup").css({"height": windowHeight}); -} - -$(document).ready(function(){ - //LOADING POPUP - //Click the button event! - $("#login").click(function(){ - //centering with css - centerPopup(); - //load popup - loadPopup(); - }); - //CLOSING POPUP - //Click the x event! - $("#gLoginPopupClose").click(function() { - disablePopup(); - }); - //Click out event! - $("#backgroundPopup").click(function() { - disablePopup(); - }); - //Press Escape event! - $(document).keypress(function(e) { - if(e.keyCode==27 && popupStatus==1) { - disablePopup(); - } - }); -}); - diff --git a/modules/auth/libraries/Auth.php b/modules/auth/libraries/Auth.php deleted file mode 100644 index c5afe92b..00000000 --- a/modules/auth/libraries/Auth.php +++ /dev/null @@ -1,88 +0,0 @@ -<?php defined("SYSPATH") or die("No direct script access."); -/** - * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2008 Bharat Mediratta - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. - */ -/** - * Implement the Authentication interface. - * - * It was extended to allow configurable drivers - */ -class Auth_Core implements Auth_Driver { - - // Session singleton - private static $instance; - - // Configuration and driver - protected $_config; - protected $_driver; - - /** - * Singleton instance of Session. - */ - public static function instance($config = array()) { - if (self::$instance == NULL) { - // Create a new instance - self::$instance = new Auth($config); - } - - return self::$instance; - } - - /** - * On first instance creation, sets up the driver. - */ - protected function __construct($config = array()) { - // Load config - $config += Kohana::config('auth'); - - // Set the driver class name - $driver = "Auth_{$config['driver']}_Driver"; - if (!Kohana::auto_load($driver)) { - // @todo change to gallery specific exceptions - throw new Exception("@todo DRIVER_NOT_DEFINED {$config['driver']}"); - } - - // Load the driver - $driver = new $driver(); - - if (!($driver instanceof Auth_Driver)) { - // @todo change to gallery specific exceptions - throw new Exception( - "@todo Auth_Driver_INTERFACE_NOT_IMPLEMENTED: {$config['driver']}"); - } - - $this->_driver = $driver; - $this->_config = $config; - - Kohana::log('debug', 'Auth Library initialized'); - } - - /** - * @see Auth_Driver::set_user_password - */ - public function set_user_password($user_id, $password) { - return $this->_driver->set_user_password($user_id, $password); - } - - /** - * @see Auth_Driver::is_valid_password - */ - public function is_valid_password($user_id, $password) { - return $this->_driver->is_valid_password($user_id, $password); - } -} diff --git a/modules/auth/libraries/drivers/Auth.php b/modules/auth/libraries/drivers/Auth.php deleted file mode 100644 index 6a6d31b6..00000000 --- a/modules/auth/libraries/drivers/Auth.php +++ /dev/null @@ -1,37 +0,0 @@ -<?php defined("SYSPATH") or die("No direct script access."); -/** - * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2008 Bharat Mediratta - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. - */ -interface Auth_Driver { - /** - * Set the password for the specified user - * - * @param int Gallery User id - * @param string - */ - public function set_user_password($user_id, $password); - - /** - * Validates a user id password combination. - * - * @param int user_id - * @param string password - * @return boolean - */ - public function is_valid_password($user_id, $password); -}
\ No newline at end of file diff --git a/modules/auth/libraries/drivers/Auth/Basic.php b/modules/auth/libraries/drivers/Auth/Basic.php deleted file mode 100644 index 2621812a..00000000 --- a/modules/auth/libraries/drivers/Auth/Basic.php +++ /dev/null @@ -1,146 +0,0 @@ -<?php defined("SYSPATH") or die("No direct script access."); -/** - * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2008 Bharat Mediratta - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. - */ -class Auth_Basic_Driver implements Auth_Driver { - // Configuration - protected $_config; - - /** - * Instantiate the Driver and initialize it's configuration. - */ - public function __construct($config = array()) { - // Load config - $config += Kohana::config('basic_auth'); - - // Clean up the salt pattern and split it into an array - $config['salt_pattern'] = preg_split('/,\s*/', $config['salt_pattern']); - $this->_config = $config; - - Kohana::log('debug', 'Auth_Basic_Driver Library initialized'); - } - - /** - * @see Auth_Driver::set_user_password - * - * @param int $user_id - * @param string $password - * @return void - */ - public function set_user_password($user_id, $password_text) { - $password = ORM::factory("password")->where('user_id', $user_id)->find(); - $password->password = $this->_hash_password($password_text); - if (empty($password->user_id)) { - $password->user_id = $user_id; - } - $password->save(); - } - - /** - * Validates a user id password combination. - * - * @param int user_id - * @param string password - * @return boolean - */ - public function is_valid_password($user_id, $password_text) { - $password = ORM::factory("password") - ->where('user_id', $user_id) - ->find(); - if ($password->loaded != true) { - return false; - } - - // Get the salt from the stored password - $salt = $this->_find_salt($password->password); - $hashed = $this->_hash_password($password_text, $salt); - - return $hashed === $password->password; - } - - /** - * Creates a hashed password from a plaintext password, inserting salt - * based on the configured salt pattern. - * - * @param string plaintext password - * @return string hashed password string - */ - private function _hash_password($password, $salt = FALSE) { - if ($salt === FALSE) { - // Create a salt seed, same length as the number of offsets in the pattern - $salt = substr($this->_hash(uniqid(NULL, TRUE)), 0, count($this->_config['salt_pattern'])); - } - - // Password hash that the salt will be inserted into - $hash = $this->_hash($salt . $password); - - // Change salt to an array - $salt = str_split($salt, 1); - - // Returned password - $password = ''; - - // Used to calculate the length of splits - $last_offset = 0; - - foreach ($this->_config['salt_pattern'] as $offset) { - // Split a new part of the hash off - $part = substr($hash, 0, $offset - $last_offset); - - // Cut the current part out of the hash - $hash = substr($hash, $offset - $last_offset); - - // Add the part to the password, appending the salt character - $password .= $part . array_shift($salt); - - // Set the last offset to the current offset - $last_offset = $offset; - } - - // Return the password, with the remaining hash appended - return $password . $hash; - } - - /** - * Perform a hash, using the configured method. - * - * @param string string to hash - * @return string - */ - private function _hash($str) { - return hash($this->_config['hash_method'], $str); - } - - /** - * Finds the salt from a password, based on the configured salt pattern. - * - * @param string hashed password - * @return string - */ - private function _find_salt($password) { - $salt = ''; - - foreach ($this->_config['salt_pattern'] as $i => $offset) { - // Find salt characters... take a good long look.. - $salt .= substr($password, $offset + $i, 1); - } - - return $salt; - } -} - diff --git a/modules/auth/models/password.php b/modules/auth/models/password.php deleted file mode 100644 index fd1fee58..00000000 --- a/modules/auth/models/password.php +++ /dev/null @@ -1,22 +0,0 @@ -<?php defined("SYSPATH") or die("No direct script access."); -/** - * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2008 Bharat Mediratta - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. - */ -class Password_Model extends ORM { - protected $belongs_to = array("users"); -}
\ No newline at end of file diff --git a/modules/auth/tests/Auth_Installer_Test.php b/modules/auth/tests/Auth_Installer_Test.php deleted file mode 100644 index 110131ab..00000000 --- a/modules/auth/tests/Auth_Installer_Test.php +++ /dev/null @@ -1,36 +0,0 @@ -<?php defined("SYSPATH") or die("No direct script access."); -/** - * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2008 Bharat Mediratta - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. - */ - -/** - * This test case operates under the assumption that core_installer::install() is called by the - * test controller before it starts. - */ -class Auth_Installer_Test extends Unit_Test_Case { - public function install_basic_add_password_test() { - $user = ORM::factory('user')->find(1); - - $auth = Auth::instance(array('driver' => 'Basic')); - - $auth->set_user_password($user->id, "test_password"); - - $this->assert_false($auth->is_valid_password($user->id, "invalid_password")); - $this->assert_true($auth->is_valid_password($user->id, "test_password")); - } -} diff --git a/modules/auth/views/login.html.php b/modules/auth/views/login.html.php deleted file mode 100644 index 417f3903..00000000 --- a/modules/auth/views/login.html.php +++ /dev/null @@ -1,26 +0,0 @@ -<? defined("SYSPATH") or die("No direct script access."); ?> -<div id="gLoginMenu"> - <? if ($logged_in == false): ?> - <a href="<?=url::site("user/register") ?>"><?= _("Register") ?></a> | - <a href="#" id="login">Login</a> - - <!-- @todo need a better way to get the javascript into the page. --> - <script type="text/javascript" src="<?=url::base() . "modules/auth/js/login.js" ?>"></script> - <!-- @todo integrate this into the theme. --> - <link rel="stylesheet" type="text/css" href="<?=url::base() . "modules/auth/css/login.css" ?>" media="screen,print,projection" /> - <div id="gLoginPopup"> - <a id="gLoginPopupClose">x</a> - <form id="gLogin" style="display:none;"> - <label for="username">Username</label> - <input type="text" class="text" id="username" /> - <label for="password">Password</label> - <input type="password" class="password" id="password" /> - <input type="submit" class="submit" value="<?= url::site("auth/login") ?>" /> - </form> - </div> - <? else: ?> - <a href="<?=url::site("auth/logout") ?>"><?= _("Logout") ?></a> - <? endif ?> - - -</div>
\ No newline at end of file diff --git a/modules/gallery_unit_test/controllers/test.php b/modules/gallery_unit_test/controllers/test.php index 6e00acb5..203edcba 100644 --- a/modules/gallery_unit_test/controllers/test.php +++ b/modules/gallery_unit_test/controllers/test.php @@ -62,7 +62,6 @@ class Test_Controller extends Controller { // this way. Uninstall modules first and core last. Ignore errors during uninstall. try { comment_installer::uninstall(); - auth_installer::uninstall(); user_installer::uninstall(); core_installer::uninstall(); } catch (Exception $e) { @@ -70,7 +69,6 @@ class Test_Controller extends Controller { core_installer::install(); user_installer::install(); - auth_installer::install(); comment_installer::install(); print new Unit_Test(); |