BugTrack/2422 Use SQLite database for reliable counter

[pukiwiki/pukiwiki.git] / plugin / md5.inc.php

diff --git a/plugin/md5.inc.php b/plugin/md5.inc.php
index 25c6767..fb271ec 100644 (file)
--- a/plugin/md5.inc.php
+++ b/plugin/md5.inc.php
@@ -1,21 +1,39 @@
 <?php
 // PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: md5.inc.php,v 1.18 2005/06/04 01:44:10 henoheno Exp $
+// $Id: md5.inc.php,v 1.25 2011/01/25 15:01:01 henoheno Exp $
+// Copyright (C) 2001-2006 PukiWiki Developers Team
+// License: GPL v2 or (at your option) any later version
 //
-//  MD5 plugin
+//  MD5 plugin: Allow to convert password/passphrase
+//     * PHP sha1() -- If you have sha1() or mhash extension
+//     * PHP md5()
+//     * PHP crypt()
+//     * LDAP SHA / SSHA -- If you have sha1() or mhash extension
+//     * LDAP MD5 / SMD5
+//     * LDAP CRYPT
 
 // User interface of pkwk_hash_compute() for system admin
 function plugin_md5_action()
 {
        global $get, $post;
 
-       if (PKWK_SAFE_MODE || PKWK_READONLY) die_message('Prohibited');
+       if (PKWK_SAFE_MODE || PKWK_READONLY) die_message('Prohibited by admin');
 
        // Wait POST
-       $key    = isset($post['key']) ? $post['key'] : '';
-       $submit = isset($post['key']);
-       if ($key != '') {
-               // Compute (Don't show its $key at the same time)
+       $phrase = isset($post['phrase']) ? $post['phrase'] : '';
+
+       if ($phrase == '') {
+               // Show the form
+
+               // If plugin=md5&md5=password, only set it (Don't compute)
+               $value  = isset($get['md5']) ? $get['md5'] : '';
+
+               return array(
+                       'msg' =>'Compute userPassword',
+                       'body'=>plugin_md5_show_form(isset($post['phrase']), $value));
+
+       } else {
+               // Compute (Don't show its $phrase at the same time)
 
                $prefix = isset($post['prefix']);
                $salt   = isset($post['salt']) ? $post['salt'] : '';
@@ -30,40 +48,66 @@ function plugin_md5_action()
                        'msg' =>'Result',
                        'body'=>
                                //($prefix ? 'userPassword: ' : '') .
-                               pkwk_hash_compute($salt, $key, $prefix, TRUE));
+                               pkwk_hash_compute($phrase, $salt, $prefix, TRUE));
+       }
+}
+
+// $nophrase = Passphrase is (submitted but) empty
+// $value    = Default passphrase value
+function plugin_md5_show_form($nophrase = FALSE, $value = '')
+{
+       if (PKWK_SAFE_MODE || PKWK_READONLY) die_message('Prohibited');
+       if (strlen($value) > PKWK_PASSPHRASE_LIMIT_LENGTH)
+               die_message('Limit: malicious message length');
+
+       if ($value != '') $value = 'value="' . htmlsc($value) . '" ';
 
+       $sha1_enabled = function_exists('sha1');
+       $sha1_checked = $md5_checked = '';
+       if ($sha1_enabled) {
+               $sha1_checked = 'checked="checked" ';
        } else {
-               // If plugin=md5&md5=password, only set it (Don't compute)
-               $value = isset($get['md5']) ? $get['md5'] : '';
-               if (strlen($value) > PKWK_PASSPHRASE_LIMIT_LENGTH)
-                       die_message('Limit: malicious message length');
-               if ($value != '') $value  = 'value="' . htmlspecialchars($value) . '" ';
-
-               $self = get_script_uri();
-               $form = '';
-               if ($submit) $form .= '<strong>NO PHRASE</strong><br />';
-               $form .= <<<EOD
+               $md5_checked  = 'checked="checked" ';
+       }
+
+       $self = get_script_uri();
+
+       $form = <<<EOD
 <p><strong>NOTICE: Don't use this feature via untrustful or unsure network</strong></p>
 <hr>
+EOD;
+
+       if ($nophrase) $form .= '<strong>NO PHRASE</strong><br />';
+
+       $form .= <<<EOD
 <form action="$self" method="post">
  <div>
   <input type="hidden" name="plugin" value="md5" />
   <label for="_p_md5_phrase">Phrase:</label>
-  <input type="text" name="key"  id="_p_md5_phrase" size="60" $value/><br />
+  <input type="text" name="phrase"  id="_p_md5_phrase" size="60" $value/><br />
+EOD;
 
+       if ($sha1_enabled) $form .= <<<EOD
   <input type="radio" name="scheme" id="_p_md5_sha1" value="x-php-sha1" />
   <label for="_p_md5_sha1">PHP sha1()</label><br />
-  <input type="radio" name="scheme" id="_p_md5_md5"  value="x-php-md5" checked="checked" />
+EOD;
+
+       $form .= <<<EOD
+  <input type="radio" name="scheme" id="_p_md5_md5"  value="x-php-md5" />
   <label for="_p_md5_md5">PHP md5()</label><br />
   <input type="radio" name="scheme" id="_p_md5_crpt" value="x-php-crypt" />
   <label for="_p_md5_crpt">PHP crypt() *</label><br />
+EOD;
 
-  <input type="radio" name="scheme" id="_p_md5_lssha" value="SSHA" />
+       if ($sha1_enabled) $form .= <<<EOD
+  <input type="radio" name="scheme" id="_p_md5_lssha" value="SSHA" $sha1_checked/>
   <label for="_p_md5_lssha">LDAP SSHA (sha-1 with a seed) *</label><br />
   <input type="radio" name="scheme" id="_p_md5_lsha" value="SHA" />
   <label for="_p_md5_lsha">LDAP SHA (sha-1)</label><br />
+EOD;
 
-  <input type="radio" name="scheme" id="_p_md5_lsmd5" value="SMD5" />
+       $form .= <<<EOD
+  <input type="radio" name="scheme" id="_p_md5_lsmd5" value="SMD5" $md5_checked/>
   <label for="_p_md5_lsmd5">LDAP SMD5 (md5 with a seed) *</label><br />
   <input type="radio" name="scheme" id="_p_md5_lmd5" value="MD5" />
   <label for="_p_md5_lmd5">LDAP MD5</label><br />
@@ -84,7 +128,7 @@ function plugin_md5_action()
  </div>
 </form>
 EOD;
-               return array('msg'=>'Compute userPassword', 'body'=>$form);
-       }
+
+       return $form;
 }
 ?>