auth: admin edit permissions for page (sub)directories

[minimedit.git] / auth.inc.php

<?php
date_default_timezone_set('Europe/Amsterdam');

class User
{
        function __construct($dir, $existing = TRUE)
        {
                if (!file_exists($dir) and $existing) {
                        throw new Exception("Gebruiker niet gevonden in $dir");
                }
                $this->dir = $dir;
                $this->login = basename($dir);
        }

        function __get($col)
        {
                return $this->$col = $this->$col();  # run method and cache
        }

        function rawname()
        {
                return rtrim(@file_get_contents("{$this->dir}/name.txt"));
        }

        function name()
        {
                return htmlspecialchars(implode(' & ', explode("\n", $this->rawname)));
        }

        function html()
        {
                return $this->name ?: $this->login;
        }

        function email()
        {
                return rtrim(@file_get_contents("{$this->dir}/email.txt"));
        }

        function admin($permission = NULL)
        {
                if (isset($permission)) {
                        if (!$this->admin) {
                                return FALSE;  # empty results
                        }
                        preg_match_all('{[ /]}', $permission, $parts, PREG_OFFSET_CAPTURE);
                        foreach ($parts[0] as $part) {
                                if (isset($this->admin[substr($permission, 0, $part[1])])) {
                                        return TRUE;  # partial match
                                }
                        }
                        return isset($this->admin[$permission]);  # check level
                }
                if (!@file_exists("{$this->dir}/.admin")) {
                        return FALSE;  # not an admin
                }
                return array_fill_keys(explode("\n", file_get_contents("{$this->dir}/.admin")), TRUE);
        }

        function seen()
        {
                return @filemtime("{$this->dir}/last.log");
        }

        function logclient()
        {
                if ($log = @fopen("{$this->dir}/last.log", 'w')) {
                        $line = $_SERVER['REMOTE_ADDR'].' '.$_SERVER['HTTP_USER_AGENT'];
                        fwrite($log, $line."\n");
                }
        }
}

function login_password_verify($input, $test)
{
        if (substr($test, 0, 1) != '$') {
                # plaintext match for uncrypted passwords
                return $input === $test;
        }
        return password_verify($input, $test);
}

function login_setcookie()
{
        global $User;
        return setcookie('login', $User->auth, 0, '/');
}

function login($inuser, $inpass = NULL)
{
        if (empty($inuser)) return;
        if (!isset($inpass)) {
                @list ($inuser, $inauth) = explode(':', $inuser, 2);
        }

        # find password data by user name
        $userdir = 'profile/'.preg_replace('/[^a-z0-9]+/', '-', strtolower($inuser));
        $pwfile = "$userdir/.passwd";
        if (!file_exists($pwfile)) return;
        $usertest = trim(file_get_contents($pwfile));
        if (!$usertest) return;

        # verify password
        $authhash = md5($usertest);
        if (isset($inpass)) {
                if (!login_password_verify($inpass, $usertest)) return;
        }
        else {
                if ($inauth !== $authhash) return;
        }

        if (function_exists('apache_note')) apache_note('user', $inuser);

        $user = new User($userdir);
        $user->logclient();
        $user->pass = $usertest;
        $user->auth = "$inuser:$authhash";
        return $user;
}

if (isset($_COOKIE['login'])) {
        global $User;
        $User = login($_COOKIE['login']);
}