<?php if (!defined('PmWiki')) exit();

# Usage:
# (:if authenticated admin :)  Output administrator stuff (:if:)
# Parameters include 'admin', 'read', 'edit', 'attr'.
$Conditions['authenticated'] = 'AuthenticatedAsRole($pagename, $condparm)';

# Use new authentication methods
$AuthFunction = 'BasicAuthUsingAuthenticatedAsRoleMethod';

function isAuthenticated($page, $pagename, $role, $authpw){
  
  global $DefaultPasswords,$AllowPassword,$GroupAttributesFmt,$SessionAuthFmt,
    $HTMLStartFmt,$HTMLEndFmt;
  
  foreach (array_merge((array)$DefaultPasswords['admin'],(array)$passwd) 
      as $pwchal){
    foreach($authpw as $pwresp){
      if (@crypt($pwresp,$pwchal)==$pwchal){
      	return $page;  # authenticated:  Matches Administrator password
      }
    }
  }
  
  $passwd = @$page["passwd$role"];
  if ($passwd=="") { 
    $grouppg = ReadPage(FmtPageName($GroupAttributesFmt,$pagename));
    $passwd = @$grouppg["passwd$role"];
    if ($passwd=='') $passwd = @$DefaultPasswords[$role];
    if ($passwd=='') $passwd = @$page["passwdread"];
    if ($passwd=='') $passwd = @$grouppg["passwdread"];
    if ($passwd=='') $passwd = @$DefaultPasswords['read'];
  }
  if ($passwd==''){
  	return $page;   # authenticated:  no password needed
  }
  foreach((array)$passwd as $p){
    if (crypt($AllowPassword, $p) == $p){
    	return $page;  # authenticated:  password needed
    }
  }
  
  return false;  # not authenticated for page
}

function AuthenticatedAsRole($pagename, $role){
  
  global $DefaultPasswords,$AllowPassword,$GroupAttributesFmt,$SessionAuthFmt,
    $HTMLStartFmt,$HTMLEndFmt;
  
  SDV($GroupAttributesFmt,'$Group/GroupAttributes');
  SDV($AllowPassword,'nopass');
  
  $page = ReadPage($pagename);
  
  if (!$page) { return false; }

  # Remember that sessions are insecure, need to send over ssl
  # See http://au2.php.net/session
  # See http://lists.suse.com/archive/suse-linux-e/2004-May/3869.html
  @session_start();
  
  if (@$_POST['authpw']) @$_SESSION['authpw'][$_POST['authpw']]++;
  $authpw = array_keys((array)@$_SESSION['authpw']);

  return isAuthenticated($page, $pagename, $role, $authpw);
}


## Replaces the BasicAuth method in pmwiki.php for pmwiki-2.0.beta19
function BasicAuthUsingAuthenticatedAsRoleMethod($pagename,$level,$authprompt=true) {
  global $DefaultPasswords,$AllowPassword,$GroupAttributesFmt,$SessionAuthFmt,
    $HTMLStartFmt,$HTMLEndFmt; 
  
  $page = AuthenticatedAsRole($pagename, $level);
  
  if ($page != false) return $page;
  
  if (!$authprompt) return false;
  $postvars = '';
  foreach($_POST as $k=>$v) {
    if ($k == 'authpw') continue;
    $v = str_replace('$', '&#036;', 
      htmlspecialchars(stripmagic($v), ENT_COMPAT));
    $postvars .= "<input type='hidden' name='$k' value=\"$v\" />\n";
  }
  SDV($SessionAuthFmt,array(&$HTMLStartFmt,
    "<p><b>Password required</b></p>
      <form name='authform' action='{$_SERVER['REQUEST_URI']}' method='post'>
        Password: <input tabindex='1' type='password' name='authpw' value='' />
        <input type='submit' value='OK' />$postvars</form>", &$HTMLEndFmt));
  PrintFmt($pagename,$SessionAuthFmt);
  exit;
}

?>