| [ Index ] |
PHP Cross Reference of phpBB-3.1.12-deutsch |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * This file is part of the phpBB Forum Software package. 5 * 6 * @copyright (c) phpBB Limited <https://www.phpbb.com> 7 * @license GNU General Public License, version 2 (GPL-2.0) 8 * 9 * For full copyright and license information, please see 10 * the docs/CREDITS.txt file. 11 * 12 */ 13 14 namespace phpbb\auth\provider; 15 16 /** 17 * Database authentication provider for phpBB3 18 * This is for authentication via the integrated user table 19 */ 20 class db extends \phpbb\auth\provider\base 21 { 22 /** 23 * phpBB passwords manager 24 * 25 * @var \phpbb\passwords\manager 26 */ 27 protected $passwords_manager; 28 29 /** 30 * DI container 31 * 32 * @var \Symfony\Component\DependencyInjection\ContainerInterface 33 */ 34 protected $phpbb_container; 35 36 /** 37 * Database Authentication Constructor 38 * 39 * @param \phpbb\db\driver\driver_interface $db 40 * @param \phpbb\config\config $config 41 * @param \phpbb\passwords\manager $passwords_manager 42 * @param \phpbb\request\request $request 43 * @param \phpbb\user $user 44 * @param \Symfony\Component\DependencyInjection\ContainerInterface $phpbb_container DI container 45 * @param string $phpbb_root_path 46 * @param string $php_ext 47 */ 48 public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request $request, \phpbb\user $user, \Symfony\Component\DependencyInjection\ContainerInterface $phpbb_container, $phpbb_root_path, $php_ext) 49 { 50 $this->db = $db; 51 $this->config = $config; 52 $this->passwords_manager = $passwords_manager; 53 $this->request = $request; 54 $this->user = $user; 55 $this->phpbb_root_path = $phpbb_root_path; 56 $this->php_ext = $php_ext; 57 $this->phpbb_container = $phpbb_container; 58 } 59 60 /** 61 * {@inheritdoc} 62 */ 63 public function login($username, $password) 64 { 65 // Auth plugins get the password untrimmed. 66 // For compatibility we trim() here. 67 $password = trim($password); 68 69 // do not allow empty password 70 if (!$password) 71 { 72 return array( 73 'status' => LOGIN_ERROR_PASSWORD, 74 'error_msg' => 'NO_PASSWORD_SUPPLIED', 75 'user_row' => array('user_id' => ANONYMOUS), 76 ); 77 } 78 79 if (!$username) 80 { 81 return array( 82 'status' => LOGIN_ERROR_USERNAME, 83 'error_msg' => 'LOGIN_ERROR_USERNAME', 84 'user_row' => array('user_id' => ANONYMOUS), 85 ); 86 } 87 88 $username_clean = utf8_clean_string($username); 89 90 $sql = 'SELECT * 91 FROM ' . USERS_TABLE . " 92 WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'"; 93 $result = $this->db->sql_query($sql); 94 $row = $this->db->sql_fetchrow($result); 95 $this->db->sql_freeresult($result); 96 97 if (($this->user->ip && !$this->config['ip_login_limit_use_forwarded']) || 98 ($this->user->forwarded_for && $this->config['ip_login_limit_use_forwarded'])) 99 { 100 $sql = 'SELECT COUNT(*) AS attempts 101 FROM ' . LOGIN_ATTEMPT_TABLE . ' 102 WHERE attempt_time > ' . (time() - (int) $this->config['ip_login_limit_time']); 103 if ($this->config['ip_login_limit_use_forwarded']) 104 { 105 $sql .= " AND attempt_forwarded_for = '" . $this->db->sql_escape($this->user->forwarded_for) . "'"; 106 } 107 else 108 { 109 $sql .= " AND attempt_ip = '" . $this->db->sql_escape($this->user->ip) . "' "; 110 } 111 112 $result = $this->db->sql_query($sql); 113 $attempts = (int) $this->db->sql_fetchfield('attempts'); 114 $this->db->sql_freeresult($result); 115 116 $attempt_data = array( 117 'attempt_ip' => $this->user->ip, 118 'attempt_browser' => trim(substr($this->user->browser, 0, 149)), 119 'attempt_forwarded_for' => $this->user->forwarded_for, 120 'attempt_time' => time(), 121 'user_id' => ($row) ? (int) $row['user_id'] : 0, 122 'username' => $username, 123 'username_clean' => $username_clean, 124 ); 125 $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $this->db->sql_build_array('INSERT', $attempt_data); 126 $this->db->sql_query($sql); 127 } 128 else 129 { 130 $attempts = 0; 131 } 132 133 if (!$row) 134 { 135 if ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']) 136 { 137 return array( 138 'status' => LOGIN_ERROR_ATTEMPTS, 139 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', 140 'user_row' => array('user_id' => ANONYMOUS), 141 ); 142 } 143 144 return array( 145 'status' => LOGIN_ERROR_USERNAME, 146 'error_msg' => 'LOGIN_ERROR_USERNAME', 147 'user_row' => array('user_id' => ANONYMOUS), 148 ); 149 } 150 151 $show_captcha = ($this->config['max_login_attempts'] && $row['user_login_attempts'] >= $this->config['max_login_attempts']) || 152 ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']); 153 154 // If there are too many login attempts, we need to check for a confirm image 155 // Every auth module is able to define what to do by itself... 156 if ($show_captcha) 157 { 158 $captcha_factory = $this->phpbb_container->get('captcha.factory'); 159 $captcha = $captcha_factory->get_instance($this->config['captcha_plugin']); 160 $captcha->init(CONFIRM_LOGIN); 161 $vc_response = $captcha->validate($row); 162 if ($vc_response) 163 { 164 return array( 165 'status' => LOGIN_ERROR_ATTEMPTS, 166 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', 167 'user_row' => $row, 168 ); 169 } 170 else 171 { 172 $captcha->reset(); 173 } 174 175 } 176 177 // Check password ... 178 if ($this->passwords_manager->check($password, $row['user_password'], $row)) 179 { 180 // Check for old password hash... 181 if ($this->passwords_manager->convert_flag || strlen($row['user_password']) == 32) 182 { 183 $hash = $this->passwords_manager->hash($password); 184 185 // Update the password in the users table to the new format 186 $sql = 'UPDATE ' . USERS_TABLE . " 187 SET user_password = '" . $this->db->sql_escape($hash) . "' 188 WHERE user_id = {$row['user_id']}"; 189 $this->db->sql_query($sql); 190 191 $row['user_password'] = $hash; 192 } 193 194 $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . ' 195 WHERE user_id = ' . $row['user_id']; 196 $this->db->sql_query($sql); 197 198 if ($row['user_login_attempts'] != 0) 199 { 200 // Successful, reset login attempts (the user passed all stages) 201 $sql = 'UPDATE ' . USERS_TABLE . ' 202 SET user_login_attempts = 0 203 WHERE user_id = ' . $row['user_id']; 204 $this->db->sql_query($sql); 205 } 206 207 // User inactive... 208 if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) 209 { 210 return array( 211 'status' => LOGIN_ERROR_ACTIVE, 212 'error_msg' => 'ACTIVE_ERROR', 213 'user_row' => $row, 214 ); 215 } 216 217 // Successful login... set user_login_attempts to zero... 218 return array( 219 'status' => LOGIN_SUCCESS, 220 'error_msg' => false, 221 'user_row' => $row, 222 ); 223 } 224 225 // Password incorrect - increase login attempts 226 $sql = 'UPDATE ' . USERS_TABLE . ' 227 SET user_login_attempts = user_login_attempts + 1 228 WHERE user_id = ' . (int) $row['user_id'] . ' 229 AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; 230 $this->db->sql_query($sql); 231 232 // Give status about wrong password... 233 return array( 234 'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD, 235 'error_msg' => 'LOGIN_ERROR_PASSWORD', 236 'user_row' => $row, 237 ); 238 } 239 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu Jan 11 00:25:41 2018 | Cross-referenced by PHPXref 0.7.1 |