[ Index ]

PHP Cross Reference of phpBB-3.2.8-deutsch

title

Body

[close]

/phpbb/auth/provider/ -> apache.php (source)

   1  <?php
   2  /**
   3  *
   4  * This file is part of the phpBB Forum Software package.
   5  *
   6  * @copyright (c) phpBB Limited <https://www.phpbb.com>
   7  * @license GNU General Public License, version 2 (GPL-2.0)
   8  *
   9  * For full copyright and license information, please see
  10  * the docs/CREDITS.txt file.
  11  *
  12  */
  13  
  14  namespace phpbb\auth\provider;
  15  
  16  /**
  17  * Apache authentication provider for phpBB3
  18  */
  19  class apache extends \phpbb\auth\provider\base
  20  {
  21      /**
  22      * phpBB passwords manager
  23      *
  24      * @var \phpbb\passwords\manager
  25      */
  26      protected $passwords_manager;
  27  
  28      /**
  29       * Apache Authentication Constructor
  30       *
  31       * @param    \phpbb\db\driver\driver_interface     $db        Database object
  32       * @param    \phpbb\config\config         $config        Config object
  33       * @param    \phpbb\passwords\manager    $passwords_manager        Passwords Manager object
  34       * @param    \phpbb\request\request         $request        Request object
  35       * @param    \phpbb\user             $user        User object
  36       * @param    string                 $phpbb_root_path        Relative path to phpBB root
  37       * @param    string                 $php_ext        PHP file extension
  38       */
  39  	public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request $request, \phpbb\user $user, $phpbb_root_path, $php_ext)
  40      {
  41          $this->db = $db;
  42          $this->config = $config;
  43          $this->passwords_manager = $passwords_manager;
  44          $this->request = $request;
  45          $this->user = $user;
  46          $this->phpbb_root_path = $phpbb_root_path;
  47          $this->php_ext = $php_ext;
  48      }
  49  
  50      /**
  51       * {@inheritdoc}
  52       */
  53  	public function init()
  54      {
  55          if (!$this->request->is_set('PHP_AUTH_USER', \phpbb\request\request_interface::SERVER) || $this->user->data['username'] !== htmlspecialchars_decode($this->request->server('PHP_AUTH_USER')))
  56          {
  57              return $this->user->lang['APACHE_SETUP_BEFORE_USE'];
  58          }
  59          return false;
  60      }
  61  
  62      /**
  63       * {@inheritdoc}
  64       */
  65  	public function login($username, $password)
  66      {
  67          // do not allow empty password
  68          if (!$password)
  69          {
  70              return array(
  71                  'status'    => LOGIN_ERROR_PASSWORD,
  72                  'error_msg'    => 'NO_PASSWORD_SUPPLIED',
  73                  'user_row'    => array('user_id' => ANONYMOUS),
  74              );
  75          }
  76  
  77          if (!$username)
  78          {
  79              return array(
  80                  'status'    => LOGIN_ERROR_USERNAME,
  81                  'error_msg'    => 'LOGIN_ERROR_USERNAME',
  82                  'user_row'    => array('user_id' => ANONYMOUS),
  83              );
  84          }
  85  
  86          if (!$this->request->is_set('PHP_AUTH_USER', \phpbb\request\request_interface::SERVER))
  87          {
  88              return array(
  89                  'status'        => LOGIN_ERROR_EXTERNAL_AUTH,
  90                  'error_msg'        => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
  91                  'user_row'        => array('user_id' => ANONYMOUS),
  92              );
  93          }
  94  
  95          $php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'));
  96          $php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW'));
  97  
  98          if (!empty($php_auth_user) && !empty($php_auth_pw))
  99          {
 100              if ($php_auth_user !== $username)
 101              {
 102                  return array(
 103                      'status'    => LOGIN_ERROR_USERNAME,
 104                      'error_msg'    => 'LOGIN_ERROR_USERNAME',
 105                      'user_row'    => array('user_id' => ANONYMOUS),
 106                  );
 107              }
 108  
 109              $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
 110                  FROM ' . USERS_TABLE . "
 111                  WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'";
 112              $result = $this->db->sql_query($sql);
 113              $row = $this->db->sql_fetchrow($result);
 114              $this->db->sql_freeresult($result);
 115  
 116              if ($row)
 117              {
 118                  // User inactive...
 119                  if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
 120                  {
 121                      return array(
 122                          'status'        => LOGIN_ERROR_ACTIVE,
 123                          'error_msg'        => 'ACTIVE_ERROR',
 124                          'user_row'        => $row,
 125                      );
 126                  }
 127  
 128                  // Successful login...
 129                  return array(
 130                      'status'        => LOGIN_SUCCESS,
 131                      'error_msg'        => false,
 132                      'user_row'        => $row,
 133                  );
 134              }
 135  
 136              // this is the user's first login so create an empty profile
 137              return array(
 138                  'status'        => LOGIN_SUCCESS_CREATE_PROFILE,
 139                  'error_msg'        => false,
 140                  'user_row'        => $this->user_row($php_auth_user, $php_auth_pw),
 141              );
 142          }
 143  
 144          // Not logged into apache
 145          return array(
 146              'status'        => LOGIN_ERROR_EXTERNAL_AUTH,
 147              'error_msg'        => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
 148              'user_row'        => array('user_id' => ANONYMOUS),
 149          );
 150      }
 151  
 152      /**
 153       * {@inheritdoc}
 154       */
 155  	public function autologin()
 156      {
 157          if (!$this->request->is_set('PHP_AUTH_USER', \phpbb\request\request_interface::SERVER))
 158          {
 159              return array();
 160          }
 161  
 162          $php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'));
 163          $php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW'));
 164  
 165          if (!empty($php_auth_user) && !empty($php_auth_pw))
 166          {
 167              set_var($php_auth_user, $php_auth_user, 'string', true);
 168              set_var($php_auth_pw, $php_auth_pw, 'string', true);
 169  
 170              $sql = 'SELECT *
 171                  FROM ' . USERS_TABLE . "
 172                  WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'";
 173              $result = $this->db->sql_query($sql);
 174              $row = $this->db->sql_fetchrow($result);
 175              $this->db->sql_freeresult($result);
 176  
 177              if ($row)
 178              {
 179                  return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row;
 180              }
 181  
 182              if (!function_exists('user_add'))
 183              {
 184                  include($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext);
 185              }
 186  
 187              // create the user if he does not exist yet
 188              user_add($this->user_row($php_auth_user, $php_auth_pw));
 189  
 190              $sql = 'SELECT *
 191                  FROM ' . USERS_TABLE . "
 192                  WHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($php_auth_user)) . "'";
 193              $result = $this->db->sql_query($sql);
 194              $row = $this->db->sql_fetchrow($result);
 195              $this->db->sql_freeresult($result);
 196  
 197              if ($row)
 198              {
 199                  return $row;
 200              }
 201          }
 202  
 203          return array();
 204      }
 205  
 206      /**
 207       * This function generates an array which can be passed to the user_add
 208       * function in order to create a user
 209       *
 210       * @param     string    $username     The username of the new user.
 211       * @param     string    $password     The password of the new user.
 212       * @return     array                 Contains data that can be passed directly to
 213       *                                the user_add function.
 214       */
 215  	private function user_row($username, $password)
 216      {
 217          // first retrieve default group id
 218          $sql = 'SELECT group_id
 219              FROM ' . GROUPS_TABLE . "
 220              WHERE group_name = '" . $this->db->sql_escape('REGISTERED') . "'
 221                  AND group_type = " . GROUP_SPECIAL;
 222          $result = $this->db->sql_query($sql);
 223          $row = $this->db->sql_fetchrow($result);
 224          $this->db->sql_freeresult($result);
 225  
 226          if (!$row)
 227          {
 228              trigger_error('NO_GROUP');
 229          }
 230  
 231          // generate user account data
 232          return array(
 233              'username'        => $username,
 234              'user_password'    => $this->passwords_manager->hash($password),
 235              'user_email'    => '',
 236              'group_id'        => (int) $row['group_id'],
 237              'user_type'        => USER_NORMAL,
 238              'user_ip'        => $this->user->ip,
 239              'user_new'        => ($this->config['new_member_post_limit']) ? 1 : 0,
 240          );
 241      }
 242  
 243      /**
 244       * {@inheritdoc}
 245       */
 246  	public function validate_session($user)
 247      {
 248          // Check if PHP_AUTH_USER is set and handle this case
 249          if ($this->request->is_set('PHP_AUTH_USER', \phpbb\request\request_interface::SERVER))
 250          {
 251              $php_auth_user = $this->request->server('PHP_AUTH_USER');
 252  
 253              return ($php_auth_user === $user['username']) ? true : false;
 254          }
 255  
 256          // PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not)
 257          if ($user['user_type'] == USER_IGNORE)
 258          {
 259              return true;
 260          }
 261  
 262          return false;
 263      }
 264  }


Generated: Sat Oct 26 11:28:42 2019 Cross-referenced by PHPXref 0.7.1