| [ Index ] |
PHP Cross Reference of phpBB-3.2.11-deutsch |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * This file is part of the phpBB Forum Software package. 5 * 6 * @copyright (c) phpBB Limited <https://www.phpbb.com> 7 * @license GNU General Public License, version 2 (GPL-2.0) 8 * 9 * For full copyright and license information, please see 10 * the docs/CREDITS.txt file. 11 * 12 */ 13 14 namespace phpbb\auth\provider; 15 16 /** 17 * Database authentication provider for phpBB3 18 * This is for authentication via the integrated user table 19 */ 20 class db extends \phpbb\auth\provider\base 21 { 22 /** 23 * phpBB passwords manager 24 * 25 * @var \phpbb\passwords\manager 26 */ 27 protected $passwords_manager; 28 29 /** 30 * DI container 31 * 32 * @var \Symfony\Component\DependencyInjection\ContainerInterface 33 */ 34 protected $phpbb_container; 35 36 /** 37 * Database Authentication Constructor 38 * 39 * @param \phpbb\db\driver\driver_interface $db 40 * @param \phpbb\config\config $config 41 * @param \phpbb\passwords\manager $passwords_manager 42 * @param \phpbb\request\request $request 43 * @param \phpbb\user $user 44 * @param \Symfony\Component\DependencyInjection\ContainerInterface $phpbb_container DI container 45 * @param string $phpbb_root_path 46 * @param string $php_ext 47 */ 48 public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request $request, \phpbb\user $user, \Symfony\Component\DependencyInjection\ContainerInterface $phpbb_container, $phpbb_root_path, $php_ext) 49 { 50 $this->db = $db; 51 $this->config = $config; 52 $this->passwords_manager = $passwords_manager; 53 $this->request = $request; 54 $this->user = $user; 55 $this->phpbb_root_path = $phpbb_root_path; 56 $this->php_ext = $php_ext; 57 $this->phpbb_container = $phpbb_container; 58 } 59 60 /** 61 * {@inheritdoc} 62 */ 63 public function login($username, $password) 64 { 65 // Auth plugins get the password untrimmed. 66 // For compatibility we trim() here. 67 $password = trim($password); 68 69 // do not allow empty password 70 if (!$password) 71 { 72 return array( 73 'status' => LOGIN_ERROR_PASSWORD, 74 'error_msg' => 'NO_PASSWORD_SUPPLIED', 75 'user_row' => array('user_id' => ANONYMOUS), 76 ); 77 } 78 79 if (!$username) 80 { 81 return array( 82 'status' => LOGIN_ERROR_USERNAME, 83 'error_msg' => 'LOGIN_ERROR_USERNAME', 84 'user_row' => array('user_id' => ANONYMOUS), 85 ); 86 } 87 88 $username_clean = utf8_clean_string($username); 89 90 $sql = 'SELECT * 91 FROM ' . USERS_TABLE . " 92 WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'"; 93 $result = $this->db->sql_query($sql); 94 $row = $this->db->sql_fetchrow($result); 95 $this->db->sql_freeresult($result); 96 97 if (($this->user->ip && !$this->config['ip_login_limit_use_forwarded']) || 98 ($this->user->forwarded_for && $this->config['ip_login_limit_use_forwarded'])) 99 { 100 $sql = 'SELECT COUNT(*) AS attempts 101 FROM ' . LOGIN_ATTEMPT_TABLE . ' 102 WHERE attempt_time > ' . (time() - (int) $this->config['ip_login_limit_time']); 103 if ($this->config['ip_login_limit_use_forwarded']) 104 { 105 $sql .= " AND attempt_forwarded_for = '" . $this->db->sql_escape($this->user->forwarded_for) . "'"; 106 } 107 else 108 { 109 $sql .= " AND attempt_ip = '" . $this->db->sql_escape($this->user->ip) . "' "; 110 } 111 112 $result = $this->db->sql_query($sql); 113 $attempts = (int) $this->db->sql_fetchfield('attempts'); 114 $this->db->sql_freeresult($result); 115 116 $attempt_data = array( 117 'attempt_ip' => $this->user->ip, 118 'attempt_browser' => trim(substr($this->user->browser, 0, 149)), 119 'attempt_forwarded_for' => $this->user->forwarded_for, 120 'attempt_time' => time(), 121 'user_id' => ($row) ? (int) $row['user_id'] : 0, 122 'username' => $username, 123 'username_clean' => $username_clean, 124 ); 125 $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $this->db->sql_build_array('INSERT', $attempt_data); 126 $this->db->sql_query($sql); 127 } 128 else 129 { 130 $attempts = 0; 131 } 132 133 if (!$row) 134 { 135 if ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']) 136 { 137 return array( 138 'status' => LOGIN_ERROR_ATTEMPTS, 139 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', 140 'user_row' => array('user_id' => ANONYMOUS), 141 ); 142 } 143 144 return array( 145 'status' => LOGIN_ERROR_USERNAME, 146 'error_msg' => 'LOGIN_ERROR_USERNAME', 147 'user_row' => array('user_id' => ANONYMOUS), 148 ); 149 } 150 151 $show_captcha = ($this->config['max_login_attempts'] && $row['user_login_attempts'] >= $this->config['max_login_attempts']) || 152 ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']); 153 154 // If there are too many login attempts, we need to check for a confirm image 155 // Every auth module is able to define what to do by itself... 156 if ($show_captcha) 157 { 158 /* @var $captcha_factory \phpbb\captcha\factory */ 159 $captcha_factory = $this->phpbb_container->get('captcha.factory'); 160 $captcha = $captcha_factory->get_instance($this->config['captcha_plugin']); 161 $captcha->init(CONFIRM_LOGIN); 162 $vc_response = $captcha->validate($row); 163 if ($vc_response) 164 { 165 return array( 166 'status' => LOGIN_ERROR_ATTEMPTS, 167 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', 168 'user_row' => $row, 169 ); 170 } 171 else 172 { 173 $captcha->reset(); 174 } 175 176 } 177 178 // Check password ... 179 if ($this->passwords_manager->check($password, $row['user_password'], $row)) 180 { 181 // Check for old password hash... 182 if ($this->passwords_manager->convert_flag || strlen($row['user_password']) == 32) 183 { 184 $hash = $this->passwords_manager->hash($password); 185 186 // Update the password in the users table to the new format 187 $sql = 'UPDATE ' . USERS_TABLE . " 188 SET user_password = '" . $this->db->sql_escape($hash) . "' 189 WHERE user_id = {$row['user_id']}"; 190 $this->db->sql_query($sql); 191 192 $row['user_password'] = $hash; 193 } 194 195 $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . ' 196 WHERE user_id = ' . $row['user_id']; 197 $this->db->sql_query($sql); 198 199 if ($row['user_login_attempts'] != 0) 200 { 201 // Successful, reset login attempts (the user passed all stages) 202 $sql = 'UPDATE ' . USERS_TABLE . ' 203 SET user_login_attempts = 0 204 WHERE user_id = ' . $row['user_id']; 205 $this->db->sql_query($sql); 206 } 207 208 // User inactive... 209 if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) 210 { 211 return array( 212 'status' => LOGIN_ERROR_ACTIVE, 213 'error_msg' => 'ACTIVE_ERROR', 214 'user_row' => $row, 215 ); 216 } 217 218 // Successful login... set user_login_attempts to zero... 219 return array( 220 'status' => LOGIN_SUCCESS, 221 'error_msg' => false, 222 'user_row' => $row, 223 ); 224 } 225 226 // Password incorrect - increase login attempts 227 $sql = 'UPDATE ' . USERS_TABLE . ' 228 SET user_login_attempts = user_login_attempts + 1 229 WHERE user_id = ' . (int) $row['user_id'] . ' 230 AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; 231 $this->db->sql_query($sql); 232 233 // Give status about wrong password... 234 return array( 235 'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD, 236 'error_msg' => 'LOGIN_ERROR_PASSWORD', 237 'user_row' => $row, 238 ); 239 } 240 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Nov 11 20:33:01 2020 | Cross-referenced by PHPXref 0.7.1 |