[ Index ]

PHP Cross Reference of phpBB-3.3.2-deutsch

title

Body

[close]

/phpbb/auth/provider/ -> apache.php (source)

   1  <?php
   2  /**
   3  *
   4  * This file is part of the phpBB Forum Software package.
   5  *
   6  * @copyright (c) phpBB Limited <https://www.phpbb.com>
   7  * @license GNU General Public License, version 2 (GPL-2.0)
   8  *
   9  * For full copyright and license information, please see
  10  * the docs/CREDITS.txt file.
  11  *
  12  */
  13  
  14  namespace phpbb\auth\provider;
  15  
  16  use phpbb\config\config;
  17  use phpbb\db\driver\driver_interface;
  18  use phpbb\language\language;
  19  use phpbb\request\request_interface;
  20  use phpbb\request\type_cast_helper;
  21  use phpbb\user;
  22  
  23  /**
  24  * Apache authentication provider for phpBB3
  25  */
  26  class apache extends base
  27  {
  28      /** @var config phpBB config */
  29      protected $config;
  30  
  31      /** @var driver_interface Database object */
  32      protected $db;
  33  
  34      /** @var language Language object */
  35      protected $language;
  36  
  37      /** @var request_interface Request object */
  38      protected $request;
  39  
  40      /** @var user User object */
  41      protected $user;
  42  
  43      /** @var string Relative path to phpBB root */
  44      protected $phpbb_root_path;
  45  
  46      /** @var string PHP file extension */
  47      protected $php_ext;
  48  
  49      /**
  50       * Apache Authentication Constructor
  51       *
  52       * @param    config                 $config        Config object
  53       * @param    driver_interface     $db        Database object
  54       * @param    language            $language Language object
  55       * @param    request_interface     $request        Request object
  56       * @param    user                 $user        User object
  57       * @param    string                 $phpbb_root_path        Relative path to phpBB root
  58       * @param    string                 $php_ext        PHP file extension
  59       */
  60  	public function __construct(config $config, driver_interface $db, language $language, request_interface $request, user $user, $phpbb_root_path, $php_ext)
  61      {
  62          $this->config = $config;
  63          $this->db = $db;
  64          $this->language = $language;
  65          $this->request = $request;
  66          $this->user = $user;
  67          $this->phpbb_root_path = $phpbb_root_path;
  68          $this->php_ext = $php_ext;
  69      }
  70  
  71      /**
  72       * {@inheritdoc}
  73       */
  74  	public function init()
  75      {
  76          if (!$this->request->is_set('PHP_AUTH_USER', request_interface::SERVER) || $this->user->data['username'] !== htmlspecialchars_decode($this->request->server('PHP_AUTH_USER')))
  77          {
  78              return $this->language->lang('APACHE_SETUP_BEFORE_USE');
  79          }
  80          return false;
  81      }
  82  
  83      /**
  84       * {@inheritdoc}
  85       */
  86  	public function login($username, $password)
  87      {
  88          // do not allow empty password
  89          if (!$password)
  90          {
  91              return array(
  92                  'status'    => LOGIN_ERROR_PASSWORD,
  93                  'error_msg'    => 'NO_PASSWORD_SUPPLIED',
  94                  'user_row'    => array('user_id' => ANONYMOUS),
  95              );
  96          }
  97  
  98          if (!$username)
  99          {
 100              return array(
 101                  'status'    => LOGIN_ERROR_USERNAME,
 102                  'error_msg'    => 'LOGIN_ERROR_USERNAME',
 103                  'user_row'    => array('user_id' => ANONYMOUS),
 104              );
 105          }
 106  
 107          if (!$this->request->is_set('PHP_AUTH_USER', request_interface::SERVER))
 108          {
 109              return array(
 110                  'status'        => LOGIN_ERROR_EXTERNAL_AUTH,
 111                  'error_msg'        => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
 112                  'user_row'        => array('user_id' => ANONYMOUS),
 113              );
 114          }
 115  
 116          $php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'));
 117          $php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW'));
 118  
 119          if (!empty($php_auth_user) && !empty($php_auth_pw))
 120          {
 121              if ($php_auth_user !== $username)
 122              {
 123                  return array(
 124                      'status'    => LOGIN_ERROR_USERNAME,
 125                      'error_msg'    => 'LOGIN_ERROR_USERNAME',
 126                      'user_row'    => array('user_id' => ANONYMOUS),
 127                  );
 128              }
 129  
 130              $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
 131                  FROM ' . USERS_TABLE . "
 132                  WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'";
 133              $result = $this->db->sql_query($sql);
 134              $row = $this->db->sql_fetchrow($result);
 135              $this->db->sql_freeresult($result);
 136  
 137              if ($row)
 138              {
 139                  // User inactive...
 140                  if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
 141                  {
 142                      return array(
 143                          'status'        => LOGIN_ERROR_ACTIVE,
 144                          'error_msg'        => 'ACTIVE_ERROR',
 145                          'user_row'        => $row,
 146                      );
 147                  }
 148  
 149                  // Successful login...
 150                  return array(
 151                      'status'        => LOGIN_SUCCESS,
 152                      'error_msg'        => false,
 153                      'user_row'        => $row,
 154                  );
 155              }
 156  
 157              // this is the user's first login so create an empty profile
 158              return array(
 159                  'status'        => LOGIN_SUCCESS_CREATE_PROFILE,
 160                  'error_msg'        => false,
 161                  'user_row'        => $this->user_row($php_auth_user),
 162              );
 163          }
 164  
 165          // Not logged into apache
 166          return array(
 167              'status'        => LOGIN_ERROR_EXTERNAL_AUTH,
 168              'error_msg'        => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
 169              'user_row'        => array('user_id' => ANONYMOUS),
 170          );
 171      }
 172  
 173      /**
 174       * {@inheritdoc}
 175       */
 176  	public function autologin()
 177      {
 178          if (!$this->request->is_set('PHP_AUTH_USER', request_interface::SERVER))
 179          {
 180              return array();
 181          }
 182  
 183          $php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'));
 184          $php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW'));
 185  
 186          if (!empty($php_auth_user) && !empty($php_auth_pw))
 187          {
 188              $type_cast_helper = new type_cast_helper();
 189              $type_cast_helper->set_var($php_auth_user, $php_auth_user, 'string', true);
 190  
 191              $sql = 'SELECT *
 192                  FROM ' . USERS_TABLE . "
 193                  WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'";
 194              $result = $this->db->sql_query($sql);
 195              $row = $this->db->sql_fetchrow($result);
 196              $this->db->sql_freeresult($result);
 197  
 198              if ($row)
 199              {
 200                  return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row;
 201              }
 202  
 203              if (!function_exists('user_add'))
 204              {
 205                  include($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext);
 206              }
 207  
 208              // create the user if he does not exist yet
 209              user_add($this->user_row($php_auth_user));
 210  
 211              $sql = 'SELECT *
 212                  FROM ' . USERS_TABLE . "
 213                  WHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($php_auth_user)) . "'";
 214              $result = $this->db->sql_query($sql);
 215              $row = $this->db->sql_fetchrow($result);
 216              $this->db->sql_freeresult($result);
 217  
 218              if ($row)
 219              {
 220                  return $row;
 221              }
 222          }
 223  
 224          return array();
 225      }
 226  
 227      /**
 228       * This function generates an array which can be passed to the user_add
 229       * function in order to create a user
 230       *
 231       * @param     string    $username     The username of the new user.
 232       *
 233       * @return     array                 Contains data that can be passed directly to
 234       *                                the user_add function.
 235       */
 236  	private function user_row($username)
 237      {
 238          // first retrieve default group id
 239          $sql = 'SELECT group_id
 240              FROM ' . GROUPS_TABLE . "
 241              WHERE group_name = '" . $this->db->sql_escape('REGISTERED') . "'
 242                  AND group_type = " . GROUP_SPECIAL;
 243          $result = $this->db->sql_query($sql);
 244          $row = $this->db->sql_fetchrow($result);
 245          $this->db->sql_freeresult($result);
 246  
 247          if (!$row)
 248          {
 249              trigger_error('NO_GROUP');
 250          }
 251  
 252          // generate user account data
 253          return array(
 254              'username'        => $username,
 255              'user_password'    => '',
 256              'user_email'    => '',
 257              'group_id'        => (int) $row['group_id'],
 258              'user_type'        => USER_NORMAL,
 259              'user_ip'        => $this->user->ip,
 260              'user_new'        => ($this->config['new_member_post_limit']) ? 1 : 0,
 261          );
 262      }
 263  
 264      /**
 265       * {@inheritdoc}
 266       */
 267  	public function validate_session($user)
 268      {
 269          // Check if PHP_AUTH_USER is set and handle this case
 270          if ($this->request->is_set('PHP_AUTH_USER', request_interface::SERVER))
 271          {
 272              $php_auth_user = $this->request->server('PHP_AUTH_USER');
 273  
 274              return ($php_auth_user === $user['username']) ? true : false;
 275          }
 276  
 277          // PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not)
 278          if ($user['user_type'] == USER_IGNORE)
 279          {
 280              return true;
 281          }
 282  
 283          return false;
 284      }
 285  }


Generated: Wed Nov 11 20:28:18 2020 Cross-referenced by PHPXref 0.7.1