| [ Index ] |
PHP Cross Reference of phpBB-3.3.14-deutsch |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * This file is part of the phpBB Forum Software package. 5 * 6 * @copyright (c) phpBB Limited <https://www.phpbb.com> 7 * @license GNU General Public License, version 2 (GPL-2.0) 8 * 9 * For full copyright and license information, please see 10 * the docs/CREDITS.txt file. 11 * 12 */ 13 14 namespace phpbb\auth\provider; 15 16 use phpbb\config\config; 17 use phpbb\db\driver\driver_interface; 18 use phpbb\language\language; 19 use phpbb\request\request_interface; 20 use phpbb\request\type_cast_helper; 21 use phpbb\user; 22 23 /** 24 * Apache authentication provider for phpBB3 25 */ 26 class apache extends base 27 { 28 /** @var config phpBB config */ 29 protected $config; 30 31 /** @var driver_interface Database object */ 32 protected $db; 33 34 /** @var language Language object */ 35 protected $language; 36 37 /** @var request_interface Request object */ 38 protected $request; 39 40 /** @var user User object */ 41 protected $user; 42 43 /** @var string Relative path to phpBB root */ 44 protected $phpbb_root_path; 45 46 /** @var string PHP file extension */ 47 protected $php_ext; 48 49 /** 50 * Apache Authentication Constructor 51 * 52 * @param config $config Config object 53 * @param driver_interface $db Database object 54 * @param language $language Language object 55 * @param request_interface $request Request object 56 * @param user $user User object 57 * @param string $phpbb_root_path Relative path to phpBB root 58 * @param string $php_ext PHP file extension 59 */ 60 public function __construct(config $config, driver_interface $db, language $language, request_interface $request, user $user, $phpbb_root_path, $php_ext) 61 { 62 $this->config = $config; 63 $this->db = $db; 64 $this->language = $language; 65 $this->request = $request; 66 $this->user = $user; 67 $this->phpbb_root_path = $phpbb_root_path; 68 $this->php_ext = $php_ext; 69 } 70 71 /** 72 * {@inheritdoc} 73 */ 74 public function init() 75 { 76 if (!$this->request->is_set('PHP_AUTH_USER', request_interface::SERVER) || $this->user->data['username'] !== html_entity_decode($this->request->server('PHP_AUTH_USER'), ENT_COMPAT)) 77 { 78 return $this->language->lang('APACHE_SETUP_BEFORE_USE'); 79 } 80 return false; 81 } 82 83 /** 84 * {@inheritdoc} 85 */ 86 public function login($username, $password) 87 { 88 // do not allow empty password 89 if (!$password) 90 { 91 return array( 92 'status' => LOGIN_ERROR_PASSWORD, 93 'error_msg' => 'NO_PASSWORD_SUPPLIED', 94 'user_row' => array('user_id' => ANONYMOUS), 95 ); 96 } 97 98 if (!$username) 99 { 100 return array( 101 'status' => LOGIN_ERROR_USERNAME, 102 'error_msg' => 'LOGIN_ERROR_USERNAME', 103 'user_row' => array('user_id' => ANONYMOUS), 104 ); 105 } 106 107 if (!$this->request->is_set('PHP_AUTH_USER', request_interface::SERVER)) 108 { 109 return array( 110 'status' => LOGIN_ERROR_EXTERNAL_AUTH, 111 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE', 112 'user_row' => array('user_id' => ANONYMOUS), 113 ); 114 } 115 116 $php_auth_user = html_entity_decode($this->request->server('PHP_AUTH_USER'), ENT_COMPAT); 117 $php_auth_pw = html_entity_decode($this->request->server('PHP_AUTH_PW'), ENT_COMPAT); 118 119 if (!empty($php_auth_user) && !empty($php_auth_pw)) 120 { 121 if ($php_auth_user !== $username) 122 { 123 return array( 124 'status' => LOGIN_ERROR_USERNAME, 125 'error_msg' => 'LOGIN_ERROR_USERNAME', 126 'user_row' => array('user_id' => ANONYMOUS), 127 ); 128 } 129 130 $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type 131 FROM ' . USERS_TABLE . " 132 WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'"; 133 $result = $this->db->sql_query($sql); 134 $row = $this->db->sql_fetchrow($result); 135 $this->db->sql_freeresult($result); 136 137 if ($row) 138 { 139 // User inactive... 140 if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) 141 { 142 return array( 143 'status' => LOGIN_ERROR_ACTIVE, 144 'error_msg' => 'ACTIVE_ERROR', 145 'user_row' => $row, 146 ); 147 } 148 149 // Successful login... 150 return array( 151 'status' => LOGIN_SUCCESS, 152 'error_msg' => false, 153 'user_row' => $row, 154 ); 155 } 156 157 // this is the user's first login so create an empty profile 158 return array( 159 'status' => LOGIN_SUCCESS_CREATE_PROFILE, 160 'error_msg' => false, 161 'user_row' => $this->user_row($php_auth_user), 162 ); 163 } 164 165 // Not logged into apache 166 return array( 167 'status' => LOGIN_ERROR_EXTERNAL_AUTH, 168 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE', 169 'user_row' => array('user_id' => ANONYMOUS), 170 ); 171 } 172 173 /** 174 * {@inheritdoc} 175 */ 176 public function autologin() 177 { 178 if (!$this->request->is_set('PHP_AUTH_USER', request_interface::SERVER)) 179 { 180 return array(); 181 } 182 183 $php_auth_user = html_entity_decode($this->request->server('PHP_AUTH_USER'), ENT_COMPAT); 184 $php_auth_pw = html_entity_decode($this->request->server('PHP_AUTH_PW'), ENT_COMPAT); 185 186 if (!empty($php_auth_user) && !empty($php_auth_pw)) 187 { 188 $type_cast_helper = new type_cast_helper(); 189 $type_cast_helper->set_var($php_auth_user, $php_auth_user, 'string', true); 190 191 $sql = 'SELECT * 192 FROM ' . USERS_TABLE . " 193 WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'"; 194 $result = $this->db->sql_query($sql); 195 $row = $this->db->sql_fetchrow($result); 196 $this->db->sql_freeresult($result); 197 198 if ($row) 199 { 200 return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row; 201 } 202 203 if (!function_exists('user_add')) 204 { 205 include($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext); 206 } 207 208 // create the user if he does not exist yet 209 user_add($this->user_row($php_auth_user)); 210 211 $sql = 'SELECT * 212 FROM ' . USERS_TABLE . " 213 WHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($php_auth_user)) . "'"; 214 $result = $this->db->sql_query($sql); 215 $row = $this->db->sql_fetchrow($result); 216 $this->db->sql_freeresult($result); 217 218 if ($row) 219 { 220 return $row; 221 } 222 } 223 224 return array(); 225 } 226 227 /** 228 * This function generates an array which can be passed to the user_add 229 * function in order to create a user 230 * 231 * @param string $username The username of the new user. 232 * 233 * @return array Contains data that can be passed directly to 234 * the user_add function. 235 */ 236 private function user_row($username) 237 { 238 // first retrieve default group id 239 $sql = 'SELECT group_id 240 FROM ' . GROUPS_TABLE . " 241 WHERE group_name = '" . $this->db->sql_escape('REGISTERED') . "' 242 AND group_type = " . GROUP_SPECIAL; 243 $result = $this->db->sql_query($sql); 244 $row = $this->db->sql_fetchrow($result); 245 $this->db->sql_freeresult($result); 246 247 if (!$row) 248 { 249 trigger_error('NO_GROUP'); 250 } 251 252 // generate user account data 253 return array( 254 'username' => $username, 255 'user_password' => '', 256 'user_email' => '', 257 'group_id' => (int) $row['group_id'], 258 'user_type' => USER_NORMAL, 259 'user_ip' => $this->user->ip, 260 'user_new' => ($this->config['new_member_post_limit']) ? 1 : 0, 261 ); 262 } 263 264 /** 265 * {@inheritdoc} 266 */ 267 public function validate_session($user) 268 { 269 // Check if PHP_AUTH_USER is set and handle this case 270 if ($this->request->is_set('PHP_AUTH_USER', request_interface::SERVER)) 271 { 272 $php_auth_user = $this->request->server('PHP_AUTH_USER'); 273 274 return ($php_auth_user === $user['username']) ? true : false; 275 } 276 277 // PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not) 278 if ($user['user_type'] == USER_IGNORE) 279 { 280 return true; 281 } 282 283 return false; 284 } 285 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Mon Nov 25 19:05:08 2024 | Cross-referenced by PHPXref 0.7.1 |