| [ Index ] |
PHP Cross Reference of phpBB-3.3.14-deutsch |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * This file is part of the phpBB Forum Software package. 5 * 6 * @copyright (c) phpBB Limited <https://www.phpbb.com> 7 * @license GNU General Public License, version 2 (GPL-2.0) 8 * 9 * For full copyright and license information, please see 10 * the docs/CREDITS.txt file. 11 * 12 */ 13 14 namespace phpbb\auth\provider; 15 16 use phpbb\captcha\factory; 17 use phpbb\captcha\plugins\captcha_abstract; 18 use phpbb\config\config; 19 use phpbb\db\driver\driver_interface; 20 use phpbb\passwords\manager; 21 use phpbb\request\request_interface; 22 use phpbb\user; 23 24 /** 25 * Database authentication provider for phpBB3 26 * This is for authentication via the integrated user table 27 */ 28 class db extends base 29 { 30 /** @var factory CAPTCHA factory */ 31 protected $captcha_factory; 32 33 /** @var config phpBB config */ 34 protected $config; 35 36 /** @var driver_interface DBAL driver instance */ 37 protected $db; 38 39 /** @var request_interface Request object */ 40 protected $request; 41 42 /** @var user User object */ 43 protected $user; 44 45 /** @var string phpBB root path */ 46 protected $phpbb_root_path; 47 48 /** @var string PHP file extension */ 49 protected $php_ext; 50 51 /** 52 * phpBB passwords manager 53 * 54 * @var manager 55 */ 56 protected $passwords_manager; 57 58 /** 59 * Database Authentication Constructor 60 * 61 * @param factory $captcha_factory 62 * @param config $config 63 * @param driver_interface $db 64 * @param manager $passwords_manager 65 * @param request_interface $request 66 * @param user $user 67 * @param string $phpbb_root_path 68 * @param string $php_ext 69 */ 70 public function __construct(factory $captcha_factory, config $config, driver_interface $db, manager $passwords_manager, request_interface $request, user $user, $phpbb_root_path, $php_ext) 71 { 72 $this->captcha_factory = $captcha_factory; 73 $this->config = $config; 74 $this->db = $db; 75 $this->passwords_manager = $passwords_manager; 76 $this->request = $request; 77 $this->user = $user; 78 $this->phpbb_root_path = $phpbb_root_path; 79 $this->php_ext = $php_ext; 80 } 81 82 /** 83 * {@inheritdoc} 84 */ 85 public function login($username, $password) 86 { 87 // Auth plugins get the password untrimmed. 88 // For compatibility we trim() here. 89 $password = trim($password); 90 91 // do not allow empty password 92 if (!$password) 93 { 94 return array( 95 'status' => LOGIN_ERROR_PASSWORD, 96 'error_msg' => 'NO_PASSWORD_SUPPLIED', 97 'user_row' => array('user_id' => ANONYMOUS), 98 ); 99 } 100 101 if (!$username) 102 { 103 return array( 104 'status' => LOGIN_ERROR_USERNAME, 105 'error_msg' => 'LOGIN_ERROR_USERNAME', 106 'user_row' => array('user_id' => ANONYMOUS), 107 ); 108 } 109 110 $username_clean = utf8_clean_string($username); 111 112 $sql = 'SELECT * 113 FROM ' . USERS_TABLE . " 114 WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'"; 115 $result = $this->db->sql_query($sql); 116 $row = $this->db->sql_fetchrow($result); 117 $this->db->sql_freeresult($result); 118 119 if (($this->user->ip && !$this->config['ip_login_limit_use_forwarded']) || 120 ($this->user->forwarded_for && $this->config['ip_login_limit_use_forwarded'])) 121 { 122 $sql = 'SELECT COUNT(*) AS attempts 123 FROM ' . LOGIN_ATTEMPT_TABLE . ' 124 WHERE attempt_time > ' . (time() - (int) $this->config['ip_login_limit_time']); 125 if ($this->config['ip_login_limit_use_forwarded']) 126 { 127 $sql .= " AND attempt_forwarded_for = '" . $this->db->sql_escape($this->user->forwarded_for) . "'"; 128 } 129 else 130 { 131 $sql .= " AND attempt_ip = '" . $this->db->sql_escape($this->user->ip) . "' "; 132 } 133 134 $result = $this->db->sql_query($sql); 135 $attempts = (int) $this->db->sql_fetchfield('attempts'); 136 $this->db->sql_freeresult($result); 137 138 $attempt_data = array( 139 'attempt_ip' => $this->user->ip, 140 'attempt_browser' => trim(substr($this->user->browser, 0, 149)), 141 'attempt_forwarded_for' => $this->user->forwarded_for, 142 'attempt_time' => time(), 143 'user_id' => ($row) ? (int) $row['user_id'] : 0, 144 'username' => $username, 145 'username_clean' => $username_clean, 146 ); 147 $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $this->db->sql_build_array('INSERT', $attempt_data); 148 $this->db->sql_query($sql); 149 } 150 else 151 { 152 $attempts = 0; 153 } 154 155 $login_error_attempts = 'LOGIN_ERROR_ATTEMPTS'; 156 157 $user_login_attempts = (is_array($row) && $this->config['max_login_attempts'] && $row['user_login_attempts'] >= $this->config['max_login_attempts']); 158 $ip_login_attempts = ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']); 159 160 $show_captcha = $user_login_attempts || $ip_login_attempts; 161 162 if ($show_captcha) 163 { 164 $captcha = $this->captcha_factory->get_instance($this->config['captcha_plugin']); 165 166 // Get custom message for login error when exceeding maximum number of attempts 167 if ($captcha instanceof captcha_abstract) 168 { 169 $login_error_attempts = $captcha->get_login_error_attempts(); 170 } 171 } 172 173 if (!$row) 174 { 175 if ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']) 176 { 177 return array( 178 'status' => LOGIN_ERROR_ATTEMPTS, 179 'error_msg' => $login_error_attempts, 180 'user_row' => array('user_id' => ANONYMOUS), 181 ); 182 } 183 184 return array( 185 'status' => LOGIN_ERROR_USERNAME, 186 'error_msg' => 'LOGIN_ERROR_USERNAME', 187 'user_row' => array('user_id' => ANONYMOUS), 188 ); 189 } 190 191 // If there are too many login attempts, we need to check for a confirm image 192 // Every auth module is able to define what to do by itself... 193 if ($show_captcha) 194 { 195 $captcha->init(CONFIRM_LOGIN); 196 $vc_response = $captcha->validate($row); 197 if ($vc_response) 198 { 199 return array( 200 'status' => LOGIN_ERROR_ATTEMPTS, 201 'error_msg' => $login_error_attempts, 202 'user_row' => $row, 203 ); 204 } 205 else 206 { 207 $captcha->reset(); 208 } 209 210 } 211 212 // Check password ... 213 if ($this->passwords_manager->check($password, $row['user_password'], $row)) 214 { 215 // Check for old password hash... 216 if ($this->passwords_manager->convert_flag || strlen($row['user_password']) == 32) 217 { 218 $hash = $this->passwords_manager->hash($password); 219 220 // Update the password in the users table to the new format 221 $sql = 'UPDATE ' . USERS_TABLE . " 222 SET user_password = '" . $this->db->sql_escape($hash) . "' 223 WHERE user_id = {$row['user_id']}"; 224 $this->db->sql_query($sql); 225 226 $row['user_password'] = $hash; 227 } 228 229 $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . ' 230 WHERE user_id = ' . $row['user_id']; 231 $this->db->sql_query($sql); 232 233 if ($row['user_login_attempts'] != 0) 234 { 235 // Successful, reset login attempts (the user passed all stages) 236 $sql = 'UPDATE ' . USERS_TABLE . ' 237 SET user_login_attempts = 0 238 WHERE user_id = ' . $row['user_id']; 239 $this->db->sql_query($sql); 240 } 241 242 // User inactive... 243 if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) 244 { 245 return array( 246 'status' => LOGIN_ERROR_ACTIVE, 247 'error_msg' => 'ACTIVE_ERROR', 248 'user_row' => $row, 249 ); 250 } 251 252 // Successful login... set user_login_attempts to zero... 253 return array( 254 'status' => LOGIN_SUCCESS, 255 'error_msg' => false, 256 'user_row' => $row, 257 ); 258 } 259 260 // Password incorrect - increase login attempts 261 $sql = 'UPDATE ' . USERS_TABLE . ' 262 SET user_login_attempts = user_login_attempts + 1 263 WHERE user_id = ' . (int) $row['user_id'] . ' 264 AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; 265 $this->db->sql_query($sql); 266 267 // Give status about wrong password... 268 return array( 269 'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD, 270 'error_msg' => 'LOGIN_ERROR_PASSWORD', 271 'user_row' => $row, 272 ); 273 } 274 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Mon Nov 25 19:05:08 2024 | Cross-referenced by PHPXref 0.7.1 |