[ Index ] |
PHP Cross Reference of phpBB 3.0 Beta 3 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * Apache auth plug-in for phpBB3 4 * 5 * Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him. 6 * 7 * @package login 8 * @version $Id: auth_apache.php,v 1.15 2006/10/27 14:40:41 acydburn Exp $ 9 * @copyright (c) 2005 phpBB Group 10 * @license http://opensource.org/licenses/gpl-license.php GNU Public License 11 * 12 */ 13 14 /** 15 * Checks whether the user is identified to apache 16 * Only allow changing authentication to apache if the user is identified 17 * Called in acp_board while setting authentication plugins 18 * 19 * @return boolean|string false if the user is identified and else an error message 20 */ 21 function init_apache() 22 { 23 global $user; 24 25 if (!isset($_SERVER['PHP_AUTH_USER']) || $user->data['username'] !== $_SERVER['PHP_AUTH_USER']) 26 { 27 return $user->lang['APACHE_SETUP_BEFORE_USE']; 28 } 29 return false; 30 } 31 32 /** 33 * Login function 34 */ 35 function login_apache(&$username, &$password) 36 { 37 global $db; 38 39 if (!isset($_SERVER['PHP_AUTH_USER'])) 40 { 41 return array( 42 'status' => LOGIN_ERROR_EXTERNAL_AUTH, 43 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE', 44 'user_row' => array('user_id' => ANONYMOUS), 45 ); 46 } 47 48 $php_auth_user = $_SERVER['PHP_AUTH_USER']; 49 $php_auth_pw = $_SERVER['PHP_AUTH_PW']; 50 51 if (!empty($php_auth_user) && !empty($php_auth_pw)) 52 { 53 if ($php_auth_user !== $username) 54 { 55 return array( 56 'status' => LOGIN_ERROR_USERNAME, 57 'error_msg' => 'LOGIN_ERROR_USERNAME', 58 'user_row' => array('user_id' => ANONYMOUS), 59 ); 60 } 61 62 $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type 63 FROM ' . USERS_TABLE . " 64 WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; 65 $result = $db->sql_query($sql); 66 $row = $db->sql_fetchrow($result); 67 $db->sql_freeresult($result); 68 69 if ($row) 70 { 71 // User inactive... 72 if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) 73 { 74 return array( 75 'status' => LOGIN_ERROR_ACTIVE, 76 'error_msg' => 'ACTIVE_ERROR', 77 'user_row' => $row, 78 ); 79 } 80 81 // Successful login... 82 return array( 83 'status' => LOGIN_SUCCESS, 84 'error_msg' => false, 85 'user_row' => $row, 86 ); 87 } 88 89 // this is the user's first login so create an empty profile 90 return array( 91 'status' => LOGIN_SUCCESS_CREATE_PROFILE, 92 'error_msg' => false, 93 'user_row' => user_row_apache($php_auth_user, $php_auth_pw), 94 ); 95 } 96 97 // Not logged into apache 98 return array( 99 'status' => LOGIN_ERROR_EXTERNAL_AUTH, 100 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE', 101 'user_row' => array('user_id' => ANONYMOUS), 102 ); 103 } 104 105 /** 106 * Autologin function 107 * 108 * @return array containing the user row or empty if no auto login should take place 109 */ 110 function autologin_apache() 111 { 112 global $db; 113 114 if (!isset($_SERVER['PHP_AUTH_USER'])) 115 { 116 return array(); 117 } 118 119 $php_auth_user = $_SERVER['PHP_AUTH_USER']; 120 $php_auth_pw = $_SERVER['PHP_AUTH_PW']; 121 122 if (!empty($php_auth_user) && !empty($php_auth_pw)) 123 { 124 set_var($php_auth_user, $php_auth_user, 'string'); 125 set_var($php_auth_pw, $php_auth_pw, 'string'); 126 127 $sql = 'SELECT * 128 FROM ' . USERS_TABLE . " 129 WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; 130 $result = $db->sql_query($sql); 131 $row = $db->sql_fetchrow($result); 132 $db->sql_freeresult($result); 133 134 if ($row) 135 { 136 return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row; 137 } 138 139 if (!function_exists('user_add')) 140 { 141 global $phpbb_root_path, $phpEx; 142 143 include($phpbb_root_path . 'includes/functions_user.' . $phpEx); 144 } 145 146 // create the user if he does not exist yet 147 user_add(user_row_apache($php_auth_user, $php_auth_pw)); 148 149 $sql = 'SELECT * 150 FROM ' . USERS_TABLE . " 151 WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($php_auth_user)) . "'"; 152 $result = $db->sql_query($sql); 153 $row = $db->sql_fetchrow($result); 154 $db->sql_freeresult($result); 155 156 if ($row) 157 { 158 return $row; 159 } 160 } 161 162 return array(); 163 } 164 165 /** 166 * This function generates an array which can be passed to the user_add function in order to create a user 167 */ 168 function user_row_apache($username, $password) 169 { 170 global $db, $config, $user; 171 // first retrieve default group id 172 $sql = 'SELECT group_id 173 FROM ' . GROUPS_TABLE . " 174 WHERE group_name = '" . $db->sql_escape('REGISTERED') . "' 175 AND group_type = " . GROUP_SPECIAL; 176 $result = $db->sql_query($sql); 177 $row = $db->sql_fetchrow($result); 178 $db->sql_freeresult($result); 179 180 if (!$row) 181 { 182 trigger_error('NO_GROUP'); 183 } 184 185 // generate user account data 186 return array( 187 'username' => $username, 188 'user_password' => md5($password), 189 'user_email' => '', 190 'group_id' => (int) $row['group_id'], 191 'user_type' => USER_NORMAL, 192 'user_ip' => $user->ip, 193 ); 194 } 195 196 /** 197 * The session validation function checks whether the user is still logged in 198 * 199 * @return boolean true if the given user is authenticated or false if the session should be closed 200 */ 201 function validate_session_apache(&$user) 202 { 203 if (!isset($_SERVER['PHP_AUTH_USER'])) 204 { 205 return false; 206 } 207 208 $php_auth_user = ''; 209 set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string'); 210 211 return ($php_auth_user === $user['username']) ? true : false; 212 } 213 214 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Wed Nov 22 00:35:05 2006 | Cross-referenced by PHPXref 0.6 |