| [ Index ] |
PHP Cross Reference of phpBB 3.0 Beta 3 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * Database auth plug-in for phpBB3 4 * 5 * Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him. 6 * 7 * This is for authentication via the integrated user table 8 * 9 * @package login 10 * @version $Id: auth_db.php,v 1.15 2006/10/13 22:10:17 naderman Exp $ 11 * @copyright (c) 2005 phpBB Group 12 * @license http://opensource.org/licenses/gpl-license.php GNU Public License 13 * 14 */ 15 16 /** 17 * Login function 18 */ 19 function login_db(&$username, &$password) 20 { 21 global $db, $config; 22 23 $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts 24 FROM ' . USERS_TABLE . " 25 WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; 26 $result = $db->sql_query($sql); 27 $row = $db->sql_fetchrow($result); 28 $db->sql_freeresult($result); 29 30 if (!$row) 31 { 32 return array( 33 'status' => LOGIN_ERROR_USERNAME, 34 'error_msg' => 'LOGIN_ERROR_USERNAME', 35 'user_row' => array('user_id' => ANONYMOUS), 36 ); 37 } 38 39 // If there are too much login attempts, we need to check for an confirm image 40 // Every auth module is able to define what to do by itself... 41 if ($config['max_login_attempts'] && $row['user_login_attempts'] > $config['max_login_attempts']) 42 { 43 $confirm_id = request_var('confirm_id', ''); 44 $confirm_code = request_var('confirm_code', ''); 45 46 // Visual Confirmation handling 47 if (!$confirm_id) 48 { 49 return array( 50 'status' => LOGIN_ERROR_ATTEMPTS, 51 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', 52 'user_row' => $row, 53 ); 54 } 55 else 56 { 57 global $user; 58 59 $sql = 'SELECT code 60 FROM ' . CONFIRM_TABLE . " 61 WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "' 62 AND session_id = '" . $db->sql_escape($user->session_id) . "' 63 AND confirm_type = " . CONFIRM_LOGIN; 64 $result = $db->sql_query($sql); 65 $confirm_row = $db->sql_fetchrow($result); 66 $db->sql_freeresult($result); 67 68 if ($confirm_row) 69 { 70 if (strcasecmp($confirm_row['code'], $confirm_code) === 0) 71 { 72 $sql = 'DELETE FROM ' . CONFIRM_TABLE . " 73 WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "' 74 AND session_id = '" . $db->sql_escape($user->session_id) . "' 75 AND confirm_type = " . CONFIRM_LOGIN; 76 $db->sql_query($sql); 77 } 78 else 79 { 80 return array( 81 'status' => LOGIN_ERROR_ATTEMPTS, 82 'error_msg' => 'CONFIRM_CODE_WRONG', 83 'user_row' => $row, 84 ); 85 } 86 } 87 else 88 { 89 return array( 90 'status' => LOGIN_ERROR_ATTEMPTS, 91 'error_msg' => 'CONFIRM_CODE_WRONG', 92 'user_row' => $row, 93 ); 94 } 95 } 96 } 97 98 // Password correct... 99 if (md5($password) == $row['user_password']) 100 { 101 // Successful, reset login attempts (the user passed all stages) 102 $sql = 'UPDATE ' . USERS_TABLE . ' 103 SET user_login_attempts = 0 104 WHERE user_id = ' . $row['user_id']; 105 $db->sql_query($sql); 106 107 // User inactive... 108 if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) 109 { 110 return array( 111 'status' => LOGIN_ERROR_ACTIVE, 112 'error_msg' => 'ACTIVE_ERROR', 113 'user_row' => $row, 114 ); 115 } 116 117 // Successful login... set user_login_attempts to zero... 118 return array( 119 'status' => LOGIN_SUCCESS, 120 'error_msg' => false, 121 'user_row' => $row, 122 ); 123 } 124 125 // Password incorrect - increase login attempts 126 $sql = 'UPDATE ' . USERS_TABLE . ' 127 SET user_login_attempts = user_login_attempts + 1 128 WHERE user_id = ' . $row['user_id']; 129 $db->sql_query($sql); 130 131 // Give status about wrong password... 132 return array( 133 'status' => LOGIN_ERROR_PASSWORD, 134 'error_msg' => 'LOGIN_ERROR_PASSWORD', 135 'user_row' => $row, 136 ); 137 } 138 139 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Nov 22 00:35:05 2006 | Cross-referenced by PHPXref 0.6 |