source: trunk/forum/includes/auth/auth_apache.php

Last change on this file was 702, checked in by george, 15 years ago
  • Upraveno: Aktualizace fóra.
File size: 5.7 KB
Line 
1<?php
2/**
3* Apache auth plug-in for phpBB3
4*
5* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
6*
7* @package login
8* @version $Id$
9* @copyright (c) 2005 phpBB Group
10* @license http://opensource.org/licenses/gpl-license.php GNU Public License
11*
12*/
13
14/**
15* @ignore
16*/
17if (!defined('IN_PHPBB'))
18{
19 exit;
20}
21
22/**
23* Checks whether the user is identified to apache
24* Only allow changing authentication to apache if the user is identified
25* Called in acp_board while setting authentication plugins
26*
27* @return boolean|string false if the user is identified and else an error message
28*/
29function init_apache()
30{
31 global $user;
32
33 if (!isset($_SERVER['PHP_AUTH_USER']) || $user->data['username'] !== $_SERVER['PHP_AUTH_USER'])
34 {
35 return $user->lang['APACHE_SETUP_BEFORE_USE'];
36 }
37 return false;
38}
39
40/**
41* Login function
42*/
43function login_apache(&$username, &$password)
44{
45 global $db;
46
47 // do not allow empty password
48 if (!$password)
49 {
50 return array(
51 'status' => LOGIN_ERROR_PASSWORD,
52 'error_msg' => 'NO_PASSWORD_SUPPLIED',
53 'user_row' => array('user_id' => ANONYMOUS),
54 );
55 }
56
57 if (!$username)
58 {
59 return array(
60 'status' => LOGIN_ERROR_USERNAME,
61 'error_msg' => 'LOGIN_ERROR_USERNAME',
62 'user_row' => array('user_id' => ANONYMOUS),
63 );
64 }
65
66 if (!isset($_SERVER['PHP_AUTH_USER']))
67 {
68 return array(
69 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
70 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
71 'user_row' => array('user_id' => ANONYMOUS),
72 );
73 }
74
75 $php_auth_user = $_SERVER['PHP_AUTH_USER'];
76 $php_auth_pw = $_SERVER['PHP_AUTH_PW'];
77
78 if (!empty($php_auth_user) && !empty($php_auth_pw))
79 {
80 if ($php_auth_user !== $username)
81 {
82 return array(
83 'status' => LOGIN_ERROR_USERNAME,
84 'error_msg' => 'LOGIN_ERROR_USERNAME',
85 'user_row' => array('user_id' => ANONYMOUS),
86 );
87 }
88
89 $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
90 FROM ' . USERS_TABLE . "
91 WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
92 $result = $db->sql_query($sql);
93 $row = $db->sql_fetchrow($result);
94 $db->sql_freeresult($result);
95
96 if ($row)
97 {
98 // User inactive...
99 if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
100 {
101 return array(
102 'status' => LOGIN_ERROR_ACTIVE,
103 'error_msg' => 'ACTIVE_ERROR',
104 'user_row' => $row,
105 );
106 }
107
108 // Successful login...
109 return array(
110 'status' => LOGIN_SUCCESS,
111 'error_msg' => false,
112 'user_row' => $row,
113 );
114 }
115
116 // this is the user's first login so create an empty profile
117 return array(
118 'status' => LOGIN_SUCCESS_CREATE_PROFILE,
119 'error_msg' => false,
120 'user_row' => user_row_apache($php_auth_user, $php_auth_pw),
121 );
122 }
123
124 // Not logged into apache
125 return array(
126 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
127 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
128 'user_row' => array('user_id' => ANONYMOUS),
129 );
130}
131
132/**
133* Autologin function
134*
135* @return array containing the user row or empty if no auto login should take place
136*/
137function autologin_apache()
138{
139 global $db;
140
141 if (!isset($_SERVER['PHP_AUTH_USER']))
142 {
143 return array();
144 }
145
146 $php_auth_user = $_SERVER['PHP_AUTH_USER'];
147 $php_auth_pw = $_SERVER['PHP_AUTH_PW'];
148
149 if (!empty($php_auth_user) && !empty($php_auth_pw))
150 {
151 set_var($php_auth_user, $php_auth_user, 'string', true);
152 set_var($php_auth_pw, $php_auth_pw, 'string', true);
153
154 $sql = 'SELECT *
155 FROM ' . USERS_TABLE . "
156 WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
157 $result = $db->sql_query($sql);
158 $row = $db->sql_fetchrow($result);
159 $db->sql_freeresult($result);
160
161 if ($row)
162 {
163 return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row;
164 }
165
166 if (!function_exists('user_add'))
167 {
168 global $phpbb_root_path, $phpEx;
169
170 include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
171 }
172
173 // create the user if he does not exist yet
174 user_add(user_row_apache($php_auth_user, $php_auth_pw));
175
176 $sql = 'SELECT *
177 FROM ' . USERS_TABLE . "
178 WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($php_auth_user)) . "'";
179 $result = $db->sql_query($sql);
180 $row = $db->sql_fetchrow($result);
181 $db->sql_freeresult($result);
182
183 if ($row)
184 {
185 return $row;
186 }
187 }
188
189 return array();
190}
191
192/**
193* This function generates an array which can be passed to the user_add function in order to create a user
194*/
195function user_row_apache($username, $password)
196{
197 global $db, $config, $user;
198 // first retrieve default group id
199 $sql = 'SELECT group_id
200 FROM ' . GROUPS_TABLE . "
201 WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
202 AND group_type = " . GROUP_SPECIAL;
203 $result = $db->sql_query($sql);
204 $row = $db->sql_fetchrow($result);
205 $db->sql_freeresult($result);
206
207 if (!$row)
208 {
209 trigger_error('NO_GROUP');
210 }
211
212 // generate user account data
213 return array(
214 'username' => $username,
215 'user_password' => phpbb_hash($password),
216 'user_email' => '',
217 'group_id' => (int) $row['group_id'],
218 'user_type' => USER_NORMAL,
219 'user_ip' => $user->ip,
220 'user_new' => ($config['new_member_post_limit']) ? 1 : 0,
221 );
222}
223
224/**
225* The session validation function checks whether the user is still logged in
226*
227* @return boolean true if the given user is authenticated or false if the session should be closed
228*/
229function validate_session_apache(&$user)
230{
231 // Check if PHP_AUTH_USER is set and handle this case
232 if (isset($_SERVER['PHP_AUTH_USER']))
233 {
234 $php_auth_user = '';
235 set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string', true);
236
237 return ($php_auth_user === $user['username']) ? true : false;
238 }
239
240 // PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not)
241 if ($user['user_type'] == USER_IGNORE)
242 {
243 return true;
244 }
245
246 return false;
247}
248
249?>
Note: See TracBrowser for help on using the repository browser.