Changeset 702 for trunk/forum/includes/auth
- Timestamp:
- Mar 31, 2010, 6:32:40 PM (15 years ago)
- Location:
- trunk/forum/includes/auth
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/forum/includes/auth/auth_apache.php
r400 r702 6 6 * 7 7 * @package login 8 * @version $Id : auth_apache.php 8602 2008-06-04 16:05:27Z naderman$8 * @version $Id$ 9 9 * @copyright (c) 2005 phpBB Group 10 10 * @license http://opensource.org/licenses/gpl-license.php GNU Public License … … 105 105 ); 106 106 } 107 107 108 108 // Successful login... 109 109 return array( … … 218 218 'user_type' => USER_NORMAL, 219 219 'user_ip' => $user->ip, 220 'user_new' => ($config['new_member_post_limit']) ? 1 : 0, 220 221 ); 221 222 } … … 228 229 function validate_session_apache(&$user) 229 230 { 230 if (!isset($_SERVER['PHP_AUTH_USER'])) 231 { 232 return false; 233 } 234 235 $php_auth_user = ''; 236 set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string', true); 237 238 return ($php_auth_user === $user['username']) ? true : false; 231 // Check if PHP_AUTH_USER is set and handle this case 232 if (isset($_SERVER['PHP_AUTH_USER'])) 233 { 234 $php_auth_user = ''; 235 set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string', true); 236 237 return ($php_auth_user === $user['username']) ? true : false; 238 } 239 240 // PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not) 241 if ($user['user_type'] == USER_IGNORE) 242 { 243 return true; 244 } 245 246 return false; 239 247 } 240 248 -
trunk/forum/includes/auth/auth_db.php
r400 r702 8 8 * 9 9 * @package login 10 * @version $Id : auth_db.php 8479 2008-03-29 00:22:48Z naderman$10 * @version $Id$ 11 11 * @copyright (c) 2005 phpBB Group 12 12 * @license http://opensource.org/licenses/gpl-license.php GNU Public License … … 63 63 ); 64 64 } 65 $show_captcha = $config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']; 65 66 66 67 // If there are too much login attempts, we need to check for an confirm image 67 68 // Every auth module is able to define what to do by itself... 68 if ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) 69 { 70 $confirm_id = request_var('confirm_id', ''); 71 $confirm_code = request_var('confirm_code', ''); 72 69 if ($show_captcha) 70 { 73 71 // Visual Confirmation handling 74 if (!$confirm_id) 72 if (!class_exists('phpbb_captcha_factory')) 73 { 74 global $phpbb_root_path, $phpEx; 75 include ($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx); 76 } 77 78 $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']); 79 $captcha->init(CONFIRM_LOGIN); 80 $vc_response = $captcha->validate($row); 81 if ($vc_response) 75 82 { 76 83 return array( … … 82 89 else 83 90 { 84 global $user; 85 86 $sql = 'SELECT code 87 FROM ' . CONFIRM_TABLE . " 88 WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "' 89 AND session_id = '" . $db->sql_escape($user->session_id) . "' 90 AND confirm_type = " . CONFIRM_LOGIN; 91 $result = $db->sql_query($sql); 92 $confirm_row = $db->sql_fetchrow($result); 93 $db->sql_freeresult($result); 94 95 if ($confirm_row) 96 { 97 if (strcasecmp($confirm_row['code'], $confirm_code) === 0) 98 { 99 $sql = 'DELETE FROM ' . CONFIRM_TABLE . " 100 WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "' 101 AND session_id = '" . $db->sql_escape($user->session_id) . "' 102 AND confirm_type = " . CONFIRM_LOGIN; 103 $db->sql_query($sql); 104 } 105 else 106 { 107 return array( 108 'status' => LOGIN_ERROR_ATTEMPTS, 109 'error_msg' => 'CONFIRM_CODE_WRONG', 110 'user_row' => $row, 111 ); 112 } 113 } 114 else 115 { 116 return array( 117 'status' => LOGIN_ERROR_ATTEMPTS, 118 'error_msg' => 'CONFIRM_CODE_WRONG', 119 'user_row' => $row, 120 ); 121 } 122 } 91 $captcha->reset(); 92 } 93 123 94 } 124 95 … … 142 113 143 114 // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding 144 if (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password']) 115 // plain md5 support left in for conversions from other systems. 116 if ((strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password']))) 117 || (strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password']))) 145 118 { 146 119 $hash = phpbb_hash($password_new_format); … … 227 200 // Give status about wrong password... 228 201 return array( 229 'status' => LOGIN_ERROR_PASSWORD,230 'error_msg' => 'LOGIN_ERROR_PASSWORD',202 'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD, 203 'error_msg' => ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD', 231 204 'user_row' => $row, 232 205 ); -
trunk/forum/includes/auth/auth_ldap.php
r400 r702 7 7 * 8 8 * @package login 9 * @version $Id : auth_ldap.php 8479 2008-03-29 00:22:48Z naderman$9 * @version $Id$ 10 10 * @copyright (c) 2005 phpBB Group 11 11 * @license http://opensource.org/licenses/gpl-license.php GNU Public License … … 64 64 $search = @ldap_search( 65 65 $ldap, 66 $config['ldap_base_dn'],66 htmlspecialchars_decode($config['ldap_base_dn']), 67 67 ldap_user_filter($user->data['username']), 68 (empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']), 68 (empty($config['ldap_email'])) ? 69 array(htmlspecialchars_decode($config['ldap_uid'])) : 70 array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])), 69 71 0, 70 72 1 … … 86 88 } 87 89 88 if (!empty($config['ldap_email']) && !isset($result[0][ $config['ldap_email']]))90 if (!empty($config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($config['ldap_email'])])) 89 91 { 90 92 return $user->lang['LDAP_NO_EMAIL']; … … 153 155 if ($config['ldap_user'] || $config['ldap_password']) 154 156 { 155 if (!@ldap_bind($ldap, $config['ldap_user'], htmlspecialchars_decode($config['ldap_password'])))157 if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password']))) 156 158 { 157 159 return $user->lang['LDAP_NO_SERVER_CONNECTION']; … … 161 163 $search = @ldap_search( 162 164 $ldap, 163 $config['ldap_base_dn'],165 htmlspecialchars_decode($config['ldap_base_dn']), 164 166 ldap_user_filter($username), 165 (empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']), 167 (empty($config['ldap_email'])) ? 168 array(htmlspecialchars_decode($config['ldap_uid'])) : 169 array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])), 166 170 0, 167 171 1 … … 224 228 'username' => $username, 225 229 'user_password' => phpbb_hash($password), 226 'user_email' => (!empty($config['ldap_email'])) ? $ldap_result[0][$config['ldap_email']][0]: '',230 'user_email' => (!empty($config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($config['ldap_email'])][0]) : '', 227 231 'group_id' => (int) $row['group_id'], 228 232 'user_type' => USER_NORMAL, 229 233 'user_ip' => $user->ip, 234 'user_new' => ($config['new_member_post_limit']) ? 1 : 0, 230 235 ); 231 236 … … 277 282 if ($config['ldap_user_filter']) 278 283 { 279 $filter = "(&$filter({$config['ldap_user_filter']}))"; 284 $_filter = ($config['ldap_user_filter'][0] == '(' && substr($config['ldap_user_filter'], -1) == ')') ? $config['ldap_user_filter'] : "({$config['ldap_user_filter']})"; 285 $filter = "(&{$filter}{$_filter})"; 280 286 } 281 287 return $filter;
Note:
See TracChangeset
for help on using the changeset viewer.