function pp_db_auth_check_login($username, $password)
{
require_once './wp-includes/registration.php';
require_once './wp-includes/user.php';
require_once './wp-includes/pluggable.php';
require_once './wp-includes/class-phpass.php';
if ($username == '' && $password == '') {
return;
}
$resource = mysql_connect(get_option('pp_host') . $port, get_option('pp_db_user'), get_option('pp_db_pw'), true);
mysql_select_db(get_option('pp_db'), $resource);
$pp_hasher = new PasswordHash(8, FALSE);
$mem = get_option('pp_db_table');
$sql = mysql_query("SELECT " . get_option('pp_db_namefield') . ", " . get_option('pp_db_pwfield') . " FROM `" . $mem . "` WHERE " . get_option('pp_db_namefield') . " = '" . $username . "'");
$row = mysql_fetch_assoc($sql);
//print_r($row);
//first figure out the DB type and connect...
$driver = get_option('pp_db_type');
//if on same host have to use resource id to make sure you don't lose the wp db connection
$mdbpath = get_option('pp_db_mdb2_path') . "/MDB2.php";
if ($mdbpath != "/MDB2.php") {
@(require_once $mdbpath);
}
$resource = db_functions($driver, "connect", "", "");
//prepare the db for unicode queries
//to pick up umlauts, non-latin text, etc., without choking
$utfquery = "SET NAMES 'utf8'";
$resultutf = db_functions($driver, "query", $resource, $utfquery);
//do the password hash for comparing
switch (get_option('pp_db_enc')) {
case "SHA1":
$password2 = sha1($password);
break;
case "MD5":
$password2 = md5($password);
break;
case "HASH":
$password2 = pp_check_password($password, $row['password']);
break;
case "PHPass":
$password2 = pp_check_password($password, $row['password']);
break;
case "Other":
//right now defaulting to plaintext. People can change code here for their own special hash
$salt = '/2aX16zPnnIgfMwkOjGX4S';
$hmac = base64_encode(hash_hmac('sha512', $password, $salt, true));
$password2 = crypt($hmac, $row['password']);
//eval(get_option('pp_db_other_enc'));
break;
}
//first check to see if login exists in external db
$query = "SELECT count(*) AS numrows FROM " . get_option('pp_db_table') . " WHERE " . get_option('pp_db_namefield') . " = '{$username}'";
$result = db_functions($driver, "query", $resource, $query);
$numrows = db_functions($driver, "fetch", $result, "");
$numrows = $numrows["numrows"];
if ($numrows) {
//then check to see if pw matches and get other fields...
$sqlfields['first_name'] = get_option('pp_db_first_name');
$sqlfields['last_name'] = get_option('pp_db_last_name');
$sqlfields['user_url'] = get_option('pp_db_user_url');
$sqlfields['user_email'] = get_option('pp_db_user_email');
$sqlfields['description'] = get_option('pp_db_description');
$sqlfields['aim'] = get_option('pp_db_aim');
$sqlfields['yim'] = get_option('pp_db_yim');
$sqlfields['jabber'] = get_option('pp_db_jabber');
$sqlfields['pp_db_role'] = get_option('pp_db_role');
foreach ($sqlfields as $key => $value) {
if ($value == "") {
unset($sqlfields[$key]);
}
}
$sqlfields2 = implode(", ", $sqlfields);
//just so queries won't error out if there are no relevant fields for extended data.
if (empty($sqlfields2)) {
$sqlfields2 = get_option('pp_db_namefield');
}
if (get_option('pp_db_enc') == 'HASH') {
$query = "SELECT {$sqlfields2} FROM " . get_option('pp_db_table') . " WHERE " . get_option('pp_db_namefield') . " = '{$username}' AND active = '1'";
$result = db_functions($driver, "query", $resource, $query);
$numrows = db_functions($driver, "numrows", $result, "");
} elseif (get_option('pp_db_enc') == 'PHPass') {
$query = "SELECT {$sqlfields2} FROM " . get_option('pp_db_table') . " WHERE " . get_option('pp_db_namefield') . " = '{$username}'";
$result = db_functions($driver, "query", $resource, $query);
$numrows = db_functions($driver, "numrows", $result, "");
} elseif (get_option('pp_db_enc') == 'SHA1' || get_option('pp_db_enc') == 'MD5') {
$query = "SELECT {$sqlfields2} FROM " . get_option('pp_db_table') . " WHERE " . get_option('pp_db_namefield') . " = '{$username}' AND " . get_option('pp_db_pwfield') . " = '{$password2}'";
$result = db_functions($driver, "query", $resource, $query);
$numrows = db_functions($driver, "numrows", $result, "");
} elseif (get_option('pp_db_enc') == 'Other') {
$query = "SELECT {$sqlfields2} FROM " . get_option('pp_db_table') . " WHERE " . get_option('pp_db_namefield') . " = '{$username}' AND " . get_option('pp_db_pwfield') . " = '{$password2}'";
$result = db_functions($driver, "query", $resource, $query);
$numrows = db_functions($driver, "numrows", $result, "");
}
if ($numrows) {
//create/update wp account from external database if login/pw exact match exists in that db
$extfields = db_functions($driver, "fetch", $result, "");
$process = TRUE;
//check role, if present.
$role = get_option('pp_db_role');
if (!empty($role)) {
//build the role checker too
$rolevalue = $extfields[$sqlfields['pp_db_role']];
$rolethresh = get_option('pp_db_role_value');
$rolebool = get_option('pp_db_role_bool');
global $pp_error;
if ($rolebool == 'is') {
if ($rolevalue == $rolethresh) {
} else {
$username = NULL;
$pp_error = "wrongrole";
$process = FALSE;
}
}
if ($rolebool == 'greater than') {
if ($rolevalue > $rolethresh) {
} else {
$username = NULL;
$pp_error = "wrongrole";
$process = FALSE;
}
}
if ($rolebool == 'less than') {
if ($rolevalue < $rolethresh) {
} else {
$username = NULL;
$pp_error = "wrongrole";
$process = FALSE;
}
}
}
//only continue with user update/creation if login/pw is valid AND, if used, proper role perms
if ((get_option('pp_db_enc') == 'HASH' || get_option('pp_db_enc') == 'PHPass') && pp_check_password($password, $row['password'])) {
if ($process) {
$userarray['user_login'] = $username;
$userarray['user_pass'] = $password;
$userarray['first_name'] = $extfields[$sqlfields['first_name']];
$userarray['last_name'] = $extfields[$sqlfields['last_name']];
$userarray['user_url'] = $extfields[$sqlfields['user_url']];
$userarray['user_email'] = $extfields[$sqlfields['user_email']];
$userarray['description'] = $extfields[$sqlfields['description']];
$userarray['aim'] = $extfields[$sqlfields['aim']];
$userarray['yim'] = $extfields[$sqlfields['yim']];
$userarray['jabber'] = $extfields[$sqlfields['jabber']];
$userarray['display_name'] = $extfields[$sqlfields['first_name']] . " " . $extfields[$sqlfields['last_name']];
//also if no extended data fields
if ($userarray['display_name'] == " ") {
$userarray['display_name'] = $username;
}
db_functions($driver, "close", $resource, "");
//looks like wp functions clean up data before entry, so I'm not going to try to clean out fields beforehand.
if ($id = username_exists($username)) {
//just do an update
$userarray['ID'] = $id;
wp_update_user($userarray);
} else {
wp_insert_user($userarray);
}
//otherwise create
}
}
if (get_option('pp_db_enc') == 'MD5' || get_option('pp_db_enc') == 'SHA1') {
if ($process) {
$userarray['user_login'] = $username;
$userarray['user_pass'] = $password;
$userarray['first_name'] = $extfields[$sqlfields['first_name']];
$userarray['last_name'] = $extfields[$sqlfields['last_name']];
$userarray['user_url'] = $extfields[$sqlfields['user_url']];
$userarray['user_email'] = $extfields[$sqlfields['user_email']];
$userarray['description'] = $extfields[$sqlfields['description']];
$userarray['aim'] = $extfields[$sqlfields['aim']];
$userarray['yim'] = $extfields[$sqlfields['yim']];
$userarray['jabber'] = $extfields[$sqlfields['jabber']];
$userarray['display_name'] = $extfields[$sqlfields['first_name']] . " " . $extfields[$sqlfields['last_name']];
//also if no extended data fields
if ($userarray['display_name'] == " ") {
$userarray['display_name'] = $username;
}
db_functions($driver, "close", $resource, "");
//looks like wp functions clean up data before entry, so I'm not going to try to clean out fields beforehand.
if ($id = username_exists($username)) {
//just do an update
$userarray['ID'] = $id;
wp_update_user($userarray);
} else {
wp_insert_user($userarray);
}
}
}
if (get_option('pp_db_enc') == 'Other') {
if ($process) {
$userarray['user_login'] = $username;
$userarray['user_pass'] = $password;
$userarray['first_name'] = $extfields[$sqlfields['first_name']];
$userarray['last_name'] = $extfields[$sqlfields['last_name']];
$userarray['user_url'] = $extfields[$sqlfields['user_url']];
$userarray['user_email'] = $extfields[$sqlfields['user_email']];
$userarray['description'] = $extfields[$sqlfields['description']];
$userarray['aim'] = $extfields[$sqlfields['aim']];
$userarray['yim'] = $extfields[$sqlfields['yim']];
$userarray['jabber'] = $extfields[$sqlfields['jabber']];
$userarray['display_name'] = $extfields[$sqlfields['first_name']] . " " . $extfields[$sqlfields['last_name']];
//also if no extended data fields
if ($userarray['display_name'] == " ") {
$userarray['display_name'] = $username;
}
db_functions($driver, "close", $resource, "");
//looks like wp functions clean up data before entry, so I'm not going to try to clean out fields beforehand.
if ($id = username_exists($username)) {
//just do an update
$userarray['ID'] = $id;
wp_update_user($userarray);
} else {
wp_insert_user($userarray);
}
}
}
} else {
//username exists but wrong password...
global $pp_error;
$pp_error = "wrongpw";
$username = NULL;
}
} else {
//don't let login even if it's in the WP db - it needs to come only from the external db.
global $pp_error;
$pp_error = "notindb";
$username = NULL;
}
//}
}
function ext_db_auth_check_login($username, $password)
{
require_once './wp-includes/registration.php';
//first figure out the DB type and connect...
$driver = get_option('ext_db_type');
//if on same host have to use resource id to make sure you don't lose the wp db connection
$mdbpath = get_option('ext_db_mdb2_path') . "/MDB2.php";
if ($mdbpath != "/MDB2.php") {
@(require_once $mdbpath);
}
$resource = db_functions($driver, "connect", "", "");
//prepare the db for unicode queries
//to pick up umlauts, non-latin text, etc., without choking
$utfquery = "SET NAMES 'utf8'";
$resultutf = db_functions($driver, "query", $resource, $utfquery);
//do the password hash for comparing
switch (get_option('ext_db_enc')) {
case "SHA1":
$password2 = sha1($password);
break;
case "MD5":
$password2 = md5($password);
break;
case "Other":
//right now defaulting to plaintext. People can change code here for their own special hash
eval(get_option('ext_db_other_enc'));
break;
}
//first check to see if login exists in external db
$query = "SELECT count(*) AS numrows FROM " . get_option('ext_db_table') . " WHERE " . get_option('ext_db_namefield') . " = '{$username}'";
$result = db_functions($driver, "query", $resource, $query);
$numrows = db_functions($driver, "fetch", $result, "");
$numrows = $numrows["numrows"];
if ($numrows) {
//then check to see if pw matches and get other fields...
$sqlfields['first_name'] = get_option('ext_db_first_name');
$sqlfields['last_name'] = get_option('ext_db_last_name');
$sqlfields['user_url'] = get_option('ext_db_user_url');
$sqlfields['user_email'] = get_option('ext_db_user_email');
$sqlfields['description'] = get_option('ext_db_description');
$sqlfields['aim'] = get_option('ext_db_aim');
$sqlfields['yim'] = get_option('ext_db_yim');
$sqlfields['jabber'] = get_option('ext_db_jabber');
$sqlfields['ext_db_role'] = get_option('ext_db_role');
$sqlfields['authenticator'] = get_option('ext_db_authenticator_cookie');
// CMC
foreach ($sqlfields as $key => $value) {
if ($value == "") {
unset($sqlfields[$key]);
}
}
$sqlfields2 = implode(", ", $sqlfields);
//just so queries won't error out if there are no relevant fields for extended data.
if (empty($sqlfields2)) {
$sqlfields2 = get_option('ext_db_namefield');
}
$query = "SELECT {$sqlfields2} FROM " . get_option('ext_db_table') . " WHERE " . get_option('ext_db_namefield') . " = '{$username}' AND " . get_option('ext_db_pwfield') . " = '{$password2}'";
$result = db_functions($driver, "query", $resource, $query);
$numrows = db_functions($driver, "numrows", $result, "");
if ($numrows) {
//create/update wp account from external database if login/pw exact match exists in that db
$extfields = db_functions($driver, "fetch", $result, "");
$process = TRUE;
//check role, if present.
$role = get_option('ext_db_role');
if (!empty($role)) {
//build the role checker too
$rolevalue = $extfields[$sqlfields['ext_db_role']];
$rolethresh = get_option('ext_db_role_value');
$rolebool = get_option('ext_db_role_bool');
global $ext_error;
if ($rolebool == 'is') {
if ($rolevalue == $rolethresh) {
} else {
$username = NULL;
$ext_error = "wrongrole";
$process = FALSE;
}
}
if ($rolebool == 'greater than') {
if ($rolevalue > $rolethresh) {
} else {
$username = NULL;
$ext_error = "wrongrole";
$process = FALSE;
}
}
if ($rolebool == 'less than') {
if ($rolevalue < $rolethresh) {
} else {
$username = NULL;
$ext_error = "wrongrole";
$process = FALSE;
}
}
}
//only continue with user update/creation if login/pw is valid AND, if used, proper role perms
if ($process) {
$userarray['user_login'] = $username;
$userarray['user_pass'] = $password;
$userarray['first_name'] = $extfields[$sqlfields['first_name']];
$userarray['last_name'] = $extfields[$sqlfields['last_name']];
$userarray['user_url'] = $extfields[$sqlfields['user_url']];
$userarray['user_email'] = $extfields[$sqlfields['user_email']];
$userarray['description'] = $extfields[$sqlfields['description']];
$userarray['aim'] = $extfields[$sqlfields['aim']];
$userarray['yim'] = $extfields[$sqlfields['yim']];
$userarray['jabber'] = $extfields[$sqlfields['jabber']];
$userarray['display_name'] = $extfields[$sqlfields['first_name']] . " " . $extfields[$sqlfields['last_name']];
//also if no extended data fields
if ($userarray['display_name'] == " ") {
$userarray['display_name'] = $username;
}
db_functions($driver, "close", $resource, "");
// CMC hack - set auth cookies
$auth = $extfields[$sqlfields['authenticator']];
if (!empty($auth)) {
// we want to set an authenticator cookie for other parts of the website
setcookie("auth", $auth, time() + 3600 * 24 * 365, "/sensor");
setcookie("auth", $auth, time() + 3600 * 24 * 365, "/continual");
}
// end CMC hack
//looks like wp functions clean up data before entry, so I'm not going to try to clean out fields beforehand.
if ($id = username_exists($username)) {
//just do an update
$userarray['ID'] = $id;
wp_update_user($userarray);
} else {
wp_insert_user($userarray);
}
//otherwise create
}
} else {
//username exists but wrong password...
global $ext_error;
$ext_error = "wrongpw";
$username = NULL;
}
} else {
//don't let login even if it's in the WP db - it needs to come only from the external db.
global $ext_error;
$ext_error = "notindb";
$username = NULL;
}
}
