public function user_login($phpbb_vars)
{
global $phpbb_root_path, $phpEx, $db, $config, $user, $auth, $cache, $template, $_SID;
//fail presumption
$phpbb_result = "FAIL";
//general info
$this->init(true);
if (!isset($phpbb_vars["autologin"])) {
$phpbb_vars["autologin"] = false;
}
if (!isset($phpbb_vars["viewonline"])) {
$phpbb_vars["viewonline"] = 1;
}
if (!isset($phpbb_vars["admin"])) {
$phpbb_vars["admin"] = 0;
}
//validate and authenticate
$validation = login_db($phpbb_vars["username"], $phpbb_vars["password"]);
if ($validation['status'] == 3 && $auth->login($phpbb_vars["username"], $phpbb_vars["password"], $phpbb_vars["autologin"], $phpbb_vars["viewonline"], $phpbb_vars["admin"])) {
$phpbb_result = "SUCCESS";
} else {
$phpbb_result = (string) $validation['error_msg'];
}
//login issue noticed by Ezequiel Rabinovich (thanks)
$_SESSION['sid'] = $_SID;
return $phpbb_result;
}
function login($login, $password)
{
global $db;
if ($db['save_dest'] == 'database') {
return login_db($login, $password);
} else {
return login_file($login, $password);
}
}
/**
* Autologin function
*
* @return array containing the user row or empty if no auto login should take place
*/
function login_groupoffice(&$username, &$password, $ip = '', $browser = '', $forwarded_for = '')
{
global $db;
if (!$password) {
return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'NO_PASSWORD_SUPPLIED', 'user_row' => array('user_id' => ANONYMOUS));
}
if (!$username) {
return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS));
}
$gorow = user_row_groupoffice($username, $password);
if ($gorow) {
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "\n\t\t\tWHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row) {
// User inactive...
if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) {
return array('status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row);
}
// Successful login...
return array('status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $row);
}
// this is the user's first login so create an empty profile
return array('status' => LOGIN_SUCCESS_CREATE_PROFILE, 'error_msg' => false, 'user_row' => $gorow);
} else {
// return array(
// 'status' => LOGIN_ERROR_USERNAME,
// 'error_msg' => 'LOGIN_ERROR_USERNAME',
// 'user_row' => array('user_id' => ANONYMOUS),
// );
//fallback to regular Phpbb db auth.
require_once dirname(__FILE__) . '/auth_db.php';
return login_db($username, $password, $ip, $browser, $forwarded_for);
}
}
function rss_get_user()
{
global $db;
if ((!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) && isset($_SERVER['REMOTE_USER']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REMOTE_USER'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]), 2);
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
$username = phpbb_clean_username($_SERVER['PHP_AUTH_USER']);
$password = $_SERVER['PHP_AUTH_PW'];
if (isset($_GET['uid'])) {
$uid = intval($_GET['uid']);
$uid = (int) $uid;
$user_data = get_userdata($uid, false);
if (!empty($user_data['username'])) {
$username = $user_data['username'];
} else {
GetHTTPPasswd();
}
}
if (!function_exists('login_db')) {
include IP_ROOT_PATH . 'includes/auth_db.' . PHP_EXT;
}
$login_result = login_db($username, $password, false, true);
if ($login_result['status'] === LOGIN_SUCCESS) {
return $row['user_id'];
} else {
GetHTTPPasswd();
}
} else {
GetHTTPPasswd();
}
return ANONYMOUS;
}
/**
* Login function
*
* @param string $username
* @param string $password
* @param string $ip IP address the login is taking place from. Used to
* limit the number of login attempts per IP address.
* @param string $browser The user agent used to login
* @param string $forwarded_for X_FORWARDED_FOR header sent with login request
* @return array A associative array of the format
* array(
* 'status' => status constant
* 'error_msg' => string
* 'user_row' => array
* )
*/
function login_dbandcrowdsso($username, $password, $ip = '', $browser = '', $forwarded_for = '')
{
global $config;
$result = login_db($username, $password, $ip, $browser, $forwarded_for);
if ($result['status'] === LOGIN_SUCCESS) {
$token = dbandcrowdsso_get_token();
if ($token) {
// assume token is correct, afterall authentication was successful
// validate session will logout if they don't match anyway
return $result;
}
try {
$user = $result['user_row'];
$query = 'rest/usermanagement/1/session?validate-password=false';
$request_body = array('username' => $user['username'], 'password' => $password, 'validation-factors' => array('validationFactors' => array(array('name' => 'remote_address', 'value' => (string) $_SERVER['REMOTE_ADDR']))));
$session = dbandcrowdsso_request($query, 'POST', json_encode($request_body));
dbandcrowdsso_setcookie($session->token);
return $result;
} catch (RuntimeException $e) {
// no login if error
return array('status' => LOGIN_ERROR_EXTERNAL_AUTH, 'error_msg' => 'Failed to create crowd session: ' . $e->getMessage(), 'user_row' => array('user_id' => ANONYMOUS));
}
return array('status' => LOGIN_ERROR_EXTERNAL_AUTH, 'error_msg' => 'Failed to create crowd session with unknown error', 'user_row' => array('user_id' => ANONYMOUS));
}
return $result;
}
function check_authorization($die = true)
{
global $db, $cache, $lang, $dbuser, $dbpasswd, $option;
$auth_method = request_post_var('auth_method', '');
$board_user = request_post_var('board_user', '', true);
$board_user = htmlspecialchars_decode($board_user, ENT_COMPAT);
$board_password = request_post_var('board_password', '', true);
$board_password = htmlspecialchars_decode($board_password, ENT_COMPAT);
$db_user = request_post_var('db_user', '', true);
$db_user = htmlspecialchars_decode($db_user, ENT_COMPAT);
$db_password = request_post_var('db_password', '', true);
$db_password = htmlspecialchars_decode($db_password, ENT_COMPAT);
// Change authentication mode if selected option does not allow database authentication
if ($option == 'rld' || $option == 'rtd') {
$auth_method = 'board';
}
switch ($auth_method) {
case 'board':
include_once IP_ROOT_PATH . 'includes/auth_db.' . PHP_EXT;
$login_result = login_db($board_user, $board_password, false, true);
$allow_access = false;
if ($login_result['status'] === LOGIN_SUCCESS && $login_result['user_row']['user_level'] == ADMIN) {
$allow_access = true;
}
break;
case 'db':
if ($db_user == $dbuser && $db_password == $dbpasswd) {
$allow_access = true;
} else {
$allow_access = false;
}
break;
default:
$allow_access = false;
}
if (!$allow_access && $die) {
?>
<p><span style="color: red;"><?php
echo $lang['Auth_failed'];
?>
</span></p>
</body>
</html>
<?php
exit;
}
return $allow_access;
}
$redirect = request_var('redirect', '', true);
$redirect_url = (!empty($redirect) ? urldecode(str_replace(array('&', '?', PHP_EXT . '&'), array('&', '&', PHP_EXT . '?'), $redirect)) : CMS_LOGIN_REDIRECT_PAGE);
if (strstr($redirect_url, "\n") || strstr($redirect_url, "\r") || strstr($redirect_url, ';url'))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
if(isset($_POST['login']) || isset($_GET['login']) || isset($_POST['logout']) || isset($_GET['logout']))
{
if((isset($_POST['login']) || isset($_GET['login'])) && (!$user->data['session_logged_in'] || isset($_POST['admin'])))
{
$username = isset($_POST['username']) ? phpbb_clean_username($_POST['username']) : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';
$login_result = login_db($username, $password, false, true);
if ($login_result['status'] === LOGIN_ERROR_ATTEMPTS)
{
message_die(GENERAL_MESSAGE, sprintf($lang['LOGIN_ATTEMPTS_EXCEEDED'], $config['max_login_attempts'], $config['login_reset_time']));
}
if ($login_result['status'] === LOGIN_SUCCESS)
{
// Is user linking a social network account?
if ($config['enable_social_connect'])
{
$available_networks = SocialConnect::get_available_networks();
$social_network_link = request_var('social_network_link', '');
if (!empty($social_network_link) && !empty($available_networks[$social_network_link]))
//if (($email != $user->data['user_email']) || ($mode == 'register'))
if ($email != $user->data['user_email'] || $email_confirm != $user->data['user_email'] || $email != $email_confirm || $mode == 'register') {
$result = validate_email($email);
if (!empty($result['error'])) {
$email = $user->data['user_email'];
$email_confirm = $user->data['user_email'];
$email = $email_confirm;
$error = true;
$error_msg .= (isset($error_msg) ? '<br />' : '') . $result['error_msg'];
}
if ($email != $email_confirm) {
$error = true;
$error_msg .= (isset($error_msg) ? '<br />' : '') . $lang['Email_mismatch'];
}
if ($mode == 'editprofile') {
$login_result = login_db($username, $cur_password, $user_id, false);
if ($login_result['status'] !== LOGIN_SUCCESS) {
$email = $user->data['user_email'];
$email_confirm = $user->data['user_email'];
$error = true;
$error_msg .= (isset($error_msg) ? '<br />' : '') . $lang['Current_password_mismatch'];
}
}
}
$username_sql = '';
if ($config['allow_namechange'] || $mode == 'register') {
if (empty($username)) {
// Error is already triggered, since one field is empty.
$error = true;
} elseif ($username != $user->data['username'] || $mode == 'register') {
if (strtolower($username) != strtolower($user->data['username']) || $mode == 'register') {
/**
* Login function
*/
function login_mdc(&$username, &$password)
{
// apparently phpbb doesn't believe in include_once
if (!function_exists('user_add')) {
global $phpbb_root_path, $phpEx;
include $phpbb_root_path . 'includes/functions_user.' . $phpEx;
}
// This is fallback because I locked myself out of the database a lot when writing this. In theory we can whack this, but if the MDC db dies or
// something like that, we will be locked out of the forum system completely. Seems unlikely, but if it happens it would probably be nice
// to have this.
if ($username == 'admin') {
include_once 'auth_db.php';
return login_db($username, $password);
}
global $db, $user;
$anonymous_user = array('user_id' => ANONYMOUS);
$mdcuser = array();
// do not allow empty password
if (!$password) {
return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'NO_PASSWORD_SUPPLIED', 'user_row' => $anonymous_user);
}
if (!$username) {
return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => $anonymous_user);
}
$mdcdb = _auth_mdc_connect_database();
if (is_string($mdcdb)) {
return array('status' => LOGIN_ERROR_EXTERNAL_AUTH, 'error_msg' => 'GENERAL_ERROR' . ' ' . $mdcdb, 'user_row' => $anonymous_user);
}
$_sql = 'SELECT user_id, user_email, user_password, user_name, user_active, user_role_id FROM users WHERE user_name=?';
if ($_stmt = $mdcdb->prepare($_sql)) {
$_stmt->bind_param('s', $username);
$_stmt->execute();
$_stmt->bind_result($mdcuser['id'], $mdcuser['email'], $mdcuser['password'], $mdcuser['username'], $mdcuser['active'], $mdcuser['user_role_id']);
$_stmt->fetch();
$_stmt->close();
}
$mdcdb->close();
// increase MDC user ID by 100 to jump over phpBB's default users.
$mdcuser['mdcid'] = $mdcuser['id'];
$mdcuser['id'] += 100;
if ($mdcuser['id'] == 0) {
return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => $anonymous_user);
}
if (!$mdcuser['active']) {
return array('status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $anonymous_user);
}
if (!_auth_mdc_check_password($mdcuser['mdcid'], $password, $mdcuser['password'])) {
return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'LOGIN_ERROR_PASSWORD', 'user_row' => $anonymous_user);
} else {
// Everything is good on the MDC side. Let's make sure it's all good on the PHPBB side.
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type FROM ' . USERS_TABLE . " WHERE user_id = '" . $db->sql_escape(utf8_clean_string($mdcuser['id'])) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
// The user already exists in the phpbb database. Make sure they're valid, update anything needed, and log them in
if ($row) {
// User inactive...
if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) {
return array('status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row);
}
// Check if they've changed their name or email on the MDC side. If they have, update them in phpbb.
if ($row['username'] != $mdcuser['username'] || $row['user_email'] != $mdcuser['email']) {
$sql = ' UPDATE ' . USERS_TABLE . '
SET username="******", user_email="' . $db->sql_escape(utf8_clean_string($mdcuser['email'])) . '"
WHERE user_id = "' . $db->sql_escape(utf8_clean_string($mdcuser['id'])) . '"';
$db->sql_query($sql);
}
// Sync groups from MDC to phpbb
_auth_mdc_set_admin($mdcuser);
// Successful login... set user_login_attempts to zero...
return array('status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $row);
} else {
// Everyone is happy, but the user doesn't exist in phpbb yet. That means we'll need to create the row. Normally phpbb
// can do this automatically if you return LOGIN_SUCCESS_CREATE_PROFILE here, however, I want to do some special group stuff
// so we get to do it ourselves
// Check if it's a valid username as far as phpbb is concerned. This is pretty lenient with USERNAME_CHARS_ANY but it will prevent stuff like single quotes
if (($ret = validate_username($mdcuser['username'])) !== false) {
return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => $ret, 'user_row' => $anonymous_user);
}
// retrieve default group id
$sql = 'SELECT group_id FROM ' . GROUPS_TABLE . " WHERE group_name = '" . $db->sql_escape('REGISTERED') . "' AND group_type = " . GROUP_SPECIAL;
$result = $db->sql_query($sql);
$group = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$group) {
trigger_error('NO_GROUP');
}
// generate user account data
$new_user_row = array('user_id' => $mdcuser['id'], 'user_type' => USER_NORMAL, 'group_id' => (int) $group['group_id'], 'user_ip' => $user->ip, 'username' => $mdcuser['username'], 'user_password' => phpbb_hash(mt_rand(1000, 100000)), 'user_email' => $mdcuser['email']);
if ($id = user_add($new_user_row)) {
// We've got a user id. phpbb doesn't have a way to add more than 1 group when creating a user so we have to do that afterwards
_auth_mdc_set_admin($mdcuser);
return array('status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $new_user_row);
}
// Something went wrong. Return general error and anonymous user.
return array('status' => LOGIN_ERROR_EXTERNAL_AUTH, 'error_msg' => 'GENERAL_ERROR' . ' Failed to create new user', 'user_row' => array('user_id' => ANONYMOUS));
}
}
}
public function user_login($phpbb_vars)
{
// global $phpbb_root_path, $phpEx, $db, $config, $user, $auth, $cache, $template;
//
// //prezumtia de fail
//
// $phpbb_result = 'FAIL';
//
//
//
// //general info
//
// $this->init(true);
//
//
//
// if(!isset($phpbb_vars['autologin'])) $phpbb_vars['autologin'] = false;
//
// if(!isset($phpbb_vars['viewonline'])) $phpbb_vars['viewonline'] = 1;
//
// if(!isset($phpbb_vars['admin'])) $phpbb_vars['admin'] = 0;
//
//
//
// //validate and authenticate
//
// $validation = login_db($phpbb_vars['username'], $phpbb_vars['password']);
//
//
//
// if(
//
// $validation['status'] == 3
//
// && $auth->login(
//
// $phpbb_vars['username'],
//
// $phpbb_vars['password'],
//
// $phpbb_vars['autologin'],
//
// $phpbb_vars['viewonline'],
//
// $phpbb_vars['admin']
//
// )
//
// ) $phpbb_result = 'SUCCESS';
//
//
//
// return $phpbb_result;
/*
* Ver.0.2
*/
global $phpbb_root_path, $phpEx, $db, $config, $user, $auth, $cache, $template, $_SID;
//prezumtia de fail
$phpbb_result = "FAIL";
//general info
$this->init(true);
$user->setup();
if ($user->data['is_registered']) {
return;
}
if (!isset($phpbb_vars["autologin"])) {
$phpbb_vars["autologin"] = true;
}
if (!isset($phpbb_vars["viewonline"])) {
$phpbb_vars["viewonline"] = 1;
}
if (!isset($phpbb_vars["admin"])) {
$phpbb_vars["admin"] = 0;
}
//validate and authenticate
$validation = login_db($phpbb_vars["username"], $phpbb_vars["password"]);
$login = $auth->login($phpbb_vars["username"], $phpbb_vars["password"], $phpbb_vars["autologin"], $phpbb_vars["viewonline"], $phpbb_vars["admin"]);
if ($validation['status'] == LOGIN_SUCCESS && $login['status'] == LOGIN_SUCCESS) {
$phpbb_result = "SUCCESS";
}
$_SESSION['sid'] = $_SID;
return $phpbb_result;
}
