/**
* Validate login credentials
*
* @param string $uname - The user name requesting access
* @param string $pass - Password to use (usually plain text)
* @param pointer &$newvals - pointer to array to accept other data read from database
* @param boolean $connect_only - TRUE to simply connect to the database
*
* @return integer result (AUTH_xxxx)
*
* On a successful login, &$newvals array is filled with the requested data from the server
*/
public function login($uname, $pword, &$newvals, $connect_only = FALSE)
{
//Attempt to open connection to sql database
if (!($res = mysql_connect($this->conf['otherdb_server'], $this->conf['otherdb_username'], $this->conf['otherdb_password']))) {
$this->makeErrorText('Cannot connect to remote server');
return AUTH_NOCONNECT;
}
//Select correct db
if (!mysql_select_db($this->conf['otherdb_database'], $res)) {
mysql_close($res);
$this->makeErrorText('Cannot connect to remote DB');
return AUTH_NOCONNECT;
}
if ($connect_only) {
return AUTH_SUCCESS;
}
// Test mode may just want to connect to the DB
$sel_fields = array();
// Make an array of the fields we want from the source DB
foreach ($this->conf as $k => $v) {
if ($v && strpos($k, 'otherdb_xf_') === 0) {
$sel_fields[] = $v;
}
}
$sel_fields[] = $this->conf['otherdb_password_field'];
$user_field = $this->conf['otherdb_user_field'];
if (isset($this->conf['otherdb_salt_field'])) {
$sel_fields[] = $this->conf['otherdb_salt_field'];
}
//Get record containing supplied login name
$qry = "SELECT " . implode(',', $sel_fields) . " FROM {$this->conf['otherdb_table']} WHERE {$user_field} = '{$uname}'";
// echo "Query: {$qry}<br />";
if (!($r1 = mysql_query($qry))) {
mysql_close($res);
$this->makeErrorText('Lookup query failed');
return AUTH_NOCONNECT;
}
if (!($row = mysql_fetch_array($r1))) {
mysql_close($res);
$this->makeErrorText('User not found');
return AUTH_NOUSER;
}
mysql_close($res);
// Finished with 'foreign' DB now
// Got something from the DB - see whether password valid
require_once e_PLUGIN . 'alt_auth/extended_password_handler.php';
// This auto-loads the 'standard' password handler as well
$pass_check = new ExtendedPasswordHandler();
$passMethod = $pass_check->passwordMapping($this->conf['otherdb_password_method']);
if ($passMethod === FALSE) {
$this->makeErrorText('Password error - invalid method');
return AUTH_BADPASSWORD;
}
$pwFromDB = $row[$this->conf['otherdb_password_field']];
// Password stored in DB
if ($salt_field) {
$pwFromDB .= ':' . $row[$salt_field];
}
if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID) {
$this->makeErrorText('Password incorrect');
return AUTH_BADPASSWORD;
}
// Now copy across any values we have selected
foreach ($this->conf as $k => $v) {
if ($v && strpos($k, 'otherdb_xf_') === 0 && isset($row[$v])) {
$newvals[substr($k, strlen('otherdb_xf_'))] = $row[$v];
}
}
$this->makeErrorText('');
// Success - just reconnect to E107 DB if needed
return AUTH_SUCCESS;
}
/**
* Validate login credentials
*
* @param string $uname - The user name requesting access
* @param string $pass - Password to use (usually plain text)
* @param pointer &$newvals - pointer to array to accept other data read from database
* @param boolean $connect_only - TRUE to simply connect to the database
*
* @return integer result (AUTH_xxxx)
*
* On a successful login, &$newvals array is filled with the requested data from the server
*/
public function login($uname, $pword, &$newvals, $connect_only = FALSE)
{
//Attempt to open connection to sql database
if (!($res = mysql_connect($this->conf['e107db_server'], $this->conf['e107db_username'], $this->conf['e107db_password']))) {
$this->makeErrorText('Cannot connect to remote server');
return AUTH_NOCONNECT;
}
//Select correct db
if (!mysql_select_db($this->conf['e107db_database'], $res)) {
mysql_close($res);
$this->makeErrorText('Cannot connect to remote DB');
return AUTH_NOCONNECT;
}
if ($connect_only) {
return AUTH_SUCCESS;
}
// Test mode may just want to connect to the DB
$sel_fields = array();
// Make an array of the fields we want from the source DB
foreach ($this->conf as $k => $v) {
if ($v && strpos($k, 'e107db_xf_') === 0) {
$sel_fields[] = substr($k, strlen('e107db_xf_'));
}
}
$filterClass = intval(varset($this->conf['e107db_filter_class'], e_UC_PUBLIC));
if ($filterClass != e_UC_PUBLIC && !in_array('user_class', $sel_fields)) {
$sel_fields[] = 'user_class';
}
$sel_fields[] = 'user_password';
$user_field = 'user_loginname';
//Get record containing supplied login name
$qry = 'SELECT ' . implode(',', $sel_fields) . " FROM " . $this->conf['e107db_prefix'] . "user WHERE {$user_field} = '{$uname}' AND `user_ban` = 0";
// echo "Query: {$qry}<br />";
if (!($r1 = mysql_query($qry))) {
mysql_close($res);
$this->makeErrorText('Lookup query failed');
return AUTH_NOCONNECT;
}
if (!($row = mysql_fetch_array($r1))) {
mysql_close($res);
$this->makeErrorText('User not found');
return AUTH_NOUSER;
}
mysql_close($res);
// Finished with 'foreign' DB now
// Got something from the DB - see whether password valid
require_once e_PLUGIN . 'alt_auth/extended_password_handler.php';
// This auto-loads the 'standard' password handler as well
$pass_check = new ExtendedPasswordHandler();
$passMethod = $pass_check->passwordMapping($this->conf['e107db_password_method']);
if ($passMethod === FALSE) {
$this->makeErrorText('Password error - invalid method');
return AUTH_BADPASSWORD;
}
$pwFromDB = $row['user_password'];
// Password stored in DB
if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID) {
$this->makeErrorText('Password incorrect');
return AUTH_BADPASSWORD;
}
// Valid user - check he's in an appropriate class
if ($filterClass != e_UC_PUBLIC) {
$tmp = explode(',', $row['user_class']);
if (!in_array($filterClass, $tmp)) {
$this->makeErrorText('Userc not found');
return AUTH_NOUSER;
// Treat as non-existent user
}
unset($tmp);
}
// Now copy across any values we have selected
foreach ($this->conf as $k => $v) {
if ($v && strpos($k, 'e107db_xf_') === 0) {
$f = substr($k, strlen('e107db_xf_'));
if (isset($row[$f])) {
$newvals[$f] = $row[$f];
}
}
}
$this->makeErrorText('');
// Success - just reconnect to E107 DB if needed
return AUTH_SUCCESS;
}
/**
* Validate login credentials
*
* @param string $uname - The user name requesting access
* @param string $pass - Password to use (usually plain text)
* @param pointer &$newvals - pointer to array to accept other data read from database
* @param boolean $connect_only - TRUE to simply connect to the database
*
* @return integer result (AUTH_xxxx)
*
* On a successful login, &$newvals array is filled with the requested data from the server
*/
public function login($uname, $pword, &$newvals, $connect_only = FALSE)
{
if ($connect_only) {
return AUTH_SUCCESS;
}
// Big problem if can't connect to our own DB!
// See if the user's in the E107 database - otherwise they can go away
global $sql, $tp;
if (!$sql->db_Select('user', 'user_loginname, user_password', "user_loginname = '" . $tp->toDB($uname) . "'")) {
// Invalid user
$this->makeErrorText('User not found');
return AUTH_NOUSER;
}
// Now look at their password - we always need to verify it, even if its a core E107 format.
// Higher levels will always convert an authorised password to E107 format and save it for us.
if (!($row = $sql->db_Fetch())) {
$this->makeErrorText('Error reading DB');
return AUTH_NOCONNECT;
// Debateable return code - really a DB error. But consistent with other handler
}
require_once e_PLUGIN . 'alt_auth/extended_password_handler.php';
// This auto-loads the 'standard' password handler as well
$pass_check = new ExtendedPasswordHandler();
$passMethod = $pass_check->passwordMapping($this->conf['importdb_password_method']);
if ($passMethod === FALSE) {
$this->makeErrorText('Password error - invalid method');
return AUTH_BADPASSWORD;
}
$pwFromDB = $row['user_password'];
// Password stored in DB
if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID) {
$this->makeErrorText('Password incorrect');
return LOGIN_CONTINUE;
// Could have already changed password to E107 format
}
$this->makeErrorText('');
return AUTH_SUCCESS;
}
/**
* Get the HTML for a password type selector.
*
* @param string $name - name to be used for selector
* @param $frm - form object to use
* @param string $currentSelection - current value (if any)
* @param boolean $getExtended - return all supported password types if TRUE, 'core' password types if FALSE
*/
public function altAuthGetPasswordSelector($name, $frm, $currentSelection = '', $getExtended = FALSE)
{
$password_methods = ExtendedPasswordHandler::GetPasswordTypes($getExtended);
$text = "";
$text .= $frm->form_select_open($name);
foreach ($password_methods as $k => $v) {
$sel = $currentSelection == $k ? " Selected='selected'" : '';
$text .= $frm->form_option($v, $sel, $k);
}
$text .= $frm->form_select_close();
return $text;
}