Esempio n. 1
0
 /**
  *	Validate login credentials
  *
  *	@param string $uname - The user name requesting access
  *	@param string $pass - Password to use (usually plain text)
  *	@param pointer &$newvals - pointer to array to accept other data read from database
  *	@param boolean $connect_only - TRUE to simply connect to the database
  *
  *	@return integer result (AUTH_xxxx)
  *
  *	On a successful login, &$newvals array is filled with the requested data from the server
  */
 public function login($uname, $pword, &$newvals, $connect_only = FALSE)
 {
     if ($connect_only) {
         return AUTH_SUCCESS;
     }
     // Big problem if can't connect to our own DB!
     // See if the user's in the E107 database - otherwise they can go away
     global $sql, $tp;
     if (!$sql->db_Select('user', 'user_loginname, user_password', "user_loginname = '" . $tp->toDB($uname) . "'")) {
         // Invalid user
         $this->makeErrorText('User not found');
         return AUTH_NOUSER;
     }
     // Now look at their password - we always need to verify it, even if its a core E107 format.
     // Higher levels will always convert an authorised password to E107 format and save it for us.
     if (!($row = $sql->db_Fetch())) {
         $this->makeErrorText('Error reading DB');
         return AUTH_NOCONNECT;
         // Debateable return code - really a DB error. But consistent with other handler
     }
     require_once e_PLUGIN . 'alt_auth/extended_password_handler.php';
     // This auto-loads the 'standard' password handler as well
     $pass_check = new ExtendedPasswordHandler();
     $passMethod = $pass_check->passwordMapping($this->conf['importdb_password_method']);
     if ($passMethod === FALSE) {
         $this->makeErrorText('Password error - invalid method');
         return AUTH_BADPASSWORD;
     }
     $pwFromDB = $row['user_password'];
     // Password stored in DB
     if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID) {
         $this->makeErrorText('Password incorrect');
         return LOGIN_CONTINUE;
         // Could have already changed password to E107 format
     }
     $this->makeErrorText('');
     return AUTH_SUCCESS;
 }
Esempio n. 2
0
 /**
  *	Validate login credentials
  *
  *	@param string $uname - The user name requesting access
  *	@param string $pass - Password to use (usually plain text)
  *	@param pointer &$newvals - pointer to array to accept other data read from database
  *	@param boolean $connect_only - TRUE to simply connect to the database
  *
  *	@return integer result (AUTH_xxxx)
  *
  *	On a successful login, &$newvals array is filled with the requested data from the server
  */
 public function login($uname, $pword, &$newvals, $connect_only = FALSE)
 {
     //Attempt to open connection to sql database
     if (!($res = mysql_connect($this->conf['otherdb_server'], $this->conf['otherdb_username'], $this->conf['otherdb_password']))) {
         $this->makeErrorText('Cannot connect to remote server');
         return AUTH_NOCONNECT;
     }
     //Select correct db
     if (!mysql_select_db($this->conf['otherdb_database'], $res)) {
         mysql_close($res);
         $this->makeErrorText('Cannot connect to remote DB');
         return AUTH_NOCONNECT;
     }
     if ($connect_only) {
         return AUTH_SUCCESS;
     }
     // Test mode may just want to connect to the DB
     $sel_fields = array();
     // Make an array of the fields we want from the source DB
     foreach ($this->conf as $k => $v) {
         if ($v && strpos($k, 'otherdb_xf_') === 0) {
             $sel_fields[] = $v;
         }
     }
     $sel_fields[] = $this->conf['otherdb_password_field'];
     $user_field = $this->conf['otherdb_user_field'];
     if (isset($this->conf['otherdb_salt_field'])) {
         $sel_fields[] = $this->conf['otherdb_salt_field'];
     }
     //Get record containing supplied login name
     $qry = "SELECT " . implode(',', $sel_fields) . " FROM {$this->conf['otherdb_table']} WHERE {$user_field} = '{$uname}'";
     //	  echo "Query: {$qry}<br />";
     if (!($r1 = mysql_query($qry))) {
         mysql_close($res);
         $this->makeErrorText('Lookup query failed');
         return AUTH_NOCONNECT;
     }
     if (!($row = mysql_fetch_array($r1))) {
         mysql_close($res);
         $this->makeErrorText('User not found');
         return AUTH_NOUSER;
     }
     mysql_close($res);
     // Finished with 'foreign' DB now
     // Got something from the DB - see whether password valid
     require_once e_PLUGIN . 'alt_auth/extended_password_handler.php';
     // This auto-loads the 'standard' password handler as well
     $pass_check = new ExtendedPasswordHandler();
     $passMethod = $pass_check->passwordMapping($this->conf['otherdb_password_method']);
     if ($passMethod === FALSE) {
         $this->makeErrorText('Password error - invalid method');
         return AUTH_BADPASSWORD;
     }
     $pwFromDB = $row[$this->conf['otherdb_password_field']];
     // Password stored in DB
     if ($salt_field) {
         $pwFromDB .= ':' . $row[$salt_field];
     }
     if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID) {
         $this->makeErrorText('Password incorrect');
         return AUTH_BADPASSWORD;
     }
     // Now copy across any values we have selected
     foreach ($this->conf as $k => $v) {
         if ($v && strpos($k, 'otherdb_xf_') === 0 && isset($row[$v])) {
             $newvals[substr($k, strlen('otherdb_xf_'))] = $row[$v];
         }
     }
     $this->makeErrorText('');
     // Success - just reconnect to E107 DB if needed
     return AUTH_SUCCESS;
 }
Esempio n. 3
0
 /**
  *	Validate login credentials
  *
  *	@param string $uname - The user name requesting access
  *	@param string $pass - Password to use (usually plain text)
  *	@param pointer &$newvals - pointer to array to accept other data read from database
  *	@param boolean $connect_only - TRUE to simply connect to the database
  *
  *	@return integer result (AUTH_xxxx)
  *
  *	On a successful login, &$newvals array is filled with the requested data from the server
  */
 public function login($uname, $pword, &$newvals, $connect_only = FALSE)
 {
     //Attempt to open connection to sql database
     if (!($res = mysql_connect($this->conf['e107db_server'], $this->conf['e107db_username'], $this->conf['e107db_password']))) {
         $this->makeErrorText('Cannot connect to remote server');
         return AUTH_NOCONNECT;
     }
     //Select correct db
     if (!mysql_select_db($this->conf['e107db_database'], $res)) {
         mysql_close($res);
         $this->makeErrorText('Cannot connect to remote DB');
         return AUTH_NOCONNECT;
     }
     if ($connect_only) {
         return AUTH_SUCCESS;
     }
     // Test mode may just want to connect to the DB
     $sel_fields = array();
     // Make an array of the fields we want from the source DB
     foreach ($this->conf as $k => $v) {
         if ($v && strpos($k, 'e107db_xf_') === 0) {
             $sel_fields[] = substr($k, strlen('e107db_xf_'));
         }
     }
     $filterClass = intval(varset($this->conf['e107db_filter_class'], e_UC_PUBLIC));
     if ($filterClass != e_UC_PUBLIC && !in_array('user_class', $sel_fields)) {
         $sel_fields[] = 'user_class';
     }
     $sel_fields[] = 'user_password';
     $user_field = 'user_loginname';
     //Get record containing supplied login name
     $qry = 'SELECT ' . implode(',', $sel_fields) . " FROM " . $this->conf['e107db_prefix'] . "user WHERE {$user_field} = '{$uname}' AND `user_ban` = 0";
     //	  echo "Query: {$qry}<br />";
     if (!($r1 = mysql_query($qry))) {
         mysql_close($res);
         $this->makeErrorText('Lookup query failed');
         return AUTH_NOCONNECT;
     }
     if (!($row = mysql_fetch_array($r1))) {
         mysql_close($res);
         $this->makeErrorText('User not found');
         return AUTH_NOUSER;
     }
     mysql_close($res);
     // Finished with 'foreign' DB now
     // Got something from the DB - see whether password valid
     require_once e_PLUGIN . 'alt_auth/extended_password_handler.php';
     // This auto-loads the 'standard' password handler as well
     $pass_check = new ExtendedPasswordHandler();
     $passMethod = $pass_check->passwordMapping($this->conf['e107db_password_method']);
     if ($passMethod === FALSE) {
         $this->makeErrorText('Password error - invalid method');
         return AUTH_BADPASSWORD;
     }
     $pwFromDB = $row['user_password'];
     // Password stored in DB
     if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID) {
         $this->makeErrorText('Password incorrect');
         return AUTH_BADPASSWORD;
     }
     // Valid user - check he's in an appropriate class
     if ($filterClass != e_UC_PUBLIC) {
         $tmp = explode(',', $row['user_class']);
         if (!in_array($filterClass, $tmp)) {
             $this->makeErrorText('Userc not found');
             return AUTH_NOUSER;
             // Treat as non-existent user
         }
         unset($tmp);
     }
     // Now copy across any values we have selected
     foreach ($this->conf as $k => $v) {
         if ($v && strpos($k, 'e107db_xf_') === 0) {
             $f = substr($k, strlen('e107db_xf_'));
             if (isset($row[$f])) {
                 $newvals[$f] = $row[$f];
             }
         }
     }
     $this->makeErrorText('');
     // Success - just reconnect to E107 DB if needed
     return AUTH_SUCCESS;
 }