function rss_get_user() { global $db; if ((!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) && isset($_SERVER['REMOTE_USER']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REMOTE_USER'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1]), 2); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { $username = phpbb_clean_username($_SERVER['PHP_AUTH_USER']); $password = $_SERVER['PHP_AUTH_PW']; if (isset($_GET['uid'])) { $uid = intval($_GET['uid']); $uid = (int) $uid; $user_data = get_userdata($uid, false); if (!empty($user_data['username'])) { $username = $user_data['username']; } else { GetHTTPPasswd(); } } if (!function_exists('login_db')) { include IP_ROOT_PATH . 'includes/auth_db.' . PHP_EXT; } $login_result = login_db($username, $password, false, true); if ($login_result['status'] === LOGIN_SUCCESS) { return $row['user_id']; } else { GetHTTPPasswd(); } } else { GetHTTPPasswd(); } return ANONYMOUS; }
function rss_get_user() { global $db, $HTTP_SERVER_VARS, $HTTP_GET_VARS; if ((!isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) || !isset($HTTP_SERVER_VARS['PHP_AUTH_PW'])) && isset($HTTP_SERVER_VARS['REMOTE_USER']) && preg_match('/Basic\\s+(.*)$/i', $HTTP_SERVER_VARS['REMOTE_USER'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1]), 2); $HTTP_SERVER_VARS['PHP_AUTH_USER'] = strip_tags($name); $HTTP_SERVER_VARS['PHP_AUTH_PW'] = strip_tags($password); } if (isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) && isset($HTTP_SERVER_VARS['PHP_AUTH_PW'])) { $username = phpbb_clean_username($HTTP_SERVER_VARS['PHP_AUTH_USER']); $password = md5($HTTP_SERVER_VARS['PHP_AUTH_PW']); if (isset($HTTP_GET_VARS['uid'])) { $uid = intval($HTTP_GET_VARS['uid']); $sql = "SELECT * FROM " . USERS_TABLE . " WHERE user_id = {$uid}"; } else { $sql = "SELECT user_id, username, user_password, user_active, user_level\n\t\t\tFROM " . USERS_TABLE . "\n\t\t\tWHERE username = '******'", "''", $username) . "'"; } if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql); } if ($row = $db->sql_fetchrow($result)) { if ($password == $row['user_password'] && $row['user_active']) { // Yes!!! It's good user return $row['user_id']; } else { GetHTTPPasswd(); } } } else { GetHTTPPasswd(); } return ANONYMOUS; }