function rss_get_user()
{
global $db;
if ((!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) && isset($_SERVER['REMOTE_USER']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REMOTE_USER'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]), 2);
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
$username = phpbb_clean_username($_SERVER['PHP_AUTH_USER']);
$password = $_SERVER['PHP_AUTH_PW'];
if (isset($_GET['uid'])) {
$uid = intval($_GET['uid']);
$uid = (int) $uid;
$user_data = get_userdata($uid, false);
if (!empty($user_data['username'])) {
$username = $user_data['username'];
} else {
GetHTTPPasswd();
}
}
if (!function_exists('login_db')) {
include IP_ROOT_PATH . 'includes/auth_db.' . PHP_EXT;
}
$login_result = login_db($username, $password, false, true);
if ($login_result['status'] === LOGIN_SUCCESS) {
return $row['user_id'];
} else {
GetHTTPPasswd();
}
} else {
GetHTTPPasswd();
}
return ANONYMOUS;
}
function rss_get_user()
{
global $db, $HTTP_SERVER_VARS, $HTTP_GET_VARS;
if ((!isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) || !isset($HTTP_SERVER_VARS['PHP_AUTH_PW'])) && isset($HTTP_SERVER_VARS['REMOTE_USER']) && preg_match('/Basic\\s+(.*)$/i', $HTTP_SERVER_VARS['REMOTE_USER'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]), 2);
$HTTP_SERVER_VARS['PHP_AUTH_USER'] = strip_tags($name);
$HTTP_SERVER_VARS['PHP_AUTH_PW'] = strip_tags($password);
}
if (isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) && isset($HTTP_SERVER_VARS['PHP_AUTH_PW'])) {
$username = phpbb_clean_username($HTTP_SERVER_VARS['PHP_AUTH_USER']);
$password = md5($HTTP_SERVER_VARS['PHP_AUTH_PW']);
if (isset($HTTP_GET_VARS['uid'])) {
$uid = intval($HTTP_GET_VARS['uid']);
$sql = "SELECT * FROM " . USERS_TABLE . " WHERE user_id = {$uid}";
} else {
$sql = "SELECT user_id, username, user_password, user_active, user_level\n\t\t\tFROM " . USERS_TABLE . "\n\t\t\tWHERE username = '******'", "''", $username) . "'";
}
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
}
if ($row = $db->sql_fetchrow($result)) {
if ($password == $row['user_password'] && $row['user_active']) {
// Yes!!! It's good user
return $row['user_id'];
} else {
GetHTTPPasswd();
}
}
} else {
GetHTTPPasswd();
}
return ANONYMOUS;
}
