public function __construct($method, &$username, &$userpass) { $this->e107 = e107::getInstance(); $newvals = array(); if ($method == 'none') { $this->loginResult = AUTH_NOCONNECT; return; } require_once e_PLUGIN . 'alt_auth/' . $method . '_auth.php'; $_login = new auth_login(); if (isset($_login->Available) && $_login->Available === FALSE) { // Relevant auth method not available (e.g. PHP extension not loaded) $this->loginResult = AUTH_NOT_AVAILABLE; return; } $login_result = $_login->login($username, $userpass, $newvals, FALSE); if ($login_result === AUTH_SUCCESS) { require_once e_HANDLER . 'user_handler.php'; require_once e_HANDLER . 'validator_class.php'; if (MAGIC_QUOTES_GPC == FALSE) { $username = mysql_real_escape_string($username); } $username = preg_replace("/\\sOR\\s|\\=|\\#/", "", $username); $username = substr($username, 0, e107::getPref('loginname_maxlength')); $aa_sql = e107::getDb('aa'); $userMethods = new UserHandler(); $db_vals = array('user_password' => $aa_sql->escape($userMethods->HashPassword($userpass, $username))); $xFields = array(); // Possible extended user fields // See if any of the fields need processing before save if (isset($_login->copyMethods) && count($_login->copyMethods)) { foreach ($newvals as $k => $v) { if (isset($_login->copyMethods[$k])) { $newvals[$k] = $this->translate($_login->copyMethods[$k], $v); if (AA_DEBUG1) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth convert", $k . ': ' . $v . '=>' . $newvals[$k], FALSE, LOG_TO_ROLLING); } } } } foreach ($newvals as $k => $v) { if (strpos($k, 'x_') === 0) { // Extended field $k = substr($k, 2); $xFields['user_' . $k] = $v; } else { // Normal user table if (strpos($k, 'user_' !== 0)) { $k = 'user_' . $k; } // translate the field names (but latest handlers don't need translation) $db_vals[$k] = $v; } } $ulogin = new userlogin(); if (count($xFields)) { // We're going to have to do something with extended fields as well - make sure there's an object require_once e_HANDLER . 'user_extended_class.php'; $ue = new e107_user_extended(); $q = $qry = "SELECT u.user_id,u." . implode(',u.', array_keys($db_vals)) . ", ue.user_extended_id, ue." . implode(',ue.', array_keys($xFields)) . " FROM `#user` AS u\n\t\t\t\t\t\tLEFT JOIN `#user_extended` AS ue ON ue.user_extended_id = u.user_id\n\t\t\t\t\t\tWHERE " . $ulogin->getLookupQuery($username, FALSE, 'u.'); if (AA_DEBUG) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "Query: {$qry}[!br!]" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING); } } else { $qry = "SELECT * FROM `#user` WHERE " . $ulogin->getLookupQuery($username, FALSE); } if ($aa_sql->db_Select_gen($qry)) { // Existing user - get current data, see if any changes $row = $aa_sql->db_Fetch(MYSQL_ASSOC); foreach ($db_vals as $k => $v) { if ($row[$k] == $v) { unset($db_vals[$k]); } } if (count($db_vals)) { $newUser = array(); $newUser['data'] = $db_vals; validatorClass::addFieldTypes($userMethods->userVettingInfo, $newUser); $newUser['WHERE'] = '`user_id`=' . $row['user_id']; $aa_sql->db_Update('user', $newUser); if (AA_DEBUG1) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User data update: " . print_r($newUser, TRUE), FALSE, LOG_TO_ROLLING); } } foreach ($xFields as $k => $v) { if ($row[$k] == $v) { unset($xFields[$k]); } } if (AA_DEBUG1) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User data read: " . print_r($row, TRUE) . "[!br!]" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING); } if (AA_DEBUG) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User xtnd read: " . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING); } if (count($xFields)) { $xArray = array(); $xArray['data'] = $xFields; if ($row['user_extended_id']) { $ue->addFieldTypes($xArray); // Add in the data types for storage $xArray['WHERE'] = '`user_extended_id`=' . intval($row['user_id']); if (AA_DEBUG) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User xtnd update: " . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING); } $aa_sql->db_Update('user_extended', $xArray); } else { // Never been an extended user fields record for this user $xArray['data']['user_extended_id'] = $row['user_id']; $ue->addDefaultFields($xArray); // Add in the data types for storage, plus any default values if (AA_DEBUG) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "Write new extended record" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING); } $aa_sql->db_Insert('user_extended', $xArray); } } } else { // Just add a new user if (AA_DEBUG) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "Add new user: "******"[!br!]" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING); } if (!isset($db_vals['user_name'])) { $db_vals['user_name'] = $username; } if (!isset($db_vals['user_loginname'])) { $db_vals['user_loginname'] = $username; } if (!isset($db_vals['user_join'])) { $db_vals['user_join'] = time(); } $db_vals['user_class'] = e107::getPref('initial_user_classes'); if (!isset($db_vals['user_signature'])) { $db_vals['user_signature'] = ''; } if (!isset($db_vals['user_prefs'])) { $db_vals['user_prefs'] = ''; } if (!isset($db_vals['user_perms'])) { $db_vals['user_perms'] = ''; } $userMethods->userClassUpdate($db_vals, 'userall'); $newUser = array(); $newUser['data'] = $db_vals; $userMethods->addNonDefaulted($newUser); validatorClass::addFieldTypes($userMethods->userVettingInfo, $newUser); $newID = $aa_sql->db_Insert('user', $newUser); if ($newID !== FALSE) { if (count($xFields)) { $xFields['user_extended_id'] = $newID; $xArray = array(); $xArray['data'] = $xFields; $ue->addDefaultFields($xArray); // Add in the data types for storage, plus any default values $result = $aa_sql->db_Insert('user_extended', $xArray); if (AA_DEBUG) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), 'DEBUG', 'Alt auth login', "Add extended: UID={$newID} result={$result}", FALSE, LOG_TO_ROLLING); } } } else { // Error adding user to database - possibly a conflict on unique fields $this->e107->admin_log->e_log_event(10, __FILE__ . '|' . __FUNCTION__ . '@' . __LINE__, 'ALT_AUTH', 'Alt auth login', 'Add user fail: DB Error ' . $aa_sql->getLastErrorText() . "[!br!]" . print_r($db_vals, TRUE), FALSE, LOG_TO_ROLLING); $this->loginResult = LOGIN_DB_ERROR; return; } } $this->loginResult = LOGIN_CONTINUE; return; } else { // Failure modes switch ($login_result) { case AUTH_NOCONNECT: if (varset(e107::getPref('auth_noconn'), TRUE)) { $this->loginResult = LOGIN_TRY_OTHER; return; } $username = md5('xx_noconn_xx'); $this->loginResult = LOGIN_ABORT; return; case AUTH_BADPASSWORD: if (varset(e107::getPref('auth_badpassword'), TRUE)) { $this->loginResult = LOGIN_TRY_OTHER; return; } $userpass = md5('xx_badpassword_xx'); $this->loginResult = LOGIN_ABORT; // Not going to magically be able to log in! return; } } $this->loginResult = LOGIN_ABORT; // catch-all just in case return; }
/** * Return the HTML needed to display the test form. * * @param string $prefix - the type of connection being tested * @param $frm - the form object to use * * if $_POST['testauth'] is set, attempts to validate the connection, and displays any returned values */ public function alt_auth_test_form($prefix, $frm) { $text = $frm->form_open('post', e_SELF, 'testform'); $text .= "<table class='table adminform'>\r\n\t\t<tr><td colspan='2' class='forumheader2' style='text-align:center;'>" . LAN_ALT_42 . "</td></tr>"; if (isset($_POST['testauth'])) { // Try and connect to DB/server, and maybe validate user name require_once e_PLUGIN . 'alt_auth/' . $prefix . '_auth.php'; $_login = new auth_login(); $log_result = AUTH_UNKNOWN; $pass_vars = array(); $val_name = trim(varset($_POST['nametovalidate'], '')); if (isset($_login->Available) && $_login->Available === FALSE) { // Relevant auth method not available (e.g. PHP extension not loaded) $log_result = AUTH_NOT_AVAILABLE; } else { $log_result = $_login->login($val_name, $_POST['passtovalidate'], $pass_vars, $val_name == ''); } $text .= "<tr><td>" . LAN_ALT_48; if ($val_name) { $text .= "<br />" . LAN_ALT_49 . $val_name . '<br />' . LAN_ALT_50; if (varset($_POST['passtovalidate'], '')) { $text .= str_repeat('*', strlen($_POST['passtovalidate'])); } else { $text .= LAN_ALT_51; } } $text .= "</td><td {$log}>"; switch ($log_result) { case AUTH_SUCCESS: $text .= LAN_ALT_58; if (count($pass_vars)) { $text .= '<br />' . LAN_ALT_59; foreach ($pass_vars as $k => $v) { $text .= '<br /> ' . $k . '=>' . $v; } } break; case AUTH_NOUSER: $text .= LAN_ALT_52 . LAN_ALT_55; break; case AUTH_BADPASSWORD: $text .= LAN_ALT_52 . LAN_ALT_56; break; case AUTH_NOCONNECT: $text .= LAN_ALT_52 . LAN_ALT_54; break; case AUTH_UNKNOWN: $text .= LAN_ALT_52 . LAN_ALT_53; break; case AUTH_NOT_AVAILABLE: $text .= LAN_ALT_52 . LAN_ALT_57; break; default: $text .= "Coding error"; } if (isset($_login->ErrorText)) { $text .= '<br />' . $_login->ErrorText; } $text .= "</td></tr>"; } $text .= "<tr><td {$log}>" . LAN_ALT_33 . "</td><td {$log}>"; $text .= $frm->form_text('nametovalidate', 35, '', 120); $text .= "</td></tr>"; $text .= "<tr><td {$log}>" . LAN_ALT_34 . "</td><td {$log}>"; $text .= $frm->form_password('passtovalidate', 35, '', 120); $text .= "</td></tr>"; $text .= "<tr><td class='forumheader' colspan='2' style='text-align:center;'>"; // $text .= $frm->form_button("submit", 'testauth', LAN_ALT_47); $text .= e107::getForm()->admin_button('testauth', LAN_ALT_47, 'other'); $text .= "</td></tr>"; $text .= "</table>"; $text .= $frm->form_close(); return $text; }