diff options
| author | Nils Adermann <naderman@naderman.de> | 2006-04-21 22:41:05 +0000 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2006-04-21 22:41:05 +0000 |
| commit | 478ab68a7eb609de10fd6f9e874d7387f5842cb8 (patch) | |
| tree | e85fe2edec0c96d3243a6159e9442d3b49fef2a1 /phpBB/includes/auth | |
| parent | 09073c368f6e8e7c4dd76d9cc19c02079ff2c7ed (diff) | |
| download | forums-478ab68a7eb609de10fd6f9e874d7387f5842cb8.tar forums-478ab68a7eb609de10fd6f9e874d7387f5842cb8.tar.gz forums-478ab68a7eb609de10fd6f9e874d7387f5842cb8.tar.bz2 forums-478ab68a7eb609de10fd6f9e874d7387f5842cb8.tar.xz forums-478ab68a7eb609de10fd6f9e874d7387f5842cb8.zip | |
- added login error constant for various external auth failures
- completed auth plugin interface (init_method, login_method, autologin_method, validate_session_method, logout_method)
- updated ldap and apache auth plugins to return an info array
- added apache autologin
git-svn-id: file:///svn/phpbb/trunk@5815 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/auth')
| -rw-r--r-- | phpBB/includes/auth/auth_apache.php | 73 | ||||
| -rw-r--r-- | phpBB/includes/auth/auth_ldap.php | 54 |
2 files changed, 117 insertions, 10 deletions
diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php index b35ec09db0..ac362bdeb0 100644 --- a/phpBB/includes/auth/auth_apache.php +++ b/phpBB/includes/auth/auth_apache.php @@ -32,17 +32,84 @@ function login_apache(&$username, &$password) { $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type FROM ' . USERS_TABLE . " - WHERE username = '" . $db->sql_escape($username) . "'"; + WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if ($row) + { + // User inactive... + if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) + { + return array( + 'status' => LOGIN_ERROR_ACTIVE, + 'error_msg' => 'ACTIVE_ERROR', + 'user_row' => $row, + ); + } + + // Successful login... + return array( + 'status' => LOGIN_SUCCESS, + 'error_msg' => false, + 'user_row' => $row, + ); + } + + // the user does not exist + return array( + 'status' => LOGIN_ERROR_USERNAME, + 'error_msg' => 'LOGIN_ERROR_USERNAME', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + // Not logged into apache + return array( + 'status' => LOGIN_ERROR_EXTERNAL_AUTH, + 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE', + 'user_row' => array('user_id' => ANONYMOUS), + ); +} + +/** +* Autologin function +* +* @return array containing the user row or empty if no auto login should take place +*/ +function autologin_apache() +{ + global $db; + + $php_auth_user = $_SERVER['PHP_AUTH_USER']; + $php_auth_pw = $_SERVER['PHP_AUTH_PW']; + + if ((!empty($php_auth_user)) && (!empty($php_auth_pw))) + { + $sql = 'SELECT * + FROM ' . USERS_TABLE . " + WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { $db->sql_freeresult($result); - return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? 0 : $row; + return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row; } } - return false; + return array(); +} + +/** +* The session validation function checks whether the user is still logged in +* +* @return boolean true if the given user is authenticated or false if the session should be closed +*/ +function validate_session_apache(&$user) +{ + return ($_SERVER['PHP_AUTH_USER'] == $user['username']) ? true : false; } ?>
\ No newline at end of file diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php index 17c29cc5e6..e6d783313f 100644 --- a/phpBB/includes/auth/auth_ldap.php +++ b/phpBB/includes/auth/auth_ldap.php @@ -70,12 +70,20 @@ function login_ldap(&$username, &$password) if (!extension_loaded('ldap')) { - return 'LDAP extension not available'; + return array( + 'status' => LOGIN_ERROR_EXTERNAL_AUTH, + 'error_msg' => 'LDAP_NO_LDAP_EXTENSION', + 'user_row' => array('user_id' => ANONYMOUS), + ); } if (!($ldap = @ldap_connect($config['ldap_server']))) { - return 'Could not connect to LDAP server'; + return array( + 'status' => LOGIN_ERROR_EXTERNAL_AUTH, + 'error_msg' => 'LDAP_NO_SERVER_CONNECTION', + 'user_row' => array('user_id' => ANONYMOUS), + ); } @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); @@ -93,18 +101,49 @@ function login_ldap(&$username, &$password) FROM ' . USERS_TABLE . " WHERE username = '" . $db->sql_escape($username) . "'"; $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if ($row = $db->sql_fetchrow($result)) + if ($row) { - $db->sql_freeresult($result); - return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? 0 : $row; + // User inactive... + if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) + { + return array( + 'status' => LOGIN_ERROR_ACTIVE, + 'error_msg' => 'ACTIVE_ERROR', + 'user_row' => $row, + ); + } + + // Successful login... set user_login_attempts to zero... + return array( + 'status' => LOGIN_SUCCESS, + 'error_msg' => false, + 'user_row' => $row, + ); } } + else + { + @ldap_close($ldap); + + // Give status about wrong password... + return array( + 'status' => LOGIN_ERROR_PASSWORD, + 'error_msg' => 'LOGIN_ERROR_PASSWORD', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } } @ldap_close($ldap); - return false; + return array( + 'status' => LOGIN_ERROR_USERNAME, + 'error_msg' => 'LOGIN_ERROR_USERNAME', + 'user_row' => array('user_id' => ANONYMOUS), + ); } /** @@ -147,12 +186,13 @@ function admin_ldap(&$new) * their username, password, etc. ... should be up to the plugin what data * is updated. * +* @todo implement this functionality (probably 3.2) +* * @param new|update|delete $mode defining the action to take on user updates */ function usercp_ldap($mode) { global $db, $config; - } ?>
\ No newline at end of file |