aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB')
-rw-r--r--phpBB/config/auth_providers.yml17
-rw-r--r--phpBB/includes/auth/provider_db.php98
2 files changed, 74 insertions, 41 deletions
diff --git a/phpBB/config/auth_providers.yml b/phpBB/config/auth_providers.yml
index 0baad47661..e702ec665a 100644
--- a/phpBB/config/auth_providers.yml
+++ b/phpBB/config/auth_providers.yml
@@ -1 +1,18 @@
services:
+ auth.provider.db:
+ class: phpbb_auth_provider_db
+ arguments:
+ - @dbal.conn
+ - @config
+ - @request
+ - @user
+ - %core.root_path%
+ - %core.php_ext%
+ auth.provider.apache:
+ class: phpbb_auth_provider_apache
+ arguments:
+
+ auth.provider.ldap:
+ class: phpbb_auth_provider_ldap
+ arguments:
+
diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php
index e24e701911..aaf9cda735 100644
--- a/phpBB/includes/auth/provider_db.php
+++ b/phpBB/includes/auth/provider_db.php
@@ -24,6 +24,27 @@ if (!defined('IN_PHPBB'))
*/
class phpbb_auth_provider_db implements phpbb_auth_provider_interface
{
+
+ /**
+ * Database Authentication Constructor
+ *
+ * @param phpbb_db_driver $db
+ * @param phpbb_config $config
+ * @param phpbb_request $request
+ * @param phpbb_user $user
+ * @param string $phpbb_root_path
+ * @param string $phpEx
+ */
+ public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $phpbb_root_path, $phpEx)
+ {
+ $this->db = $db;
+ $this->config = $config;
+ $this->request = $request;
+ $this->user = $user;
+ $this->phpbb_root_path = $phpbb_root_path;
+ $this->phpEx = $phpEx;
+ }
+
public function init()
{
return;
@@ -43,9 +64,6 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
*/
public function login($username, $password)
{
- global $db, $config;
- global $request, $user;
-
// Auth plugins get the password untrimmed.
// For compatibility we trim() here.
$password = trim($password);
@@ -73,41 +91,41 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
- WHERE username_clean = '" . $db->sql_escape($username_clean) . "'";
- $result = $db->sql_query($sql);
- $row = $db->sql_fetchrow($result);
- $db->sql_freeresult($result);
+ WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'";
+ $result = $this->db->sql_query($sql);
+ $row = $this->db->sql_fetchrow($result);
+ $this->db->sql_freeresult($result);
- if (($user->ip && !$config['ip_login_limit_use_forwarded']) ||
- ($user->forwarded_for && $config['ip_login_limit_use_forwarded']))
+ if (($this->user->ip && !$this->config['ip_login_limit_use_forwarded']) ||
+ ($this->user->forwarded_for && $this->config['ip_login_limit_use_forwarded']))
{
$sql = 'SELECT COUNT(*) AS attempts
FROM ' . LOGIN_ATTEMPT_TABLE . '
- WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']);
- if ($config['ip_login_limit_use_forwarded'])
+ WHERE attempt_time > ' . (time() - (int) $this->config['ip_login_limit_time']);
+ if ($this->config['ip_login_limit_use_forwarded'])
{
- $sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($user->forwarded_for) . "'";
+ $sql .= " AND attempt_forwarded_for = '" . $this->db->sql_escape($this->user->forwarded_for) . "'";
}
else
{
- $sql .= " AND attempt_ip = '" . $db->sql_escape($user->ip) . "' ";
+ $sql .= " AND attempt_ip = '" . $this->db->sql_escape($this->user->ip) . "' ";
}
- $result = $db->sql_query($sql);
- $attempts = (int) $db->sql_fetchfield('attempts');
- $db->sql_freeresult($result);
+ $result = $this->db->sql_query($sql);
+ $attempts = (int) $this->db->sql_fetchfield('attempts');
+ $this->db->sql_freeresult($result);
$attempt_data = array(
- 'attempt_ip' => $user->ip,
- 'attempt_browser' => trim(substr($user->browser, 0, 149)),
- 'attempt_forwarded_for' => $user->forwarded_for,
+ 'attempt_ip' => $this->user->ip,
+ 'attempt_browser' => trim(substr($this->user->browser, 0, 149)),
+ 'attempt_forwarded_for' => $this->user->forwarded_for,
'attempt_time' => time(),
'user_id' => ($row) ? (int) $row['user_id'] : 0,
'username' => $username,
'username_clean' => $username_clean,
);
- $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data);
- $result = $db->sql_query($sql);
+ $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $this->db->sql_build_array('INSERT', $attempt_data);
+ $result = $this->db->sql_query($sql);
}
else
{
@@ -116,7 +134,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
if (!$row)
{
- if ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max'])
+ if ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max'])
{
return array(
'status' => LOGIN_ERROR_ATTEMPTS,
@@ -132,8 +150,8 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
);
}
- $show_captcha = ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) ||
- ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']);
+ $show_captcha = ($this->config['max_login_attempts'] && $row['user_login_attempts'] >= $this->config['max_login_attempts']) ||
+ ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']);
// If there are too much login attempts, we need to check for an confirm image
// Every auth module is able to define what to do by itself...
@@ -142,11 +160,10 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
// Visual Confirmation handling
if (!class_exists('phpbb_captcha_factory', false))
{
- global $phpbb_root_path, $phpEx;
- include ($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);
+ include ($this->phpbb_root_path . 'includes/captcha/captcha_factory.' . $this->phpEx);
}
- $captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']);
+ $captcha = phpbb_captcha_factory::get_instance($this->config['captcha_plugin']);
$captcha->init(CONFIRM_LOGIN);
$vc_response = $captcha->validate($row);
if ($vc_response)
@@ -169,28 +186,27 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
{
// enable super globals to get literal value
// this is needed to prevent unicode normalization
- $super_globals_disabled = $request->super_globals_disabled();
+ $super_globals_disabled = $this->request->super_globals_disabled();
if ($super_globals_disabled)
{
- $request->enable_super_globals();
+ $this->request->enable_super_globals();
}
// in phpBB2 passwords were used exactly as they were sent, with addslashes applied
$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
$password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
- $password_new_format = $request->variable('password', '', true);
+ $password_new_format = $this->request->variable('password', '', true);
if ($super_globals_disabled)
{
- $request->disable_super_globals();
+ $this->request->disable_super_globals();
}
if ($password == $password_new_format)
{
if (!function_exists('utf8_to_cp1252'))
{
- global $phpbb_root_path, $phpEx;
- include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx);
+ include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->phpEx);
}
// cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
@@ -202,10 +218,10 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
// Update the password in the users table to the new format and remove user_pass_convert flag
$sql = 'UPDATE ' . USERS_TABLE . '
- SET user_password = \'' . $db->sql_escape($hash) . '\',
+ SET user_password = \'' . $this->db->sql_escape($hash) . '\',
user_pass_convert = 0
WHERE user_id = ' . $row['user_id'];
- $db->sql_query($sql);
+ $this->db->sql_query($sql);
$row['user_pass_convert'] = 0;
$row['user_password'] = $hash;
@@ -218,7 +234,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . (int) $row['user_id'] . '
AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
- $db->sql_query($sql);
+ $this->db->sql_query($sql);
return array(
'status' => LOGIN_ERROR_PASSWORD_CONVERT,
@@ -239,17 +255,17 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
// Update the password in the users table to the new format
$sql = 'UPDATE ' . USERS_TABLE . "
- SET user_password = '" . $db->sql_escape($hash) . "',
+ SET user_password = '" . $this->db->sql_escape($hash) . "',
user_pass_convert = 0
WHERE user_id = {$row['user_id']}";
- $db->sql_query($sql);
+ $this->db->sql_query($sql);
$row['user_password'] = $hash;
}
$sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
WHERE user_id = ' . $row['user_id'];
- $db->sql_query($sql);
+ $this->db->sql_query($sql);
if ($row['user_login_attempts'] != 0)
{
@@ -257,7 +273,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = 0
WHERE user_id = ' . $row['user_id'];
- $db->sql_query($sql);
+ $this->db->sql_query($sql);
}
// User inactive...
@@ -283,7 +299,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . (int) $row['user_id'] . '
AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
- $db->sql_query($sql);
+ $this->db->sql_query($sql);
// Give status about wrong password...
return array(
generated by cgit v1.2.1 (git 2.21.0) at 2025-09-07 14:32:40 +0000