diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2003-03-09 16:09:37 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2003-03-09 16:09:37 +0000 |
| commit | cd9b3af2b5e76ee12651c17316ae9d0d9e84130f (patch) | |
| tree | 2d11f8ffb8251dd61cbd7f0462e52d086fe9ba8f /phpBB/includes/auth/auth_apache.php | |
| parent | aa718d4a027259997f7a5732d8a0fdd328315bd7 (diff) | |
| download | forums-cd9b3af2b5e76ee12651c17316ae9d0d9e84130f.tar forums-cd9b3af2b5e76ee12651c17316ae9d0d9e84130f.tar.gz forums-cd9b3af2b5e76ee12651c17316ae9d0d9e84130f.tar.bz2 forums-cd9b3af2b5e76ee12651c17316ae9d0d9e84130f.tar.xz forums-cd9b3af2b5e76ee12651c17316ae9d0d9e84130f.zip | |
Some changes to the returned data format + cleanups
git-svn-id: file:///svn/phpbb/trunk@3622 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/auth/auth_apache.php')
| -rw-r--r-- | phpBB/includes/auth/auth_apache.php | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php index 88d5be4f4f..f87ad738c0 100644 --- a/phpBB/includes/auth/auth_apache.php +++ b/phpBB/includes/auth/auth_apache.php @@ -1,24 +1,32 @@ <?php +// Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him. // -// Authentication plug-ins is largely down to -// Sergey Kanareykin, our thanks to him. +// This is for initial authentication via Apaches basic realm authentication methods, +// user data is then obtained from the integrated user table // +// You can do any kind of checking you like here ... the return data format is +// either the resulting row of user information, an integer zero (indicating an +// inactive user) or some error string function login_apache(&$username, &$password) { - global $HTTP_SERVER_VARS, $HTTP_ENV_VARS; + global $db; - $php_auth_user = ( !empty($HTTP_SERVER_VARS['PHP_AUTH_USER']) ) ? $HTTP_SERVER_VARS['PHP_AUTH_USER'] : $HTTP_GET_VARS['PHP_AUTH_USER']; - $php_auth_pw = ( !empty($HTTP_SERVER_VARS['PHP_AUTH_PW']) ) ? $HTTP_SERVER_VARS['PHP_AUTH_PW'] : $HTTP_GET_VARS['PHP_AUTH_PW']; + $php_auth_user = (!empty($_SERVER['PHP_AUTH_USER'])) ? $_SERVER['PHP_AUTH_USER'] : $_GET['PHP_AUTH_USER']; + $php_auth_pw = (!empty($_SERVER['PHP_AUTH_PW'])) ? $_SERVER['PHP_AUTH_PW'] : $_GET['PHP_AUTH_PW']; - if ( $php_auth_user && $php_auth_pw ) + if ($php_auth_user && $php_auth_pw) { $sql = "SELECT user_id, username, user_password, user_email, user_active FROM " . USERS_TABLE . " - WHERE username = '" . str_replace("\'", "''", $username) . "'"; + WHERE username = '" . $db->sql_escape($username) . "'"; $result = $db->sql_query($sql); - return ( $row = $db->sql_fetchrow($result) ) ? $row : false; + if ($row = $db->sql_fetchrow($result)) + { + $db->sql_freeresult($result); + return (empty($row['user_active'])) ? 0 : $row; + } } return false; |