Copy 3.0.x branch to trunk

git-svn-id: file:///svn/phpbb/trunk@10211 89ea8834-ac86-4346-8a33-228a782c2dd0
author: Meik Sievertsen <acydburn@phpbb.com> 2009-10-04 18:14:59 +0000
committer: Meik Sievertsen <acydburn@phpbb.com> 2009-10-04 18:14:59 +0000
commit: 2e17e448deed073f8614bb555a8ef20c57291c2a (patch)
tree: 533007e53d3584d0887b0f639d0e673b1e15ea7a /phpBB/includes/auth
parent: bf8ac19eaa8d74f9dfd6d597190f5664e7339382 (diff)
download: forums-2e17e448deed073f8614bb555a8ef20c57291c2a.tar
forums-2e17e448deed073f8614bb555a8ef20c57291c2a.tar.gz
forums-2e17e448deed073f8614bb555a8ef20c57291c2a.tar.bz2
forums-2e17e448deed073f8614bb555a8ef20c57291c2a.tar.xz
forums-2e17e448deed073f8614bb555a8ef20c57291c2a.zip
4 files changed, 806 insertions, 0 deletions
diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php
new file mode 100644
index 0000000000..391e7abb0e
--- /dev/null
+++ b/phpBB/includes/auth/auth_apache.php
@@ -0,0 +1,249 @@
+<?php
+/**
+* Apache auth plug-in for phpBB3
+*
+* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
+*
+* @package login
+* @version $Id$
+* @copyright (c) 2005 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* Checks whether the user is identified to apache
+* Only allow changing authentication to apache if the user is identified
+* Called in acp_board while setting authentication plugins
+*
+* @return boolean|string false if the user is identified and else an error message
+*/
+function init_apache()
+{
+	global $user;
+
+	if (!isset($_SERVER['PHP_AUTH_USER']) || $user->data['username'] !== $_SERVER['PHP_AUTH_USER'])
+	{
+		return $user->lang['APACHE_SETUP_BEFORE_USE'];
+	}
+	return false;
+}
+
+/**
+* Login function
+*/
+function login_apache(&$username, &$password)
+{
+	global $db;
+
+	// do not allow empty password
+	if (!$password)
+	{
+		return array(
+			'status'	=> LOGIN_ERROR_PASSWORD,
+			'error_msg'	=> 'NO_PASSWORD_SUPPLIED',
+			'user_row'	=> array('user_id' => ANONYMOUS),
+		);
+	}
+
+	if (!$username)
+	{
+		return array(
+			'status'	=> LOGIN_ERROR_USERNAME,
+			'error_msg'	=> 'LOGIN_ERROR_USERNAME',
+			'user_row'	=> array('user_id' => ANONYMOUS),
+		);
+	}
+
+	if (!isset($_SERVER['PHP_AUTH_USER']))
+	{
+		return array(
+			'status'		=> LOGIN_ERROR_EXTERNAL_AUTH,
+			'error_msg'		=> 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
+			'user_row'		=> array('user_id' => ANONYMOUS),
+		);
+	}
+
+	$php_auth_user = $_SERVER['PHP_AUTH_USER'];
+	$php_auth_pw = $_SERVER['PHP_AUTH_PW'];
+
+	if (!empty($php_auth_user) && !empty($php_auth_pw))
+	{
+		if ($php_auth_user !== $username)
+		{
+			return array(
+				'status'	=> LOGIN_ERROR_USERNAME,
+				'error_msg'	=> 'LOGIN_ERROR_USERNAME',
+				'user_row'	=> array('user_id' => ANONYMOUS),
+			);
+		}
+
+		$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
+			FROM ' . USERS_TABLE . "
+			WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
+		$result = $db->sql_query($sql);
+		$row = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
+
+		if ($row)
+		{
+			// User inactive...
+			if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
+			{
+				return array(
+					'status'		=> LOGIN_ERROR_ACTIVE,
+					'error_msg'		=> 'ACTIVE_ERROR',
+					'user_row'		=> $row,
+				);
+			}
+
+			// Successful login...
+			return array(
+				'status'		=> LOGIN_SUCCESS,
+				'error_msg'		=> false,
+				'user_row'		=> $row,
+			);
+		}
+
+		// this is the user's first login so create an empty profile
+		return array(
+			'status'		=> LOGIN_SUCCESS_CREATE_PROFILE,
+			'error_msg'		=> false,
+			'user_row'		=> user_row_apache($php_auth_user, $php_auth_pw),
+		);
+	}
+
+	// Not logged into apache
+	return array(
+		'status'		=> LOGIN_ERROR_EXTERNAL_AUTH,
+		'error_msg'		=> 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
+		'user_row'		=> array('user_id' => ANONYMOUS),
+	);
+}
+
+/**
+* Autologin function
+*
+* @return array containing the user row or empty if no auto login should take place
+*/
+function autologin_apache()
+{
+	global $db;
+
+	if (!isset($_SERVER['PHP_AUTH_USER']))
+	{
+		return array();
+	}
+
+	$php_auth_user = $_SERVER['PHP_AUTH_USER'];
+	$php_auth_pw = $_SERVER['PHP_AUTH_PW'];
+
+	if (!empty($php_auth_user) && !empty($php_auth_pw))
+	{
+		set_var($php_auth_user, $php_auth_user, 'string', true);
+		set_var($php_auth_pw, $php_auth_pw, 'string', true);
+
+		$sql = 'SELECT *
+			FROM ' . USERS_TABLE . "
+			WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
+		$result = $db->sql_query($sql);
+		$row = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
+
+		if ($row)
+		{
+			return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row;
+		}
+
+		if (!function_exists('user_add'))
+		{
+			global $phpbb_root_path, $phpEx;
+
+			include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+		}
+
+		// create the user if he does not exist yet
+		user_add(user_row_apache($php_auth_user, $php_auth_pw));
+
+		$sql = 'SELECT *
+			FROM ' . USERS_TABLE . "
+			WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($php_auth_user)) . "'";
+		$result = $db->sql_query($sql);
+		$row = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
+
+		if ($row)
+		{
+			return $row;
+		}
+	}
+
+	return array();
+}
+
+/**
+* This function generates an array which can be passed to the user_add function in order to create a user
+*/
+function user_row_apache($username, $password)
+{
+	global $db, $config, $user;
+	// first retrieve default group id
+	$sql = 'SELECT group_id
+		FROM ' . GROUPS_TABLE . "
+		WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
+			AND group_type = " . GROUP_SPECIAL;
+	$result = $db->sql_query($sql);
+	$row = $db->sql_fetchrow($result);
+	$db->sql_freeresult($result);
+
+	if (!$row)
+	{
+		trigger_error('NO_GROUP');
+	}
+
+	// generate user account data
+	return array(
+		'username'		=> $username,
+		'user_password'	=> phpbb_hash($password),
+		'user_email'	=> '',
+		'group_id'		=> (int) $row['group_id'],
+		'user_type'		=> USER_NORMAL,
+		'user_ip'		=> $user->ip,
+		'user_new'		=> ($config['new_member_post_limit']) ? 1 : 0,
+	);
+}
+
+/**
+* The session validation function checks whether the user is still logged in
+*
+* @return boolean true if the given user is authenticated or false if the session should be closed
+*/
+function validate_session_apache(&$user)
+{
+	// Check if PHP_AUTH_USER is set and handle this case
+	if (isset($_SERVER['PHP_AUTH_USER']))
+	{
+		$php_auth_user = '';
+		set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string', true);
+
+		return ($php_auth_user === $user['username']) ? true : false;
+	}
+
+	// PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not)
+	if ($user['user_type'] == USER_IGNORE)
+	{
+		return true;
+	}
+
+	return false;
+}
+
+?>
+\ No newline at end of file
diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php
new file mode 100644
index 0000000000..71f8a7c082
--- /dev/null
+++ b/phpBB/includes/auth/auth_db.php
@@ -0,0 +1,198 @@
+<?php
+/**
+* Database auth plug-in for phpBB3
+*
+* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
+*
+* This is for authentication via the integrated user table
+*
+* @package login
+* @version $Id$
+* @copyright (c) 2005 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* Login function
+*/
+function login_db(&$username, &$password)
+{
+	global $db, $config;
+
+	// do not allow empty password
+	if (!$password)
+	{
+		return array(
+			'status'	=> LOGIN_ERROR_PASSWORD,
+			'error_msg'	=> 'NO_PASSWORD_SUPPLIED',
+			'user_row'	=> array('user_id' => ANONYMOUS),
+		);
+	}
+
+	if (!$username)
+	{
+		return array(
+			'status'	=> LOGIN_ERROR_USERNAME,
+			'error_msg'	=> 'LOGIN_ERROR_USERNAME',
+			'user_row'	=> array('user_id' => ANONYMOUS),
+		);
+	}
+
+	$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
+		FROM ' . USERS_TABLE . "
+		WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
+	$result = $db->sql_query($sql);
+	$row = $db->sql_fetchrow($result);
+	$db->sql_freeresult($result);
+
+	if (!$row)
+	{
+		return array(
+			'status'	=> LOGIN_ERROR_USERNAME,
+			'error_msg'	=> 'LOGIN_ERROR_USERNAME',
+			'user_row'	=> array('user_id' => ANONYMOUS),
+		);
+	}
+
+	// If there are too much login attempts, we need to check for an confirm image
+	// Every auth module is able to define what to do by itself...
+	if ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts'])
+	{
+		// Visual Confirmation handling
+
+		$captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
+		$captcha->init(CONFIRM_LOGIN);
+		$vc_response = $captcha->validate();
+		if ($vc_response)
+		{
+			return array(
+				'status'		=> LOGIN_ERROR_ATTEMPTS,
+				'error_msg'		=> 'LOGIN_ERROR_ATTEMPTS',
+				'user_row'		=> $row,
+			);
+		}
+		
+	}
+
+	// If the password convert flag is set we need to convert it
+	if ($row['user_pass_convert'])
+	{
+		// in phpBB2 passwords were used exactly as they were sent, with addslashes applied
+		$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
+		$password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
+		$password_new_format = '';
+
+		set_var($password_new_format, stripslashes($password_old_format), 'string');
+
+		if ($password == $password_new_format)
+		{
+			if (!function_exists('utf8_to_cp1252'))
+			{
+				global $phpbb_root_path, $phpEx;
+				include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx);
+			}
+
+			// cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
+			// plain md5 support left in for conversions from other systems.
+			if ((strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password'])))
+				|| (strlen($row['user_password']) == 32  && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])))
+			{
+				$hash = phpbb_hash($password_new_format);
+
+				// Update the password in the users table to the new format and remove user_pass_convert flag
+				$sql = 'UPDATE ' . USERS_TABLE . '
+					SET user_password = \'' . $db->sql_escape($hash) . '\',
+						user_pass_convert = 0
+					WHERE user_id = ' . $row['user_id'];
+				$db->sql_query($sql);
+
+				$row['user_pass_convert'] = 0;
+				$row['user_password'] = $hash;
+			}
+			else
+			{
+				// Although we weren't able to convert this password we have to
+				// increase login attempt count to make sure this cannot be exploited
+				$sql = 'UPDATE ' . USERS_TABLE . '
+					SET user_login_attempts = user_login_attempts + 1
+					WHERE user_id = ' . $row['user_id'];
+				$db->sql_query($sql);
+
+				return array(
+					'status'		=> LOGIN_ERROR_PASSWORD_CONVERT,
+					'error_msg'		=> 'LOGIN_ERROR_PASSWORD_CONVERT',
+					'user_row'		=> $row,
+				);
+			}
+		}
+	}
+
+	// Check password ...
+	if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password']))
+	{
+		// Check for old password hash...
+		if (strlen($row['user_password']) == 32)
+		{
+			$hash = phpbb_hash($password);
+
+			// Update the password in the users table to the new format
+			$sql = 'UPDATE ' . USERS_TABLE . "
+				SET user_password = '" . $db->sql_escape($hash) . "',
+					user_pass_convert = 0
+				WHERE user_id = {$row['user_id']}";
+			$db->sql_query($sql);
+
+			$row['user_password'] = $hash;
+		}
+
+		if ($row['user_login_attempts'] != 0)
+		{
+			// Successful, reset login attempts (the user passed all stages)
+			$sql = 'UPDATE ' . USERS_TABLE . '
+				SET user_login_attempts = 0
+				WHERE user_id = ' . $row['user_id'];
+			$db->sql_query($sql);
+		}
+
+		// User inactive...
+		if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
+		{
+			return array(
+				'status'		=> LOGIN_ERROR_ACTIVE,
+				'error_msg'		=> 'ACTIVE_ERROR',
+				'user_row'		=> $row,
+			);
+		}
+
+		// Successful login... set user_login_attempts to zero...
+		return array(
+			'status'		=> LOGIN_SUCCESS,
+			'error_msg'		=> false,
+			'user_row'		=> $row,
+		);
+	}
+
+	// Password incorrect - increase login attempts
+	$sql = 'UPDATE ' . USERS_TABLE . '
+		SET user_login_attempts = user_login_attempts + 1
+		WHERE user_id = ' . $row['user_id'];
+	$db->sql_query($sql);
+
+	// Give status about wrong password...
+	return array(
+		'status'		=> LOGIN_ERROR_PASSWORD,
+		'error_msg'		=> 'LOGIN_ERROR_PASSWORD',
+		'user_row'		=> $row,
+	);
+}
+
+?>
+\ No newline at end of file
diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php
new file mode 100644
index 0000000000..a6092baba5
--- /dev/null
+++ b/phpBB/includes/auth/auth_ldap.php
@@ -0,0 +1,349 @@
+<?php
+/**
+*
+* LDAP auth plug-in for phpBB3
+*
+* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
+*
+* @package login
+* @version $Id$
+* @copyright (c) 2005 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* Connect to ldap server
+* Only allow changing authentication to ldap if we can connect to the ldap server
+* Called in acp_board while setting authentication plugins
+*/
+function init_ldap()
+{
+	global $config, $user;
+
+	if (!@extension_loaded('ldap'))
+	{
+		return $user->lang['LDAP_NO_LDAP_EXTENSION'];
+	}
+
+	$config['ldap_port'] = (int) $config['ldap_port'];
+	if ($config['ldap_port'])
+	{
+		$ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']);
+	}
+	else
+	{
+		$ldap = @ldap_connect($config['ldap_server']);
+	}
+
+	if (!$ldap)
+	{
+		return $user->lang['LDAP_NO_SERVER_CONNECTION'];
+	}
+
+	@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
+	@ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
+
+	if ($config['ldap_user'] || $config['ldap_password'])
+	{
+		if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password'])))
+		{
+			return $user->lang['LDAP_INCORRECT_USER_PASSWORD'];
+		}
+	}
+
+	// ldap_connect only checks whether the specified server is valid, so the connection might still fail
+	$search = @ldap_search(
+		$ldap,
+		htmlspecialchars_decode($config['ldap_base_dn']),
+		ldap_user_filter($user->data['username']),
+		(empty($config['ldap_email'])) ?
+			array(htmlspecialchars_decode($config['ldap_uid'])) :
+			array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])),
+		0,
+		1
+	);
+
+	if ($search === false)
+	{
+		return $user->lang['LDAP_NO_SERVER_CONNECTION'];
+	}
+
+	$result = @ldap_get_entries($ldap, $search);
+
+	@ldap_close($ldap);
+
+
+	if (!is_array($result) || sizeof($result) < 2)
+	{
+		return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']);
+	}
+
+	if (!empty($config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($config['ldap_email'])]))
+	{
+		return $user->lang['LDAP_NO_EMAIL'];
+	}
+
+	return false;
+}
+
+/**
+* Login function
+*/
+function login_ldap(&$username, &$password)
+{
+	global $db, $config, $user;
+
+	// do not allow empty password
+	if (!$password)
+	{
+		return array(
+			'status'	=> LOGIN_ERROR_PASSWORD,
+			'error_msg'	=> 'NO_PASSWORD_SUPPLIED',
+			'user_row'	=> array('user_id' => ANONYMOUS),
+		);
+	}
+
+	if (!$username)
+	{
+		return array(
+			'status'	=> LOGIN_ERROR_USERNAME,
+			'error_msg'	=> 'LOGIN_ERROR_USERNAME',
+			'user_row'	=> array('user_id' => ANONYMOUS),
+		);
+	}
+
+	if (!@extension_loaded('ldap'))
+	{
+		return array(
+			'status'		=> LOGIN_ERROR_EXTERNAL_AUTH,
+			'error_msg'		=> 'LDAP_NO_LDAP_EXTENSION',
+			'user_row'		=> array('user_id' => ANONYMOUS),
+		);
+	}
+
+	$config['ldap_port'] = (int) $config['ldap_port'];
+	if ($config['ldap_port'])
+	{
+		$ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']);
+	}
+	else
+	{
+		$ldap = @ldap_connect($config['ldap_server']);
+	}
+
+	if (!$ldap)
+	{
+		return array(
+			'status'		=> LOGIN_ERROR_EXTERNAL_AUTH,
+			'error_msg'		=> 'LDAP_NO_SERVER_CONNECTION',
+			'user_row'		=> array('user_id' => ANONYMOUS),
+		);
+	}
+
+	@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
+	@ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
+
+	if ($config['ldap_user'] || $config['ldap_password'])
+	{
+		if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password'])))
+		{
+			return $user->lang['LDAP_NO_SERVER_CONNECTION'];
+		}
+	}
+
+	$search = @ldap_search(
+		$ldap,
+		htmlspecialchars_decode($config['ldap_base_dn']),
+		ldap_user_filter($username),
+		(empty($config['ldap_email'])) ?
+			array(htmlspecialchars_decode($config['ldap_uid'])) :
+			array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])),
+		0,
+		1
+	);
+
+	$ldap_result = @ldap_get_entries($ldap, $search);
+
+	if (is_array($ldap_result) && sizeof($ldap_result) > 1)
+	{
+		if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password)))
+		{
+			@ldap_close($ldap);
+
+			$sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type
+				FROM ' . USERS_TABLE . "
+				WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
+			$result = $db->sql_query($sql);
+			$row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+
+			if ($row)
+			{
+				unset($ldap_result);
+
+				// User inactive...
+				if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
+				{
+					return array(
+						'status'		=> LOGIN_ERROR_ACTIVE,
+						'error_msg'		=> 'ACTIVE_ERROR',
+						'user_row'		=> $row,
+					);
+				}
+
+				// Successful login... set user_login_attempts to zero...
+				return array(
+					'status'		=> LOGIN_SUCCESS,
+					'error_msg'		=> false,
+					'user_row'		=> $row,
+				);
+			}
+			else
+			{
+				// retrieve default group id
+				$sql = 'SELECT group_id
+					FROM ' . GROUPS_TABLE . "
+					WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
+						AND group_type = " . GROUP_SPECIAL;
+				$result = $db->sql_query($sql);
+				$row = $db->sql_fetchrow($result);
+				$db->sql_freeresult($result);
+
+				if (!$row)
+				{
+					trigger_error('NO_GROUP');
+				}
+
+				// generate user account data
+				$ldap_user_row = array(
+					'username'		=> $username,
+					'user_password'	=> phpbb_hash($password),
+					'user_email'	=> (!empty($config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($config['ldap_email'])][0]) : '',
+					'group_id'		=> (int) $row['group_id'],
+					'user_type'		=> USER_NORMAL,
+					'user_ip'		=> $user->ip,
+					'user_new'		=> ($config['new_member_post_limit']) ? 1 : 0,
+				);
+
+				unset($ldap_result);
+
+				// this is the user's first login so create an empty profile
+				return array(
+					'status'		=> LOGIN_SUCCESS_CREATE_PROFILE,
+					'error_msg'		=> false,
+					'user_row'		=> $ldap_user_row,
+				);
+			}
+		}
+		else
+		{
+			unset($ldap_result);
+			@ldap_close($ldap);
+
+			// Give status about wrong password...
+			return array(
+				'status'		=> LOGIN_ERROR_PASSWORD,
+				'error_msg'		=> 'LOGIN_ERROR_PASSWORD',
+				'user_row'		=> array('user_id' => ANONYMOUS),
+			);
+		}
+	}
+
+	@ldap_close($ldap);
+
+	return array(
+		'status'	=> LOGIN_ERROR_USERNAME,
+		'error_msg'	=> 'LOGIN_ERROR_USERNAME',
+		'user_row'	=> array('user_id' => ANONYMOUS),
+	);
+}
+
+/**
+* Generates a filter string for ldap_search to find a user
+*
+* @param	$username	string	Username identifying the searched user
+*
+* @return				string	A filter string for ldap_search
+*/
+function ldap_user_filter($username)
+{
+	global $config;
+
+	$filter = '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')';
+	if ($config['ldap_user_filter'])
+	{
+		$_filter = ($config['ldap_user_filter'][0] == '(' && substr($config['ldap_user_filter'], -1) == ')') ? $config['ldap_user_filter'] : "({$config['ldap_user_filter']})";
+		$filter = "(&{$filter}{$_filter})";
+	}
+	return $filter;
+}
+
+/**
+* Escapes an LDAP AttributeValue
+*/
+function ldap_escape($string)
+{
+	return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string);
+}
+
+/**
+* This function is used to output any required fields in the authentication
+* admin panel. It also defines any required configuration table fields.
+*/
+function acp_ldap(&$new)
+{
+	global $user;
+
+	$tpl = '
+
+	<dl>
+		<dt><label for="ldap_server">' . $user->lang['LDAP_SERVER'] . ':</label><br /><span>' . $user->lang['LDAP_SERVER_EXPLAIN'] . '</span></dt>
+		<dd><input type="text" id="ldap_server" size="40" name="config[ldap_server]" value="' . $new['ldap_server'] . '" /></dd>
+	</dl>
+	<dl>
+		<dt><label for="ldap_port">' . $user->lang['LDAP_PORT'] . ':</label><br /><span>' . $user->lang['LDAP_PORT_EXPLAIN'] . '</span></dt>
+		<dd><input type="text" id="ldap_port" size="40" name="config[ldap_port]" value="' . $new['ldap_port'] . '" /></dd>
+	</dl>
+	<dl>
+		<dt><label for="ldap_dn">' . $user->lang['LDAP_DN'] . ':</label><br /><span>' . $user->lang['LDAP_DN_EXPLAIN'] . '</span></dt>
+		<dd><input type="text" id="ldap_dn" size="40" name="config[ldap_base_dn]" value="' . $new['ldap_base_dn'] . '" /></dd>
+	</dl>
+	<dl>
+		<dt><label for="ldap_uid">' . $user->lang['LDAP_UID'] . ':</label><br /><span>' . $user->lang['LDAP_UID_EXPLAIN'] . '</span></dt>
+		<dd><input type="text" id="ldap_uid" size="40" name="config[ldap_uid]" value="' . $new['ldap_uid'] . '" /></dd>
+	</dl>
+	<dl>
+		<dt><label for="ldap_user_filter">' . $user->lang['LDAP_USER_FILTER'] . ':</label><br /><span>' . $user->lang['LDAP_USER_FILTER_EXPLAIN'] . '</span></dt>
+		<dd><input type="text" id="ldap_user_filter" size="40" name="config[ldap_user_filter]" value="' . $new['ldap_user_filter'] . '" /></dd>
+	</dl>
+	<dl>
+		<dt><label for="ldap_email">' . $user->lang['LDAP_EMAIL'] . ':</label><br /><span>' . $user->lang['LDAP_EMAIL_EXPLAIN'] . '</span></dt>
+		<dd><input type="text" id="ldap_email" size="40" name="config[ldap_email]" value="' . $new['ldap_email'] . '" /></dd>
+	</dl>
+	<dl>
+		<dt><label for="ldap_user">' . $user->lang['LDAP_USER'] . ':</label><br /><span>' . $user->lang['LDAP_USER_EXPLAIN'] . '</span></dt>
+		<dd><input type="text" id="ldap_user" size="40" name="config[ldap_user]" value="' . $new['ldap_user'] . '" /></dd>
+	</dl>
+	<dl>
+		<dt><label for="ldap_password">' . $user->lang['LDAP_PASSWORD'] . ':</label><br /><span>' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '</span></dt>
+		<dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" /></dd>
+	</dl>
+	';
+
+	// These are fields required in the config table
+	return array(
+		'tpl'		=> $tpl,
+		'config'	=> array('ldap_server', 'ldap_port', 'ldap_base_dn', 'ldap_uid', 'ldap_user_filter', 'ldap_email', 'ldap_user', 'ldap_password')
+	);
+}
+
+?>
+\ No newline at end of file
diff --git a/phpBB/includes/auth/index.htm b/phpBB/includes/auth/index.htm
new file mode 100644
index 0000000000..ee1f723a7d
--- /dev/null
+++ b/phpBB/includes/auth/index.htm
@@ -0,0 +1,10 @@
+<html>
+<head>
+<title></title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#FFFFFF" text="#000000">
+
+</body>
+</html>
author	Meik Sievertsen <acydburn@phpbb.com>	2009-10-04 18:14:59 +0000
committer	Meik Sievertsen <acydburn@phpbb.com>	2009-10-04 18:14:59 +0000
commit	2e17e448deed073f8614bb555a8ef20c57291c2a (patch)
tree	533007e53d3584d0887b0f639d0e673b1e15ea7a /phpBB/includes/auth
parent	bf8ac19eaa8d74f9dfd6d597190f5664e7339382 (diff)
download	forums-2e17e448deed073f8614bb555a8ef20c57291c2a.tar forums-2e17e448deed073f8614bb555a8ef20c57291c2a.tar.gz forums-2e17e448deed073f8614bb555a8ef20c57291c2a.tar.bz2 forums-2e17e448deed073f8614bb555a8ef20c57291c2a.tar.xz forums-2e17e448deed073f8614bb555a8ef20c57291c2a.zip