From e2c049c997c1829f4f71100bdbdbba9bf72b8868 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Mon, 17 Jun 2013 16:11:23 -0400 Subject: [feature/auth-refactor] Provider Interface Skeleton Creates a skeleton of the authentication provider interface. PHPBB3-9734 --- phpBB/includes/auth/provider_interface.php | 32 ++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 phpBB/includes/auth/provider_interface.php (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/provider_interface.php b/phpBB/includes/auth/provider_interface.php new file mode 100644 index 0000000000..ac7bb311a3 --- /dev/null +++ b/phpBB/includes/auth/provider_interface.php @@ -0,0 +1,32 @@ + Date: Mon, 17 Jun 2013 16:35:06 -0400 Subject: [feature/auth-refactor] Auth Apache Provider Skeleton Creates a skeleton for Apache based authentication using the phpbb_auth_provider_interface named phpbb_auth_provider_apache. This brings over all code in auth_apache.php verbatim complete with all global variables currently in use. PHPBB3-9734 --- phpBB/includes/auth/provider_apache.php | 265 ++++++++++++++++++++++++++++++++ 1 file changed, 265 insertions(+) create mode 100644 phpBB/includes/auth/provider_apache.php (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/provider_apache.php b/phpBB/includes/auth/provider_apache.php new file mode 100644 index 0000000000..ca3bf41560 --- /dev/null +++ b/phpBB/includes/auth/provider_apache.php @@ -0,0 +1,265 @@ +is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $user->data['username'] !== htmlspecialchars_decode($request->server('PHP_AUTH_USER'))) + { + return $user->lang['APACHE_SETUP_BEFORE_USE']; + } + return false; + } + + /** + * Login function + */ + public function login(&$username, &$password) + { + global $db, $request; + + // do not allow empty password + if (!$password) + { + return array( + 'status' => LOGIN_ERROR_PASSWORD, + 'error_msg' => 'NO_PASSWORD_SUPPLIED', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + if (!$username) + { + return array( + 'status' => LOGIN_ERROR_USERNAME, + 'error_msg' => 'LOGIN_ERROR_USERNAME', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) + { + return array( + 'status' => LOGIN_ERROR_EXTERNAL_AUTH, + 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + $php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER')); + $php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW')); + + if (!empty($php_auth_user) && !empty($php_auth_pw)) + { + if ($php_auth_user !== $username) + { + return array( + 'status' => LOGIN_ERROR_USERNAME, + 'error_msg' => 'LOGIN_ERROR_USERNAME', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type + FROM ' . USERS_TABLE . " + WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if ($row) + { + // User inactive... + if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) + { + return array( + 'status' => LOGIN_ERROR_ACTIVE, + 'error_msg' => 'ACTIVE_ERROR', + 'user_row' => $row, + ); + } + + // Successful login... + return array( + 'status' => LOGIN_SUCCESS, + 'error_msg' => false, + 'user_row' => $row, + ); + } + + // this is the user's first login so create an empty profile + return array( + 'status' => LOGIN_SUCCESS_CREATE_PROFILE, + 'error_msg' => false, + 'user_row' => user_row_apache($php_auth_user, $php_auth_pw), + ); + } + + // Not logged into apache + return array( + 'status' => LOGIN_ERROR_EXTERNAL_AUTH, + 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + /** + * Autologin function + * + * @return array containing the user row or empty if no auto login should + * take place + */ + public function autologin() + { + global $db, $request; + + if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) + { + return array(); + } + + $php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER')); + $php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW')); + + if (!empty($php_auth_user) && !empty($php_auth_pw)) + { + set_var($php_auth_user, $php_auth_user, 'string', true); + set_var($php_auth_pw, $php_auth_pw, 'string', true); + + $sql = 'SELECT * + FROM ' . USERS_TABLE . " + WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if ($row) + { + return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row; + } + + if (!function_exists('user_add')) + { + global $phpbb_root_path, $phpEx; + + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } + + // create the user if he does not exist yet + user_add(user_row_apache($php_auth_user, $php_auth_pw)); + + $sql = 'SELECT * + FROM ' . USERS_TABLE . " + WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($php_auth_user)) . "'"; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if ($row) + { + return $row; + } + } + + return array(); + } + + /** + * This function generates an array which can be passed to the user_add + * function in order to create a user + * + * @param str $username The username of the new user. + * @param str $password The password of the new user. + * @return array Contains data that can be passed directly to + * the user_add function. + */ + private function user_row($username, $password) + { + global $db, $config, $user; + // first retrieve default group id + $sql = 'SELECT group_id + FROM ' . GROUPS_TABLE . " + WHERE group_name = '" . $db->sql_escape('REGISTERED') . "' + AND group_type = " . GROUP_SPECIAL; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if (!$row) + { + trigger_error('NO_GROUP'); + } + + // generate user account data + return array( + 'username' => $username, + 'user_password' => phpbb_hash($password), + 'user_email' => '', + 'group_id' => (int) $row['group_id'], + 'user_type' => USER_NORMAL, + 'user_ip' => $user->ip, + 'user_new' => ($config['new_member_post_limit']) ? 1 : 0, + ); + } + + /** + * The session validation function checks whether the user is still logged in + * + * @return boolean true if the given user is authenticated or false if + * the session should be closed + */ + public function validate_session(&$user) + { + global $request; + + // Check if PHP_AUTH_USER is set and handle this case + if ($request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) + { + $php_auth_user = $request->server('PHP_AUTH_USER'); + + return ($php_auth_user === $user['username']) ? true : false; + } + + // PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not) + if ($user['user_type'] == USER_IGNORE) + { + return true; + } + + return false; + } + + public function acp() + { + return; + } +} -- cgit v1.2.1 From 4917fd9ca7a372766ea1a2ec7d0726eba09d2fe1 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Mon, 17 Jun 2013 16:41:56 -0400 Subject: [feature/auth-refactor] Database Auth Provider Skeleton Creates a skeleton of the database auth provider from auth_db.php. The functions are copied verbatim complete with globals and any existing errors. PHPBB3-9734 --- phpBB/includes/auth/provider_db.php | 309 ++++++++++++++++++++++++++++++++++++ 1 file changed, 309 insertions(+) create mode 100644 phpBB/includes/auth/provider_db.php (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php new file mode 100644 index 0000000000..bba74fc2a3 --- /dev/null +++ b/phpBB/includes/auth/provider_db.php @@ -0,0 +1,309 @@ + status constant + * 'error_msg' => string + * 'user_row' => array + * ) + */ + public function login($username, $password, $ip = '', $browser = '', $forwarded_for = '') + { + global $db, $config; + global $request; + + // Auth plugins get the password untrimmed. + // For compatibility we trim() here. + $password = trim($password); + + // do not allow empty password + if (!$password) + { + return array( + 'status' => LOGIN_ERROR_PASSWORD, + 'error_msg' => 'NO_PASSWORD_SUPPLIED', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + if (!$username) + { + return array( + 'status' => LOGIN_ERROR_USERNAME, + 'error_msg' => 'LOGIN_ERROR_USERNAME', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + $username_clean = utf8_clean_string($username); + + $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts + FROM ' . USERS_TABLE . " + WHERE username_clean = '" . $db->sql_escape($username_clean) . "'"; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if (($ip && !$config['ip_login_limit_use_forwarded']) || + ($forwarded_for && $config['ip_login_limit_use_forwarded'])) + { + $sql = 'SELECT COUNT(*) AS attempts + FROM ' . LOGIN_ATTEMPT_TABLE . ' + WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']); + if ($config['ip_login_limit_use_forwarded']) + { + $sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($forwarded_for) . "'"; + } + else + { + $sql .= " AND attempt_ip = '" . $db->sql_escape($ip) . "' "; + } + + $result = $db->sql_query($sql); + $attempts = (int) $db->sql_fetchfield('attempts'); + $db->sql_freeresult($result); + + $attempt_data = array( + 'attempt_ip' => $ip, + 'attempt_browser' => trim(substr($browser, 0, 149)), + 'attempt_forwarded_for' => $forwarded_for, + 'attempt_time' => time(), + 'user_id' => ($row) ? (int) $row['user_id'] : 0, + 'username' => $username, + 'username_clean' => $username_clean, + ); + $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data); + $result = $db->sql_query($sql); + } + else + { + $attempts = 0; + } + + if (!$row) + { + if ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']) + { + return array( + 'status' => LOGIN_ERROR_ATTEMPTS, + 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + return array( + 'status' => LOGIN_ERROR_USERNAME, + 'error_msg' => 'LOGIN_ERROR_USERNAME', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + $show_captcha = ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) || + ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']); + + // If there are too much login attempts, we need to check for an confirm image + // Every auth module is able to define what to do by itself... + if ($show_captcha) + { + // Visual Confirmation handling + if (!class_exists('phpbb_captcha_factory', false)) + { + global $phpbb_root_path, $phpEx; + include ($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx); + } + + $captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']); + $captcha->init(CONFIRM_LOGIN); + $vc_response = $captcha->validate($row); + if ($vc_response) + { + return array( + 'status' => LOGIN_ERROR_ATTEMPTS, + 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', + 'user_row' => $row, + ); + } + else + { + $captcha->reset(); + } + + } + + // If the password convert flag is set we need to convert it + if ($row['user_pass_convert']) + { + // enable super globals to get literal value + // this is needed to prevent unicode normalization + $super_globals_disabled = $request->super_globals_disabled(); + if ($super_globals_disabled) + { + $request->enable_super_globals(); + } + + // in phpBB2 passwords were used exactly as they were sent, with addslashes applied + $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; + $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; + $password_new_format = $request->variable('password', '', true); + + if ($super_globals_disabled) + { + $request->disable_super_globals(); + } + + if ($password == $password_new_format) + { + if (!function_exists('utf8_to_cp1252')) + { + global $phpbb_root_path, $phpEx; + include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx); + } + + // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding + // plain md5 support left in for conversions from other systems. + if ((strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password']))) + || (strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password']))) + { + $hash = phpbb_hash($password_new_format); + + // Update the password in the users table to the new format and remove user_pass_convert flag + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_password = \'' . $db->sql_escape($hash) . '\', + user_pass_convert = 0 + WHERE user_id = ' . $row['user_id']; + $db->sql_query($sql); + + $row['user_pass_convert'] = 0; + $row['user_password'] = $hash; + } + else + { + // Although we weren't able to convert this password we have to + // increase login attempt count to make sure this cannot be exploited + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_login_attempts = user_login_attempts + 1 + WHERE user_id = ' . (int) $row['user_id'] . ' + AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; + $db->sql_query($sql); + + return array( + 'status' => LOGIN_ERROR_PASSWORD_CONVERT, + 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT', + 'user_row' => $row, + ); + } + } + } + + // Check password ... + if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password'])) + { + // Check for old password hash... + if (strlen($row['user_password']) == 32) + { + $hash = phpbb_hash($password); + + // Update the password in the users table to the new format + $sql = 'UPDATE ' . USERS_TABLE . " + SET user_password = '" . $db->sql_escape($hash) . "', + user_pass_convert = 0 + WHERE user_id = {$row['user_id']}"; + $db->sql_query($sql); + + $row['user_password'] = $hash; + } + + $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . ' + WHERE user_id = ' . $row['user_id']; + $db->sql_query($sql); + + if ($row['user_login_attempts'] != 0) + { + // Successful, reset login attempts (the user passed all stages) + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_login_attempts = 0 + WHERE user_id = ' . $row['user_id']; + $db->sql_query($sql); + } + + // User inactive... + if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) + { + return array( + 'status' => LOGIN_ERROR_ACTIVE, + 'error_msg' => 'ACTIVE_ERROR', + 'user_row' => $row, + ); + } + + // Successful login... set user_login_attempts to zero... + return array( + 'status' => LOGIN_SUCCESS, + 'error_msg' => false, + 'user_row' => $row, + ); + } + + // Password incorrect - increase login attempts + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_login_attempts = user_login_attempts + 1 + WHERE user_id = ' . (int) $row['user_id'] . ' + AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; + $db->sql_query($sql); + + // Give status about wrong password... + return array( + 'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD, + 'error_msg' => ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD', + 'user_row' => $row, + ); + } + + public function autologin() + { + return; + } + + public function acp() + { + return; + } +} -- cgit v1.2.1 From 817813034032b8e94079f195db097f2377ae9ac3 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Mon, 17 Jun 2013 16:50:01 -0400 Subject: [feature/auth-refactor] LDAP Auth Provider Skeleton Creates a ldap auth provider using code taken verbatim from auth_ldap.php. PHPBB3-9734 --- phpBB/includes/auth/provider_ldap.php | 358 ++++++++++++++++++++++++++++++++++ 1 file changed, 358 insertions(+) create mode 100644 phpBB/includes/auth/provider_ldap.php (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/provider_ldap.php b/phpBB/includes/auth/provider_ldap.php new file mode 100644 index 0000000000..fb2be5ae9d --- /dev/null +++ b/phpBB/includes/auth/provider_ldap.php @@ -0,0 +1,358 @@ +lang['LDAP_NO_LDAP_EXTENSION']; + } + + $config['ldap_port'] = (int) $config['ldap_port']; + if ($config['ldap_port']) + { + $ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']); + } + else + { + $ldap = @ldap_connect($config['ldap_server']); + } + + if (!$ldap) + { + return $user->lang['LDAP_NO_SERVER_CONNECTION']; + } + + @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); + @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + + if ($config['ldap_user'] || $config['ldap_password']) + { + if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password']))) + { + return $user->lang['LDAP_INCORRECT_USER_PASSWORD']; + } + } + + // ldap_connect only checks whether the specified server is valid, so the connection might still fail + $search = @ldap_search( + $ldap, + htmlspecialchars_decode($config['ldap_base_dn']), + ldap_user_filter($user->data['username']), + (empty($config['ldap_email'])) ? + array(htmlspecialchars_decode($config['ldap_uid'])) : + array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])), + 0, + 1 + ); + + if ($search === false) + { + return $user->lang['LDAP_SEARCH_FAILED']; + } + + $result = @ldap_get_entries($ldap, $search); + + @ldap_close($ldap); + + + if (!is_array($result) || sizeof($result) < 2) + { + return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']); + } + + if (!empty($config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($config['ldap_email'])])) + { + return $user->lang['LDAP_NO_EMAIL']; + } + + return false; + } + + /** + * Login function + */ + public function login(&$username, &$password) + { + global $db, $config, $user; + + // do not allow empty password + if (!$password) + { + return array( + 'status' => LOGIN_ERROR_PASSWORD, + 'error_msg' => 'NO_PASSWORD_SUPPLIED', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + if (!$username) + { + return array( + 'status' => LOGIN_ERROR_USERNAME, + 'error_msg' => 'LOGIN_ERROR_USERNAME', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + if (!@extension_loaded('ldap')) + { + return array( + 'status' => LOGIN_ERROR_EXTERNAL_AUTH, + 'error_msg' => 'LDAP_NO_LDAP_EXTENSION', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + $config['ldap_port'] = (int) $config['ldap_port']; + if ($config['ldap_port']) + { + $ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']); + } + else + { + $ldap = @ldap_connect($config['ldap_server']); + } + + if (!$ldap) + { + return array( + 'status' => LOGIN_ERROR_EXTERNAL_AUTH, + 'error_msg' => 'LDAP_NO_SERVER_CONNECTION', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); + @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + + if ($config['ldap_user'] || $config['ldap_password']) + { + if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password']))) + { + return array( + 'status' => LOGIN_ERROR_EXTERNAL_AUTH, + 'error_msg' => 'LDAP_NO_SERVER_CONNECTION', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + } + + $search = @ldap_search( + $ldap, + htmlspecialchars_decode($config['ldap_base_dn']), + ldap_user_filter($username), + (empty($config['ldap_email'])) ? + array(htmlspecialchars_decode($config['ldap_uid'])) : + array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])), + 0, + 1 + ); + + $ldap_result = @ldap_get_entries($ldap, $search); + + if (is_array($ldap_result) && sizeof($ldap_result) > 1) + { + if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password))) + { + @ldap_close($ldap); + + $sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type + FROM ' . USERS_TABLE . " + WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if ($row) + { + unset($ldap_result); + + // User inactive... + if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) + { + return array( + 'status' => LOGIN_ERROR_ACTIVE, + 'error_msg' => 'ACTIVE_ERROR', + 'user_row' => $row, + ); + } + + // Successful login... set user_login_attempts to zero... + return array( + 'status' => LOGIN_SUCCESS, + 'error_msg' => false, + 'user_row' => $row, + ); + } + else + { + // retrieve default group id + $sql = 'SELECT group_id + FROM ' . GROUPS_TABLE . " + WHERE group_name = '" . $db->sql_escape('REGISTERED') . "' + AND group_type = " . GROUP_SPECIAL; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if (!$row) + { + trigger_error('NO_GROUP'); + } + + // generate user account data + $ldap_user_row = array( + 'username' => $username, + 'user_password' => phpbb_hash($password), + 'user_email' => (!empty($config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($config['ldap_email'])][0]) : '', + 'group_id' => (int) $row['group_id'], + 'user_type' => USER_NORMAL, + 'user_ip' => $user->ip, + 'user_new' => ($config['new_member_post_limit']) ? 1 : 0, + ); + + unset($ldap_result); + + // this is the user's first login so create an empty profile + return array( + 'status' => LOGIN_SUCCESS_CREATE_PROFILE, + 'error_msg' => false, + 'user_row' => $ldap_user_row, + ); + } + } + else + { + unset($ldap_result); + @ldap_close($ldap); + + // Give status about wrong password... + return array( + 'status' => LOGIN_ERROR_PASSWORD, + 'error_msg' => 'LOGIN_ERROR_PASSWORD', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + } + + @ldap_close($ldap); + + return array( + 'status' => LOGIN_ERROR_USERNAME, + 'error_msg' => 'LOGIN_ERROR_USERNAME', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + public function autologin(); + + /** + * This function is used to output any required fields in the authentication + * admin panel. It also defines any required configuration table fields. + */ + public function acp(&$new) + { + global $user; + + $tpl = ' + +
+

' . $user->lang['LDAP_SERVER_EXPLAIN'] . '
+
+
+
+

' . $user->lang['LDAP_PORT_EXPLAIN'] . '
+
+
+
+

' . $user->lang['LDAP_DN_EXPLAIN'] . '
+
+
+
+

' . $user->lang['LDAP_UID_EXPLAIN'] . '
+
+
+
+

' . $user->lang['LDAP_USER_FILTER_EXPLAIN'] . '
+
+
+
+

' . $user->lang['LDAP_EMAIL_EXPLAIN'] . '
+
+
+
+

' . $user->lang['LDAP_USER_EXPLAIN'] . '
+
+
+
+

' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '
+
+
+ '; + + // These are fields required in the config table + return array( + 'tpl' => $tpl, + 'config' => array('ldap_server', 'ldap_port', 'ldap_base_dn', 'ldap_uid', 'ldap_user_filter', 'ldap_email', 'ldap_user', 'ldap_password') + ); + } + + /** + * Generates a filter string for ldap_search to find a user + * + * @param $username string Username identifying the searched user + * + * @return string A filter string for ldap_search + */ + public function user_filter($username) + { + global $config; + + $filter = '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')'; + if ($config['ldap_user_filter']) + { + $_filter = ($config['ldap_user_filter'][0] == '(' && substr($config['ldap_user_filter'], -1) == ')') ? $config['ldap_user_filter'] : "({$config['ldap_user_filter']})"; + $filter = "(&{$filter}{$_filter})"; + } + return $filter; + } + + /** + * Escapes an LDAP AttributeValue + */ + public function escape($string) + { + return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string); + } +} -- cgit v1.2.1 From e64abea999f68b248cfe41ab22ac60abc9e2951f Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 18 Jun 2013 15:17:14 -0400 Subject: [feature/auth-refactor] Document the provider interface Provides basic documentation of the auth_provideR_interface. Changes the login method to login($username, $password) for consistency with the providers. acp() is not fully documented. It appears that it is meant to return an array of some sort and take in a variable by reference. PHPBB3-9734 --- phpBB/includes/auth/provider_interface.php | 32 +++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/provider_interface.php b/phpBB/includes/auth/provider_interface.php index ac7bb311a3..8d966d8b3e 100644 --- a/phpBB/includes/auth/provider_interface.php +++ b/phpBB/includes/auth/provider_interface.php @@ -22,11 +22,41 @@ if (!defined('IN_PHPBB')) */ class phpbb_auth_provider_interface { + /** + * Checks whether the user is currently identified to the authentication + * provider. + * Called in acp_board while setting authentication plugins. + * + * @return boolean|string False if the user is identified, otherwise an + * error message. + */ public function init(); - public function login(); + /** + * Performs login. + * + * @param $username string The name of the user being authenticated. + * @param $password string The password of the user. + * @return array An associative array of the format: + * array( + * 'status' => status constant + * 'error_msg' => string + * 'user_row' => array + * ) + */ + public function login($username, $password); + /** + * Autologin function + * + * @return array containing the user row or empty if no auto login should + * take place + */ public function autologin(); + /** + * This function is used to output any required fields in the authentication + * admin panel. It also defines any required configuration table fields. + */ public function acp(); } -- cgit v1.2.1 From db27a8c67a9730384a912298a85a7bf38e506d7d Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 18 Jun 2013 15:32:18 -0400 Subject: [feature/auth-refactor] Fix comment block indentation Comment block indentation was off by one space on the provider_* files due to being incorrectly copied over from the auth_* files. PHPBB3-9734 --- phpBB/includes/auth/provider_apache.php | 52 ++++++++++++++++----------------- phpBB/includes/auth/provider_db.php | 30 +++++++++---------- phpBB/includes/auth/provider_ldap.php | 34 ++++++++++----------- 3 files changed, 58 insertions(+), 58 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/provider_apache.php b/phpBB/includes/auth/provider_apache.php index ca3bf41560..bb25e502a6 100644 --- a/phpBB/includes/auth/provider_apache.php +++ b/phpBB/includes/auth/provider_apache.php @@ -23,12 +23,12 @@ if (!defined('IN_PHPBB')) class phpbb_auth_provider_apache implements phpbb_auth_provider_interface { /** - * Checks whether the user is identified to apache - * Only allow changing authentication to apache if the user is identified - * Called in acp_board while setting authentication plugins - * - * @return boolean|string false if the user is identified and else an error message - */ + * Checks whether the user is identified to apache + * Only allow changing authentication to apache if the user is identified + * Called in acp_board while setting authentication plugins + * + * @return boolean|string false if the user is identified and else an error message + */ public function init() { global $user, $request; @@ -41,8 +41,8 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface } /** - * Login function - */ + * Login function + */ public function login(&$username, &$password) { global $db, $request; @@ -133,11 +133,11 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface } /** - * Autologin function - * - * @return array containing the user row or empty if no auto login should - * take place - */ + * Autologin function + * + * @return array containing the user row or empty if no auto login should + * take place + */ public function autologin() { global $db, $request; @@ -194,14 +194,14 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface } /** - * This function generates an array which can be passed to the user_add - * function in order to create a user - * - * @param str $username The username of the new user. - * @param str $password The password of the new user. - * @return array Contains data that can be passed directly to - * the user_add function. - */ + * This function generates an array which can be passed to the user_add + * function in order to create a user + * + * @param str $username The username of the new user. + * @param str $password The password of the new user. + * @return array Contains data that can be passed directly to + * the user_add function. + */ private function user_row($username, $password) { global $db, $config, $user; @@ -232,11 +232,11 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface } /** - * The session validation function checks whether the user is still logged in - * - * @return boolean true if the given user is authenticated or false if - * the session should be closed - */ + * The session validation function checks whether the user is still logged in + * + * @return boolean true if the given user is authenticated or false if + * the session should be closed + */ public function validate_session(&$user) { global $request; diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php index bba74fc2a3..c55837c685 100644 --- a/phpBB/includes/auth/provider_db.php +++ b/phpBB/includes/auth/provider_db.php @@ -30,21 +30,21 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface } /** - * Login function - * - * @param string $username - * @param string $password - * @param string $ip IP address the login is taking place from. Used to - * limit the number of login attempts per IP address. - * @param string $browser The user agent used to login - * @param string $forwarded_for X_FORWARDED_FOR header sent with login request - * @return array A associative array of the format - * array( - * 'status' => status constant - * 'error_msg' => string - * 'user_row' => array - * ) - */ + * Login function + * + * @param string $username + * @param string $password + * @param string $ip IP address the login is taking place from. Used to + * limit the number of login attempts per IP address. + * @param string $browser The user agent used to login + * @param string $forwarded_for X_FORWARDED_FOR header sent with login request + * @return array A associative array of the format + * array( + * 'status' => status constant + * 'error_msg' => string + * 'user_row' => array + * ) + */ public function login($username, $password, $ip = '', $browser = '', $forwarded_for = '') { global $db, $config; diff --git a/phpBB/includes/auth/provider_ldap.php b/phpBB/includes/auth/provider_ldap.php index fb2be5ae9d..3c54ba212c 100644 --- a/phpBB/includes/auth/provider_ldap.php +++ b/phpBB/includes/auth/provider_ldap.php @@ -25,10 +25,10 @@ if (!defined('IN_PHPBB')) class phpbb_auth_provider_db implements phpbb_auth_provider_interface { /** - * Connect to ldap server - * Only allow changing authentication to ldap if we can connect to the ldap server - * Called in acp_board while setting authentication plugins - */ + * Connect to ldap server + * Only allow changing authentication to ldap if we can connect to the ldap server + * Called in acp_board while setting authentication plugins + */ public function init() { global $config, $user; @@ -100,8 +100,8 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface } /** - * Login function - */ + * Login function + */ public function login(&$username, &$password) { global $db, $config, $user; @@ -278,9 +278,9 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface public function autologin(); /** - * This function is used to output any required fields in the authentication - * admin panel. It also defines any required configuration table fields. - */ + * This function is used to output any required fields in the authentication + * admin panel. It also defines any required configuration table fields. + */ public function acp(&$new) { global $user; @@ -329,12 +329,12 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface } /** - * Generates a filter string for ldap_search to find a user - * - * @param $username string Username identifying the searched user - * - * @return string A filter string for ldap_search - */ + * Generates a filter string for ldap_search to find a user + * + * @param $username string Username identifying the searched user + * + * @return string A filter string for ldap_search + */ public function user_filter($username) { global $config; @@ -349,8 +349,8 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface } /** - * Escapes an LDAP AttributeValue - */ + * Escapes an LDAP AttributeValue + */ public function escape($string) { return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string); -- cgit v1.2.1 From 57689948e252ef3240b2c20be95923d6a0635ca9 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 18 Jun 2013 15:39:51 -0400 Subject: [feature/auth-refactor] Make Apache consistent with interface Makes the provider_apache consistent with the provider_interface by removing the pass-by-reference of $username and $password. PHPBB3-9734 --- phpBB/includes/auth/provider_apache.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/provider_apache.php b/phpBB/includes/auth/provider_apache.php index bb25e502a6..01aa9400fd 100644 --- a/phpBB/includes/auth/provider_apache.php +++ b/phpBB/includes/auth/provider_apache.php @@ -43,7 +43,7 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface /** * Login function */ - public function login(&$username, &$password) + public function login($username, $password) { global $db, $request; -- cgit v1.2.1 From 204c640c773e707845859d103b74d64596de402d Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 18 Jun 2013 15:57:31 -0400 Subject: [feature/auth-refactor] Make LDAP consistent with interface Makes the provider_ldap consistent with the provider_interface except for the acp() method which has not yet been finalized. Renames phpbb_auth_provider_ldap::user_filter to phpbb_auth_provider_ldap::ldap_user_filter to maintain the original name of the function from auth_ldap. PHPBB3-9734 --- phpBB/includes/auth/provider_ldap.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/provider_ldap.php b/phpBB/includes/auth/provider_ldap.php index 3c54ba212c..3636c7ae6d 100644 --- a/phpBB/includes/auth/provider_ldap.php +++ b/phpBB/includes/auth/provider_ldap.php @@ -68,7 +68,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface $search = @ldap_search( $ldap, htmlspecialchars_decode($config['ldap_base_dn']), - ldap_user_filter($user->data['username']), + $this->ldap_user_filter($user->data['username']), (empty($config['ldap_email'])) ? array(htmlspecialchars_decode($config['ldap_uid'])) : array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])), @@ -102,7 +102,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface /** * Login function */ - public function login(&$username, &$password) + public function login($username, $password) { global $db, $config, $user; @@ -171,7 +171,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface $search = @ldap_search( $ldap, htmlspecialchars_decode($config['ldap_base_dn']), - ldap_user_filter($username), + $this->ldap_user_filter($username), (empty($config['ldap_email'])) ? array(htmlspecialchars_decode($config['ldap_uid'])) : array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])), @@ -275,7 +275,10 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface ); } - public function autologin(); + public function autologin() + { + return; + } /** * This function is used to output any required fields in the authentication @@ -335,7 +338,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface * * @return string A filter string for ldap_search */ - public function user_filter($username) + public function ldap_user_filter($username) { global $config; -- cgit v1.2.1 From 0432c3273992cf44b711fad92d442c81016a96c1 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 18 Jun 2013 16:07:23 -0400 Subject: [feature/auth-refactor] Make DB auth consistent with interface Makes provider_db consistent with provider_interface. Removes $ip, $browser, and $forwarded_for from the arguments of phpbb_auth_provider_db::login() as these are provided by the global variable $user. PHPBB3-9734 --- phpBB/includes/auth/provider_db.php | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php index c55837c685..9e865f4b5b 100644 --- a/phpBB/includes/auth/provider_db.php +++ b/phpBB/includes/auth/provider_db.php @@ -34,10 +34,6 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface * * @param string $username * @param string $password - * @param string $ip IP address the login is taking place from. Used to - * limit the number of login attempts per IP address. - * @param string $browser The user agent used to login - * @param string $forwarded_for X_FORWARDED_FOR header sent with login request * @return array A associative array of the format * array( * 'status' => status constant @@ -45,10 +41,10 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface * 'user_row' => array * ) */ - public function login($username, $password, $ip = '', $browser = '', $forwarded_for = '') + public function login($username, $password) { global $db, $config; - global $request; + global $request, $user; // Auth plugins get the password untrimmed. // For compatibility we trim() here. @@ -82,19 +78,19 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); - if (($ip && !$config['ip_login_limit_use_forwarded']) || - ($forwarded_for && $config['ip_login_limit_use_forwarded'])) + if (($user->ip && !$config['ip_login_limit_use_forwarded']) || + ($user->forwarded_for && $config['ip_login_limit_use_forwarded'])) { $sql = 'SELECT COUNT(*) AS attempts FROM ' . LOGIN_ATTEMPT_TABLE . ' WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']); if ($config['ip_login_limit_use_forwarded']) { - $sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($forwarded_for) . "'"; + $sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($user->forwarded_for) . "'"; } else { - $sql .= " AND attempt_ip = '" . $db->sql_escape($ip) . "' "; + $sql .= " AND attempt_ip = '" . $db->sql_escape($user->ip) . "' "; } $result = $db->sql_query($sql); @@ -102,9 +98,9 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface $db->sql_freeresult($result); $attempt_data = array( - 'attempt_ip' => $ip, - 'attempt_browser' => trim(substr($browser, 0, 149)), - 'attempt_forwarded_for' => $forwarded_for, + 'attempt_ip' => $user->ip, + 'attempt_browser' => trim(substr($user->browser, 0, 149)), + 'attempt_forwarded_for' => $user->forwarded_for, 'attempt_time' => time(), 'user_id' => ($row) ? (int) $row['user_id'] : 0, 'username' => $username, -- cgit v1.2.1 From 7bdab205a13380242ef2469d192abc22b48010d8 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 18 Jun 2013 16:55:35 -0400 Subject: [feature/auth-refactor] Refactor login to use new interface Refactors auth.php to use the provider_interface during login. PHPBB-9734 --- phpBB/includes/auth/auth.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/auth.php b/phpBB/includes/auth/auth.php index 2535247571..009e621e13 100644 --- a/phpBB/includes/auth/auth.php +++ b/phpBB/includes/auth/auth.php @@ -932,10 +932,11 @@ class phpbb_auth $method = trim(basename($config['auth_method'])); include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); - $method = 'login_' . $method; - if (function_exists($method)) + $class = 'phpbb_auth_provider_' . $method; + if (class_exists($class)) { - $login = $method($username, $password, $user->ip, $user->browser, $user->forwarded_for); + $provider = new $class(); + $login = $provider->login($username, $password); // If the auth module wants us to create an empty profile do so and then treat the status as LOGIN_SUCCESS if ($login['status'] == LOGIN_SUCCESS_CREATE_PROFILE) -- cgit v1.2.1 From 553c300688818c36acc4d579762b3eb428d27321 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Wed, 19 Jun 2013 14:20:29 -0400 Subject: [feature/auth-refactor] Fix typos causing changes to not work Replaces short tags with long tags. Fixes the interface to be an interface and not class in the file. Removes unnecessary include_once from auth.php. PHPBB-9734 --- phpBB/includes/auth/auth.php | 1 - phpBB/includes/auth/provider_apache.php | 2 +- phpBB/includes/auth/provider_db.php | 2 +- phpBB/includes/auth/provider_interface.php | 4 ++-- phpBB/includes/auth/provider_ldap.php | 2 +- 5 files changed, 5 insertions(+), 6 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/auth.php b/phpBB/includes/auth/auth.php index 009e621e13..ab84619977 100644 --- a/phpBB/includes/auth/auth.php +++ b/phpBB/includes/auth/auth.php @@ -930,7 +930,6 @@ class phpbb_auth global $config, $db, $user, $phpbb_root_path, $phpEx; $method = trim(basename($config['auth_method'])); - include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); $class = 'phpbb_auth_provider_' . $method; if (class_exists($class)) diff --git a/phpBB/includes/auth/provider_apache.php b/phpBB/includes/auth/provider_apache.php index 01aa9400fd..a923fb4265 100644 --- a/phpBB/includes/auth/provider_apache.php +++ b/phpBB/includes/auth/provider_apache.php @@ -1,4 +1,4 @@ - Date: Wed, 19 Jun 2013 14:57:11 -0400 Subject: [feature/auth-refactor] Refactor acp_board for new auth interface Partially refactors acp_board for the new authentication interface. Leaves some questionable if statements in the file. Modifies the interface to correctly impletment the acp() method. Modifies each provider to comply with the above mentioned interface modification. PHPBB3-9734 --- phpBB/includes/acp/acp_board.php | 35 +++++++++++++++--------------- phpBB/includes/auth/provider_apache.php | 2 +- phpBB/includes/auth/provider_db.php | 2 +- phpBB/includes/auth/provider_interface.php | 2 +- phpBB/includes/auth/provider_ldap.php | 4 ++-- 5 files changed, 22 insertions(+), 23 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 6881e03fdb..9407d81575 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -530,9 +530,9 @@ class acp_board { while (($file = readdir($dp)) !== false) { - if (preg_match('#^auth_(.*?)\.' . $phpEx . '$#', $file)) + if (preg_match('#^provider_(.*?)\.' . $phpEx . '$#', $file) && !preg_match('#^provider_interface\.' . $phpEx . '$#', $file)) { - $auth_plugins[] = basename(preg_replace('#^auth_(.*?)\.' . $phpEx . '$#', '\1', $file)); + $auth_plugins[] = basename(preg_replace('#^provider_(.*?)\.' . $phpEx . '$#', '\1', $file)); } } closedir($dp); @@ -544,14 +544,13 @@ class acp_board $old_auth_config = array(); foreach ($auth_plugins as $method) { - if ($method && file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx)) + if ($method) { - include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); - - $method = 'acp_' . $method; - if (function_exists($method)) + $class = 'phpbb_auth_provider_' . $method; + if (class_exists($class)) { - if ($fields = $method($this->new_config)) + $provider = new $class(); + if ($fields = $provider->acp($this->new_config)) { // Check if we need to create config fields for this plugin and save config when submit was pressed foreach ($fields['config'] as $field) @@ -585,14 +584,13 @@ class acp_board if ($submit && (($cfg_array['auth_method'] != $this->new_config['auth_method']) || $updated_auth_settings)) { $method = basename($cfg_array['auth_method']); - if ($method && in_array($method, $auth_plugins)) + if ($method) { - include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); - - $method = 'init_' . $method; - if (function_exists($method)) + $class = 'phpbb_auth_provider_' . $method; + if (class_exists($class)) { - if ($error = $method()) + $provider = new $class(); + if ($error = $provider->init()) { foreach ($old_auth_config as $config_name => $config_value) { @@ -685,12 +683,13 @@ class acp_board foreach ($auth_plugins as $method) { - if ($method && file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx)) + if ($method) { - $method = 'acp_' . $method; - if (function_exists($method)) + $class = 'phpbb_auth_provider_' . $method; + if (class_exists($class)) { - $fields = $method($this->new_config); + $provider = new $class(); + $fields = $provider->acp($this->new_config); if ($fields['tpl']) { diff --git a/phpBB/includes/auth/provider_apache.php b/phpBB/includes/auth/provider_apache.php index a923fb4265..2d26b85877 100644 --- a/phpBB/includes/auth/provider_apache.php +++ b/phpBB/includes/auth/provider_apache.php @@ -258,7 +258,7 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface return false; } - public function acp() + public function acp($new) { return; } diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php index 60ea105236..df935fcd73 100644 --- a/phpBB/includes/auth/provider_db.php +++ b/phpBB/includes/auth/provider_db.php @@ -298,7 +298,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface return; } - public function acp() + public function acp($new) { return; } diff --git a/phpBB/includes/auth/provider_interface.php b/phpBB/includes/auth/provider_interface.php index 3dd1dba9be..a789dccce7 100644 --- a/phpBB/includes/auth/provider_interface.php +++ b/phpBB/includes/auth/provider_interface.php @@ -58,5 +58,5 @@ interface phpbb_auth_provider_interface * This function is used to output any required fields in the authentication * admin panel. It also defines any required configuration table fields. */ - public function acp(); + public function acp($new); } diff --git a/phpBB/includes/auth/provider_ldap.php b/phpBB/includes/auth/provider_ldap.php index 4d0e68233b..c1f5b3e186 100644 --- a/phpBB/includes/auth/provider_ldap.php +++ b/phpBB/includes/auth/provider_ldap.php @@ -22,7 +22,7 @@ if (!defined('IN_PHPBB')) * * @package auth */ -class phpbb_auth_provider_db implements phpbb_auth_provider_interface +class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface { /** * Connect to ldap server @@ -284,7 +284,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface * This function is used to output any required fields in the authentication * admin panel. It also defines any required configuration table fields. */ - public function acp(&$new) + public function acp($new) { global $user; -- cgit v1.2.1 From f4def220ce00a6be06857d5bd9f164473c0411c4 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Wed, 19 Jun 2013 15:12:00 -0400 Subject: [feature/auth-refactor] Refactor session for new auth interface Refactors phpbb_session to use the new auth interface. PHPBB3-9734 --- phpBB/includes/session.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 6bc71da0c1..85ca8abf3d 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -568,12 +568,12 @@ class phpbb_session } $method = basename(trim($config['auth_method'])); - include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); - $method = 'autologin_' . $method; - if (function_exists($method)) + $class = 'phpbb_auth_provider_' . $method; + if (class_exists($class)) { - $this->data = $method(); + $provider = new $class(); + $this->data = $class->autologin(); if (sizeof($this->data)) { -- cgit v1.2.1 From 8214e6e8377b0858092e48aba3ba2a01994be47f Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Wed, 19 Jun 2013 15:32:20 -0400 Subject: [feature/auth-refactor] Finish refactoring auth plugins I believe that this commit should have final minimal changes needed to replace the old auth plugins with the refactored auth plugins. Added a few more elements to the interface based on the old auth plugins. Documentation is not complete and need works on these new elements. PHPBB3-9734 --- phpBB/includes/auth/provider_apache.php | 7 ++++++- phpBB/includes/auth/provider_db.php | 10 ++++++++++ phpBB/includes/auth/provider_interface.php | 19 +++++++++++++++++++ phpBB/includes/auth/provider_ldap.php | 10 ++++++++++ phpBB/includes/session.php | 19 ++++++++++--------- 5 files changed, 55 insertions(+), 10 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/provider_apache.php b/phpBB/includes/auth/provider_apache.php index 2d26b85877..2ba76e26a9 100644 --- a/phpBB/includes/auth/provider_apache.php +++ b/phpBB/includes/auth/provider_apache.php @@ -237,7 +237,7 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface * @return boolean true if the given user is authenticated or false if * the session should be closed */ - public function validate_session(&$user) + public function validate_session($user) { global $request; @@ -262,4 +262,9 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface { return; } + + public function logout($data, $new_session) + { + return; + } } diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php index df935fcd73..e24e701911 100644 --- a/phpBB/includes/auth/provider_db.php +++ b/phpBB/includes/auth/provider_db.php @@ -302,4 +302,14 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface { return; } + + public function logout($data, $new_session) + { + return; + } + + public function validate_session($user) + { + return; + } } diff --git a/phpBB/includes/auth/provider_interface.php b/phpBB/includes/auth/provider_interface.php index a789dccce7..534f198c21 100644 --- a/phpBB/includes/auth/provider_interface.php +++ b/phpBB/includes/auth/provider_interface.php @@ -57,6 +57,25 @@ interface phpbb_auth_provider_interface /** * This function is used to output any required fields in the authentication * admin panel. It also defines any required configuration table fields. + * + * @param type $new */ public function acp($new); + + /** + * Special logout function. + * + * @param type $data + * @param type $new_session + */ + public function logout($data, $new_session); + + /** + * The session validation function checks whether the user is still logged in. + * + * @param type $user + * @return boolean true if the given user is authenticated, false if the + * session should be closed, or null if not implemented. + */ + public function validate_session($user); } diff --git a/phpBB/includes/auth/provider_ldap.php b/phpBB/includes/auth/provider_ldap.php index c1f5b3e186..8270f50440 100644 --- a/phpBB/includes/auth/provider_ldap.php +++ b/phpBB/includes/auth/provider_ldap.php @@ -358,4 +358,14 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface { return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string); } + + public function logout($data, $new_session) + { + return; + } + + public function validate_session($user) + { + return; + } } diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 85ca8abf3d..f12ba1329c 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -402,12 +402,13 @@ class phpbb_session // Check whether the session is still valid if we have one $method = basename(trim($config['auth_method'])); - include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); - $method = 'validate_session_' . $method; - if (function_exists($method)) + $class = 'phpbb_auth_provider_' . $method; + if (class_exists($class)) { - if (!$method($this->data)) + $provider = new $class(); + $ret = $provider->validate_session($this->data); + if ($ret !== null && !$ret) { $session_expired = true; } @@ -573,7 +574,7 @@ class phpbb_session if (class_exists($class)) { $provider = new $class(); - $this->data = $class->autologin(); + $this->data = $provider->autologin(); if (sizeof($this->data)) { @@ -893,12 +894,12 @@ class phpbb_session // Allow connecting logout with external auth method logout $method = basename(trim($config['auth_method'])); - include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); - $method = 'logout_' . $method; - if (function_exists($method)) + $class = 'phpbb_auth_provider_' . $method; + if (class_exists($class)) { - $method($this->data, $new_session); + $provider = new $class(); + $provider->logout($this->data, $new_session); } if ($this->data['user_id'] != ANONYMOUS) -- cgit v1.2.1 From 0633666e2b5e39a7ebf7d2a68dc4c1b4dbbc0db1 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Thu, 20 Jun 2013 16:46:25 -0400 Subject: [feature/auth-refactor] Fix LDAP conversion error I messed up when converting over auth_ldap this commit fixes that error. I have not been able to extensively test ldap due to not having ldap set up on this computer yet. Apache authentication appears to work. PHPBB3-9734 --- phpBB/includes/auth/provider_ldap.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/provider_ldap.php b/phpBB/includes/auth/provider_ldap.php index 8270f50440..ee9b8100ee 100644 --- a/phpBB/includes/auth/provider_ldap.php +++ b/phpBB/includes/auth/provider_ldap.php @@ -338,11 +338,11 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface * * @return string A filter string for ldap_search */ - public function ldap_user_filter($username) + private function ldap_user_filter($username) { global $config; - $filter = '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')'; + $filter = '(' . $config['ldap_uid'] . '=' . $this->ldap_escape(htmlspecialchars_decode($username)) . ')'; if ($config['ldap_user_filter']) { $_filter = ($config['ldap_user_filter'][0] == '(' && substr($config['ldap_user_filter'], -1) == ')') ? $config['ldap_user_filter'] : "({$config['ldap_user_filter']})"; @@ -354,7 +354,7 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface /** * Escapes an LDAP AttributeValue */ - public function escape($string) + private function ldap_escape($string) { return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string); } -- cgit v1.2.1 From 24825b9dc8cd94204da4180a044dbeab563d5563 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Thu, 20 Jun 2013 21:55:25 -0400 Subject: [feature/auth-refactor] Turn provider_db into a service Removes globals from provider_db and turns it into a service. PHPBB3-9734 --- phpBB/includes/auth/provider_db.php | 98 +++++++++++++++++++++---------------- 1 file changed, 57 insertions(+), 41 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php index e24e701911..aaf9cda735 100644 --- a/phpBB/includes/auth/provider_db.php +++ b/phpBB/includes/auth/provider_db.php @@ -24,6 +24,27 @@ if (!defined('IN_PHPBB')) */ class phpbb_auth_provider_db implements phpbb_auth_provider_interface { + + /** + * Database Authentication Constructor + * + * @param phpbb_db_driver $db + * @param phpbb_config $config + * @param phpbb_request $request + * @param phpbb_user $user + * @param string $phpbb_root_path + * @param string $phpEx + */ + public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $phpbb_root_path, $phpEx) + { + $this->db = $db; + $this->config = $config; + $this->request = $request; + $this->user = $user; + $this->phpbb_root_path = $phpbb_root_path; + $this->phpEx = $phpEx; + } + public function init() { return; @@ -43,9 +64,6 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface */ public function login($username, $password) { - global $db, $config; - global $request, $user; - // Auth plugins get the password untrimmed. // For compatibility we trim() here. $password = trim($password); @@ -73,41 +91,41 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts FROM ' . USERS_TABLE . " - WHERE username_clean = '" . $db->sql_escape($username_clean) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); + WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); - if (($user->ip && !$config['ip_login_limit_use_forwarded']) || - ($user->forwarded_for && $config['ip_login_limit_use_forwarded'])) + if (($this->user->ip && !$this->config['ip_login_limit_use_forwarded']) || + ($this->user->forwarded_for && $this->config['ip_login_limit_use_forwarded'])) { $sql = 'SELECT COUNT(*) AS attempts FROM ' . LOGIN_ATTEMPT_TABLE . ' - WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']); - if ($config['ip_login_limit_use_forwarded']) + WHERE attempt_time > ' . (time() - (int) $this->config['ip_login_limit_time']); + if ($this->config['ip_login_limit_use_forwarded']) { - $sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($user->forwarded_for) . "'"; + $sql .= " AND attempt_forwarded_for = '" . $this->db->sql_escape($this->user->forwarded_for) . "'"; } else { - $sql .= " AND attempt_ip = '" . $db->sql_escape($user->ip) . "' "; + $sql .= " AND attempt_ip = '" . $this->db->sql_escape($this->user->ip) . "' "; } - $result = $db->sql_query($sql); - $attempts = (int) $db->sql_fetchfield('attempts'); - $db->sql_freeresult($result); + $result = $this->db->sql_query($sql); + $attempts = (int) $this->db->sql_fetchfield('attempts'); + $this->db->sql_freeresult($result); $attempt_data = array( - 'attempt_ip' => $user->ip, - 'attempt_browser' => trim(substr($user->browser, 0, 149)), - 'attempt_forwarded_for' => $user->forwarded_for, + 'attempt_ip' => $this->user->ip, + 'attempt_browser' => trim(substr($this->user->browser, 0, 149)), + 'attempt_forwarded_for' => $this->user->forwarded_for, 'attempt_time' => time(), 'user_id' => ($row) ? (int) $row['user_id'] : 0, 'username' => $username, 'username_clean' => $username_clean, ); - $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data); - $result = $db->sql_query($sql); + $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $this->db->sql_build_array('INSERT', $attempt_data); + $result = $this->db->sql_query($sql); } else { @@ -116,7 +134,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface if (!$row) { - if ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']) + if ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']) { return array( 'status' => LOGIN_ERROR_ATTEMPTS, @@ -132,8 +150,8 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface ); } - $show_captcha = ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) || - ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']); + $show_captcha = ($this->config['max_login_attempts'] && $row['user_login_attempts'] >= $this->config['max_login_attempts']) || + ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']); // If there are too much login attempts, we need to check for an confirm image // Every auth module is able to define what to do by itself... @@ -142,11 +160,10 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface // Visual Confirmation handling if (!class_exists('phpbb_captcha_factory', false)) { - global $phpbb_root_path, $phpEx; - include ($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx); + include ($this->phpbb_root_path . 'includes/captcha/captcha_factory.' . $this->phpEx); } - $captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']); + $captcha = phpbb_captcha_factory::get_instance($this->config['captcha_plugin']); $captcha->init(CONFIRM_LOGIN); $vc_response = $captcha->validate($row); if ($vc_response) @@ -169,28 +186,27 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface { // enable super globals to get literal value // this is needed to prevent unicode normalization - $super_globals_disabled = $request->super_globals_disabled(); + $super_globals_disabled = $this->request->super_globals_disabled(); if ($super_globals_disabled) { - $request->enable_super_globals(); + $this->request->enable_super_globals(); } // in phpBB2 passwords were used exactly as they were sent, with addslashes applied $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; - $password_new_format = $request->variable('password', '', true); + $password_new_format = $this->request->variable('password', '', true); if ($super_globals_disabled) { - $request->disable_super_globals(); + $this->request->disable_super_globals(); } if ($password == $password_new_format) { if (!function_exists('utf8_to_cp1252')) { - global $phpbb_root_path, $phpEx; - include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx); + include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->phpEx); } // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding @@ -202,10 +218,10 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface // Update the password in the users table to the new format and remove user_pass_convert flag $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_password = \'' . $db->sql_escape($hash) . '\', + SET user_password = \'' . $this->db->sql_escape($hash) . '\', user_pass_convert = 0 WHERE user_id = ' . $row['user_id']; - $db->sql_query($sql); + $this->db->sql_query($sql); $row['user_pass_convert'] = 0; $row['user_password'] = $hash; @@ -218,7 +234,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface SET user_login_attempts = user_login_attempts + 1 WHERE user_id = ' . (int) $row['user_id'] . ' AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; - $db->sql_query($sql); + $this->db->sql_query($sql); return array( 'status' => LOGIN_ERROR_PASSWORD_CONVERT, @@ -239,17 +255,17 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface // Update the password in the users table to the new format $sql = 'UPDATE ' . USERS_TABLE . " - SET user_password = '" . $db->sql_escape($hash) . "', + SET user_password = '" . $this->db->sql_escape($hash) . "', user_pass_convert = 0 WHERE user_id = {$row['user_id']}"; - $db->sql_query($sql); + $this->db->sql_query($sql); $row['user_password'] = $hash; } $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . ' WHERE user_id = ' . $row['user_id']; - $db->sql_query($sql); + $this->db->sql_query($sql); if ($row['user_login_attempts'] != 0) { @@ -257,7 +273,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = 0 WHERE user_id = ' . $row['user_id']; - $db->sql_query($sql); + $this->db->sql_query($sql); } // User inactive... @@ -283,7 +299,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface SET user_login_attempts = user_login_attempts + 1 WHERE user_id = ' . (int) $row['user_id'] . ' AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; - $db->sql_query($sql); + $this->db->sql_query($sql); // Give status about wrong password... return array( -- cgit v1.2.1 From c253189e85f780d50aa82c483b432717a967bb1c Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Thu, 20 Jun 2013 22:11:24 -0400 Subject: [feature/auth-refactor] Convert provider_ldap to a service Removes globals from provider_ldap and converts it into a service. PHPBB3-9734 --- phpBB/includes/auth/provider_ldap.php | 122 ++++++++++++++++++---------------- 1 file changed, 64 insertions(+), 58 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/provider_ldap.php b/phpBB/includes/auth/provider_ldap.php index ee9b8100ee..67d8d8335f 100644 --- a/phpBB/includes/auth/provider_ldap.php +++ b/phpBB/includes/auth/provider_ldap.php @@ -24,6 +24,20 @@ if (!defined('IN_PHPBB')) */ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface { + /** + * LDAP Authentication Constructor + * + * @param phpbb_db_driver $db + * @param phpbb_config $config + * @param phpbb_user $user + */ + public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_user $user) + { + $this->db = $db; + $this->config = $config; + $this->user = $user; + } + /** * Connect to ldap server * Only allow changing authentication to ldap if we can connect to the ldap server @@ -31,54 +45,52 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface */ public function init() { - global $config, $user; - if (!@extension_loaded('ldap')) { - return $user->lang['LDAP_NO_LDAP_EXTENSION']; + return $this->user->lang['LDAP_NO_LDAP_EXTENSION']; } - $config['ldap_port'] = (int) $config['ldap_port']; - if ($config['ldap_port']) + $this->config['ldap_port'] = (int) $this->config['ldap_port']; + if ($this->config['ldap_port']) { - $ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']); + $ldap = @ldap_connect($this->config['ldap_server'], $this->config['ldap_port']); } else { - $ldap = @ldap_connect($config['ldap_server']); + $ldap = @ldap_connect($this->config['ldap_server']); } if (!$ldap) { - return $user->lang['LDAP_NO_SERVER_CONNECTION']; + return $this->user->lang['LDAP_NO_SERVER_CONNECTION']; } @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); - if ($config['ldap_user'] || $config['ldap_password']) + if ($this->config['ldap_user'] || $this->config['ldap_password']) { - if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password']))) + if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password']))) { - return $user->lang['LDAP_INCORRECT_USER_PASSWORD']; + return $this->user->lang['LDAP_INCORRECT_USER_PASSWORD']; } } // ldap_connect only checks whether the specified server is valid, so the connection might still fail $search = @ldap_search( $ldap, - htmlspecialchars_decode($config['ldap_base_dn']), - $this->ldap_user_filter($user->data['username']), - (empty($config['ldap_email'])) ? - array(htmlspecialchars_decode($config['ldap_uid'])) : - array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])), + htmlspecialchars_decode($this->config['ldap_base_dn']), + $this->ldap_user_filter($this->user->data['username']), + (empty($this->config['ldap_email'])) ? + array(htmlspecialchars_decode($this->config['ldap_uid'])) : + array(htmlspecialchars_decode($this->config['ldap_uid']), htmlspecialchars_decode($this->config['ldap_email'])), 0, 1 ); if ($search === false) { - return $user->lang['LDAP_SEARCH_FAILED']; + return $this->user->lang['LDAP_SEARCH_FAILED']; } $result = @ldap_get_entries($ldap, $search); @@ -88,12 +100,12 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface if (!is_array($result) || sizeof($result) < 2) { - return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']); + return sprintf($this->user->lang['LDAP_NO_IDENTITY'], $this->user->data['username']); } - if (!empty($config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($config['ldap_email'])])) + if (!empty($this->config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($this->config['ldap_email'])])) { - return $user->lang['LDAP_NO_EMAIL']; + return $this->user->lang['LDAP_NO_EMAIL']; } return false; @@ -104,8 +116,6 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface */ public function login($username, $password) { - global $db, $config, $user; - // do not allow empty password if (!$password) { @@ -134,14 +144,14 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface ); } - $config['ldap_port'] = (int) $config['ldap_port']; - if ($config['ldap_port']) + $this->config['ldap_port'] = (int) $this->config['ldap_port']; + if ($this->config['ldap_port']) { - $ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']); + $ldap = @ldap_connect($this->config['ldap_server'], $this->config['ldap_port']); } else { - $ldap = @ldap_connect($config['ldap_server']); + $ldap = @ldap_connect($this->config['ldap_server']); } if (!$ldap) @@ -156,9 +166,9 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); - if ($config['ldap_user'] || $config['ldap_password']) + if ($this->config['ldap_user'] || $this->config['ldap_password']) { - if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password']))) + if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password']))) { return array( 'status' => LOGIN_ERROR_EXTERNAL_AUTH, @@ -170,11 +180,11 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface $search = @ldap_search( $ldap, - htmlspecialchars_decode($config['ldap_base_dn']), + htmlspecialchars_decode($this->config['ldap_base_dn']), $this->ldap_user_filter($username), - (empty($config['ldap_email'])) ? - array(htmlspecialchars_decode($config['ldap_uid'])) : - array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])), + (empty($this->config['ldap_email'])) ? + array(htmlspecialchars_decode($this->config['ldap_uid'])) : + array(htmlspecialchars_decode($this->config['ldap_uid']), htmlspecialchars_decode($this->config['ldap_email'])), 0, 1 ); @@ -189,10 +199,10 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface $sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type FROM ' . USERS_TABLE . " - WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); + WHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($username)) . "'"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); if ($row) { @@ -220,11 +230,11 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface // retrieve default group id $sql = 'SELECT group_id FROM ' . GROUPS_TABLE . " - WHERE group_name = '" . $db->sql_escape('REGISTERED') . "' + WHERE group_name = '" . $this->db->sql_escape('REGISTERED') . "' AND group_type = " . GROUP_SPECIAL; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); if (!$row) { @@ -235,11 +245,11 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface $ldap_user_row = array( 'username' => $username, 'user_password' => phpbb_hash($password), - 'user_email' => (!empty($config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($config['ldap_email'])][0]) : '', + 'user_email' => (!empty($this->config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($this->config['ldap_email'])][0]) : '', 'group_id' => (int) $row['group_id'], 'user_type' => USER_NORMAL, - 'user_ip' => $user->ip, - 'user_new' => ($config['new_member_post_limit']) ? 1 : 0, + 'user_ip' => $this->user->ip, + 'user_new' => ($this->config['new_member_post_limit']) ? 1 : 0, ); unset($ldap_result); @@ -286,40 +296,38 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface */ public function acp($new) { - global $user; - $tpl = '
-

' . $user->lang['LDAP_SERVER_EXPLAIN'] . '
+

' . $this->user->lang['LDAP_SERVER_EXPLAIN'] . '
-

' . $user->lang['LDAP_PORT_EXPLAIN'] . '
+

' . $this->user->lang['LDAP_PORT_EXPLAIN'] . '
-

' . $user->lang['LDAP_DN_EXPLAIN'] . '
+

' . $this->user->lang['LDAP_DN_EXPLAIN'] . '
-

' . $user->lang['LDAP_UID_EXPLAIN'] . '
+

' . $this->user->lang['LDAP_UID_EXPLAIN'] . '
-

' . $user->lang['LDAP_USER_FILTER_EXPLAIN'] . '
+

' . $this->user->lang['LDAP_USER_FILTER_EXPLAIN'] . '
-

' . $user->lang['LDAP_EMAIL_EXPLAIN'] . '
+

' . $this->user->lang['LDAP_EMAIL_EXPLAIN'] . '
-

' . $user->lang['LDAP_USER_EXPLAIN'] . '
+

' . $this->user->lang['LDAP_USER_EXPLAIN'] . '
-

' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '
+

' . $this->user->lang['LDAP_PASSWORD_EXPLAIN'] . '
'; @@ -340,12 +348,10 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface */ private function ldap_user_filter($username) { - global $config; - - $filter = '(' . $config['ldap_uid'] . '=' . $this->ldap_escape(htmlspecialchars_decode($username)) . ')'; - if ($config['ldap_user_filter']) + $filter = '(' . $this->config['ldap_uid'] . '=' . $this->ldap_escape(htmlspecialchars_decode($username)) . ')'; + if ($this->config['ldap_user_filter']) { - $_filter = ($config['ldap_user_filter'][0] == '(' && substr($config['ldap_user_filter'], -1) == ')') ? $config['ldap_user_filter'] : "({$config['ldap_user_filter']})"; + $_filter = ($this->config['ldap_user_filter'][0] == '(' && substr($this->config['ldap_user_filter'], -1) == ')') ? $this->config['ldap_user_filter'] : "({$this->config['ldap_user_filter']})"; $filter = "(&{$filter}{$_filter})"; } return $filter; -- cgit v1.2.1 From c9062fc1ee9bade7c2b4d84c99b3b71a78d5570c Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Thu, 20 Jun 2013 22:21:22 -0400 Subject: [feature/auth-refactor] Convert provider_apache to a service Removes globals from provider_apache and turns it into a service. PHPBB3-9734 --- phpBB/includes/auth/provider_apache.php | 89 ++++++++++++++++++--------------- 1 file changed, 49 insertions(+), 40 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/provider_apache.php b/phpBB/includes/auth/provider_apache.php index 2ba76e26a9..adb1fb6cea 100644 --- a/phpBB/includes/auth/provider_apache.php +++ b/phpBB/includes/auth/provider_apache.php @@ -22,6 +22,26 @@ if (!defined('IN_PHPBB')) */ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface { + /** + * Apache Authentication Constructor + * + * @param phpbb_db_driver $db + * @param phpbb_config $config + * @param phpbb_request $request + * @param phpbb_user $user + * @param string $phpbb_root_path + * @param string $phpEx + */ + public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $phpbb_root_path, $phpEx) + { + $this->db = $db; + $this->config = $config; + $this->request = $request; + $this->user = $user; + $this->phpbb_root_path = $phpbb_root_path; + $this->phpEx = $phpEx; + } + /** * Checks whether the user is identified to apache * Only allow changing authentication to apache if the user is identified @@ -31,11 +51,9 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface */ public function init() { - global $user, $request; - - if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $user->data['username'] !== htmlspecialchars_decode($request->server('PHP_AUTH_USER'))) + if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $this->user->data['username'] !== htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'))) { - return $user->lang['APACHE_SETUP_BEFORE_USE']; + return $this->user->lang['APACHE_SETUP_BEFORE_USE']; } return false; } @@ -45,8 +63,6 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface */ public function login($username, $password) { - global $db, $request; - // do not allow empty password if (!$password) { @@ -66,7 +82,7 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface ); } - if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) + if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) { return array( 'status' => LOGIN_ERROR_EXTERNAL_AUTH, @@ -75,8 +91,8 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface ); } - $php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER')); - $php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW')); + $php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER')); + $php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW')); if (!empty($php_auth_user) && !empty($php_auth_pw)) { @@ -91,10 +107,10 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type FROM ' . USERS_TABLE . " - WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); + WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); if ($row) { @@ -140,15 +156,13 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface */ public function autologin() { - global $db, $request; - - if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) + if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) { return array(); } - $php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER')); - $php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW')); + $php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER')); + $php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW')); if (!empty($php_auth_user) && !empty($php_auth_pw)) { @@ -157,10 +171,10 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface $sql = 'SELECT * FROM ' . USERS_TABLE . " - WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); + WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); if ($row) { @@ -169,9 +183,7 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface if (!function_exists('user_add')) { - global $phpbb_root_path, $phpEx; - - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + include($this->phpbb_root_path . 'includes/functions_user.' . $this->phpEx); } // create the user if he does not exist yet @@ -179,10 +191,10 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface $sql = 'SELECT * FROM ' . USERS_TABLE . " - WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($php_auth_user)) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); + WHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($php_auth_user)) . "'"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); if ($row) { @@ -204,15 +216,14 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface */ private function user_row($username, $password) { - global $db, $config, $user; // first retrieve default group id $sql = 'SELECT group_id FROM ' . GROUPS_TABLE . " - WHERE group_name = '" . $db->sql_escape('REGISTERED') . "' + WHERE group_name = '" . $this->db->sql_escape('REGISTERED') . "' AND group_type = " . GROUP_SPECIAL; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); if (!$row) { @@ -226,8 +237,8 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface 'user_email' => '', 'group_id' => (int) $row['group_id'], 'user_type' => USER_NORMAL, - 'user_ip' => $user->ip, - 'user_new' => ($config['new_member_post_limit']) ? 1 : 0, + 'user_ip' => $this->user->ip, + 'user_new' => ($this->config['new_member_post_limit']) ? 1 : 0, ); } @@ -239,12 +250,10 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface */ public function validate_session($user) { - global $request; - // Check if PHP_AUTH_USER is set and handle this case - if ($request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) + if ($this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) { - $php_auth_user = $request->server('PHP_AUTH_USER'); + $php_auth_user = $this->request->server('PHP_AUTH_USER'); return ($php_auth_user === $user['username']) ? true : false; } -- cgit v1.2.1 From b8610c4b989fd1e4e9e310de776de38dfe4a09a2 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Fri, 21 Jun 2013 18:04:11 -0400 Subject: [feature/auth-refactor] Refactor code to use services Refactors all loading of auth providers to use services instead of directly calling the class. PHPBB3-9734 --- phpBB/includes/acp/acp_board.php | 15 ++++++-------- phpBB/includes/auth/auth.php | 7 +++---- phpBB/includes/session.php | 42 ++++++++++++++-------------------------- 3 files changed, 24 insertions(+), 40 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 9407d81575..383e035817 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -546,10 +546,9 @@ class acp_board { if ($method) { - $class = 'phpbb_auth_provider_' . $method; - if (class_exists($class)) + $provider = $phpbb_container->get('auth.provider.' . $method); + if ($provider) { - $provider = new $class(); if ($fields = $provider->acp($this->new_config)) { // Check if we need to create config fields for this plugin and save config when submit was pressed @@ -586,10 +585,9 @@ class acp_board $method = basename($cfg_array['auth_method']); if ($method) { - $class = 'phpbb_auth_provider_' . $method; - if (class_exists($class)) + $provider = $phpbb_container->get('auth.provider.' . $method); + if ($provider) { - $provider = new $class(); if ($error = $provider->init()) { foreach ($old_auth_config as $config_name => $config_value) @@ -685,10 +683,9 @@ class acp_board { if ($method) { - $class = 'phpbb_auth_provider_' . $method; - if (class_exists($class)) + $provider = $phpbb_container->get('auth.provider.' . $method); + if ($provider) { - $provider = new $class(); $fields = $provider->acp($this->new_config); if ($fields['tpl']) diff --git a/phpBB/includes/auth/auth.php b/phpBB/includes/auth/auth.php index ab84619977..279959974d 100644 --- a/phpBB/includes/auth/auth.php +++ b/phpBB/includes/auth/auth.php @@ -927,14 +927,13 @@ class phpbb_auth */ function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0) { - global $config, $db, $user, $phpbb_root_path, $phpEx; + global $config, $db, $user, $phpbb_root_path, $phpEx, $phpbb_container; $method = trim(basename($config['auth_method'])); - $class = 'phpbb_auth_provider_' . $method; - if (class_exists($class)) + $provider = $phpbb_container->get('auth.provider.' . $method); + if ($provider) { - $provider = new $class(); $login = $provider->login($username, $password); // If the auth module wants us to create an empty profile do so and then treat the status as LOGIN_SUCCESS diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index f12ba1329c..66bf053f7d 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -207,7 +207,7 @@ class phpbb_session function session_begin($update_session_page = true) { global $phpEx, $SID, $_SID, $_EXTRA_URL, $db, $config, $phpbb_root_path; - global $request; + global $request, $phpbb_container; // Give us some basic information $this->time_now = time(); @@ -403,15 +403,11 @@ class phpbb_session // Check whether the session is still valid if we have one $method = basename(trim($config['auth_method'])); - $class = 'phpbb_auth_provider_' . $method; - if (class_exists($class)) + $provider = $phpbb_container->get('auth.provider.' . $method); + $ret = $provider->validate_session($this->data); + if ($ret !== null && !$ret) { - $provider = new $class(); - $ret = $provider->validate_session($this->data); - if ($ret !== null && !$ret) - { - $session_expired = true; - } + $session_expired = true; } if (!$session_expired) @@ -505,7 +501,7 @@ class phpbb_session */ function session_create($user_id = false, $set_admin = false, $persist_login = false, $viewonline = true) { - global $SID, $_SID, $db, $config, $cache, $phpbb_root_path, $phpEx; + global $SID, $_SID, $db, $config, $cache, $phpbb_root_path, $phpEx, $phpbb_container; $this->data = array(); @@ -570,17 +566,13 @@ class phpbb_session $method = basename(trim($config['auth_method'])); - $class = 'phpbb_auth_provider_' . $method; - if (class_exists($class)) - { - $provider = new $class(); - $this->data = $provider->autologin(); + $provider = $phpbb_container->get('auth.provider.' . $method); + $this->data = $provider->autologin(); - if (sizeof($this->data)) - { - $this->cookie_data['k'] = ''; - $this->cookie_data['u'] = $this->data['user_id']; - } + if (sizeof($this->data)) + { + $this->cookie_data['k'] = ''; + $this->cookie_data['u'] = $this->data['user_id']; } // If we're presented with an autologin key we'll join against it. @@ -885,7 +877,7 @@ class phpbb_session */ function session_kill($new_session = true) { - global $SID, $_SID, $db, $config, $phpbb_root_path, $phpEx; + global $SID, $_SID, $db, $config, $phpbb_root_path, $phpEx, $phpbb_container; $sql = 'DELETE FROM ' . SESSIONS_TABLE . " WHERE session_id = '" . $db->sql_escape($this->session_id) . "' @@ -895,12 +887,8 @@ class phpbb_session // Allow connecting logout with external auth method logout $method = basename(trim($config['auth_method'])); - $class = 'phpbb_auth_provider_' . $method; - if (class_exists($class)) - { - $provider = new $class(); - $provider->logout($this->data, $new_session); - } + $provider = $phpbb_container->get('auth.provider.' . $method); + $provider->logout($this->data, $new_session); if ($this->data['user_id'] != ANONYMOUS) { -- cgit v1.2.1 From 4f3f0a8791cea806cc63cfe4709605ad63f8cbd4 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 25 Jun 2013 21:56:58 -0400 Subject: [feature/auth-refactor] Remove references to old auth plugins Removes what is hopefully the last references to the old auth plugins in the code base. PHPBB3-9734 --- phpBB/includes/acp/acp_board.php | 38 +++++++++----------------------------- 1 file changed, 9 insertions(+), 29 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 383e035817..1ac6697255 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -523,21 +523,11 @@ class acp_board { // Retrieve a list of auth plugins and check their config values $auth_plugins = array(); + $auth_providers = $phpbb_container->get('auth.provider_collection'); - $dp = @opendir($phpbb_root_path . 'includes/auth'); - - if ($dp) + foreach($auth_providers as $key => $value) { - while (($file = readdir($dp)) !== false) - { - if (preg_match('#^provider_(.*?)\.' . $phpEx . '$#', $file) && !preg_match('#^provider_interface\.' . $phpEx . '$#', $file)) - { - $auth_plugins[] = basename(preg_replace('#^provider_(.*?)\.' . $phpEx . '$#', '\1', $file)); - } - } - closedir($dp); - - sort($auth_plugins); + $auth_plugins[] = str_replace('auth.provider.', '', $key); } $updated_auth_settings = false; @@ -546,7 +536,7 @@ class acp_board { if ($method) { - $provider = $phpbb_container->get('auth.provider.' . $method); + $provider = $auth_providers['auth.provider.' . $method]; if ($provider) { if ($fields = $provider->acp($this->new_config)) @@ -585,7 +575,7 @@ class acp_board $method = basename($cfg_array['auth_method']); if ($method) { - $provider = $phpbb_container->get('auth.provider.' . $method); + $provider = $auth_providers['auth.provider.' . $method]; if ($provider) { if ($error = $provider->init()) @@ -683,7 +673,7 @@ class acp_board { if ($method) { - $provider = $phpbb_container->get('auth.provider.' . $method); + $provider = $auth_providers['auth.provider.' . $method]; if ($provider) { $fields = $provider->acp($this->new_config); @@ -709,22 +699,12 @@ class acp_board global $phpbb_root_path, $phpEx; $auth_plugins = array(); + $auth_providers = $phpbb_container->get('auth.provider_collection'); - $dp = @opendir($phpbb_root_path . 'includes/auth'); - - if (!$dp) - { - return ''; - } - - while (($file = readdir($dp)) !== false) + foreach($auth_providers as $key => $value) { - if (preg_match('#^auth_(.*?)\.' . $phpEx . '$#', $file)) - { - $auth_plugins[] = preg_replace('#^auth_(.*?)\.' . $phpEx . '$#', '\1', $file); - } + $auth_plugins[] = str_replace('auth.provider.', '', $key); } - closedir($dp); sort($auth_plugins); -- cgit v1.2.1 From 09372d765d5adbca743063a7410b97abf4536015 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 25 Jun 2013 22:01:00 -0400 Subject: [feature/auth-refactor] Remove old auth plugins PHPBB3-9734 --- phpBB/includes/auth/auth_apache.php | 247 ------------------------- phpBB/includes/auth/auth_db.php | 289 ----------------------------- phpBB/includes/auth/auth_ldap.php | 350 ------------------------------------ 3 files changed, 886 deletions(-) delete mode 100644 phpBB/includes/auth/auth_apache.php delete mode 100644 phpBB/includes/auth/auth_db.php delete mode 100644 phpBB/includes/auth/auth_ldap.php (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php deleted file mode 100644 index 10b288aa09..0000000000 --- a/phpBB/includes/auth/auth_apache.php +++ /dev/null @@ -1,247 +0,0 @@ -is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $user->data['username'] !== htmlspecialchars_decode($request->server('PHP_AUTH_USER'))) - { - return $user->lang['APACHE_SETUP_BEFORE_USE']; - } - return false; -} - -/** -* Login function -*/ -function login_apache(&$username, &$password) -{ - global $db, $request; - - // do not allow empty password - if (!$password) - { - return array( - 'status' => LOGIN_ERROR_PASSWORD, - 'error_msg' => 'NO_PASSWORD_SUPPLIED', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - if (!$username) - { - return array( - 'status' => LOGIN_ERROR_USERNAME, - 'error_msg' => 'LOGIN_ERROR_USERNAME', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) - { - return array( - 'status' => LOGIN_ERROR_EXTERNAL_AUTH, - 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - $php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER')); - $php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW')); - - if (!empty($php_auth_user) && !empty($php_auth_pw)) - { - if ($php_auth_user !== $username) - { - return array( - 'status' => LOGIN_ERROR_USERNAME, - 'error_msg' => 'LOGIN_ERROR_USERNAME', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type - FROM ' . USERS_TABLE . " - WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if ($row) - { - // User inactive... - if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) - { - return array( - 'status' => LOGIN_ERROR_ACTIVE, - 'error_msg' => 'ACTIVE_ERROR', - 'user_row' => $row, - ); - } - - // Successful login... - return array( - 'status' => LOGIN_SUCCESS, - 'error_msg' => false, - 'user_row' => $row, - ); - } - - // this is the user's first login so create an empty profile - return array( - 'status' => LOGIN_SUCCESS_CREATE_PROFILE, - 'error_msg' => false, - 'user_row' => user_row_apache($php_auth_user, $php_auth_pw), - ); - } - - // Not logged into apache - return array( - 'status' => LOGIN_ERROR_EXTERNAL_AUTH, - 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE', - 'user_row' => array('user_id' => ANONYMOUS), - ); -} - -/** -* Autologin function -* -* @return array containing the user row or empty if no auto login should take place -*/ -function autologin_apache() -{ - global $db, $request; - - if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) - { - return array(); - } - - $php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER')); - $php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW')); - - if (!empty($php_auth_user) && !empty($php_auth_pw)) - { - set_var($php_auth_user, $php_auth_user, 'string', true); - set_var($php_auth_pw, $php_auth_pw, 'string', true); - - $sql = 'SELECT * - FROM ' . USERS_TABLE . " - WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if ($row) - { - return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row; - } - - if (!function_exists('user_add')) - { - global $phpbb_root_path, $phpEx; - - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); - } - - // create the user if he does not exist yet - user_add(user_row_apache($php_auth_user, $php_auth_pw)); - - $sql = 'SELECT * - FROM ' . USERS_TABLE . " - WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($php_auth_user)) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if ($row) - { - return $row; - } - } - - return array(); -} - -/** -* This function generates an array which can be passed to the user_add function in order to create a user -*/ -function user_row_apache($username, $password) -{ - global $db, $config, $user; - // first retrieve default group id - $sql = 'SELECT group_id - FROM ' . GROUPS_TABLE . " - WHERE group_name = '" . $db->sql_escape('REGISTERED') . "' - AND group_type = " . GROUP_SPECIAL; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if (!$row) - { - trigger_error('NO_GROUP'); - } - - // generate user account data - return array( - 'username' => $username, - 'user_password' => phpbb_hash($password), - 'user_email' => '', - 'group_id' => (int) $row['group_id'], - 'user_type' => USER_NORMAL, - 'user_ip' => $user->ip, - 'user_new' => ($config['new_member_post_limit']) ? 1 : 0, - ); -} - -/** -* The session validation function checks whether the user is still logged in -* -* @return boolean true if the given user is authenticated or false if the session should be closed -*/ -function validate_session_apache(&$user) -{ - global $request; - - // Check if PHP_AUTH_USER is set and handle this case - if ($request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) - { - $php_auth_user = $request->server('PHP_AUTH_USER'); - - return ($php_auth_user === $user['username']) ? true : false; - } - - // PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not) - if ($user['user_type'] == USER_IGNORE) - { - return true; - } - - return false; -} diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php deleted file mode 100644 index ac944532a5..0000000000 --- a/phpBB/includes/auth/auth_db.php +++ /dev/null @@ -1,289 +0,0 @@ - status constant -* 'error_msg' => string -* 'user_row' => array -* ) -*/ -function login_db($username, $password, $ip = '', $browser = '', $forwarded_for = '') -{ - global $db, $config; - global $request; - - // Auth plugins get the password untrimmed. - // For compatibility we trim() here. - $password = trim($password); - - // do not allow empty password - if (!$password) - { - return array( - 'status' => LOGIN_ERROR_PASSWORD, - 'error_msg' => 'NO_PASSWORD_SUPPLIED', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - if (!$username) - { - return array( - 'status' => LOGIN_ERROR_USERNAME, - 'error_msg' => 'LOGIN_ERROR_USERNAME', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - $username_clean = utf8_clean_string($username); - - $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts - FROM ' . USERS_TABLE . " - WHERE username_clean = '" . $db->sql_escape($username_clean) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if (($ip && !$config['ip_login_limit_use_forwarded']) || - ($forwarded_for && $config['ip_login_limit_use_forwarded'])) - { - $sql = 'SELECT COUNT(*) AS attempts - FROM ' . LOGIN_ATTEMPT_TABLE . ' - WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']); - if ($config['ip_login_limit_use_forwarded']) - { - $sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($forwarded_for) . "'"; - } - else - { - $sql .= " AND attempt_ip = '" . $db->sql_escape($ip) . "' "; - } - - $result = $db->sql_query($sql); - $attempts = (int) $db->sql_fetchfield('attempts'); - $db->sql_freeresult($result); - - $attempt_data = array( - 'attempt_ip' => $ip, - 'attempt_browser' => trim(substr($browser, 0, 149)), - 'attempt_forwarded_for' => $forwarded_for, - 'attempt_time' => time(), - 'user_id' => ($row) ? (int) $row['user_id'] : 0, - 'username' => $username, - 'username_clean' => $username_clean, - ); - $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data); - $result = $db->sql_query($sql); - } - else - { - $attempts = 0; - } - - if (!$row) - { - if ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']) - { - return array( - 'status' => LOGIN_ERROR_ATTEMPTS, - 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - return array( - 'status' => LOGIN_ERROR_USERNAME, - 'error_msg' => 'LOGIN_ERROR_USERNAME', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - $show_captcha = ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) || - ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']); - - // If there are too much login attempts, we need to check for an confirm image - // Every auth module is able to define what to do by itself... - if ($show_captcha) - { - // Visual Confirmation handling - if (!class_exists('phpbb_captcha_factory', false)) - { - global $phpbb_root_path, $phpEx; - include ($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx); - } - - $captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']); - $captcha->init(CONFIRM_LOGIN); - $vc_response = $captcha->validate($row); - if ($vc_response) - { - return array( - 'status' => LOGIN_ERROR_ATTEMPTS, - 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', - 'user_row' => $row, - ); - } - else - { - $captcha->reset(); - } - - } - - // If the password convert flag is set we need to convert it - if ($row['user_pass_convert']) - { - // enable super globals to get literal value - // this is needed to prevent unicode normalization - $super_globals_disabled = $request->super_globals_disabled(); - if ($super_globals_disabled) - { - $request->enable_super_globals(); - } - - // in phpBB2 passwords were used exactly as they were sent, with addslashes applied - $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; - $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; - $password_new_format = $request->variable('password', '', true); - - if ($super_globals_disabled) - { - $request->disable_super_globals(); - } - - if ($password == $password_new_format) - { - if (!function_exists('utf8_to_cp1252')) - { - global $phpbb_root_path, $phpEx; - include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx); - } - - // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding - // plain md5 support left in for conversions from other systems. - if ((strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password']))) - || (strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password']))) - { - $hash = phpbb_hash($password_new_format); - - // Update the password in the users table to the new format and remove user_pass_convert flag - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_password = \'' . $db->sql_escape($hash) . '\', - user_pass_convert = 0 - WHERE user_id = ' . $row['user_id']; - $db->sql_query($sql); - - $row['user_pass_convert'] = 0; - $row['user_password'] = $hash; - } - else - { - // Although we weren't able to convert this password we have to - // increase login attempt count to make sure this cannot be exploited - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_login_attempts = user_login_attempts + 1 - WHERE user_id = ' . (int) $row['user_id'] . ' - AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; - $db->sql_query($sql); - - return array( - 'status' => LOGIN_ERROR_PASSWORD_CONVERT, - 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT', - 'user_row' => $row, - ); - } - } - } - - // Check password ... - if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password'])) - { - // Check for old password hash... - if (strlen($row['user_password']) == 32) - { - $hash = phpbb_hash($password); - - // Update the password in the users table to the new format - $sql = 'UPDATE ' . USERS_TABLE . " - SET user_password = '" . $db->sql_escape($hash) . "', - user_pass_convert = 0 - WHERE user_id = {$row['user_id']}"; - $db->sql_query($sql); - - $row['user_password'] = $hash; - } - - $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . ' - WHERE user_id = ' . $row['user_id']; - $db->sql_query($sql); - - if ($row['user_login_attempts'] != 0) - { - // Successful, reset login attempts (the user passed all stages) - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_login_attempts = 0 - WHERE user_id = ' . $row['user_id']; - $db->sql_query($sql); - } - - // User inactive... - if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) - { - return array( - 'status' => LOGIN_ERROR_ACTIVE, - 'error_msg' => 'ACTIVE_ERROR', - 'user_row' => $row, - ); - } - - // Successful login... set user_login_attempts to zero... - return array( - 'status' => LOGIN_SUCCESS, - 'error_msg' => false, - 'user_row' => $row, - ); - } - - // Password incorrect - increase login attempts - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_login_attempts = user_login_attempts + 1 - WHERE user_id = ' . (int) $row['user_id'] . ' - AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; - $db->sql_query($sql); - - // Give status about wrong password... - return array( - 'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD, - 'error_msg' => ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD', - 'user_row' => $row, - ); -} diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php deleted file mode 100644 index 98355dd044..0000000000 --- a/phpBB/includes/auth/auth_ldap.php +++ /dev/null @@ -1,350 +0,0 @@ -lang['LDAP_NO_LDAP_EXTENSION']; - } - - $config['ldap_port'] = (int) $config['ldap_port']; - if ($config['ldap_port']) - { - $ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']); - } - else - { - $ldap = @ldap_connect($config['ldap_server']); - } - - if (!$ldap) - { - return $user->lang['LDAP_NO_SERVER_CONNECTION']; - } - - @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); - @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); - - if ($config['ldap_user'] || $config['ldap_password']) - { - if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password']))) - { - return $user->lang['LDAP_INCORRECT_USER_PASSWORD']; - } - } - - // ldap_connect only checks whether the specified server is valid, so the connection might still fail - $search = @ldap_search( - $ldap, - htmlspecialchars_decode($config['ldap_base_dn']), - ldap_user_filter($user->data['username']), - (empty($config['ldap_email'])) ? - array(htmlspecialchars_decode($config['ldap_uid'])) : - array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])), - 0, - 1 - ); - - if ($search === false) - { - return $user->lang['LDAP_SEARCH_FAILED']; - } - - $result = @ldap_get_entries($ldap, $search); - - @ldap_close($ldap); - - - if (!is_array($result) || sizeof($result) < 2) - { - return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']); - } - - if (!empty($config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($config['ldap_email'])])) - { - return $user->lang['LDAP_NO_EMAIL']; - } - - return false; -} - -/** -* Login function -*/ -function login_ldap(&$username, &$password) -{ - global $db, $config, $user; - - // do not allow empty password - if (!$password) - { - return array( - 'status' => LOGIN_ERROR_PASSWORD, - 'error_msg' => 'NO_PASSWORD_SUPPLIED', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - if (!$username) - { - return array( - 'status' => LOGIN_ERROR_USERNAME, - 'error_msg' => 'LOGIN_ERROR_USERNAME', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - if (!@extension_loaded('ldap')) - { - return array( - 'status' => LOGIN_ERROR_EXTERNAL_AUTH, - 'error_msg' => 'LDAP_NO_LDAP_EXTENSION', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - $config['ldap_port'] = (int) $config['ldap_port']; - if ($config['ldap_port']) - { - $ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']); - } - else - { - $ldap = @ldap_connect($config['ldap_server']); - } - - if (!$ldap) - { - return array( - 'status' => LOGIN_ERROR_EXTERNAL_AUTH, - 'error_msg' => 'LDAP_NO_SERVER_CONNECTION', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); - @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); - - if ($config['ldap_user'] || $config['ldap_password']) - { - if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password']))) - { - return array( - 'status' => LOGIN_ERROR_EXTERNAL_AUTH, - 'error_msg' => 'LDAP_NO_SERVER_CONNECTION', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - } - - $search = @ldap_search( - $ldap, - htmlspecialchars_decode($config['ldap_base_dn']), - ldap_user_filter($username), - (empty($config['ldap_email'])) ? - array(htmlspecialchars_decode($config['ldap_uid'])) : - array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])), - 0, - 1 - ); - - $ldap_result = @ldap_get_entries($ldap, $search); - - if (is_array($ldap_result) && sizeof($ldap_result) > 1) - { - if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password))) - { - @ldap_close($ldap); - - $sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type - FROM ' . USERS_TABLE . " - WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if ($row) - { - unset($ldap_result); - - // User inactive... - if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) - { - return array( - 'status' => LOGIN_ERROR_ACTIVE, - 'error_msg' => 'ACTIVE_ERROR', - 'user_row' => $row, - ); - } - - // Successful login... set user_login_attempts to zero... - return array( - 'status' => LOGIN_SUCCESS, - 'error_msg' => false, - 'user_row' => $row, - ); - } - else - { - // retrieve default group id - $sql = 'SELECT group_id - FROM ' . GROUPS_TABLE . " - WHERE group_name = '" . $db->sql_escape('REGISTERED') . "' - AND group_type = " . GROUP_SPECIAL; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if (!$row) - { - trigger_error('NO_GROUP'); - } - - // generate user account data - $ldap_user_row = array( - 'username' => $username, - 'user_password' => phpbb_hash($password), - 'user_email' => (!empty($config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($config['ldap_email'])][0]) : '', - 'group_id' => (int) $row['group_id'], - 'user_type' => USER_NORMAL, - 'user_ip' => $user->ip, - 'user_new' => ($config['new_member_post_limit']) ? 1 : 0, - ); - - unset($ldap_result); - - // this is the user's first login so create an empty profile - return array( - 'status' => LOGIN_SUCCESS_CREATE_PROFILE, - 'error_msg' => false, - 'user_row' => $ldap_user_row, - ); - } - } - else - { - unset($ldap_result); - @ldap_close($ldap); - - // Give status about wrong password... - return array( - 'status' => LOGIN_ERROR_PASSWORD, - 'error_msg' => 'LOGIN_ERROR_PASSWORD', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - } - - @ldap_close($ldap); - - return array( - 'status' => LOGIN_ERROR_USERNAME, - 'error_msg' => 'LOGIN_ERROR_USERNAME', - 'user_row' => array('user_id' => ANONYMOUS), - ); -} - -/** -* Generates a filter string for ldap_search to find a user -* -* @param $username string Username identifying the searched user -* -* @return string A filter string for ldap_search -*/ -function ldap_user_filter($username) -{ - global $config; - - $filter = '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')'; - if ($config['ldap_user_filter']) - { - $_filter = ($config['ldap_user_filter'][0] == '(' && substr($config['ldap_user_filter'], -1) == ')') ? $config['ldap_user_filter'] : "({$config['ldap_user_filter']})"; - $filter = "(&{$filter}{$_filter})"; - } - return $filter; -} - -/** -* Escapes an LDAP AttributeValue -*/ -function ldap_escape($string) -{ - return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string); -} - -/** -* This function is used to output any required fields in the authentication -* admin panel. It also defines any required configuration table fields. -*/ -function acp_ldap(&$new) -{ - global $user; - - $tpl = ' - -
-

' . $user->lang['LDAP_SERVER_EXPLAIN'] . '
-
-
-
-

' . $user->lang['LDAP_PORT_EXPLAIN'] . '
-
-
-
-

' . $user->lang['LDAP_DN_EXPLAIN'] . '
-
-
-
-

' . $user->lang['LDAP_UID_EXPLAIN'] . '
-
-
-
-

' . $user->lang['LDAP_USER_FILTER_EXPLAIN'] . '
-
-
-
-

' . $user->lang['LDAP_EMAIL_EXPLAIN'] . '
-
-
-
-

' . $user->lang['LDAP_USER_EXPLAIN'] . '
-
-
-
-

' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '
-
-
- '; - - // These are fields required in the config table - return array( - 'tpl' => $tpl, - 'config' => array('ldap_server', 'ldap_port', 'ldap_base_dn', 'ldap_uid', 'ldap_user_filter', 'ldap_email', 'ldap_user', 'ldap_password') - ); -} -- cgit v1.2.1 From b78b6711c80f2a47f3ab71dde9b733e04d9b523d Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 25 Jun 2013 22:14:39 -0400 Subject: [feature/auth-refactor] Don't truncate name then reattach same thing PHPBB3-9734 --- phpBB/includes/acp/acp_board.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 1ac6697255..bff5a3e64d 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -527,7 +527,7 @@ class acp_board foreach($auth_providers as $key => $value) { - $auth_plugins[] = str_replace('auth.provider.', '', $key); + $auth_plugins[] = $key; } $updated_auth_settings = false; @@ -536,7 +536,7 @@ class acp_board { if ($method) { - $provider = $auth_providers['auth.provider.' . $method]; + $provider = $auth_providers[$method]; if ($provider) { if ($fields = $provider->acp($this->new_config)) @@ -575,7 +575,7 @@ class acp_board $method = basename($cfg_array['auth_method']); if ($method) { - $provider = $auth_providers['auth.provider.' . $method]; + $provider = $auth_providers[$method]; if ($provider) { if ($error = $provider->init()) @@ -673,7 +673,7 @@ class acp_board { if ($method) { - $provider = $auth_providers['auth.provider.' . $method]; + $provider = $auth_providers[$method]; if ($provider) { $fields = $provider->acp($this->new_config); -- cgit v1.2.1 From 3c394aee6208277eb852764ca6b4ef50e2832301 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 25 Jun 2013 22:21:38 -0400 Subject: [feature/auth-refactor] Refactor auth in acp_board Changes the acp_board code to directly call the auth providers out of the $auth_providers variable that is populated by the phpbb_container. PHPBB3-9734 --- phpBB/includes/acp/acp_board.php | 25 +++---------------------- 1 file changed, 3 insertions(+), 22 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index bff5a3e64d..d6bf2d637b 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -525,20 +525,10 @@ class acp_board $auth_plugins = array(); $auth_providers = $phpbb_container->get('auth.provider_collection'); - foreach($auth_providers as $key => $value) - { - $auth_plugins[] = $key; - } - $updated_auth_settings = false; $old_auth_config = array(); - foreach ($auth_plugins as $method) + foreach ($auth_providers as $provider) { - if ($method) - { - $provider = $auth_providers[$method]; - if ($provider) - { if ($fields = $provider->acp($this->new_config)) { // Check if we need to create config fields for this plugin and save config when submit was pressed @@ -566,8 +556,6 @@ class acp_board } } unset($fields); - } - } } if ($submit && (($cfg_array['auth_method'] != $this->new_config['auth_method']) || $updated_auth_settings)) @@ -575,7 +563,7 @@ class acp_board $method = basename($cfg_array['auth_method']); if ($method) { - $provider = $auth_providers[$method]; + $provider = $auth_providers['auth.provider.' . $method]; if ($provider) { if ($error = $provider->init()) @@ -669,13 +657,8 @@ class acp_board { $template->assign_var('S_AUTH', true); - foreach ($auth_plugins as $method) + foreach ($auth_provider as $provider) { - if ($method) - { - $provider = $auth_providers[$method]; - if ($provider) - { $fields = $provider->acp($this->new_config); if ($fields['tpl']) @@ -685,8 +668,6 @@ class acp_board ); } unset($fields); - } - } } } } -- cgit v1.2.1 From 08614e2b8540766037e13f3eb1e6d4d64eea7b46 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 25 Jun 2013 22:25:40 -0400 Subject: [feature/auth-refactor] Fix indentation on acp_board PHPBB3-9734 --- phpBB/includes/acp/acp_board.php | 79 +++++++++++++++++++--------------------- 1 file changed, 38 insertions(+), 41 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index d6bf2d637b..5e8efaa60c 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -529,51 +529,48 @@ class acp_board $old_auth_config = array(); foreach ($auth_providers as $provider) { - if ($fields = $provider->acp($this->new_config)) + if ($fields = $provider->acp($this->new_config)) + { + // Check if we need to create config fields for this plugin and save config when submit was pressed + foreach ($fields['config'] as $field) + { + if (!isset($config[$field])) + { + set_config($field, ''); + } + + if (!isset($cfg_array[$field]) || strpos($field, 'legend') !== false) { - // Check if we need to create config fields for this plugin and save config when submit was pressed - foreach ($fields['config'] as $field) - { - if (!isset($config[$field])) - { - set_config($field, ''); - } - - if (!isset($cfg_array[$field]) || strpos($field, 'legend') !== false) - { - continue; - } - - $old_auth_config[$field] = $this->new_config[$field]; - $config_value = $cfg_array[$field]; - $this->new_config[$field] = $config_value; - - if ($submit) - { - $updated_auth_settings = true; - set_config($field, $config_value); - } - } + continue; } - unset($fields); + + $old_auth_config[$field] = $this->new_config[$field]; + $config_value = $cfg_array[$field]; + $this->new_config[$field] = $config_value; + + if ($submit) + { + $updated_auth_settings = true; + set_config($field, $config_value); + } + } + } + unset($fields); } if ($submit && (($cfg_array['auth_method'] != $this->new_config['auth_method']) || $updated_auth_settings)) { $method = basename($cfg_array['auth_method']); - if ($method) + if (array_key_exists('auth.provider.' . $method, $auth_providers)) { $provider = $auth_providers['auth.provider.' . $method]; - if ($provider) + if ($error = $provider->init()) { - if ($error = $provider->init()) + foreach ($old_auth_config as $config_name => $config_value) { - foreach ($old_auth_config as $config_name => $config_value) - { - set_config($config_name, $config_value); - } - trigger_error($error . adm_back_link($this->u_action), E_USER_WARNING); + set_config($config_name, $config_value); } + trigger_error($error . adm_back_link($this->u_action), E_USER_WARNING); } set_config('auth_method', basename($cfg_array['auth_method'])); } @@ -659,15 +656,15 @@ class acp_board foreach ($auth_provider as $provider) { - $fields = $provider->acp($this->new_config); + $fields = $provider->acp($this->new_config); - if ($fields['tpl']) - { - $template->assign_block_vars('auth_tpl', array( - 'TPL' => $fields['tpl']) - ); - } - unset($fields); + if ($fields['tpl']) + { + $template->assign_block_vars('auth_tpl', array( + 'TPL' => $fields['tpl']) + ); + } + unset($fields); } } } -- cgit v1.2.1 From 59929669f508f06b2440bf36af463851acbeb711 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 25 Jun 2013 22:26:45 -0400 Subject: [feature/auth-refactor] Fix errors in acp_board Fixes errors introduced by the last several commits. PHPBB3-9734 --- phpBB/includes/acp/acp_board.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 5e8efaa60c..4a758207fd 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -654,7 +654,7 @@ class acp_board { $template->assign_var('S_AUTH', true); - foreach ($auth_provider as $provider) + foreach ($auth_providers as $provider) { $fields = $provider->acp($this->new_config); @@ -674,7 +674,7 @@ class acp_board */ function select_auth_method($selected_method, $key = '') { - global $phpbb_root_path, $phpEx; + global $phpbb_root_path, $phpEx, $phpbb_container; $auth_plugins = array(); $auth_providers = $phpbb_container->get('auth.provider_collection'); -- cgit v1.2.1 From 4afdd650cdea0a09da14e8dff23cee1b30e5980d Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Wed, 26 Jun 2013 00:02:03 -0400 Subject: [feature/auth-refactor] Removed no longer used variable PHPBB3-9734 --- phpBB/includes/acp/acp_board.php | 1 - 1 file changed, 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 4a758207fd..4d07f96c6f 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -522,7 +522,6 @@ class acp_board if ($mode == 'auth') { // Retrieve a list of auth plugins and check their config values - $auth_plugins = array(); $auth_providers = $phpbb_container->get('auth.provider_collection'); $updated_auth_settings = false; -- cgit v1.2.1 From 5af7d2b07f788f6795865225612175b65c596a4b Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Wed, 26 Jun 2013 21:45:16 -0400 Subject: [feature/auth-refactor] Change phpEx to php_ext in new classes PHPBB3-9734 --- phpBB/includes/auth/provider_apache.php | 8 ++++---- phpBB/includes/auth/provider_db.php | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/provider_apache.php b/phpBB/includes/auth/provider_apache.php index adb1fb6cea..0a6811bbcb 100644 --- a/phpBB/includes/auth/provider_apache.php +++ b/phpBB/includes/auth/provider_apache.php @@ -30,16 +30,16 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface * @param phpbb_request $request * @param phpbb_user $user * @param string $phpbb_root_path - * @param string $phpEx + * @param string $php_ext */ - public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $phpbb_root_path, $phpEx) + public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $phpbb_root_path, $php_ext) { $this->db = $db; $this->config = $config; $this->request = $request; $this->user = $user; $this->phpbb_root_path = $phpbb_root_path; - $this->phpEx = $phpEx; + $this->php_ext = $php_ext; } /** @@ -183,7 +183,7 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface if (!function_exists('user_add')) { - include($this->phpbb_root_path . 'includes/functions_user.' . $this->phpEx); + include($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext); } // create the user if he does not exist yet diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php index aaf9cda735..c8b0c44654 100644 --- a/phpBB/includes/auth/provider_db.php +++ b/phpBB/includes/auth/provider_db.php @@ -33,16 +33,16 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface * @param phpbb_request $request * @param phpbb_user $user * @param string $phpbb_root_path - * @param string $phpEx + * @param string $php_ext */ - public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $phpbb_root_path, $phpEx) + public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $phpbb_root_path, $php_ext) { $this->db = $db; $this->config = $config; $this->request = $request; $this->user = $user; $this->phpbb_root_path = $phpbb_root_path; - $this->phpEx = $phpEx; + $this->php_ext = $php_ext; } public function init() @@ -160,7 +160,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface // Visual Confirmation handling if (!class_exists('phpbb_captcha_factory', false)) { - include ($this->phpbb_root_path . 'includes/captcha/captcha_factory.' . $this->phpEx); + include ($this->phpbb_root_path . 'includes/captcha/captcha_factory.' . $this->php_ext); } $captcha = phpbb_captcha_factory::get_instance($this->config['captcha_plugin']); @@ -206,7 +206,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface { if (!function_exists('utf8_to_cp1252')) { - include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->phpEx); + include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->php_ext); } // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding -- cgit v1.2.1 From 24e323d59353810293dea41d6b9b4114dd627543 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Thu, 27 Jun 2013 14:17:29 -0400 Subject: [feature/auth-refactor] Finish and clean up documentation PHPBB3-9734 --- phpBB/includes/auth/provider_apache.php | 26 ++--------------- phpBB/includes/auth/provider_db.php | 24 ++++------------ phpBB/includes/auth/provider_interface.php | 46 +++++++++++++++++++----------- phpBB/includes/auth/provider_ldap.php | 21 ++++---------- 4 files changed, 43 insertions(+), 74 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/provider_apache.php b/phpBB/includes/auth/provider_apache.php index 0a6811bbcb..054316db19 100644 --- a/phpBB/includes/auth/provider_apache.php +++ b/phpBB/includes/auth/provider_apache.php @@ -42,13 +42,6 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface $this->php_ext = $php_ext; } - /** - * Checks whether the user is identified to apache - * Only allow changing authentication to apache if the user is identified - * Called in acp_board while setting authentication plugins - * - * @return boolean|string false if the user is identified and else an error message - */ public function init() { if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $this->user->data['username'] !== htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'))) @@ -58,9 +51,6 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface return false; } - /** - * Login function - */ public function login($username, $password) { // do not allow empty password @@ -148,12 +138,6 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface ); } - /** - * Autologin function - * - * @return array containing the user row or empty if no auto login should - * take place - */ public function autologin() { if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) @@ -209,8 +193,8 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface * This function generates an array which can be passed to the user_add * function in order to create a user * - * @param str $username The username of the new user. - * @param str $password The password of the new user. + * @param string $username The username of the new user. + * @param string $password The password of the new user. * @return array Contains data that can be passed directly to * the user_add function. */ @@ -242,12 +226,6 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface ); } - /** - * The session validation function checks whether the user is still logged in - * - * @return boolean true if the given user is authenticated or false if - * the session should be closed - */ public function validate_session($user) { // Check if PHP_AUTH_USER is set and handle this case diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php index c8b0c44654..e8fff26650 100644 --- a/phpBB/includes/auth/provider_db.php +++ b/phpBB/includes/auth/provider_db.php @@ -28,12 +28,12 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface /** * Database Authentication Constructor * - * @param phpbb_db_driver $db - * @param phpbb_config $config - * @param phpbb_request $request - * @param phpbb_user $user - * @param string $phpbb_root_path - * @param string $php_ext + * @param phpbb_db_driver $db + * @param phpbb_config $config + * @param phpbb_request $request + * @param phpbb_user $user + * @param string $phpbb_root_path + * @param string $php_ext */ public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $phpbb_root_path, $php_ext) { @@ -50,18 +50,6 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface return; } - /** - * Login function - * - * @param string $username - * @param string $password - * @return array A associative array of the format - * array( - * 'status' => status constant - * 'error_msg' => string - * 'user_row' => array - * ) - */ public function login($username, $password) { // Auth plugins get the password untrimmed. diff --git a/phpBB/includes/auth/provider_interface.php b/phpBB/includes/auth/provider_interface.php index 534f198c21..2d1935f8f0 100644 --- a/phpBB/includes/auth/provider_interface.php +++ b/phpBB/includes/auth/provider_interface.php @@ -26,31 +26,33 @@ interface phpbb_auth_provider_interface * Checks whether the user is currently identified to the authentication * provider. * Called in acp_board while setting authentication plugins. + * Changing to an authentication provider will not be permitted in acp_board + * if there is an error. * * @return boolean|string False if the user is identified, otherwise an - * error message. + * error message, or null if not implemented. */ public function init(); /** * Performs login. * - * @param $username string The name of the user being authenticated. - * @param $password string The password of the user. - * @return array An associative array of the format: - * array( - * 'status' => status constant - * 'error_msg' => string - * 'user_row' => array - * ) + * @param string $username The name of the user being authenticated. + * @param string $password The password of the user. + * @return array An associative array of the format: + * array( + * 'status' => status constant + * 'error_msg' => string + * 'user_row' => array + * ) */ public function login($username, $password); /** * Autologin function * - * @return array containing the user row or empty if no auto login should - * take place + * @return array|null containing the user row, empty if no auto login + * should take place, or null if not impletmented. */ public function autologin(); @@ -58,22 +60,32 @@ interface phpbb_auth_provider_interface * This function is used to output any required fields in the authentication * admin panel. It also defines any required configuration table fields. * - * @param type $new + * @param array $new Contains the new configuration values that have + * been set in acp_board. + * @return array|null Returns null if not implemented or an array of the + * form: + * array( + * 'tpl' => string + * 'config' => array + * ) */ public function acp($new); /** - * Special logout function. + * Performs additional actions during logout. * - * @param type $data - * @param type $new_session + * @param array $data An array corresponding to + * phpbb_session::data + * @param boolean $new_session True for a new session, false for no new + * session. */ public function logout($data, $new_session); /** - * The session validation function checks whether the user is still logged in. + * The session validation function checks whether the user is still logged + * into phpBB. * - * @param type $user + * @param array $user * @return boolean true if the given user is authenticated, false if the * session should be closed, or null if not implemented. */ diff --git a/phpBB/includes/auth/provider_ldap.php b/phpBB/includes/auth/provider_ldap.php index 67d8d8335f..2140e7dd63 100644 --- a/phpBB/includes/auth/provider_ldap.php +++ b/phpBB/includes/auth/provider_ldap.php @@ -27,9 +27,9 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface /** * LDAP Authentication Constructor * - * @param phpbb_db_driver $db - * @param phpbb_config $config - * @param phpbb_user $user + * @param phpbb_db_driver $db + * @param phpbb_config $config + * @param phpbb_user $user */ public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_user $user) { @@ -38,11 +38,6 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface $this->user = $user; } - /** - * Connect to ldap server - * Only allow changing authentication to ldap if we can connect to the ldap server - * Called in acp_board while setting authentication plugins - */ public function init() { if (!@extension_loaded('ldap')) @@ -111,9 +106,6 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface return false; } - /** - * Login function - */ public function login($username, $password) { // do not allow empty password @@ -290,10 +282,6 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface return; } - /** - * This function is used to output any required fields in the authentication - * admin panel. It also defines any required configuration table fields. - */ public function acp($new) { $tpl = ' @@ -359,6 +347,9 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface /** * Escapes an LDAP AttributeValue + * + * @param string $string The string to be escaped + * @return string The escaped string */ private function ldap_escape($string) { -- cgit v1.2.1 From 27f0b9ff4359a60f98533aff2a87c1848d622d4c Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Fri, 28 Jun 2013 13:43:41 -0400 Subject: [feature/auth-refactor] Forgot @inheritdoc on methods PHPBB3-9734 --- phpBB/includes/auth/provider_apache.php | 18 ++++++++++++++++++ phpBB/includes/auth/provider_db.php | 18 ++++++++++++++++++ phpBB/includes/auth/provider_ldap.php | 18 ++++++++++++++++++ 3 files changed, 54 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/provider_apache.php b/phpBB/includes/auth/provider_apache.php index 054316db19..5f6f2862b6 100644 --- a/phpBB/includes/auth/provider_apache.php +++ b/phpBB/includes/auth/provider_apache.php @@ -42,6 +42,9 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface $this->php_ext = $php_ext; } + /** + * {@inheritdoc} + */ public function init() { if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $this->user->data['username'] !== htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'))) @@ -51,6 +54,9 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface return false; } + /** + * {@inheritdoc} + */ public function login($username, $password) { // do not allow empty password @@ -138,6 +144,9 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface ); } + /** + * {@inheritdoc} + */ public function autologin() { if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) @@ -226,6 +235,9 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface ); } + /** + * {@inheritdoc} + */ public function validate_session($user) { // Check if PHP_AUTH_USER is set and handle this case @@ -245,11 +257,17 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface return false; } + /** + * {@inheritdoc} + */ public function acp($new) { return; } + /** + * {@inheritdoc} + */ public function logout($data, $new_session) { return; diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php index e8fff26650..a79d031048 100644 --- a/phpBB/includes/auth/provider_db.php +++ b/phpBB/includes/auth/provider_db.php @@ -45,11 +45,17 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface $this->php_ext = $php_ext; } + /** + * {@inheritdoc} + */ public function init() { return; } + /** + * {@inheritdoc} + */ public function login($username, $password) { // Auth plugins get the password untrimmed. @@ -297,21 +303,33 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface ); } + /** + * {@inheritdoc} + */ public function autologin() { return; } + /** + * {@inheritdoc} + */ public function acp($new) { return; } + /** + * {@inheritdoc} + */ public function logout($data, $new_session) { return; } + /** + * {@inheritdoc} + */ public function validate_session($user) { return; diff --git a/phpBB/includes/auth/provider_ldap.php b/phpBB/includes/auth/provider_ldap.php index 2140e7dd63..f67c1e9247 100644 --- a/phpBB/includes/auth/provider_ldap.php +++ b/phpBB/includes/auth/provider_ldap.php @@ -38,6 +38,9 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface $this->user = $user; } + /** + * {@inheritdoc} + */ public function init() { if (!@extension_loaded('ldap')) @@ -106,6 +109,9 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface return false; } + /** + * {@inheritdoc} + */ public function login($username, $password) { // do not allow empty password @@ -277,11 +283,17 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface ); } + /** + * {@inheritdoc} + */ public function autologin() { return; } + /** + * {@inheritdoc} + */ public function acp($new) { $tpl = ' @@ -356,11 +368,17 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string); } + /** + * {@inheritdoc} + */ public function logout($data, $new_session) { return; } + /** + * {@inheritdoc} + */ public function validate_session($user) { return; -- cgit v1.2.1 From 66118ea49e2dc1a54ce1a76fa4856ff158df9511 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Mon, 1 Jul 2013 13:32:16 -0400 Subject: [feature/auth-refactor] A possible fix for the functional test failures I don't like this fix as it really shouldn't be needed. But it makes the functional tests pass. PHPBB3-9734 --- phpBB/includes/request/request.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/request/request.php b/phpBB/includes/request/request.php index ae3c526d89..c0bb453c7c 100644 --- a/phpBB/includes/request/request.php +++ b/phpBB/includes/request/request.php @@ -79,7 +79,7 @@ class phpbb_request implements phpbb_request_interface // simulate request_order = GP $this->original_request = $this->input[phpbb_request_interface::REQUEST]; - $this->input[phpbb_request_interface::REQUEST] = $this->input[phpbb_request_interface::POST] + $this->input[phpbb_request_interface::GET]; + $this->input[phpbb_request_interface::REQUEST] = (array)$this->input[phpbb_request_interface::POST] + (array)$this->input[phpbb_request_interface::GET]; if ($disable_super_globals) { -- cgit v1.2.1 From f48effb00197a9ace8de82f3a961992215113257 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Mon, 1 Jul 2013 22:37:55 -0400 Subject: [feature/auth-refactor] Fix the actual cause of test failures Enables super globals before the new container is instantiated in the final step of installation to prevent issues caused by trying to create a phpbb_request object when super globals are disabled. PHPBB3-9734 --- phpBB/includes/request/request.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/request/request.php b/phpBB/includes/request/request.php index c0bb453c7c..ae3c526d89 100644 --- a/phpBB/includes/request/request.php +++ b/phpBB/includes/request/request.php @@ -79,7 +79,7 @@ class phpbb_request implements phpbb_request_interface // simulate request_order = GP $this->original_request = $this->input[phpbb_request_interface::REQUEST]; - $this->input[phpbb_request_interface::REQUEST] = (array)$this->input[phpbb_request_interface::POST] + (array)$this->input[phpbb_request_interface::GET]; + $this->input[phpbb_request_interface::REQUEST] = $this->input[phpbb_request_interface::POST] + $this->input[phpbb_request_interface::GET]; if ($disable_super_globals) { -- cgit v1.2.1 From 274308148991a498eab875826d6c7615acdef108 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 2 Jul 2013 00:04:17 -0400 Subject: [feature/auth-refactor] Fix comment grammar PHPBB3-9734 --- phpBB/includes/auth/provider_db.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php index a79d031048..894041c9cf 100644 --- a/phpBB/includes/auth/provider_db.php +++ b/phpBB/includes/auth/provider_db.php @@ -147,7 +147,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface $show_captcha = ($this->config['max_login_attempts'] && $row['user_login_attempts'] >= $this->config['max_login_attempts']) || ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']); - // If there are too much login attempts, we need to check for an confirm image + // If there are too many login attempts, we need to check for a confirm image // Every auth module is able to define what to do by itself... if ($show_captcha) { -- cgit v1.2.1 From f9672e9b45a0f0d26702ca0f55a884a24e21bf77 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 2 Jul 2013 14:03:22 -0400 Subject: [feature/auth-refactor] Fix code style issue PHPBB3-9734 --- phpBB/includes/acp/acp_board.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 4d07f96c6f..24b913260b 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -660,8 +660,8 @@ class acp_board if ($fields['tpl']) { $template->assign_block_vars('auth_tpl', array( - 'TPL' => $fields['tpl']) - ); + 'TPL' => $fields['tpl'], + )); } unset($fields); } -- cgit v1.2.1