From 24825b9dc8cd94204da4180a044dbeab563d5563 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Thu, 20 Jun 2013 21:55:25 -0400 Subject: [PATCH] [feature/auth-refactor] Turn provider_db into a service Removes globals from provider_db and turns it into a service. PHPBB3-9734 --- phpBB/config/auth_providers.yml | 17 +++++ phpBB/includes/auth/provider_db.php | 98 +++++++++++++++++------------ 2 files changed, 74 insertions(+), 41 deletions(-) diff --git a/phpBB/config/auth_providers.yml b/phpBB/config/auth_providers.yml index 0baad47661..e702ec665a 100644 --- a/phpBB/config/auth_providers.yml +++ b/phpBB/config/auth_providers.yml @@ -1 +1,18 @@ services: + auth.provider.db: + class: phpbb_auth_provider_db + arguments: + - @dbal.conn + - @config + - @request + - @user + - %core.root_path% + - %core.php_ext% + auth.provider.apache: + class: phpbb_auth_provider_apache + arguments: + + auth.provider.ldap: + class: phpbb_auth_provider_ldap + arguments: + diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php index e24e701911..aaf9cda735 100644 --- a/phpBB/includes/auth/provider_db.php +++ b/phpBB/includes/auth/provider_db.php @@ -24,6 +24,27 @@ if (!defined('IN_PHPBB')) */ class phpbb_auth_provider_db implements phpbb_auth_provider_interface { + + /** + * Database Authentication Constructor + * + * @param phpbb_db_driver $db + * @param phpbb_config $config + * @param phpbb_request $request + * @param phpbb_user $user + * @param string $phpbb_root_path + * @param string $phpEx + */ + public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $phpbb_root_path, $phpEx) + { + $this->db = $db; + $this->config = $config; + $this->request = $request; + $this->user = $user; + $this->phpbb_root_path = $phpbb_root_path; + $this->phpEx = $phpEx; + } + public function init() { return; @@ -43,9 +64,6 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface */ public function login($username, $password) { - global $db, $config; - global $request, $user; - // Auth plugins get the password untrimmed. // For compatibility we trim() here. $password = trim($password); @@ -73,41 +91,41 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts FROM ' . USERS_TABLE . " - WHERE username_clean = '" . $db->sql_escape($username_clean) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); + WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); - if (($user->ip && !$config['ip_login_limit_use_forwarded']) || - ($user->forwarded_for && $config['ip_login_limit_use_forwarded'])) + if (($this->user->ip && !$this->config['ip_login_limit_use_forwarded']) || + ($this->user->forwarded_for && $this->config['ip_login_limit_use_forwarded'])) { $sql = 'SELECT COUNT(*) AS attempts FROM ' . LOGIN_ATTEMPT_TABLE . ' - WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']); - if ($config['ip_login_limit_use_forwarded']) + WHERE attempt_time > ' . (time() - (int) $this->config['ip_login_limit_time']); + if ($this->config['ip_login_limit_use_forwarded']) { - $sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($user->forwarded_for) . "'"; + $sql .= " AND attempt_forwarded_for = '" . $this->db->sql_escape($this->user->forwarded_for) . "'"; } else { - $sql .= " AND attempt_ip = '" . $db->sql_escape($user->ip) . "' "; + $sql .= " AND attempt_ip = '" . $this->db->sql_escape($this->user->ip) . "' "; } - $result = $db->sql_query($sql); - $attempts = (int) $db->sql_fetchfield('attempts'); - $db->sql_freeresult($result); + $result = $this->db->sql_query($sql); + $attempts = (int) $this->db->sql_fetchfield('attempts'); + $this->db->sql_freeresult($result); $attempt_data = array( - 'attempt_ip' => $user->ip, - 'attempt_browser' => trim(substr($user->browser, 0, 149)), - 'attempt_forwarded_for' => $user->forwarded_for, + 'attempt_ip' => $this->user->ip, + 'attempt_browser' => trim(substr($this->user->browser, 0, 149)), + 'attempt_forwarded_for' => $this->user->forwarded_for, 'attempt_time' => time(), 'user_id' => ($row) ? (int) $row['user_id'] : 0, 'username' => $username, 'username_clean' => $username_clean, ); - $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data); - $result = $db->sql_query($sql); + $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $this->db->sql_build_array('INSERT', $attempt_data); + $result = $this->db->sql_query($sql); } else { @@ -116,7 +134,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface if (!$row) { - if ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']) + if ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']) { return array( 'status' => LOGIN_ERROR_ATTEMPTS, @@ -132,8 +150,8 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface ); } - $show_captcha = ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) || - ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']); + $show_captcha = ($this->config['max_login_attempts'] && $row['user_login_attempts'] >= $this->config['max_login_attempts']) || + ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']); // If there are too much login attempts, we need to check for an confirm image // Every auth module is able to define what to do by itself... @@ -142,11 +160,10 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface // Visual Confirmation handling if (!class_exists('phpbb_captcha_factory', false)) { - global $phpbb_root_path, $phpEx; - include ($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx); + include ($this->phpbb_root_path . 'includes/captcha/captcha_factory.' . $this->phpEx); } - $captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']); + $captcha = phpbb_captcha_factory::get_instance($this->config['captcha_plugin']); $captcha->init(CONFIRM_LOGIN); $vc_response = $captcha->validate($row); if ($vc_response) @@ -169,28 +186,27 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface { // enable super globals to get literal value // this is needed to prevent unicode normalization - $super_globals_disabled = $request->super_globals_disabled(); + $super_globals_disabled = $this->request->super_globals_disabled(); if ($super_globals_disabled) { - $request->enable_super_globals(); + $this->request->enable_super_globals(); } // in phpBB2 passwords were used exactly as they were sent, with addslashes applied $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; - $password_new_format = $request->variable('password', '', true); + $password_new_format = $this->request->variable('password', '', true); if ($super_globals_disabled) { - $request->disable_super_globals(); + $this->request->disable_super_globals(); } if ($password == $password_new_format) { if (!function_exists('utf8_to_cp1252')) { - global $phpbb_root_path, $phpEx; - include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx); + include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->phpEx); } // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding @@ -202,10 +218,10 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface // Update the password in the users table to the new format and remove user_pass_convert flag $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_password = \'' . $db->sql_escape($hash) . '\', + SET user_password = \'' . $this->db->sql_escape($hash) . '\', user_pass_convert = 0 WHERE user_id = ' . $row['user_id']; - $db->sql_query($sql); + $this->db->sql_query($sql); $row['user_pass_convert'] = 0; $row['user_password'] = $hash; @@ -218,7 +234,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface SET user_login_attempts = user_login_attempts + 1 WHERE user_id = ' . (int) $row['user_id'] . ' AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; - $db->sql_query($sql); + $this->db->sql_query($sql); return array( 'status' => LOGIN_ERROR_PASSWORD_CONVERT, @@ -239,17 +255,17 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface // Update the password in the users table to the new format $sql = 'UPDATE ' . USERS_TABLE . " - SET user_password = '" . $db->sql_escape($hash) . "', + SET user_password = '" . $this->db->sql_escape($hash) . "', user_pass_convert = 0 WHERE user_id = {$row['user_id']}"; - $db->sql_query($sql); + $this->db->sql_query($sql); $row['user_password'] = $hash; } $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . ' WHERE user_id = ' . $row['user_id']; - $db->sql_query($sql); + $this->db->sql_query($sql); if ($row['user_login_attempts'] != 0) { @@ -257,7 +273,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = 0 WHERE user_id = ' . $row['user_id']; - $db->sql_query($sql); + $this->db->sql_query($sql); } // User inactive... @@ -283,7 +299,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface SET user_login_attempts = user_login_attempts + 1 WHERE user_id = ' . (int) $row['user_id'] . ' AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; - $db->sql_query($sql); + $this->db->sql_query($sql); // Give status about wrong password... return array(