makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[feature/auth-refactor] Turn provider_db into a service

Browse source 
Removes globals from provider_db and turns it into a service.

PHPBB3-9734
This commit is contained in:
Joseph Warner 2013-06-20 21:55:25 -04:00
parent 6601c3d64e
commit 24825b9dc8
2 changed files with 74 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
phpBB/config/auth_providers.yml
View file

@ -1 +1,18 @@
services: services:
auth.provider.db:
class: phpbb_auth_provider_db
arguments:
- @dbal.conn
- @config
- @request
- @user
- %core.root_path%
- %core.php_ext%
auth.provider.apache:
class: phpbb_auth_provider_apache
arguments:
auth.provider.ldap:
class: phpbb_auth_provider_ldap
arguments:

98
phpBB/includes/auth/provider_db.php
View file

@ -24,6 +24,27 @@ if (!defined('IN_PHPBB'))
*/ */
class phpbb_auth_provider_db implements phpbb_auth_provider_interface class phpbb_auth_provider_db implements phpbb_auth_provider_interface
{ {
/**
* Database Authentication Constructor
*
* @param phpbb_db_driver $db
* @param phpbb_config $config
* @param phpbb_request $request
* @param phpbb_user $user
* @param string $phpbb_root_path
* @param string $phpEx
*/
public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $phpbb_root_path, $phpEx)
{
$this->db = $db;
$this->config = $config;
$this->request = $request;
$this->user = $user;
$this->phpbb_root_path = $phpbb_root_path;
$this->phpEx = $phpEx;
}
public function init() public function init()
{ {
return; return;
@ -43,9 +64,6 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
*/ */
public function login($username, $password) public function login($username, $password)
{ {
global $db, $config;
global $request, $user;
// Auth plugins get the password untrimmed. // Auth plugins get the password untrimmed.
// For compatibility we trim() here. // For compatibility we trim() here.
$password = trim($password); $password = trim($password);
@ -73,41 +91,41 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . " FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $db->sql_escape($username_clean) . "'"; WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'";
$result = $db->sql_query($sql); $result = $this->db->sql_query($sql);
$row = $db->sql_fetchrow($result); $row = $this->db->sql_fetchrow($result);
$db->sql_freeresult($result); $this->db->sql_freeresult($result);
if (($user->ip && !$config['ip_login_limit_use_forwarded']) || if (($this->user->ip && !$this->config['ip_login_limit_use_forwarded']) ||
($user->forwarded_for && $config['ip_login_limit_use_forwarded'])) ($this->user->forwarded_for && $this->config['ip_login_limit_use_forwarded']))
{ {
$sql = 'SELECT COUNT(*) AS attempts $sql = 'SELECT COUNT(*) AS attempts
FROM ' . LOGIN_ATTEMPT_TABLE . ' FROM ' . LOGIN_ATTEMPT_TABLE . '
WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']); WHERE attempt_time > ' . (time() - (int) $this->config['ip_login_limit_time']);
if ($config['ip_login_limit_use_forwarded']) if ($this->config['ip_login_limit_use_forwarded'])
{ {
$sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($user->forwarded_for) . "'"; $sql .= " AND attempt_forwarded_for = '" . $this->db->sql_escape($this->user->forwarded_for) . "'";
} }
else else
{ {
$sql .= " AND attempt_ip = '" . $db->sql_escape($user->ip) . "' "; $sql .= " AND attempt_ip = '" . $this->db->sql_escape($this->user->ip) . "' ";
} }
$result = $db->sql_query($sql); $result = $this->db->sql_query($sql);
$attempts = (int) $db->sql_fetchfield('attempts'); $attempts = (int) $this->db->sql_fetchfield('attempts');
$db->sql_freeresult($result); $this->db->sql_freeresult($result);
$attempt_data = array( $attempt_data = array(
'attempt_ip' => $user->ip, 'attempt_ip' => $this->user->ip,
'attempt_browser' => trim(substr($user->browser, 0, 149)), 'attempt_browser' => trim(substr($this->user->browser, 0, 149)),
'attempt_forwarded_for' => $user->forwarded_for, 'attempt_forwarded_for' => $this->user->forwarded_for,
'attempt_time' => time(), 'attempt_time' => time(),
'user_id' => ($row) ? (int) $row['user_id'] : 0, 'user_id' => ($row) ? (int) $row['user_id'] : 0,
'username' => $username, 'username' => $username,
'username_clean' => $username_clean, 'username_clean' => $username_clean,
); );
$sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data); $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $this->db->sql_build_array('INSERT', $attempt_data);
$result = $db->sql_query($sql); $result = $this->db->sql_query($sql);
} }
else else
{ {
@ -116,7 +134,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
if (!$row) if (!$row)
{ {
if ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']) if ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max'])
{ {
return array( return array(
'status' => LOGIN_ERROR_ATTEMPTS, 'status' => LOGIN_ERROR_ATTEMPTS,
@ -132,8 +150,8 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
); );
} }
$show_captcha = ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) || $show_captcha = ($this->config['max_login_attempts'] && $row['user_login_attempts'] >= $this->config['max_login_attempts']) ||
($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']); ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']);
// If there are too much login attempts, we need to check for an confirm image // If there are too much login attempts, we need to check for an confirm image
// Every auth module is able to define what to do by itself... // Every auth module is able to define what to do by itself...
@ -142,11 +160,10 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
// Visual Confirmation handling // Visual Confirmation handling
if (!class_exists('phpbb_captcha_factory', false)) if (!class_exists('phpbb_captcha_factory', false))
{ {
global $phpbb_root_path, $phpEx; include ($this->phpbb_root_path . 'includes/captcha/captcha_factory.' . $this->phpEx);
include ($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);
} }
$captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']); $captcha = phpbb_captcha_factory::get_instance($this->config['captcha_plugin']);
$captcha->init(CONFIRM_LOGIN); $captcha->init(CONFIRM_LOGIN);
$vc_response = $captcha->validate($row); $vc_response = $captcha->validate($row);
if ($vc_response) if ($vc_response)
@ -169,28 +186,27 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
{ {
// enable super globals to get literal value // enable super globals to get literal value
// this is needed to prevent unicode normalization // this is needed to prevent unicode normalization
$super_globals_disabled = $request->super_globals_disabled(); $super_globals_disabled = $this->request->super_globals_disabled();
if ($super_globals_disabled) if ($super_globals_disabled)
{ {
$request->enable_super_globals(); $this->request->enable_super_globals();
} }
// in phpBB2 passwords were used exactly as they were sent, with addslashes applied // in phpBB2 passwords were used exactly as they were sent, with addslashes applied
$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
$password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
$password_new_format = $request->variable('password', '', true); $password_new_format = $this->request->variable('password', '', true);
if ($super_globals_disabled) if ($super_globals_disabled)
{ {
$request->disable_super_globals(); $this->request->disable_super_globals();
} }
if ($password == $password_new_format) if ($password == $password_new_format)
{ {
if (!function_exists('utf8_to_cp1252')) if (!function_exists('utf8_to_cp1252'))
{ {
global $phpbb_root_path, $phpEx; include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->phpEx);
include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx);
} }
// cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
@ -202,10 +218,10 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
// Update the password in the users table to the new format and remove user_pass_convert flag // Update the password in the users table to the new format and remove user_pass_convert flag
$sql = 'UPDATE ' . USERS_TABLE . ' $sql = 'UPDATE ' . USERS_TABLE . '
SET user_password = \'' . $db->sql_escape($hash) . '\', SET user_password = \'' . $this->db->sql_escape($hash) . '\',
user_pass_convert = 0 user_pass_convert = 0
WHERE user_id = ' . $row['user_id']; WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql); $this->db->sql_query($sql);
$row['user_pass_convert'] = 0; $row['user_pass_convert'] = 0;
$row['user_password'] = $hash; $row['user_password'] = $hash;
@ -218,7 +234,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
SET user_login_attempts = user_login_attempts + 1 SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . (int) $row['user_id'] . ' WHERE user_id = ' . (int) $row['user_id'] . '
AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
$db->sql_query($sql); $this->db->sql_query($sql);
return array( return array(
'status' => LOGIN_ERROR_PASSWORD_CONVERT, 'status' => LOGIN_ERROR_PASSWORD_CONVERT,
@ -239,17 +255,17 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
// Update the password in the users table to the new format // Update the password in the users table to the new format
$sql = 'UPDATE ' . USERS_TABLE . " $sql = 'UPDATE ' . USERS_TABLE . "
SET user_password = '" . $db->sql_escape($hash) . "', SET user_password = '" . $this->db->sql_escape($hash) . "',
user_pass_convert = 0 user_pass_convert = 0
WHERE user_id = {$row['user_id']}"; WHERE user_id = {$row['user_id']}";
$db->sql_query($sql); $this->db->sql_query($sql);
$row['user_password'] = $hash; $row['user_password'] = $hash;
} }
$sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . ' $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
WHERE user_id = ' . $row['user_id']; WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql); $this->db->sql_query($sql);
if ($row['user_login_attempts'] != 0) if ($row['user_login_attempts'] != 0)
{ {
@ -257,7 +273,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
$sql = 'UPDATE ' . USERS_TABLE . ' $sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = 0 SET user_login_attempts = 0
WHERE user_id = ' . $row['user_id']; WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql); $this->db->sql_query($sql);
} }
// User inactive... // User inactive...
@ -283,7 +299,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
SET user_login_attempts = user_login_attempts + 1 SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . (int) $row['user_id'] . ' WHERE user_id = ' . (int) $row['user_id'] . '
AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
$db->sql_query($sql); $this->db->sql_query($sql);
// Give status about wrong password... // Give status about wrong password...
return array( return array(