makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[feature/auth-refactor] Turn provider_db into a service

Browse source 
Removes globals from provider_db and turns it into a service.

PHPBB3-9734
This commit is contained in:
Joseph Warner 2013-06-20 21:55:25 -04:00
parent 6601c3d64e
commit 24825b9dc8
2 changed files with 74 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
phpBB/config/auth_providers.yml
View file

@ -1 +1,18 @@
services:
auth.provider.db:
class: phpbb_auth_provider_db
arguments:
- @dbal.conn
- @config
- @request
- @user
- %core.root_path%
- %core.php_ext%
auth.provider.apache:
class: phpbb_auth_provider_apache
arguments:
auth.provider.ldap:
class: phpbb_auth_provider_ldap
arguments:

98
phpBB/includes/auth/provider_db.php
View file

@ -24,6 +24,27 @@ if (!defined('IN_PHPBB'))
*/
class phpbb_auth_provider_db implements phpbb_auth_provider_interface
{
/**
* Database Authentication Constructor
*
* @param phpbb_db_driver $db
* @param phpbb_config $config
* @param phpbb_request $request
* @param phpbb_user $user
* @param string $phpbb_root_path
* @param string $phpEx
*/
public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $phpbb_root_path, $phpEx)
{
$this->db = $db;
$this->config = $config;
$this->request = $request;
$this->user = $user;
$this->phpbb_root_path = $phpbb_root_path;
$this->phpEx = $phpEx;
}
public function init()
{
return;
@ -43,9 +64,6 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
*/
public function login($username, $password)
{
global $db, $config;
global $request, $user;
// Auth plugins get the password untrimmed.
// For compatibility we trim() here.
$password = trim($password);
@ -73,41 +91,41 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $db->sql_escape($username_clean) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'";
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if (($user->ip && !$config['ip_login_limit_use_forwarded']) ||
($user->forwarded_for && $config['ip_login_limit_use_forwarded']))
if (($this->user->ip && !$this->config['ip_login_limit_use_forwarded']) ||
($this->user->forwarded_for && $this->config['ip_login_limit_use_forwarded']))
{
$sql = 'SELECT COUNT(*) AS attempts
FROM ' . LOGIN_ATTEMPT_TABLE . '
WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']);
if ($config['ip_login_limit_use_forwarded'])
WHERE attempt_time > ' . (time() - (int) $this->config['ip_login_limit_time']);
if ($this->config['ip_login_limit_use_forwarded'])
{
$sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($user->forwarded_for) . "'";
$sql .= " AND attempt_forwarded_for = '" . $this->db->sql_escape($this->user->forwarded_for) . "'";
}
else
{
$sql .= " AND attempt_ip = '" . $db->sql_escape($user->ip) . "' ";
$sql .= " AND attempt_ip = '" . $this->db->sql_escape($this->user->ip) . "' ";
}
$result = $db->sql_query($sql);
$attempts = (int) $db->sql_fetchfield('attempts');
$db->sql_freeresult($result);
$result = $this->db->sql_query($sql);
$attempts = (int) $this->db->sql_fetchfield('attempts');
$this->db->sql_freeresult($result);
$attempt_data = array(
'attempt_ip' => $user->ip,
'attempt_browser' => trim(substr($user->browser, 0, 149)),
'attempt_forwarded_for' => $user->forwarded_for,
'attempt_ip' => $this->user->ip,
'attempt_browser' => trim(substr($this->user->browser, 0, 149)),
'attempt_forwarded_for' => $this->user->forwarded_for,
'attempt_time' => time(),
'user_id' => ($row) ? (int) $row['user_id'] : 0,
'username' => $username,
'username_clean' => $username_clean,
);
$sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data);
$result = $db->sql_query($sql);
$sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $this->db->sql_build_array('INSERT', $attempt_data);
$result = $this->db->sql_query($sql);
}
else
{
@ -116,7 +134,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
if (!$row)
{
if ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max'])
if ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max'])
{
return array(
'status' => LOGIN_ERROR_ATTEMPTS,
@ -132,8 +150,8 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
);
}
$show_captcha = ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) ||
($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']);
$show_captcha = ($this->config['max_login_attempts'] && $row['user_login_attempts'] >= $this->config['max_login_attempts']) ||
($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']);
// If there are too much login attempts, we need to check for an confirm image
// Every auth module is able to define what to do by itself...
@ -142,11 +160,10 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
// Visual Confirmation handling
if (!class_exists('phpbb_captcha_factory', false))
{
global $phpbb_root_path, $phpEx;
include ($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);
include ($this->phpbb_root_path . 'includes/captcha/captcha_factory.' . $this->phpEx);
}
$captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']);
$captcha = phpbb_captcha_factory::get_instance($this->config['captcha_plugin']);
$captcha->init(CONFIRM_LOGIN);
$vc_response = $captcha->validate($row);
if ($vc_response)
@ -169,28 +186,27 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
{
// enable super globals to get literal value
// this is needed to prevent unicode normalization
$super_globals_disabled = $request->super_globals_disabled();
$super_globals_disabled = $this->request->super_globals_disabled();
if ($super_globals_disabled)
{
$request->enable_super_globals();
$this->request->enable_super_globals();
}
// in phpBB2 passwords were used exactly as they were sent, with addslashes applied
$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
$password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
$password_new_format = $request->variable('password', '', true);
$password_new_format = $this->request->variable('password', '', true);
if ($super_globals_disabled)
{
$request->disable_super_globals();
$this->request->disable_super_globals();
}
if ($password == $password_new_format)
{
if (!function_exists('utf8_to_cp1252'))
{
global $phpbb_root_path, $phpEx;
include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx);
include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->phpEx);
}
// cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
@ -202,10 +218,10 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
// Update the password in the users table to the new format and remove user_pass_convert flag
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_password = \'' . $db->sql_escape($hash) . '\',
SET user_password = \'' . $this->db->sql_escape($hash) . '\',
user_pass_convert = 0
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
$this->db->sql_query($sql);
$row['user_pass_convert'] = 0;
$row['user_password'] = $hash;
@ -218,7 +234,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . (int) $row['user_id'] . '
AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
$db->sql_query($sql);
$this->db->sql_query($sql);
return array(
'status' => LOGIN_ERROR_PASSWORD_CONVERT,
@ -239,17 +255,17 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
// Update the password in the users table to the new format
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_password = '" . $db->sql_escape($hash) . "',
SET user_password = '" . $this->db->sql_escape($hash) . "',
user_pass_convert = 0
WHERE user_id = {$row['user_id']}";
$db->sql_query($sql);
$this->db->sql_query($sql);
$row['user_password'] = $hash;
}
$sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
$this->db->sql_query($sql);
if ($row['user_login_attempts'] != 0)
{
@ -257,7 +273,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = 0
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
$this->db->sql_query($sql);
}
// User inactive...
@ -283,7 +299,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . (int) $row['user_id'] . '
AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
$db->sql_query($sql);
$this->db->sql_query($sql);
// Give status about wrong password...
return array(