diff --git a/phpBB/config/auth_providers.yml b/phpBB/config/auth_providers.yml
new file mode 100644
index 0000000000..bcc448e4d7
--- /dev/null
+++ b/phpBB/config/auth_providers.yml
@@ -0,0 +1,37 @@
+services:
+ auth.provider_collection:
+ class: phpbb_di_service_collection
+ arguments:
+ - @service_container
+ tags:
+ - { name: service_collection, tag: auth.provider }
+ auth.provider.db:
+ class: phpbb_auth_provider_db
+ arguments:
+ - @dbal.conn
+ - @config
+ - @request
+ - @user
+ - %core.root_path%
+ - %core.php_ext%
+ tags:
+ - { name: auth.provider }
+ auth.provider.apache:
+ class: phpbb_auth_provider_apache
+ arguments:
+ - @dbal.conn
+ - @config
+ - @request
+ - @user
+ - %core.root_path%
+ - %core.php_ext%
+ tags:
+ - { name: auth.provider }
+ auth.provider.ldap:
+ class: phpbb_auth_provider_ldap
+ arguments:
+ - @dbal.conn
+ - @config
+ - @user
+ tags:
+ - { name: auth.provider }
diff --git a/phpBB/config/services.yml b/phpBB/config/services.yml
index bb9879601c..3d951e2a45 100644
--- a/phpBB/config/services.yml
+++ b/phpBB/config/services.yml
@@ -5,6 +5,7 @@ imports:
- { resource: migrator.yml }
- { resource: avatars.yml }
- { resource: feed.yml }
+ - { resource: auth_providers.yml }
services:
auth:
diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php
index 6881e03fdb..24b913260b 100644
--- a/phpBB/includes/acp/acp_board.php
+++ b/phpBB/includes/acp/acp_board.php
@@ -522,84 +522,54 @@ class acp_board
if ($mode == 'auth')
{
// Retrieve a list of auth plugins and check their config values
- $auth_plugins = array();
-
- $dp = @opendir($phpbb_root_path . 'includes/auth');
-
- if ($dp)
- {
- while (($file = readdir($dp)) !== false)
- {
- if (preg_match('#^auth_(.*?)\.' . $phpEx . '$#', $file))
- {
- $auth_plugins[] = basename(preg_replace('#^auth_(.*?)\.' . $phpEx . '$#', '\1', $file));
- }
- }
- closedir($dp);
-
- sort($auth_plugins);
- }
+ $auth_providers = $phpbb_container->get('auth.provider_collection');
$updated_auth_settings = false;
$old_auth_config = array();
- foreach ($auth_plugins as $method)
+ foreach ($auth_providers as $provider)
{
- if ($method && file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
+ if ($fields = $provider->acp($this->new_config))
{
- include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
-
- $method = 'acp_' . $method;
- if (function_exists($method))
+ // Check if we need to create config fields for this plugin and save config when submit was pressed
+ foreach ($fields['config'] as $field)
{
- if ($fields = $method($this->new_config))
+ if (!isset($config[$field]))
{
- // Check if we need to create config fields for this plugin and save config when submit was pressed
- foreach ($fields['config'] as $field)
- {
- if (!isset($config[$field]))
- {
- set_config($field, '');
- }
-
- if (!isset($cfg_array[$field]) || strpos($field, 'legend') !== false)
- {
- continue;
- }
-
- $old_auth_config[$field] = $this->new_config[$field];
- $config_value = $cfg_array[$field];
- $this->new_config[$field] = $config_value;
-
- if ($submit)
- {
- $updated_auth_settings = true;
- set_config($field, $config_value);
- }
- }
+ set_config($field, '');
+ }
+
+ if (!isset($cfg_array[$field]) || strpos($field, 'legend') !== false)
+ {
+ continue;
+ }
+
+ $old_auth_config[$field] = $this->new_config[$field];
+ $config_value = $cfg_array[$field];
+ $this->new_config[$field] = $config_value;
+
+ if ($submit)
+ {
+ $updated_auth_settings = true;
+ set_config($field, $config_value);
}
- unset($fields);
}
}
+ unset($fields);
}
if ($submit && (($cfg_array['auth_method'] != $this->new_config['auth_method']) || $updated_auth_settings))
{
$method = basename($cfg_array['auth_method']);
- if ($method && in_array($method, $auth_plugins))
+ if (array_key_exists('auth.provider.' . $method, $auth_providers))
{
- include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
-
- $method = 'init_' . $method;
- if (function_exists($method))
+ $provider = $auth_providers['auth.provider.' . $method];
+ if ($error = $provider->init())
{
- if ($error = $method())
+ foreach ($old_auth_config as $config_name => $config_value)
{
- foreach ($old_auth_config as $config_name => $config_value)
- {
- set_config($config_name, $config_value);
- }
- trigger_error($error . adm_back_link($this->u_action), E_USER_WARNING);
+ set_config($config_name, $config_value);
}
+ trigger_error($error . adm_back_link($this->u_action), E_USER_WARNING);
}
set_config('auth_method', basename($cfg_array['auth_method']));
}
@@ -683,24 +653,17 @@ class acp_board
{
$template->assign_var('S_AUTH', true);
- foreach ($auth_plugins as $method)
+ foreach ($auth_providers as $provider)
{
- if ($method && file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
- {
- $method = 'acp_' . $method;
- if (function_exists($method))
- {
- $fields = $method($this->new_config);
+ $fields = $provider->acp($this->new_config);
- if ($fields['tpl'])
- {
- $template->assign_block_vars('auth_tpl', array(
- 'TPL' => $fields['tpl'])
- );
- }
- unset($fields);
- }
+ if ($fields['tpl'])
+ {
+ $template->assign_block_vars('auth_tpl', array(
+ 'TPL' => $fields['tpl'],
+ ));
}
+ unset($fields);
}
}
}
@@ -710,26 +673,16 @@ class acp_board
*/
function select_auth_method($selected_method, $key = '')
{
- global $phpbb_root_path, $phpEx;
+ global $phpbb_root_path, $phpEx, $phpbb_container;
$auth_plugins = array();
+ $auth_providers = $phpbb_container->get('auth.provider_collection');
- $dp = @opendir($phpbb_root_path . 'includes/auth');
-
- if (!$dp)
+ foreach($auth_providers as $key => $value)
{
- return '';
+ $auth_plugins[] = str_replace('auth.provider.', '', $key);
}
- while (($file = readdir($dp)) !== false)
- {
- if (preg_match('#^auth_(.*?)\.' . $phpEx . '$#', $file))
- {
- $auth_plugins[] = preg_replace('#^auth_(.*?)\.' . $phpEx . '$#', '\1', $file);
- }
- }
- closedir($dp);
-
sort($auth_plugins);
$auth_select = '';
diff --git a/phpBB/includes/acp/acp_captcha.php b/phpBB/includes/acp/acp_captcha.php
index c7c64ae56b..1a083c20ac 100644
--- a/phpBB/includes/acp/acp_captcha.php
+++ b/phpBB/includes/acp/acp_captcha.php
@@ -124,6 +124,8 @@ class acp_captcha
'CAPTCHA_PREVIEW_TPL' => $demo_captcha->get_demo_template($id),
'S_CAPTCHA_HAS_CONFIG' => $demo_captcha->has_config(),
'CAPTCHA_SELECT' => $captcha_select,
+
+ 'U_ACTION' => $this->u_action,
));
}
}
diff --git a/phpBB/includes/auth/auth.php b/phpBB/includes/auth/auth.php
index 2535247571..279959974d 100644
--- a/phpBB/includes/auth/auth.php
+++ b/phpBB/includes/auth/auth.php
@@ -927,15 +927,14 @@ class phpbb_auth
*/
function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0)
{
- global $config, $db, $user, $phpbb_root_path, $phpEx;
+ global $config, $db, $user, $phpbb_root_path, $phpEx, $phpbb_container;
$method = trim(basename($config['auth_method']));
- include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
- $method = 'login_' . $method;
- if (function_exists($method))
+ $provider = $phpbb_container->get('auth.provider.' . $method);
+ if ($provider)
{
- $login = $method($username, $password, $user->ip, $user->browser, $user->forwarded_for);
+ $login = $provider->login($username, $password);
// If the auth module wants us to create an empty profile do so and then treat the status as LOGIN_SUCCESS
if ($login['status'] == LOGIN_SUCCESS_CREATE_PROFILE)
diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php
deleted file mode 100644
index 10b288aa09..0000000000
--- a/phpBB/includes/auth/auth_apache.php
+++ /dev/null
@@ -1,247 +0,0 @@
-is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $user->data['username'] !== htmlspecialchars_decode($request->server('PHP_AUTH_USER')))
- {
- return $user->lang['APACHE_SETUP_BEFORE_USE'];
- }
- return false;
-}
-
-/**
-* Login function
-*/
-function login_apache(&$username, &$password)
-{
- global $db, $request;
-
- // do not allow empty password
- if (!$password)
- {
- return array(
- 'status' => LOGIN_ERROR_PASSWORD,
- 'error_msg' => 'NO_PASSWORD_SUPPLIED',
- 'user_row' => array('user_id' => ANONYMOUS),
- );
- }
-
- if (!$username)
- {
- return array(
- 'status' => LOGIN_ERROR_USERNAME,
- 'error_msg' => 'LOGIN_ERROR_USERNAME',
- 'user_row' => array('user_id' => ANONYMOUS),
- );
- }
-
- if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
- {
- return array(
- 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
- 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
- 'user_row' => array('user_id' => ANONYMOUS),
- );
- }
-
- $php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER'));
- $php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW'));
-
- if (!empty($php_auth_user) && !empty($php_auth_pw))
- {
- if ($php_auth_user !== $username)
- {
- return array(
- 'status' => LOGIN_ERROR_USERNAME,
- 'error_msg' => 'LOGIN_ERROR_USERNAME',
- 'user_row' => array('user_id' => ANONYMOUS),
- );
- }
-
- $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
- FROM ' . USERS_TABLE . "
- WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
- $result = $db->sql_query($sql);
- $row = $db->sql_fetchrow($result);
- $db->sql_freeresult($result);
-
- if ($row)
- {
- // User inactive...
- if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
- {
- return array(
- 'status' => LOGIN_ERROR_ACTIVE,
- 'error_msg' => 'ACTIVE_ERROR',
- 'user_row' => $row,
- );
- }
-
- // Successful login...
- return array(
- 'status' => LOGIN_SUCCESS,
- 'error_msg' => false,
- 'user_row' => $row,
- );
- }
-
- // this is the user's first login so create an empty profile
- return array(
- 'status' => LOGIN_SUCCESS_CREATE_PROFILE,
- 'error_msg' => false,
- 'user_row' => user_row_apache($php_auth_user, $php_auth_pw),
- );
- }
-
- // Not logged into apache
- return array(
- 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
- 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
- 'user_row' => array('user_id' => ANONYMOUS),
- );
-}
-
-/**
-* Autologin function
-*
-* @return array containing the user row or empty if no auto login should take place
-*/
-function autologin_apache()
-{
- global $db, $request;
-
- if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
- {
- return array();
- }
-
- $php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER'));
- $php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW'));
-
- if (!empty($php_auth_user) && !empty($php_auth_pw))
- {
- set_var($php_auth_user, $php_auth_user, 'string', true);
- set_var($php_auth_pw, $php_auth_pw, 'string', true);
-
- $sql = 'SELECT *
- FROM ' . USERS_TABLE . "
- WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
- $result = $db->sql_query($sql);
- $row = $db->sql_fetchrow($result);
- $db->sql_freeresult($result);
-
- if ($row)
- {
- return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row;
- }
-
- if (!function_exists('user_add'))
- {
- global $phpbb_root_path, $phpEx;
-
- include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
- }
-
- // create the user if he does not exist yet
- user_add(user_row_apache($php_auth_user, $php_auth_pw));
-
- $sql = 'SELECT *
- FROM ' . USERS_TABLE . "
- WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($php_auth_user)) . "'";
- $result = $db->sql_query($sql);
- $row = $db->sql_fetchrow($result);
- $db->sql_freeresult($result);
-
- if ($row)
- {
- return $row;
- }
- }
-
- return array();
-}
-
-/**
-* This function generates an array which can be passed to the user_add function in order to create a user
-*/
-function user_row_apache($username, $password)
-{
- global $db, $config, $user;
- // first retrieve default group id
- $sql = 'SELECT group_id
- FROM ' . GROUPS_TABLE . "
- WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
- AND group_type = " . GROUP_SPECIAL;
- $result = $db->sql_query($sql);
- $row = $db->sql_fetchrow($result);
- $db->sql_freeresult($result);
-
- if (!$row)
- {
- trigger_error('NO_GROUP');
- }
-
- // generate user account data
- return array(
- 'username' => $username,
- 'user_password' => phpbb_hash($password),
- 'user_email' => '',
- 'group_id' => (int) $row['group_id'],
- 'user_type' => USER_NORMAL,
- 'user_ip' => $user->ip,
- 'user_new' => ($config['new_member_post_limit']) ? 1 : 0,
- );
-}
-
-/**
-* The session validation function checks whether the user is still logged in
-*
-* @return boolean true if the given user is authenticated or false if the session should be closed
-*/
-function validate_session_apache(&$user)
-{
- global $request;
-
- // Check if PHP_AUTH_USER is set and handle this case
- if ($request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
- {
- $php_auth_user = $request->server('PHP_AUTH_USER');
-
- return ($php_auth_user === $user['username']) ? true : false;
- }
-
- // PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not)
- if ($user['user_type'] == USER_IGNORE)
- {
- return true;
- }
-
- return false;
-}
diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php
deleted file mode 100644
index ac944532a5..0000000000
--- a/phpBB/includes/auth/auth_db.php
+++ /dev/null
@@ -1,289 +0,0 @@
- status constant
-* 'error_msg' => string
-* 'user_row' => array
-* )
-*/
-function login_db($username, $password, $ip = '', $browser = '', $forwarded_for = '')
-{
- global $db, $config;
- global $request;
-
- // Auth plugins get the password untrimmed.
- // For compatibility we trim() here.
- $password = trim($password);
-
- // do not allow empty password
- if (!$password)
- {
- return array(
- 'status' => LOGIN_ERROR_PASSWORD,
- 'error_msg' => 'NO_PASSWORD_SUPPLIED',
- 'user_row' => array('user_id' => ANONYMOUS),
- );
- }
-
- if (!$username)
- {
- return array(
- 'status' => LOGIN_ERROR_USERNAME,
- 'error_msg' => 'LOGIN_ERROR_USERNAME',
- 'user_row' => array('user_id' => ANONYMOUS),
- );
- }
-
- $username_clean = utf8_clean_string($username);
-
- $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
- FROM ' . USERS_TABLE . "
- WHERE username_clean = '" . $db->sql_escape($username_clean) . "'";
- $result = $db->sql_query($sql);
- $row = $db->sql_fetchrow($result);
- $db->sql_freeresult($result);
-
- if (($ip && !$config['ip_login_limit_use_forwarded']) ||
- ($forwarded_for && $config['ip_login_limit_use_forwarded']))
- {
- $sql = 'SELECT COUNT(*) AS attempts
- FROM ' . LOGIN_ATTEMPT_TABLE . '
- WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']);
- if ($config['ip_login_limit_use_forwarded'])
- {
- $sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($forwarded_for) . "'";
- }
- else
- {
- $sql .= " AND attempt_ip = '" . $db->sql_escape($ip) . "' ";
- }
-
- $result = $db->sql_query($sql);
- $attempts = (int) $db->sql_fetchfield('attempts');
- $db->sql_freeresult($result);
-
- $attempt_data = array(
- 'attempt_ip' => $ip,
- 'attempt_browser' => trim(substr($browser, 0, 149)),
- 'attempt_forwarded_for' => $forwarded_for,
- 'attempt_time' => time(),
- 'user_id' => ($row) ? (int) $row['user_id'] : 0,
- 'username' => $username,
- 'username_clean' => $username_clean,
- );
- $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data);
- $result = $db->sql_query($sql);
- }
- else
- {
- $attempts = 0;
- }
-
- if (!$row)
- {
- if ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max'])
- {
- return array(
- 'status' => LOGIN_ERROR_ATTEMPTS,
- 'error_msg' => 'LOGIN_ERROR_ATTEMPTS',
- 'user_row' => array('user_id' => ANONYMOUS),
- );
- }
-
- return array(
- 'status' => LOGIN_ERROR_USERNAME,
- 'error_msg' => 'LOGIN_ERROR_USERNAME',
- 'user_row' => array('user_id' => ANONYMOUS),
- );
- }
-
- $show_captcha = ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) ||
- ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']);
-
- // If there are too much login attempts, we need to check for an confirm image
- // Every auth module is able to define what to do by itself...
- if ($show_captcha)
- {
- // Visual Confirmation handling
- if (!class_exists('phpbb_captcha_factory', false))
- {
- global $phpbb_root_path, $phpEx;
- include ($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);
- }
-
- $captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']);
- $captcha->init(CONFIRM_LOGIN);
- $vc_response = $captcha->validate($row);
- if ($vc_response)
- {
- return array(
- 'status' => LOGIN_ERROR_ATTEMPTS,
- 'error_msg' => 'LOGIN_ERROR_ATTEMPTS',
- 'user_row' => $row,
- );
- }
- else
- {
- $captcha->reset();
- }
-
- }
-
- // If the password convert flag is set we need to convert it
- if ($row['user_pass_convert'])
- {
- // enable super globals to get literal value
- // this is needed to prevent unicode normalization
- $super_globals_disabled = $request->super_globals_disabled();
- if ($super_globals_disabled)
- {
- $request->enable_super_globals();
- }
-
- // in phpBB2 passwords were used exactly as they were sent, with addslashes applied
- $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
- $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
- $password_new_format = $request->variable('password', '', true);
-
- if ($super_globals_disabled)
- {
- $request->disable_super_globals();
- }
-
- if ($password == $password_new_format)
- {
- if (!function_exists('utf8_to_cp1252'))
- {
- global $phpbb_root_path, $phpEx;
- include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx);
- }
-
- // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
- // plain md5 support left in for conversions from other systems.
- if ((strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password'])))
- || (strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])))
- {
- $hash = phpbb_hash($password_new_format);
-
- // Update the password in the users table to the new format and remove user_pass_convert flag
- $sql = 'UPDATE ' . USERS_TABLE . '
- SET user_password = \'' . $db->sql_escape($hash) . '\',
- user_pass_convert = 0
- WHERE user_id = ' . $row['user_id'];
- $db->sql_query($sql);
-
- $row['user_pass_convert'] = 0;
- $row['user_password'] = $hash;
- }
- else
- {
- // Although we weren't able to convert this password we have to
- // increase login attempt count to make sure this cannot be exploited
- $sql = 'UPDATE ' . USERS_TABLE . '
- SET user_login_attempts = user_login_attempts + 1
- WHERE user_id = ' . (int) $row['user_id'] . '
- AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
- $db->sql_query($sql);
-
- return array(
- 'status' => LOGIN_ERROR_PASSWORD_CONVERT,
- 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT',
- 'user_row' => $row,
- );
- }
- }
- }
-
- // Check password ...
- if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password']))
- {
- // Check for old password hash...
- if (strlen($row['user_password']) == 32)
- {
- $hash = phpbb_hash($password);
-
- // Update the password in the users table to the new format
- $sql = 'UPDATE ' . USERS_TABLE . "
- SET user_password = '" . $db->sql_escape($hash) . "',
- user_pass_convert = 0
- WHERE user_id = {$row['user_id']}";
- $db->sql_query($sql);
-
- $row['user_password'] = $hash;
- }
-
- $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
- WHERE user_id = ' . $row['user_id'];
- $db->sql_query($sql);
-
- if ($row['user_login_attempts'] != 0)
- {
- // Successful, reset login attempts (the user passed all stages)
- $sql = 'UPDATE ' . USERS_TABLE . '
- SET user_login_attempts = 0
- WHERE user_id = ' . $row['user_id'];
- $db->sql_query($sql);
- }
-
- // User inactive...
- if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
- {
- return array(
- 'status' => LOGIN_ERROR_ACTIVE,
- 'error_msg' => 'ACTIVE_ERROR',
- 'user_row' => $row,
- );
- }
-
- // Successful login... set user_login_attempts to zero...
- return array(
- 'status' => LOGIN_SUCCESS,
- 'error_msg' => false,
- 'user_row' => $row,
- );
- }
-
- // Password incorrect - increase login attempts
- $sql = 'UPDATE ' . USERS_TABLE . '
- SET user_login_attempts = user_login_attempts + 1
- WHERE user_id = ' . (int) $row['user_id'] . '
- AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
- $db->sql_query($sql);
-
- // Give status about wrong password...
- return array(
- 'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD,
- 'error_msg' => ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD',
- 'user_row' => $row,
- );
-}
diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php
deleted file mode 100644
index 98355dd044..0000000000
--- a/phpBB/includes/auth/auth_ldap.php
+++ /dev/null
@@ -1,350 +0,0 @@
-lang['LDAP_NO_LDAP_EXTENSION'];
- }
-
- $config['ldap_port'] = (int) $config['ldap_port'];
- if ($config['ldap_port'])
- {
- $ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']);
- }
- else
- {
- $ldap = @ldap_connect($config['ldap_server']);
- }
-
- if (!$ldap)
- {
- return $user->lang['LDAP_NO_SERVER_CONNECTION'];
- }
-
- @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
- @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
-
- if ($config['ldap_user'] || $config['ldap_password'])
- {
- if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password'])))
- {
- return $user->lang['LDAP_INCORRECT_USER_PASSWORD'];
- }
- }
-
- // ldap_connect only checks whether the specified server is valid, so the connection might still fail
- $search = @ldap_search(
- $ldap,
- htmlspecialchars_decode($config['ldap_base_dn']),
- ldap_user_filter($user->data['username']),
- (empty($config['ldap_email'])) ?
- array(htmlspecialchars_decode($config['ldap_uid'])) :
- array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])),
- 0,
- 1
- );
-
- if ($search === false)
- {
- return $user->lang['LDAP_SEARCH_FAILED'];
- }
-
- $result = @ldap_get_entries($ldap, $search);
-
- @ldap_close($ldap);
-
-
- if (!is_array($result) || sizeof($result) < 2)
- {
- return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']);
- }
-
- if (!empty($config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($config['ldap_email'])]))
- {
- return $user->lang['LDAP_NO_EMAIL'];
- }
-
- return false;
-}
-
-/**
-* Login function
-*/
-function login_ldap(&$username, &$password)
-{
- global $db, $config, $user;
-
- // do not allow empty password
- if (!$password)
- {
- return array(
- 'status' => LOGIN_ERROR_PASSWORD,
- 'error_msg' => 'NO_PASSWORD_SUPPLIED',
- 'user_row' => array('user_id' => ANONYMOUS),
- );
- }
-
- if (!$username)
- {
- return array(
- 'status' => LOGIN_ERROR_USERNAME,
- 'error_msg' => 'LOGIN_ERROR_USERNAME',
- 'user_row' => array('user_id' => ANONYMOUS),
- );
- }
-
- if (!@extension_loaded('ldap'))
- {
- return array(
- 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
- 'error_msg' => 'LDAP_NO_LDAP_EXTENSION',
- 'user_row' => array('user_id' => ANONYMOUS),
- );
- }
-
- $config['ldap_port'] = (int) $config['ldap_port'];
- if ($config['ldap_port'])
- {
- $ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']);
- }
- else
- {
- $ldap = @ldap_connect($config['ldap_server']);
- }
-
- if (!$ldap)
- {
- return array(
- 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
- 'error_msg' => 'LDAP_NO_SERVER_CONNECTION',
- 'user_row' => array('user_id' => ANONYMOUS),
- );
- }
-
- @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
- @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
-
- if ($config['ldap_user'] || $config['ldap_password'])
- {
- if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password'])))
- {
- return array(
- 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
- 'error_msg' => 'LDAP_NO_SERVER_CONNECTION',
- 'user_row' => array('user_id' => ANONYMOUS),
- );
- }
- }
-
- $search = @ldap_search(
- $ldap,
- htmlspecialchars_decode($config['ldap_base_dn']),
- ldap_user_filter($username),
- (empty($config['ldap_email'])) ?
- array(htmlspecialchars_decode($config['ldap_uid'])) :
- array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])),
- 0,
- 1
- );
-
- $ldap_result = @ldap_get_entries($ldap, $search);
-
- if (is_array($ldap_result) && sizeof($ldap_result) > 1)
- {
- if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password)))
- {
- @ldap_close($ldap);
-
- $sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type
- FROM ' . USERS_TABLE . "
- WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
- $result = $db->sql_query($sql);
- $row = $db->sql_fetchrow($result);
- $db->sql_freeresult($result);
-
- if ($row)
- {
- unset($ldap_result);
-
- // User inactive...
- if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
- {
- return array(
- 'status' => LOGIN_ERROR_ACTIVE,
- 'error_msg' => 'ACTIVE_ERROR',
- 'user_row' => $row,
- );
- }
-
- // Successful login... set user_login_attempts to zero...
- return array(
- 'status' => LOGIN_SUCCESS,
- 'error_msg' => false,
- 'user_row' => $row,
- );
- }
- else
- {
- // retrieve default group id
- $sql = 'SELECT group_id
- FROM ' . GROUPS_TABLE . "
- WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
- AND group_type = " . GROUP_SPECIAL;
- $result = $db->sql_query($sql);
- $row = $db->sql_fetchrow($result);
- $db->sql_freeresult($result);
-
- if (!$row)
- {
- trigger_error('NO_GROUP');
- }
-
- // generate user account data
- $ldap_user_row = array(
- 'username' => $username,
- 'user_password' => phpbb_hash($password),
- 'user_email' => (!empty($config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($config['ldap_email'])][0]) : '',
- 'group_id' => (int) $row['group_id'],
- 'user_type' => USER_NORMAL,
- 'user_ip' => $user->ip,
- 'user_new' => ($config['new_member_post_limit']) ? 1 : 0,
- );
-
- unset($ldap_result);
-
- // this is the user's first login so create an empty profile
- return array(
- 'status' => LOGIN_SUCCESS_CREATE_PROFILE,
- 'error_msg' => false,
- 'user_row' => $ldap_user_row,
- );
- }
- }
- else
- {
- unset($ldap_result);
- @ldap_close($ldap);
-
- // Give status about wrong password...
- return array(
- 'status' => LOGIN_ERROR_PASSWORD,
- 'error_msg' => 'LOGIN_ERROR_PASSWORD',
- 'user_row' => array('user_id' => ANONYMOUS),
- );
- }
- }
-
- @ldap_close($ldap);
-
- return array(
- 'status' => LOGIN_ERROR_USERNAME,
- 'error_msg' => 'LOGIN_ERROR_USERNAME',
- 'user_row' => array('user_id' => ANONYMOUS),
- );
-}
-
-/**
-* Generates a filter string for ldap_search to find a user
-*
-* @param $username string Username identifying the searched user
-*
-* @return string A filter string for ldap_search
-*/
-function ldap_user_filter($username)
-{
- global $config;
-
- $filter = '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')';
- if ($config['ldap_user_filter'])
- {
- $_filter = ($config['ldap_user_filter'][0] == '(' && substr($config['ldap_user_filter'], -1) == ')') ? $config['ldap_user_filter'] : "({$config['ldap_user_filter']})";
- $filter = "(&{$filter}{$_filter})";
- }
- return $filter;
-}
-
-/**
-* Escapes an LDAP AttributeValue
-*/
-function ldap_escape($string)
-{
- return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string);
-}
-
-/**
-* This function is used to output any required fields in the authentication
-* admin panel. It also defines any required configuration table fields.
-*/
-function acp_ldap(&$new)
-{
- global $user;
-
- $tpl = '
-
-
-
' . $user->lang['LDAP_SERVER_EXPLAIN'] . '
-
-
' . $user->lang['LDAP_PORT_EXPLAIN'] . '
-
-
' . $user->lang['LDAP_DN_EXPLAIN'] . '
-
-
' . $user->lang['LDAP_UID_EXPLAIN'] . '
-
-
' . $user->lang['LDAP_USER_FILTER_EXPLAIN'] . '
-
-
' . $user->lang['LDAP_EMAIL_EXPLAIN'] . '
-
-
' . $user->lang['LDAP_USER_EXPLAIN'] . '
-
-
' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '
- ';
-
- // These are fields required in the config table
- return array(
- 'tpl' => $tpl,
- 'config' => array('ldap_server', 'ldap_port', 'ldap_base_dn', 'ldap_uid', 'ldap_user_filter', 'ldap_email', 'ldap_user', 'ldap_password')
- );
-}
diff --git a/phpBB/includes/auth/provider_apache.php b/phpBB/includes/auth/provider_apache.php
new file mode 100644
index 0000000000..5f6f2862b6
--- /dev/null
+++ b/phpBB/includes/auth/provider_apache.php
@@ -0,0 +1,275 @@
+db = $db;
+ $this->config = $config;
+ $this->request = $request;
+ $this->user = $user;
+ $this->phpbb_root_path = $phpbb_root_path;
+ $this->php_ext = $php_ext;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function init()
+ {
+ if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $this->user->data['username'] !== htmlspecialchars_decode($this->request->server('PHP_AUTH_USER')))
+ {
+ return $this->user->lang['APACHE_SETUP_BEFORE_USE'];
+ }
+ return false;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function login($username, $password)
+ {
+ // do not allow empty password
+ if (!$password)
+ {
+ return array(
+ 'status' => LOGIN_ERROR_PASSWORD,
+ 'error_msg' => 'NO_PASSWORD_SUPPLIED',
+ 'user_row' => array('user_id' => ANONYMOUS),
+ );
+ }
+
+ if (!$username)
+ {
+ return array(
+ 'status' => LOGIN_ERROR_USERNAME,
+ 'error_msg' => 'LOGIN_ERROR_USERNAME',
+ 'user_row' => array('user_id' => ANONYMOUS),
+ );
+ }
+
+ if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
+ {
+ return array(
+ 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
+ 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
+ 'user_row' => array('user_id' => ANONYMOUS),
+ );
+ }
+
+ $php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'));
+ $php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW'));
+
+ if (!empty($php_auth_user) && !empty($php_auth_pw))
+ {
+ if ($php_auth_user !== $username)
+ {
+ return array(
+ 'status' => LOGIN_ERROR_USERNAME,
+ 'error_msg' => 'LOGIN_ERROR_USERNAME',
+ 'user_row' => array('user_id' => ANONYMOUS),
+ );
+ }
+
+ $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
+ FROM ' . USERS_TABLE . "
+ WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'";
+ $result = $this->db->sql_query($sql);
+ $row = $this->db->sql_fetchrow($result);
+ $this->db->sql_freeresult($result);
+
+ if ($row)
+ {
+ // User inactive...
+ if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
+ {
+ return array(
+ 'status' => LOGIN_ERROR_ACTIVE,
+ 'error_msg' => 'ACTIVE_ERROR',
+ 'user_row' => $row,
+ );
+ }
+
+ // Successful login...
+ return array(
+ 'status' => LOGIN_SUCCESS,
+ 'error_msg' => false,
+ 'user_row' => $row,
+ );
+ }
+
+ // this is the user's first login so create an empty profile
+ return array(
+ 'status' => LOGIN_SUCCESS_CREATE_PROFILE,
+ 'error_msg' => false,
+ 'user_row' => user_row_apache($php_auth_user, $php_auth_pw),
+ );
+ }
+
+ // Not logged into apache
+ return array(
+ 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
+ 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
+ 'user_row' => array('user_id' => ANONYMOUS),
+ );
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function autologin()
+ {
+ if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
+ {
+ return array();
+ }
+
+ $php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'));
+ $php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW'));
+
+ if (!empty($php_auth_user) && !empty($php_auth_pw))
+ {
+ set_var($php_auth_user, $php_auth_user, 'string', true);
+ set_var($php_auth_pw, $php_auth_pw, 'string', true);
+
+ $sql = 'SELECT *
+ FROM ' . USERS_TABLE . "
+ WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'";
+ $result = $this->db->sql_query($sql);
+ $row = $this->db->sql_fetchrow($result);
+ $this->db->sql_freeresult($result);
+
+ if ($row)
+ {
+ return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row;
+ }
+
+ if (!function_exists('user_add'))
+ {
+ include($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext);
+ }
+
+ // create the user if he does not exist yet
+ user_add(user_row_apache($php_auth_user, $php_auth_pw));
+
+ $sql = 'SELECT *
+ FROM ' . USERS_TABLE . "
+ WHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($php_auth_user)) . "'";
+ $result = $this->db->sql_query($sql);
+ $row = $this->db->sql_fetchrow($result);
+ $this->db->sql_freeresult($result);
+
+ if ($row)
+ {
+ return $row;
+ }
+ }
+
+ return array();
+ }
+
+ /**
+ * This function generates an array which can be passed to the user_add
+ * function in order to create a user
+ *
+ * @param string $username The username of the new user.
+ * @param string $password The password of the new user.
+ * @return array Contains data that can be passed directly to
+ * the user_add function.
+ */
+ private function user_row($username, $password)
+ {
+ // first retrieve default group id
+ $sql = 'SELECT group_id
+ FROM ' . GROUPS_TABLE . "
+ WHERE group_name = '" . $this->db->sql_escape('REGISTERED') . "'
+ AND group_type = " . GROUP_SPECIAL;
+ $result = $this->db->sql_query($sql);
+ $row = $this->db->sql_fetchrow($result);
+ $this->db->sql_freeresult($result);
+
+ if (!$row)
+ {
+ trigger_error('NO_GROUP');
+ }
+
+ // generate user account data
+ return array(
+ 'username' => $username,
+ 'user_password' => phpbb_hash($password),
+ 'user_email' => '',
+ 'group_id' => (int) $row['group_id'],
+ 'user_type' => USER_NORMAL,
+ 'user_ip' => $this->user->ip,
+ 'user_new' => ($this->config['new_member_post_limit']) ? 1 : 0,
+ );
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function validate_session($user)
+ {
+ // Check if PHP_AUTH_USER is set and handle this case
+ if ($this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
+ {
+ $php_auth_user = $this->request->server('PHP_AUTH_USER');
+
+ return ($php_auth_user === $user['username']) ? true : false;
+ }
+
+ // PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not)
+ if ($user['user_type'] == USER_IGNORE)
+ {
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function acp($new)
+ {
+ return;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function logout($data, $new_session)
+ {
+ return;
+ }
+}
diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php
new file mode 100644
index 0000000000..894041c9cf
--- /dev/null
+++ b/phpBB/includes/auth/provider_db.php
@@ -0,0 +1,337 @@
+db = $db;
+ $this->config = $config;
+ $this->request = $request;
+ $this->user = $user;
+ $this->phpbb_root_path = $phpbb_root_path;
+ $this->php_ext = $php_ext;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function init()
+ {
+ return;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function login($username, $password)
+ {
+ // Auth plugins get the password untrimmed.
+ // For compatibility we trim() here.
+ $password = trim($password);
+
+ // do not allow empty password
+ if (!$password)
+ {
+ return array(
+ 'status' => LOGIN_ERROR_PASSWORD,
+ 'error_msg' => 'NO_PASSWORD_SUPPLIED',
+ 'user_row' => array('user_id' => ANONYMOUS),
+ );
+ }
+
+ if (!$username)
+ {
+ return array(
+ 'status' => LOGIN_ERROR_USERNAME,
+ 'error_msg' => 'LOGIN_ERROR_USERNAME',
+ 'user_row' => array('user_id' => ANONYMOUS),
+ );
+ }
+
+ $username_clean = utf8_clean_string($username);
+
+ $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
+ FROM ' . USERS_TABLE . "
+ WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'";
+ $result = $this->db->sql_query($sql);
+ $row = $this->db->sql_fetchrow($result);
+ $this->db->sql_freeresult($result);
+
+ if (($this->user->ip && !$this->config['ip_login_limit_use_forwarded']) ||
+ ($this->user->forwarded_for && $this->config['ip_login_limit_use_forwarded']))
+ {
+ $sql = 'SELECT COUNT(*) AS attempts
+ FROM ' . LOGIN_ATTEMPT_TABLE . '
+ WHERE attempt_time > ' . (time() - (int) $this->config['ip_login_limit_time']);
+ if ($this->config['ip_login_limit_use_forwarded'])
+ {
+ $sql .= " AND attempt_forwarded_for = '" . $this->db->sql_escape($this->user->forwarded_for) . "'";
+ }
+ else
+ {
+ $sql .= " AND attempt_ip = '" . $this->db->sql_escape($this->user->ip) . "' ";
+ }
+
+ $result = $this->db->sql_query($sql);
+ $attempts = (int) $this->db->sql_fetchfield('attempts');
+ $this->db->sql_freeresult($result);
+
+ $attempt_data = array(
+ 'attempt_ip' => $this->user->ip,
+ 'attempt_browser' => trim(substr($this->user->browser, 0, 149)),
+ 'attempt_forwarded_for' => $this->user->forwarded_for,
+ 'attempt_time' => time(),
+ 'user_id' => ($row) ? (int) $row['user_id'] : 0,
+ 'username' => $username,
+ 'username_clean' => $username_clean,
+ );
+ $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $this->db->sql_build_array('INSERT', $attempt_data);
+ $result = $this->db->sql_query($sql);
+ }
+ else
+ {
+ $attempts = 0;
+ }
+
+ if (!$row)
+ {
+ if ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max'])
+ {
+ return array(
+ 'status' => LOGIN_ERROR_ATTEMPTS,
+ 'error_msg' => 'LOGIN_ERROR_ATTEMPTS',
+ 'user_row' => array('user_id' => ANONYMOUS),
+ );
+ }
+
+ return array(
+ 'status' => LOGIN_ERROR_USERNAME,
+ 'error_msg' => 'LOGIN_ERROR_USERNAME',
+ 'user_row' => array('user_id' => ANONYMOUS),
+ );
+ }
+
+ $show_captcha = ($this->config['max_login_attempts'] && $row['user_login_attempts'] >= $this->config['max_login_attempts']) ||
+ ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']);
+
+ // If there are too many login attempts, we need to check for a confirm image
+ // Every auth module is able to define what to do by itself...
+ if ($show_captcha)
+ {
+ // Visual Confirmation handling
+ if (!class_exists('phpbb_captcha_factory', false))
+ {
+ include ($this->phpbb_root_path . 'includes/captcha/captcha_factory.' . $this->php_ext);
+ }
+
+ $captcha = phpbb_captcha_factory::get_instance($this->config['captcha_plugin']);
+ $captcha->init(CONFIRM_LOGIN);
+ $vc_response = $captcha->validate($row);
+ if ($vc_response)
+ {
+ return array(
+ 'status' => LOGIN_ERROR_ATTEMPTS,
+ 'error_msg' => 'LOGIN_ERROR_ATTEMPTS',
+ 'user_row' => $row,
+ );
+ }
+ else
+ {
+ $captcha->reset();
+ }
+
+ }
+
+ // If the password convert flag is set we need to convert it
+ if ($row['user_pass_convert'])
+ {
+ // enable super globals to get literal value
+ // this is needed to prevent unicode normalization
+ $super_globals_disabled = $this->request->super_globals_disabled();
+ if ($super_globals_disabled)
+ {
+ $this->request->enable_super_globals();
+ }
+
+ // in phpBB2 passwords were used exactly as they were sent, with addslashes applied
+ $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
+ $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
+ $password_new_format = $this->request->variable('password', '', true);
+
+ if ($super_globals_disabled)
+ {
+ $this->request->disable_super_globals();
+ }
+
+ if ($password == $password_new_format)
+ {
+ if (!function_exists('utf8_to_cp1252'))
+ {
+ include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->php_ext);
+ }
+
+ // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
+ // plain md5 support left in for conversions from other systems.
+ if ((strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password'])))
+ || (strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])))
+ {
+ $hash = phpbb_hash($password_new_format);
+
+ // Update the password in the users table to the new format and remove user_pass_convert flag
+ $sql = 'UPDATE ' . USERS_TABLE . '
+ SET user_password = \'' . $this->db->sql_escape($hash) . '\',
+ user_pass_convert = 0
+ WHERE user_id = ' . $row['user_id'];
+ $this->db->sql_query($sql);
+
+ $row['user_pass_convert'] = 0;
+ $row['user_password'] = $hash;
+ }
+ else
+ {
+ // Although we weren't able to convert this password we have to
+ // increase login attempt count to make sure this cannot be exploited
+ $sql = 'UPDATE ' . USERS_TABLE . '
+ SET user_login_attempts = user_login_attempts + 1
+ WHERE user_id = ' . (int) $row['user_id'] . '
+ AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
+ $this->db->sql_query($sql);
+
+ return array(
+ 'status' => LOGIN_ERROR_PASSWORD_CONVERT,
+ 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT',
+ 'user_row' => $row,
+ );
+ }
+ }
+ }
+
+ // Check password ...
+ if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password']))
+ {
+ // Check for old password hash...
+ if (strlen($row['user_password']) == 32)
+ {
+ $hash = phpbb_hash($password);
+
+ // Update the password in the users table to the new format
+ $sql = 'UPDATE ' . USERS_TABLE . "
+ SET user_password = '" . $this->db->sql_escape($hash) . "',
+ user_pass_convert = 0
+ WHERE user_id = {$row['user_id']}";
+ $this->db->sql_query($sql);
+
+ $row['user_password'] = $hash;
+ }
+
+ $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
+ WHERE user_id = ' . $row['user_id'];
+ $this->db->sql_query($sql);
+
+ if ($row['user_login_attempts'] != 0)
+ {
+ // Successful, reset login attempts (the user passed all stages)
+ $sql = 'UPDATE ' . USERS_TABLE . '
+ SET user_login_attempts = 0
+ WHERE user_id = ' . $row['user_id'];
+ $this->db->sql_query($sql);
+ }
+
+ // User inactive...
+ if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
+ {
+ return array(
+ 'status' => LOGIN_ERROR_ACTIVE,
+ 'error_msg' => 'ACTIVE_ERROR',
+ 'user_row' => $row,
+ );
+ }
+
+ // Successful login... set user_login_attempts to zero...
+ return array(
+ 'status' => LOGIN_SUCCESS,
+ 'error_msg' => false,
+ 'user_row' => $row,
+ );
+ }
+
+ // Password incorrect - increase login attempts
+ $sql = 'UPDATE ' . USERS_TABLE . '
+ SET user_login_attempts = user_login_attempts + 1
+ WHERE user_id = ' . (int) $row['user_id'] . '
+ AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
+ $this->db->sql_query($sql);
+
+ // Give status about wrong password...
+ return array(
+ 'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD,
+ 'error_msg' => ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD',
+ 'user_row' => $row,
+ );
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function autologin()
+ {
+ return;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function acp($new)
+ {
+ return;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function logout($data, $new_session)
+ {
+ return;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function validate_session($user)
+ {
+ return;
+ }
+}
diff --git a/phpBB/includes/auth/provider_interface.php b/phpBB/includes/auth/provider_interface.php
new file mode 100644
index 0000000000..2d1935f8f0
--- /dev/null
+++ b/phpBB/includes/auth/provider_interface.php
@@ -0,0 +1,93 @@
+ status constant
+ * 'error_msg' => string
+ * 'user_row' => array
+ * )
+ */
+ public function login($username, $password);
+
+ /**
+ * Autologin function
+ *
+ * @return array|null containing the user row, empty if no auto login
+ * should take place, or null if not impletmented.
+ */
+ public function autologin();
+
+ /**
+ * This function is used to output any required fields in the authentication
+ * admin panel. It also defines any required configuration table fields.
+ *
+ * @param array $new Contains the new configuration values that have
+ * been set in acp_board.
+ * @return array|null Returns null if not implemented or an array of the
+ * form:
+ * array(
+ * 'tpl' => string
+ * 'config' => array
+ * )
+ */
+ public function acp($new);
+
+ /**
+ * Performs additional actions during logout.
+ *
+ * @param array $data An array corresponding to
+ * phpbb_session::data
+ * @param boolean $new_session True for a new session, false for no new
+ * session.
+ */
+ public function logout($data, $new_session);
+
+ /**
+ * The session validation function checks whether the user is still logged
+ * into phpBB.
+ *
+ * @param array $user
+ * @return boolean true if the given user is authenticated, false if the
+ * session should be closed, or null if not implemented.
+ */
+ public function validate_session($user);
+}
diff --git a/phpBB/includes/auth/provider_ldap.php b/phpBB/includes/auth/provider_ldap.php
new file mode 100644
index 0000000000..f67c1e9247
--- /dev/null
+++ b/phpBB/includes/auth/provider_ldap.php
@@ -0,0 +1,386 @@
+db = $db;
+ $this->config = $config;
+ $this->user = $user;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function init()
+ {
+ if (!@extension_loaded('ldap'))
+ {
+ return $this->user->lang['LDAP_NO_LDAP_EXTENSION'];
+ }
+
+ $this->config['ldap_port'] = (int) $this->config['ldap_port'];
+ if ($this->config['ldap_port'])
+ {
+ $ldap = @ldap_connect($this->config['ldap_server'], $this->config['ldap_port']);
+ }
+ else
+ {
+ $ldap = @ldap_connect($this->config['ldap_server']);
+ }
+
+ if (!$ldap)
+ {
+ return $this->user->lang['LDAP_NO_SERVER_CONNECTION'];
+ }
+
+ @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
+ @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
+
+ if ($this->config['ldap_user'] || $this->config['ldap_password'])
+ {
+ if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password'])))
+ {
+ return $this->user->lang['LDAP_INCORRECT_USER_PASSWORD'];
+ }
+ }
+
+ // ldap_connect only checks whether the specified server is valid, so the connection might still fail
+ $search = @ldap_search(
+ $ldap,
+ htmlspecialchars_decode($this->config['ldap_base_dn']),
+ $this->ldap_user_filter($this->user->data['username']),
+ (empty($this->config['ldap_email'])) ?
+ array(htmlspecialchars_decode($this->config['ldap_uid'])) :
+ array(htmlspecialchars_decode($this->config['ldap_uid']), htmlspecialchars_decode($this->config['ldap_email'])),
+ 0,
+ 1
+ );
+
+ if ($search === false)
+ {
+ return $this->user->lang['LDAP_SEARCH_FAILED'];
+ }
+
+ $result = @ldap_get_entries($ldap, $search);
+
+ @ldap_close($ldap);
+
+
+ if (!is_array($result) || sizeof($result) < 2)
+ {
+ return sprintf($this->user->lang['LDAP_NO_IDENTITY'], $this->user->data['username']);
+ }
+
+ if (!empty($this->config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($this->config['ldap_email'])]))
+ {
+ return $this->user->lang['LDAP_NO_EMAIL'];
+ }
+
+ return false;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function login($username, $password)
+ {
+ // do not allow empty password
+ if (!$password)
+ {
+ return array(
+ 'status' => LOGIN_ERROR_PASSWORD,
+ 'error_msg' => 'NO_PASSWORD_SUPPLIED',
+ 'user_row' => array('user_id' => ANONYMOUS),
+ );
+ }
+
+ if (!$username)
+ {
+ return array(
+ 'status' => LOGIN_ERROR_USERNAME,
+ 'error_msg' => 'LOGIN_ERROR_USERNAME',
+ 'user_row' => array('user_id' => ANONYMOUS),
+ );
+ }
+
+ if (!@extension_loaded('ldap'))
+ {
+ return array(
+ 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
+ 'error_msg' => 'LDAP_NO_LDAP_EXTENSION',
+ 'user_row' => array('user_id' => ANONYMOUS),
+ );
+ }
+
+ $this->config['ldap_port'] = (int) $this->config['ldap_port'];
+ if ($this->config['ldap_port'])
+ {
+ $ldap = @ldap_connect($this->config['ldap_server'], $this->config['ldap_port']);
+ }
+ else
+ {
+ $ldap = @ldap_connect($this->config['ldap_server']);
+ }
+
+ if (!$ldap)
+ {
+ return array(
+ 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
+ 'error_msg' => 'LDAP_NO_SERVER_CONNECTION',
+ 'user_row' => array('user_id' => ANONYMOUS),
+ );
+ }
+
+ @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
+ @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
+
+ if ($this->config['ldap_user'] || $this->config['ldap_password'])
+ {
+ if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password'])))
+ {
+ return array(
+ 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
+ 'error_msg' => 'LDAP_NO_SERVER_CONNECTION',
+ 'user_row' => array('user_id' => ANONYMOUS),
+ );
+ }
+ }
+
+ $search = @ldap_search(
+ $ldap,
+ htmlspecialchars_decode($this->config['ldap_base_dn']),
+ $this->ldap_user_filter($username),
+ (empty($this->config['ldap_email'])) ?
+ array(htmlspecialchars_decode($this->config['ldap_uid'])) :
+ array(htmlspecialchars_decode($this->config['ldap_uid']), htmlspecialchars_decode($this->config['ldap_email'])),
+ 0,
+ 1
+ );
+
+ $ldap_result = @ldap_get_entries($ldap, $search);
+
+ if (is_array($ldap_result) && sizeof($ldap_result) > 1)
+ {
+ if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password)))
+ {
+ @ldap_close($ldap);
+
+ $sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type
+ FROM ' . USERS_TABLE . "
+ WHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($username)) . "'";
+ $result = $this->db->sql_query($sql);
+ $row = $this->db->sql_fetchrow($result);
+ $this->db->sql_freeresult($result);
+
+ if ($row)
+ {
+ unset($ldap_result);
+
+ // User inactive...
+ if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
+ {
+ return array(
+ 'status' => LOGIN_ERROR_ACTIVE,
+ 'error_msg' => 'ACTIVE_ERROR',
+ 'user_row' => $row,
+ );
+ }
+
+ // Successful login... set user_login_attempts to zero...
+ return array(
+ 'status' => LOGIN_SUCCESS,
+ 'error_msg' => false,
+ 'user_row' => $row,
+ );
+ }
+ else
+ {
+ // retrieve default group id
+ $sql = 'SELECT group_id
+ FROM ' . GROUPS_TABLE . "
+ WHERE group_name = '" . $this->db->sql_escape('REGISTERED') . "'
+ AND group_type = " . GROUP_SPECIAL;
+ $result = $this->db->sql_query($sql);
+ $row = $this->db->sql_fetchrow($result);
+ $this->db->sql_freeresult($result);
+
+ if (!$row)
+ {
+ trigger_error('NO_GROUP');
+ }
+
+ // generate user account data
+ $ldap_user_row = array(
+ 'username' => $username,
+ 'user_password' => phpbb_hash($password),
+ 'user_email' => (!empty($this->config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($this->config['ldap_email'])][0]) : '',
+ 'group_id' => (int) $row['group_id'],
+ 'user_type' => USER_NORMAL,
+ 'user_ip' => $this->user->ip,
+ 'user_new' => ($this->config['new_member_post_limit']) ? 1 : 0,
+ );
+
+ unset($ldap_result);
+
+ // this is the user's first login so create an empty profile
+ return array(
+ 'status' => LOGIN_SUCCESS_CREATE_PROFILE,
+ 'error_msg' => false,
+ 'user_row' => $ldap_user_row,
+ );
+ }
+ }
+ else
+ {
+ unset($ldap_result);
+ @ldap_close($ldap);
+
+ // Give status about wrong password...
+ return array(
+ 'status' => LOGIN_ERROR_PASSWORD,
+ 'error_msg' => 'LOGIN_ERROR_PASSWORD',
+ 'user_row' => array('user_id' => ANONYMOUS),
+ );
+ }
+ }
+
+ @ldap_close($ldap);
+
+ return array(
+ 'status' => LOGIN_ERROR_USERNAME,
+ 'error_msg' => 'LOGIN_ERROR_USERNAME',
+ 'user_row' => array('user_id' => ANONYMOUS),
+ );
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function autologin()
+ {
+ return;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function acp($new)
+ {
+ $tpl = '
+
+
+
' . $this->user->lang['LDAP_SERVER_EXPLAIN'] . '
+
+
' . $this->user->lang['LDAP_PORT_EXPLAIN'] . '
+
+
' . $this->user->lang['LDAP_DN_EXPLAIN'] . '
+
+
' . $this->user->lang['LDAP_UID_EXPLAIN'] . '
+
+
' . $this->user->lang['LDAP_USER_FILTER_EXPLAIN'] . '
+
+
' . $this->user->lang['LDAP_EMAIL_EXPLAIN'] . '
+
+
' . $this->user->lang['LDAP_USER_EXPLAIN'] . '
+
+
' . $this->user->lang['LDAP_PASSWORD_EXPLAIN'] . '
+ ';
+
+ // These are fields required in the config table
+ return array(
+ 'tpl' => $tpl,
+ 'config' => array('ldap_server', 'ldap_port', 'ldap_base_dn', 'ldap_uid', 'ldap_user_filter', 'ldap_email', 'ldap_user', 'ldap_password')
+ );
+ }
+
+ /**
+ * Generates a filter string for ldap_search to find a user
+ *
+ * @param $username string Username identifying the searched user
+ *
+ * @return string A filter string for ldap_search
+ */
+ private function ldap_user_filter($username)
+ {
+ $filter = '(' . $this->config['ldap_uid'] . '=' . $this->ldap_escape(htmlspecialchars_decode($username)) . ')';
+ if ($this->config['ldap_user_filter'])
+ {
+ $_filter = ($this->config['ldap_user_filter'][0] == '(' && substr($this->config['ldap_user_filter'], -1) == ')') ? $this->config['ldap_user_filter'] : "({$this->config['ldap_user_filter']})";
+ $filter = "(&{$filter}{$_filter})";
+ }
+ return $filter;
+ }
+
+ /**
+ * Escapes an LDAP AttributeValue
+ *
+ * @param string $string The string to be escaped
+ * @return string The escaped string
+ */
+ private function ldap_escape($string)
+ {
+ return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function logout($data, $new_session)
+ {
+ return;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function validate_session($user)
+ {
+ return;
+ }
+}
diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php
index 8c27d3fd0c..96011f4ec5 100644
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@@ -156,6 +156,7 @@ define('PHYSICAL_LINK', 2);
define('CONFIRM_REG', 1);
define('CONFIRM_LOGIN', 2);
define('CONFIRM_POST', 3);
+define('CONFIRM_REPORT', 4);
// Categories - Attachments
define('ATTACHMENT_CATEGORY_NONE', 0);
diff --git a/phpBB/includes/search/fulltext_sphinx.php b/phpBB/includes/search/fulltext_sphinx.php
index 63e35eb4af..889324bbda 100644
--- a/phpBB/includes/search/fulltext_sphinx.php
+++ b/phpBB/includes/search/fulltext_sphinx.php
@@ -611,7 +611,7 @@ class phpbb_search_fulltext_sphinx
$result_count = $result['total_found'];
- if ($start >= $result_count)
+ if ($result_count && $start >= $result_count)
{
$start = floor(($result_count - 1) / $per_page) * $per_page;
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 6bc71da0c1..66bf053f7d 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -207,7 +207,7 @@ class phpbb_session
function session_begin($update_session_page = true)
{
global $phpEx, $SID, $_SID, $_EXTRA_URL, $db, $config, $phpbb_root_path;
- global $request;
+ global $request, $phpbb_container;
// Give us some basic information
$this->time_now = time();
@@ -402,15 +402,12 @@ class phpbb_session
// Check whether the session is still valid if we have one
$method = basename(trim($config['auth_method']));
- include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
- $method = 'validate_session_' . $method;
- if (function_exists($method))
+ $provider = $phpbb_container->get('auth.provider.' . $method);
+ $ret = $provider->validate_session($this->data);
+ if ($ret !== null && !$ret)
{
- if (!$method($this->data))
- {
- $session_expired = true;
- }
+ $session_expired = true;
}
if (!$session_expired)
@@ -504,7 +501,7 @@ class phpbb_session
*/
function session_create($user_id = false, $set_admin = false, $persist_login = false, $viewonline = true)
{
- global $SID, $_SID, $db, $config, $cache, $phpbb_root_path, $phpEx;
+ global $SID, $_SID, $db, $config, $cache, $phpbb_root_path, $phpEx, $phpbb_container;
$this->data = array();
@@ -568,18 +565,14 @@ class phpbb_session
}
$method = basename(trim($config['auth_method']));
- include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
- $method = 'autologin_' . $method;
- if (function_exists($method))
+ $provider = $phpbb_container->get('auth.provider.' . $method);
+ $this->data = $provider->autologin();
+
+ if (sizeof($this->data))
{
- $this->data = $method();
-
- if (sizeof($this->data))
- {
- $this->cookie_data['k'] = '';
- $this->cookie_data['u'] = $this->data['user_id'];
- }
+ $this->cookie_data['k'] = '';
+ $this->cookie_data['u'] = $this->data['user_id'];
}
// If we're presented with an autologin key we'll join against it.
@@ -884,7 +877,7 @@ class phpbb_session
*/
function session_kill($new_session = true)
{
- global $SID, $_SID, $db, $config, $phpbb_root_path, $phpEx;
+ global $SID, $_SID, $db, $config, $phpbb_root_path, $phpEx, $phpbb_container;
$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
WHERE session_id = '" . $db->sql_escape($this->session_id) . "'
@@ -893,13 +886,9 @@ class phpbb_session
// Allow connecting logout with external auth method logout
$method = basename(trim($config['auth_method']));
- include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
- $method = 'logout_' . $method;
- if (function_exists($method))
- {
- $method($this->data, $new_session);
- }
+ $provider = $phpbb_container->get('auth.provider.' . $method);
+ $provider->logout($this->data, $new_session);
if ($this->data['user_id'] != ANONYMOUS)
{
diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php
index 5bf3f572d9..3d7b6f7c88 100644
--- a/phpBB/install/install_install.php
+++ b/phpBB/install/install_install.php
@@ -53,7 +53,7 @@ class install_install extends module
function main($mode, $sub)
{
global $lang, $template, $language, $phpbb_root_path, $phpEx;
- global $phpbb_container, $cache, $phpbb_log;
+ global $phpbb_container, $cache, $phpbb_log, $request;
switch ($sub)
{
@@ -102,6 +102,9 @@ class install_install extends module
break;
case 'final':
+ // Enable super globals to prevent issues with the new phpbb_request object
+ $request->enable_super_globals();
+
// Create a normal container now
$phpbb_container = phpbb_create_default_container($phpbb_root_path, $phpEx);
diff --git a/phpBB/report.php b/phpBB/report.php
index ce9fae13ef..3f2e7a91ff 100644
--- a/phpBB/report.php
+++ b/phpBB/report.php
@@ -144,9 +144,25 @@ else
$reported_post_enable_magic_url = $report_data['reported_post_enable_magic_url'];
}
+if ($config['enable_post_confirm'] && !$user->data['is_registered'])
+{
+ include($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);
+ $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
+ $captcha->init(CONFIRM_REPORT);
+}
+
+$error = array();
+$s_hidden_fields = '';
+
// Submit report?
if ($submit && $reason_id)
{
+ $visual_confirmation_response = $captcha->validate();
+ if ($visual_confirmation_response)
+ {
+ $error[] = $visual_confirmation_response;
+ }
+
$sql = 'SELECT *
FROM ' . REPORTS_REASONS_TABLE . "
WHERE reason_id = $reason_id";
@@ -156,96 +172,108 @@ if ($submit && $reason_id)
if (!$row || (!$report_text && strtolower($row['reason_title']) == 'other'))
{
- trigger_error('EMPTY_REPORT');
+ $error[] = $user->lang('EMPTY_REPORT');
}
- $sql_ary = array(
- 'reason_id' => (int) $reason_id,
- 'post_id' => $post_id,
- 'pm_id' => $pm_id,
- 'user_id' => (int) $user->data['user_id'],
- 'user_notify' => (int) $user_notify,
- 'report_closed' => 0,
- 'report_time' => (int) time(),
- 'report_text' => (string) $report_text,
- 'reported_post_text' => $reported_post_text,
- 'reported_post_uid' => $reported_post_uid,
- 'reported_post_bitfield' => $reported_post_bitfield,
- 'reported_post_enable_bbcode' => $reported_post_enable_bbcode,
- 'reported_post_enable_smilies' => $reported_post_enable_smilies,
- 'reported_post_enable_magic_url' => $reported_post_enable_magic_url,
- );
-
- $sql = 'INSERT INTO ' . REPORTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
- $db->sql_query($sql);
- $report_id = $db->sql_nextid();
-
- $phpbb_notifications = $phpbb_container->get('notification_manager');
-
- if ($post_id)
+ if (!sizeof($error))
{
- $sql = 'UPDATE ' . POSTS_TABLE . '
- SET post_reported = 1
- WHERE post_id = ' . $post_id;
- $db->sql_query($sql);
-
- if (!$report_data['topic_reported'])
+ if (isset($captcha))
{
- $sql = 'UPDATE ' . TOPICS_TABLE . '
- SET topic_reported = 1
- WHERE topic_id = ' . $report_data['topic_id'] . '
- OR topic_moved_id = ' . $report_data['topic_id'];
- $db->sql_query($sql);
+ $captcha->reset();
}
- $lang_return = $user->lang['RETURN_TOPIC'];
- $lang_success = $user->lang['POST_REPORTED_SUCCESS'];
-
- $phpbb_notifications->add_notifications('report_post', array_merge($report_data, $row, $forum_data, array(
- 'report_text' => $report_text,
- )));
- }
- else
- {
- $sql = 'UPDATE ' . PRIVMSGS_TABLE . '
- SET message_reported = 1
- WHERE msg_id = ' . $pm_id;
- $db->sql_query($sql);
-
$sql_ary = array(
- 'msg_id' => $pm_id,
- 'user_id' => ANONYMOUS,
- 'author_id' => (int) $report_data['author_id'],
- 'pm_deleted' => 0,
- 'pm_new' => 0,
- 'pm_unread' => 0,
- 'pm_replied' => 0,
- 'pm_marked' => 0,
- 'pm_forwarded' => 0,
- 'folder_id' => PRIVMSGS_INBOX,
+ 'reason_id' => (int) $reason_id,
+ 'post_id' => $post_id,
+ 'pm_id' => $pm_id,
+ 'user_id' => (int) $user->data['user_id'],
+ 'user_notify' => (int) $user_notify,
+ 'report_closed' => 0,
+ 'report_time' => (int) time(),
+ 'report_text' => (string) $report_text,
+ 'reported_post_text' => $reported_post_text,
+ 'reported_post_uid' => $reported_post_uid,
+ 'reported_post_bitfield' => $reported_post_bitfield,
+ 'reported_post_enable_bbcode' => $reported_post_enable_bbcode,
+ 'reported_post_enable_smilies' => $reported_post_enable_smilies,
+ 'reported_post_enable_magic_url' => $reported_post_enable_magic_url,
);
- $sql = 'INSERT INTO ' . PRIVMSGS_TO_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
+ $sql = 'INSERT INTO ' . REPORTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
$db->sql_query($sql);
+ $report_id = $db->sql_nextid();
- $lang_return = $user->lang['RETURN_PM'];
- $lang_success = $user->lang['PM_REPORTED_SUCCESS'];
+ $phpbb_notifications = $phpbb_container->get('notification_manager');
- $phpbb_notifications->add_notifications('report_pm', array_merge($report_data, $row, array(
- 'report_text' => $report_text,
- 'from_user_id' => $report_data['author_id'],
- 'report_id' => $report_id,
- )));
+ if ($post_id)
+ {
+ $sql = 'UPDATE ' . POSTS_TABLE . '
+ SET post_reported = 1
+ WHERE post_id = ' . $post_id;
+ $db->sql_query($sql);
+
+ if (!$report_data['topic_reported'])
+ {
+ $sql = 'UPDATE ' . TOPICS_TABLE . '
+ SET topic_reported = 1
+ WHERE topic_id = ' . $report_data['topic_id'] . '
+ OR topic_moved_id = ' . $report_data['topic_id'];
+ $db->sql_query($sql);
+ }
+
+ $lang_return = $user->lang['RETURN_TOPIC'];
+ $lang_success = $user->lang['POST_REPORTED_SUCCESS'];
+
+ $phpbb_notifications->add_notifications('report_post', array_merge($report_data, $row, $forum_data, array(
+ 'report_text' => $report_text,
+ )));
+ }
+ else
+ {
+ $sql = 'UPDATE ' . PRIVMSGS_TABLE . '
+ SET message_reported = 1
+ WHERE msg_id = ' . $pm_id;
+ $db->sql_query($sql);
+
+ $sql_ary = array(
+ 'msg_id' => $pm_id,
+ 'user_id' => ANONYMOUS,
+ 'author_id' => (int) $report_data['author_id'],
+ 'pm_deleted' => 0,
+ 'pm_new' => 0,
+ 'pm_unread' => 0,
+ 'pm_replied' => 0,
+ 'pm_marked' => 0,
+ 'pm_forwarded' => 0,
+ 'folder_id' => PRIVMSGS_INBOX,
+ );
+
+ $sql = 'INSERT INTO ' . PRIVMSGS_TO_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
+ $db->sql_query($sql);
+
+ $lang_return = $user->lang['RETURN_PM'];
+ $lang_success = $user->lang['PM_REPORTED_SUCCESS'];
+
+ $phpbb_notifications->add_notifications('report_pm', array_merge($report_data, $row, array(
+ 'report_text' => $report_text,
+ 'from_user_id' => $report_data['author_id'],
+ 'report_id' => $report_id,
+ )));
+ }
+
+ meta_refresh(3, $redirect_url);
+
+ $message = $lang_success . '
' . sprintf($lang_return, '', '');
+ if ($return_forum_url)
+ {
+ $message .= '
' . sprintf($user->lang['RETURN_FORUM'], '', '');
+ }
+ trigger_error($message);
}
-
- meta_refresh(3, $redirect_url);
-
- $message = $lang_success . '
' . sprintf($lang_return, '', '');
- if ($return_forum_url)
+ else if (isset($captcha) && $captcha->is_solved() !== false)
{
- $message .= '
' . sprintf($user->lang['RETURN_FORUM'], '', '');
+ $s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields());
}
- trigger_error($message);
}
// Generate the reasons
@@ -253,10 +281,20 @@ display_reasons($reason_id);
$page_title = ($pm_id) ? $user->lang['REPORT_MESSAGE'] : $user->lang['REPORT_POST'];
+if (isset($captcha) && $captcha->is_solved() === false)
+{
+ $template->assign_vars(array(
+ 'S_CONFIRM_CODE' => true,
+ 'CAPTCHA_TEMPLATE' => $captcha->get_template(),
+ ));
+}
+
$template->assign_vars(array(
+ 'ERROR' => (sizeof($error)) ? implode('
', $error) : '',
'S_REPORT_POST' => ($pm_id) ? false : true,
'REPORT_TEXT' => $report_text,
'S_REPORT_ACTION' => append_sid("{$phpbb_root_path}report.$phpEx", 'f=' . $forum_id . '&p=' . $post_id . '&pm=' . $pm_id),
+ 'S_HIDDEN_FIELDS' => (sizeof($s_hidden_fields)) ? $s_hidden_fields : null,
'S_NOTIFY' => $user_notify,
'S_CAN_NOTIFY' => ($user->data['is_registered']) ? true : false)
diff --git a/phpBB/styles/prosilver/template/report_body.html b/phpBB/styles/prosilver/template/report_body.html
index 4cb03dc51c..2a5e6c9d0e 100644
--- a/phpBB/styles/prosilver/template/report_body.html
+++ b/phpBB/styles/prosilver/template/report_body.html
@@ -10,6 +10,7 @@
{L_REPORT_POST_EXPLAIN}{L_REPORT_MESSAGE_EXPLAIN}
diff --git a/phpBB/styles/prosilver/theme/content.css b/phpBB/styles/prosilver/theme/content.css
index b6db4c7230..4b8c972697 100644
--- a/phpBB/styles/prosilver/theme/content.css
+++ b/phpBB/styles/prosilver/theme/content.css
@@ -159,7 +159,7 @@ dl.icon dt .list-inner {
}
dl.icon dt, dl.icon dd {
- min-height: 40px;
+ min-height: 35px;
}
dd.posts, dd.topics, dd.views, dd.extra, dd.mark {
diff --git a/phpBB/styles/subsilver2/template/report_body.html b/phpBB/styles/subsilver2/template/report_body.html
index 9ed510bb9f..906a957ef4 100644
--- a/phpBB/styles/subsilver2/template/report_body.html
+++ b/phpBB/styles/subsilver2/template/report_body.html
@@ -6,6 +6,11 @@
| {L_REPORT_POST}{L_REPORT_MESSAGE} |
+
+
+ | {ERROR} |
+
+
| {L_REPORT_POST_EXPLAIN}{L_REPORT_MESSAGE_EXPLAIN} |
@@ -25,6 +30,9 @@
{L_MORE_INFO}{L_COLON}
{L_CAN_LEAVE_BLANK} |
|
+
+
+
| |
diff --git a/tests/auth/fixtures/user.xml b/tests/auth/fixtures/user.xml
new file mode 100644
index 0000000000..34584babbf
--- /dev/null
+++ b/tests/auth/fixtures/user.xml
@@ -0,0 +1,33 @@
+
+
+
+ user_id
+ username
+ username_clean
+ user_password
+ user_passchg
+ user_pass_convert
+ user_email
+ user_type
+ user_login_attempts
+ user_permissions
+ user_sig
+ user_occ
+ user_interests
+
+ 1
+ foobar
+ foobar
+ $H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/
+ 0
+ 0
+ example@example.com
+ 0
+ 0
+
+
+
+
+
+
+
diff --git a/tests/auth/provider_apache_test.php b/tests/auth/provider_apache_test.php
new file mode 100644
index 0000000000..0ca6ef763e
--- /dev/null
+++ b/tests/auth/provider_apache_test.php
@@ -0,0 +1,206 @@
+new_dbal();
+ $config = new phpbb_config(array());
+ $this->request = $this->getMock('phpbb_request');
+ $this->user = $this->getMock('phpbb_user');
+
+ $this->provider = new phpbb_auth_provider_apache($db, $config, $this->request, $this->user, $phpbb_root_path, $phpEx);
+ }
+
+ public function getDataSet()
+ {
+ return $this->createXMLDataSet(dirname(__FILE__).'/fixtures/user.xml');
+ }
+
+ /**
+ * Test to see if a user is identified to Apache. Expects false if they are.
+ */
+ public function test_init()
+ {
+ $this->user->data['username'] = 'foobar';
+ $this->request->expects($this->once())
+ ->method('is_set')
+ ->with('PHP_AUTH_USER',
+ phpbb_request_interface::SERVER)
+ ->will($this->returnValue(true));
+ $this->request->expects($this->once())
+ ->method('server')
+ ->with('PHP_AUTH_USER')
+ ->will($this->returnValue('foobar'));
+
+ $this->assertFalse($this->provider->init());
+ }
+
+ public function test_login()
+ {
+ $username = 'foobar';
+ $password = 'example';
+
+ $this->request->expects($this->once())
+ ->method('is_set')
+ ->with('PHP_AUTH_USER',
+ phpbb_request_interface::SERVER)
+ ->will($this->returnValue(true));
+ $this->request->expects($this->at(1))
+ ->method('server')
+ ->with('PHP_AUTH_USER')
+ ->will($this->returnValue('foobar'));
+ $this->request->expects($this->at(2))
+ ->method('server')
+ ->with('PHP_AUTH_PW')
+ ->will($this->returnValue('example'));
+
+ $expected = array(
+ 'status' => LOGIN_SUCCESS,
+ 'error_msg' => false,
+ 'user_row' => array(
+ 'user_id' => '1',
+ 'username' => 'foobar',
+ 'user_password' => '$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/',
+ 'user_passchg' => '0',
+ 'user_email' => 'example@example.com',
+ 'user_type' => '0',
+ ),
+ );
+
+ $this->assertEquals($expected, $this->provider->login($username, $password));
+ }
+
+ public function test_autologin()
+ {
+ $this->request->expects($this->once())
+ ->method('is_set')
+ ->with('PHP_AUTH_USER',
+ phpbb_request_interface::SERVER)
+ ->will($this->returnValue(true));
+ $this->request->expects($this->at(1))
+ ->method('server')
+ ->with('PHP_AUTH_USER')
+ ->will($this->returnValue('foobar'));
+ $this->request->expects($this->at(2))
+ ->method('server')
+ ->with('PHP_AUTH_PW')
+ ->will($this->returnValue('example'));
+
+ $expected = array(
+ 'user_id' => '1',
+ 'user_type' => '0',
+ 'group_id' => '3',
+ 'user_permissions' => '',
+ 'user_perm_from' => '0',
+ 'user_ip' => '',
+ 'user_regdate' => '0',
+ 'username' => 'foobar',
+ 'username_clean' => 'foobar',
+ 'user_password' => '$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/',
+ 'user_passchg' => '0',
+ 'user_pass_convert' => '0',
+ 'user_email' => 'example@example.com',
+ 'user_email_hash' => '0',
+ 'user_birthday' => '',
+ 'user_lastvisit' => '0',
+ 'user_lastmark' => '0',
+ 'user_lastpost_time' => '0',
+ 'user_lastpage' => '',
+ 'user_last_confirm_key' => '',
+ 'user_last_search' => '0',
+ 'user_warnings' => '0',
+ 'user_last_warning' => '0',
+ 'user_login_attempts' => '0',
+ 'user_inactive_reason' => '0',
+ 'user_inactive_time' => '0',
+ 'user_posts' => '0',
+ 'user_lang' => '',
+ 'user_timezone' => 'UTC',
+ 'user_dateformat' => 'd M Y H:i',
+ 'user_style' => '0',
+ 'user_rank' => '0',
+ 'user_colour' => '',
+ 'user_new_privmsg' => '0',
+ 'user_unread_privmsg' => '0',
+ 'user_last_privmsg' => '0',
+ 'user_message_rules' => '0',
+ 'user_full_folder' => '-3',
+ 'user_emailtime' => '0',
+ 'user_topic_show_days' => '0',
+ 'user_topic_sortby_type' => 't',
+ 'user_topic_sortby_dir' => 'd',
+ 'user_post_show_days' => '0',
+ 'user_post_sortby_type' => 't',
+ 'user_post_sortby_dir' => 'a',
+ 'user_notify' => '0',
+ 'user_notify_pm' => '1',
+ 'user_notify_type' => '0',
+ 'user_allow_pm' => '1',
+ 'user_allow_viewonline' => '1',
+ 'user_allow_viewemail' => '1',
+ 'user_allow_massemail' => '1',
+ 'user_options' => '230271',
+ 'user_avatar' => '',
+ 'user_avatar_type' => '',
+ 'user_avatar_width' => '0',
+ 'user_avatar_height' => '0',
+ 'user_sig' => '',
+ 'user_sig_bbcode_uid' => '',
+ 'user_sig_bbcode_bitfield' => '',
+ 'user_from' => '',
+ 'user_icq' => '',
+ 'user_aim' => '',
+ 'user_yim' => '',
+ 'user_msnm' => '',
+ 'user_jabber' => '',
+ 'user_website' => '',
+ 'user_occ' => '',
+ 'user_interests' => '',
+ 'user_actkey' => '',
+ 'user_newpasswd' => '',
+ 'user_form_salt' => '',
+ 'user_new' => '1',
+ 'user_reminded' => '0',
+ 'user_reminded_time' => '0',
+ );
+
+ $this->assertEquals($expected, $this->provider->autologin());
+ }
+
+ public function test_validate_session()
+ {
+ $user = array(
+ 'username' => 'foobar',
+ 'user_type'
+ );
+ $this->request->expects($this->once())
+ ->method('is_set')
+ ->with('PHP_AUTH_USER',
+ phpbb_request_interface::SERVER)
+ ->will($this->returnValue(true));
+ $this->request->expects($this->once())
+ ->method('server')
+ ->with('PHP_AUTH_USER')
+ ->will($this->returnValue('foobar'));
+
+ $this->assertTrue($this->provider->validate_session($user));
+ }
+}
diff --git a/tests/auth/provider_db_test.php b/tests/auth/provider_db_test.php
new file mode 100644
index 0000000000..d876683f84
--- /dev/null
+++ b/tests/auth/provider_db_test.php
@@ -0,0 +1,50 @@
+createXMLDataSet(dirname(__FILE__).'/fixtures/user.xml');
+ }
+
+ public function test_login()
+ {
+ global $phpbb_root_path, $phpEx;
+
+ $db = $this->new_dbal();
+ $config = new phpbb_config(array(
+ 'ip_login_limit_max' => 0,
+ 'ip_login_limit_use_forwarded' => 0,
+ 'max_login_attempts' => 0,
+ ));
+ $request = $this->getMock('phpbb_request');
+ $user = $this->getMock('phpbb_user');
+ $provider = new phpbb_auth_provider_db($db, $config, $request, $user, $phpbb_root_path, $phpEx);
+
+ $expected = array(
+ 'status' => LOGIN_SUCCESS,
+ 'error_msg' => false,
+ 'user_row' => array(
+ 'user_id' => '1',
+ 'username' => 'foobar',
+ 'user_password' => '$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/',
+ 'user_passchg' => '0',
+ 'user_pass_convert' => '0',
+ 'user_email' => 'example@example.com',
+ 'user_type' => '0',
+ 'user_login_attempts' => '0',
+ ),
+ );
+
+ $this->assertEquals($expected, $provider->login('foobar', 'example'));
+ }
+}
diff --git a/tests/functional/report_post_captcha.php b/tests/functional/report_post_captcha.php
new file mode 100644
index 0000000000..af713775c5
--- /dev/null
+++ b/tests/functional/report_post_captcha.php
@@ -0,0 +1,61 @@
+login();
+ $crawler = self::request('GET', 'report.php?f=2&p=1');
+ $this->assertNotContains($this->lang('CONFIRM_CODE'), $crawler->filter('html')->text());
+ }
+
+ public function test_guest_report_post()
+ {
+ $crawler = self::request('GET', 'report.php?f=2&p=1');
+ $this->add_lang('mcp');
+ $this->assertContains($this->lang('USER_CANNOT_REPORT'), $crawler->filter('html')->text());
+
+ $this->set_reporting_guest(1);
+ $crawler = self::request('GET', 'report.php?f=2&p=1');
+ $this->assertContains($this->lang('CONFIRM_CODE'), $crawler->filter('html')->text());
+ $this->set_reporting_guest(-1);
+ }
+
+ protected function set_reporting_guest($report_post_allowed)
+ {
+ $this->login();
+ $this->admin_login();
+
+ $crawler = self::request('GET', 'adm/index.php?i=permissions&icat=12&mode=setting_group_local&sid=' . $this->sid);
+ $form = $crawler->selectButton('Submit')->form();
+ $values = $form->getValues();
+ $values["group_id[0]"] = 1;
+ $form->setValues($values);
+ $crawler = self::submit($form);
+
+ $form = $crawler->selectButton('Submit')->form();
+ $values = $form->getValues();
+ $values["forum_id"] = 2;
+ $form->setValues($values);
+ $crawler = self::submit($form);
+
+ $this->add_lang('acp/permissions');
+ $form = $crawler->selectButton($this->lang('APPLY_ALL_PERMISSIONS'))->form();
+ $values = $form->getValues();
+ $values["setting[1][2][f_report]"] = $report_post_allowed;
+ $form->setValues($values);
+ $crawler = self::submit($form);
+
+ $crawler = self::request('GET', 'ucp.php?mode=logout&sid=' . $this->sid);
+ }
+}
diff --git a/tests/session/continue_test.php b/tests/session/continue_test.php
index ad78d92299..e5a7f7a4a1 100644
--- a/tests/session/continue_test.php
+++ b/tests/session/continue_test.php
@@ -53,7 +53,20 @@ class phpbb_session_continue_test extends phpbb_database_test_case
*/
public function test_session_begin_valid_session($session_id, $user_id, $user_agent, $ip, $expected_sessions, $expected_cookies, $message)
{
+ global $phpbb_container, $phpbb_root_path, $phpEx;
+
$db = $this->new_dbal();
+ $config = new phpbb_config(array());
+ $request = $this->getMock('phpbb_request');
+ $user = $this->getMock('phpbb_user');
+
+ $auth_provider = new phpbb_auth_provider_db($db, $config, $request, $user, $phpbb_root_path, $phpEx);
+ $phpbb_container = $this->getMock('Symfony\Component\DependencyInjection\ContainerInterface');
+ $phpbb_container->expects($this->any())
+ ->method('get')
+ ->with('auth.provider.db')
+ ->will($this->returnValue($auth_provider));
+
$session_factory = new phpbb_session_testable_factory;
$session_factory->set_cookies(array(
'_sid' => $session_id,
diff --git a/tests/session/creation_test.php b/tests/session/creation_test.php
index 6e61f085a6..fde76d6b06 100644
--- a/tests/session/creation_test.php
+++ b/tests/session/creation_test.php
@@ -20,7 +20,20 @@ class phpbb_session_creation_test extends phpbb_database_test_case
public function test_login_session_create()
{
+ global $phpbb_container, $phpbb_root_path, $phpEx;
+
$db = $this->new_dbal();
+ $config = new phpbb_config(array());
+ $request = $this->getMock('phpbb_request');
+ $user = $this->getMock('phpbb_user');
+
+ $auth_provider = new phpbb_auth_provider_db($db, $config, $request, $user, $phpbb_root_path, $phpEx);
+ $phpbb_container = $this->getMock('Symfony\Component\DependencyInjection\ContainerInterface');
+ $phpbb_container->expects($this->any())
+ ->method('get')
+ ->with('auth.provider.db')
+ ->will($this->returnValue($auth_provider));
+
$session_factory = new phpbb_session_testable_factory;
$session = $session_factory->get_session($db);