From dccd605a420227a29c1b2ece7d8ab964e05900d8 Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Tue, 28 May 2013 19:07:28 -0700 Subject: [PATCH 01/63] [ticket/11577] Correct over-sized Topic Rows Fixes a change made in PR 1331 that oversized topic rows. Icons in topic rows, in Prosilver, are only 27px high, so we do not need a min-height as high as 40px. Setting it to 30px is more conservative and reclaims the original height of topic rows from before PR 1331. http://tracker.phpbb.com/browse/PHPBB3-11577 PHPBB3-11577 --- phpBB/styles/prosilver/theme/content.css | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/styles/prosilver/theme/content.css b/phpBB/styles/prosilver/theme/content.css index b6db4c7230..5f58addb54 100644 --- a/phpBB/styles/prosilver/theme/content.css +++ b/phpBB/styles/prosilver/theme/content.css @@ -159,7 +159,7 @@ dl.icon dt .list-inner { } dl.icon dt, dl.icon dd { - min-height: 40px; + min-height: 30px; } dd.posts, dd.topics, dd.views, dd.extra, dd.mark { From e2c049c997c1829f4f71100bdbdbba9bf72b8868 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Mon, 17 Jun 2013 16:11:23 -0400 Subject: [PATCH 02/63] [feature/auth-refactor] Provider Interface Skeleton Creates a skeleton of the authentication provider interface. PHPBB3-9734 --- phpBB/includes/auth/provider_interface.php | 32 ++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 phpBB/includes/auth/provider_interface.php diff --git a/phpBB/includes/auth/provider_interface.php b/phpBB/includes/auth/provider_interface.php new file mode 100644 index 0000000000..ac7bb311a3 --- /dev/null +++ b/phpBB/includes/auth/provider_interface.php @@ -0,0 +1,32 @@ + Date: Mon, 17 Jun 2013 16:35:06 -0400 Subject: [PATCH 03/63] [feature/auth-refactor] Auth Apache Provider Skeleton Creates a skeleton for Apache based authentication using the phpbb_auth_provider_interface named phpbb_auth_provider_apache. This brings over all code in auth_apache.php verbatim complete with all global variables currently in use. PHPBB3-9734 --- phpBB/includes/auth/provider_apache.php | 265 ++++++++++++++++++++++++ 1 file changed, 265 insertions(+) create mode 100644 phpBB/includes/auth/provider_apache.php diff --git a/phpBB/includes/auth/provider_apache.php b/phpBB/includes/auth/provider_apache.php new file mode 100644 index 0000000000..ca3bf41560 --- /dev/null +++ b/phpBB/includes/auth/provider_apache.php @@ -0,0 +1,265 @@ +is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $user->data['username'] !== htmlspecialchars_decode($request->server('PHP_AUTH_USER'))) + { + return $user->lang['APACHE_SETUP_BEFORE_USE']; + } + return false; + } + + /** + * Login function + */ + public function login(&$username, &$password) + { + global $db, $request; + + // do not allow empty password + if (!$password) + { + return array( + 'status' => LOGIN_ERROR_PASSWORD, + 'error_msg' => 'NO_PASSWORD_SUPPLIED', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + if (!$username) + { + return array( + 'status' => LOGIN_ERROR_USERNAME, + 'error_msg' => 'LOGIN_ERROR_USERNAME', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) + { + return array( + 'status' => LOGIN_ERROR_EXTERNAL_AUTH, + 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + $php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER')); + $php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW')); + + if (!empty($php_auth_user) && !empty($php_auth_pw)) + { + if ($php_auth_user !== $username) + { + return array( + 'status' => LOGIN_ERROR_USERNAME, + 'error_msg' => 'LOGIN_ERROR_USERNAME', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type + FROM ' . USERS_TABLE . " + WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if ($row) + { + // User inactive... + if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) + { + return array( + 'status' => LOGIN_ERROR_ACTIVE, + 'error_msg' => 'ACTIVE_ERROR', + 'user_row' => $row, + ); + } + + // Successful login... + return array( + 'status' => LOGIN_SUCCESS, + 'error_msg' => false, + 'user_row' => $row, + ); + } + + // this is the user's first login so create an empty profile + return array( + 'status' => LOGIN_SUCCESS_CREATE_PROFILE, + 'error_msg' => false, + 'user_row' => user_row_apache($php_auth_user, $php_auth_pw), + ); + } + + // Not logged into apache + return array( + 'status' => LOGIN_ERROR_EXTERNAL_AUTH, + 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + /** + * Autologin function + * + * @return array containing the user row or empty if no auto login should + * take place + */ + public function autologin() + { + global $db, $request; + + if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) + { + return array(); + } + + $php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER')); + $php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW')); + + if (!empty($php_auth_user) && !empty($php_auth_pw)) + { + set_var($php_auth_user, $php_auth_user, 'string', true); + set_var($php_auth_pw, $php_auth_pw, 'string', true); + + $sql = 'SELECT * + FROM ' . USERS_TABLE . " + WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if ($row) + { + return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row; + } + + if (!function_exists('user_add')) + { + global $phpbb_root_path, $phpEx; + + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } + + // create the user if he does not exist yet + user_add(user_row_apache($php_auth_user, $php_auth_pw)); + + $sql = 'SELECT * + FROM ' . USERS_TABLE . " + WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($php_auth_user)) . "'"; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if ($row) + { + return $row; + } + } + + return array(); + } + + /** + * This function generates an array which can be passed to the user_add + * function in order to create a user + * + * @param str $username The username of the new user. + * @param str $password The password of the new user. + * @return array Contains data that can be passed directly to + * the user_add function. + */ + private function user_row($username, $password) + { + global $db, $config, $user; + // first retrieve default group id + $sql = 'SELECT group_id + FROM ' . GROUPS_TABLE . " + WHERE group_name = '" . $db->sql_escape('REGISTERED') . "' + AND group_type = " . GROUP_SPECIAL; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if (!$row) + { + trigger_error('NO_GROUP'); + } + + // generate user account data + return array( + 'username' => $username, + 'user_password' => phpbb_hash($password), + 'user_email' => '', + 'group_id' => (int) $row['group_id'], + 'user_type' => USER_NORMAL, + 'user_ip' => $user->ip, + 'user_new' => ($config['new_member_post_limit']) ? 1 : 0, + ); + } + + /** + * The session validation function checks whether the user is still logged in + * + * @return boolean true if the given user is authenticated or false if + * the session should be closed + */ + public function validate_session(&$user) + { + global $request; + + // Check if PHP_AUTH_USER is set and handle this case + if ($request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) + { + $php_auth_user = $request->server('PHP_AUTH_USER'); + + return ($php_auth_user === $user['username']) ? true : false; + } + + // PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not) + if ($user['user_type'] == USER_IGNORE) + { + return true; + } + + return false; + } + + public function acp() + { + return; + } +} From 4917fd9ca7a372766ea1a2ec7d0726eba09d2fe1 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Mon, 17 Jun 2013 16:41:56 -0400 Subject: [PATCH 04/63] [feature/auth-refactor] Database Auth Provider Skeleton Creates a skeleton of the database auth provider from auth_db.php. The functions are copied verbatim complete with globals and any existing errors. PHPBB3-9734 --- phpBB/includes/auth/provider_db.php | 309 ++++++++++++++++++++++++++++ 1 file changed, 309 insertions(+) create mode 100644 phpBB/includes/auth/provider_db.php diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php new file mode 100644 index 0000000000..bba74fc2a3 --- /dev/null +++ b/phpBB/includes/auth/provider_db.php @@ -0,0 +1,309 @@ + status constant + * 'error_msg' => string + * 'user_row' => array + * ) + */ + public function login($username, $password, $ip = '', $browser = '', $forwarded_for = '') + { + global $db, $config; + global $request; + + // Auth plugins get the password untrimmed. + // For compatibility we trim() here. + $password = trim($password); + + // do not allow empty password + if (!$password) + { + return array( + 'status' => LOGIN_ERROR_PASSWORD, + 'error_msg' => 'NO_PASSWORD_SUPPLIED', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + if (!$username) + { + return array( + 'status' => LOGIN_ERROR_USERNAME, + 'error_msg' => 'LOGIN_ERROR_USERNAME', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + $username_clean = utf8_clean_string($username); + + $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts + FROM ' . USERS_TABLE . " + WHERE username_clean = '" . $db->sql_escape($username_clean) . "'"; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if (($ip && !$config['ip_login_limit_use_forwarded']) || + ($forwarded_for && $config['ip_login_limit_use_forwarded'])) + { + $sql = 'SELECT COUNT(*) AS attempts + FROM ' . LOGIN_ATTEMPT_TABLE . ' + WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']); + if ($config['ip_login_limit_use_forwarded']) + { + $sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($forwarded_for) . "'"; + } + else + { + $sql .= " AND attempt_ip = '" . $db->sql_escape($ip) . "' "; + } + + $result = $db->sql_query($sql); + $attempts = (int) $db->sql_fetchfield('attempts'); + $db->sql_freeresult($result); + + $attempt_data = array( + 'attempt_ip' => $ip, + 'attempt_browser' => trim(substr($browser, 0, 149)), + 'attempt_forwarded_for' => $forwarded_for, + 'attempt_time' => time(), + 'user_id' => ($row) ? (int) $row['user_id'] : 0, + 'username' => $username, + 'username_clean' => $username_clean, + ); + $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data); + $result = $db->sql_query($sql); + } + else + { + $attempts = 0; + } + + if (!$row) + { + if ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']) + { + return array( + 'status' => LOGIN_ERROR_ATTEMPTS, + 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + return array( + 'status' => LOGIN_ERROR_USERNAME, + 'error_msg' => 'LOGIN_ERROR_USERNAME', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + $show_captcha = ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) || + ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']); + + // If there are too much login attempts, we need to check for an confirm image + // Every auth module is able to define what to do by itself... + if ($show_captcha) + { + // Visual Confirmation handling + if (!class_exists('phpbb_captcha_factory', false)) + { + global $phpbb_root_path, $phpEx; + include ($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx); + } + + $captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']); + $captcha->init(CONFIRM_LOGIN); + $vc_response = $captcha->validate($row); + if ($vc_response) + { + return array( + 'status' => LOGIN_ERROR_ATTEMPTS, + 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', + 'user_row' => $row, + ); + } + else + { + $captcha->reset(); + } + + } + + // If the password convert flag is set we need to convert it + if ($row['user_pass_convert']) + { + // enable super globals to get literal value + // this is needed to prevent unicode normalization + $super_globals_disabled = $request->super_globals_disabled(); + if ($super_globals_disabled) + { + $request->enable_super_globals(); + } + + // in phpBB2 passwords were used exactly as they were sent, with addslashes applied + $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; + $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; + $password_new_format = $request->variable('password', '', true); + + if ($super_globals_disabled) + { + $request->disable_super_globals(); + } + + if ($password == $password_new_format) + { + if (!function_exists('utf8_to_cp1252')) + { + global $phpbb_root_path, $phpEx; + include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx); + } + + // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding + // plain md5 support left in for conversions from other systems. + if ((strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password']))) + || (strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password']))) + { + $hash = phpbb_hash($password_new_format); + + // Update the password in the users table to the new format and remove user_pass_convert flag + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_password = \'' . $db->sql_escape($hash) . '\', + user_pass_convert = 0 + WHERE user_id = ' . $row['user_id']; + $db->sql_query($sql); + + $row['user_pass_convert'] = 0; + $row['user_password'] = $hash; + } + else + { + // Although we weren't able to convert this password we have to + // increase login attempt count to make sure this cannot be exploited + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_login_attempts = user_login_attempts + 1 + WHERE user_id = ' . (int) $row['user_id'] . ' + AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; + $db->sql_query($sql); + + return array( + 'status' => LOGIN_ERROR_PASSWORD_CONVERT, + 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT', + 'user_row' => $row, + ); + } + } + } + + // Check password ... + if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password'])) + { + // Check for old password hash... + if (strlen($row['user_password']) == 32) + { + $hash = phpbb_hash($password); + + // Update the password in the users table to the new format + $sql = 'UPDATE ' . USERS_TABLE . " + SET user_password = '" . $db->sql_escape($hash) . "', + user_pass_convert = 0 + WHERE user_id = {$row['user_id']}"; + $db->sql_query($sql); + + $row['user_password'] = $hash; + } + + $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . ' + WHERE user_id = ' . $row['user_id']; + $db->sql_query($sql); + + if ($row['user_login_attempts'] != 0) + { + // Successful, reset login attempts (the user passed all stages) + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_login_attempts = 0 + WHERE user_id = ' . $row['user_id']; + $db->sql_query($sql); + } + + // User inactive... + if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) + { + return array( + 'status' => LOGIN_ERROR_ACTIVE, + 'error_msg' => 'ACTIVE_ERROR', + 'user_row' => $row, + ); + } + + // Successful login... set user_login_attempts to zero... + return array( + 'status' => LOGIN_SUCCESS, + 'error_msg' => false, + 'user_row' => $row, + ); + } + + // Password incorrect - increase login attempts + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_login_attempts = user_login_attempts + 1 + WHERE user_id = ' . (int) $row['user_id'] . ' + AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; + $db->sql_query($sql); + + // Give status about wrong password... + return array( + 'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD, + 'error_msg' => ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD', + 'user_row' => $row, + ); + } + + public function autologin() + { + return; + } + + public function acp() + { + return; + } +} From 817813034032b8e94079f195db097f2377ae9ac3 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Mon, 17 Jun 2013 16:50:01 -0400 Subject: [PATCH 05/63] [feature/auth-refactor] LDAP Auth Provider Skeleton Creates a ldap auth provider using code taken verbatim from auth_ldap.php. PHPBB3-9734 --- phpBB/includes/auth/provider_ldap.php | 358 ++++++++++++++++++++++++++ 1 file changed, 358 insertions(+) create mode 100644 phpBB/includes/auth/provider_ldap.php diff --git a/phpBB/includes/auth/provider_ldap.php b/phpBB/includes/auth/provider_ldap.php new file mode 100644 index 0000000000..fb2be5ae9d --- /dev/null +++ b/phpBB/includes/auth/provider_ldap.php @@ -0,0 +1,358 @@ +lang['LDAP_NO_LDAP_EXTENSION']; + } + + $config['ldap_port'] = (int) $config['ldap_port']; + if ($config['ldap_port']) + { + $ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']); + } + else + { + $ldap = @ldap_connect($config['ldap_server']); + } + + if (!$ldap) + { + return $user->lang['LDAP_NO_SERVER_CONNECTION']; + } + + @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); + @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + + if ($config['ldap_user'] || $config['ldap_password']) + { + if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password']))) + { + return $user->lang['LDAP_INCORRECT_USER_PASSWORD']; + } + } + + // ldap_connect only checks whether the specified server is valid, so the connection might still fail + $search = @ldap_search( + $ldap, + htmlspecialchars_decode($config['ldap_base_dn']), + ldap_user_filter($user->data['username']), + (empty($config['ldap_email'])) ? + array(htmlspecialchars_decode($config['ldap_uid'])) : + array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])), + 0, + 1 + ); + + if ($search === false) + { + return $user->lang['LDAP_SEARCH_FAILED']; + } + + $result = @ldap_get_entries($ldap, $search); + + @ldap_close($ldap); + + + if (!is_array($result) || sizeof($result) < 2) + { + return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']); + } + + if (!empty($config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($config['ldap_email'])])) + { + return $user->lang['LDAP_NO_EMAIL']; + } + + return false; + } + + /** + * Login function + */ + public function login(&$username, &$password) + { + global $db, $config, $user; + + // do not allow empty password + if (!$password) + { + return array( + 'status' => LOGIN_ERROR_PASSWORD, + 'error_msg' => 'NO_PASSWORD_SUPPLIED', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + if (!$username) + { + return array( + 'status' => LOGIN_ERROR_USERNAME, + 'error_msg' => 'LOGIN_ERROR_USERNAME', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + if (!@extension_loaded('ldap')) + { + return array( + 'status' => LOGIN_ERROR_EXTERNAL_AUTH, + 'error_msg' => 'LDAP_NO_LDAP_EXTENSION', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + $config['ldap_port'] = (int) $config['ldap_port']; + if ($config['ldap_port']) + { + $ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']); + } + else + { + $ldap = @ldap_connect($config['ldap_server']); + } + + if (!$ldap) + { + return array( + 'status' => LOGIN_ERROR_EXTERNAL_AUTH, + 'error_msg' => 'LDAP_NO_SERVER_CONNECTION', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); + @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + + if ($config['ldap_user'] || $config['ldap_password']) + { + if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password']))) + { + return array( + 'status' => LOGIN_ERROR_EXTERNAL_AUTH, + 'error_msg' => 'LDAP_NO_SERVER_CONNECTION', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + } + + $search = @ldap_search( + $ldap, + htmlspecialchars_decode($config['ldap_base_dn']), + ldap_user_filter($username), + (empty($config['ldap_email'])) ? + array(htmlspecialchars_decode($config['ldap_uid'])) : + array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])), + 0, + 1 + ); + + $ldap_result = @ldap_get_entries($ldap, $search); + + if (is_array($ldap_result) && sizeof($ldap_result) > 1) + { + if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password))) + { + @ldap_close($ldap); + + $sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type + FROM ' . USERS_TABLE . " + WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if ($row) + { + unset($ldap_result); + + // User inactive... + if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) + { + return array( + 'status' => LOGIN_ERROR_ACTIVE, + 'error_msg' => 'ACTIVE_ERROR', + 'user_row' => $row, + ); + } + + // Successful login... set user_login_attempts to zero... + return array( + 'status' => LOGIN_SUCCESS, + 'error_msg' => false, + 'user_row' => $row, + ); + } + else + { + // retrieve default group id + $sql = 'SELECT group_id + FROM ' . GROUPS_TABLE . " + WHERE group_name = '" . $db->sql_escape('REGISTERED') . "' + AND group_type = " . GROUP_SPECIAL; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if (!$row) + { + trigger_error('NO_GROUP'); + } + + // generate user account data + $ldap_user_row = array( + 'username' => $username, + 'user_password' => phpbb_hash($password), + 'user_email' => (!empty($config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($config['ldap_email'])][0]) : '', + 'group_id' => (int) $row['group_id'], + 'user_type' => USER_NORMAL, + 'user_ip' => $user->ip, + 'user_new' => ($config['new_member_post_limit']) ? 1 : 0, + ); + + unset($ldap_result); + + // this is the user's first login so create an empty profile + return array( + 'status' => LOGIN_SUCCESS_CREATE_PROFILE, + 'error_msg' => false, + 'user_row' => $ldap_user_row, + ); + } + } + else + { + unset($ldap_result); + @ldap_close($ldap); + + // Give status about wrong password... + return array( + 'status' => LOGIN_ERROR_PASSWORD, + 'error_msg' => 'LOGIN_ERROR_PASSWORD', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + } + + @ldap_close($ldap); + + return array( + 'status' => LOGIN_ERROR_USERNAME, + 'error_msg' => 'LOGIN_ERROR_USERNAME', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + public function autologin(); + + /** + * This function is used to output any required fields in the authentication + * admin panel. It also defines any required configuration table fields. + */ + public function acp(&$new) + { + global $user; + + $tpl = ' + +
+

' . $user->lang['LDAP_SERVER_EXPLAIN'] . '
+
+
+
+

' . $user->lang['LDAP_PORT_EXPLAIN'] . '
+
+
+
+

' . $user->lang['LDAP_DN_EXPLAIN'] . '
+
+
+
+

' . $user->lang['LDAP_UID_EXPLAIN'] . '
+
+
+
+

' . $user->lang['LDAP_USER_FILTER_EXPLAIN'] . '
+
+
+
+

' . $user->lang['LDAP_EMAIL_EXPLAIN'] . '
+
+
+
+

' . $user->lang['LDAP_USER_EXPLAIN'] . '
+
+
+
+

' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '
+
+
+ '; + + // These are fields required in the config table + return array( + 'tpl' => $tpl, + 'config' => array('ldap_server', 'ldap_port', 'ldap_base_dn', 'ldap_uid', 'ldap_user_filter', 'ldap_email', 'ldap_user', 'ldap_password') + ); + } + + /** + * Generates a filter string for ldap_search to find a user + * + * @param $username string Username identifying the searched user + * + * @return string A filter string for ldap_search + */ + public function user_filter($username) + { + global $config; + + $filter = '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')'; + if ($config['ldap_user_filter']) + { + $_filter = ($config['ldap_user_filter'][0] == '(' && substr($config['ldap_user_filter'], -1) == ')') ? $config['ldap_user_filter'] : "({$config['ldap_user_filter']})"; + $filter = "(&{$filter}{$_filter})"; + } + return $filter; + } + + /** + * Escapes an LDAP AttributeValue + */ + public function escape($string) + { + return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string); + } +} From e64abea999f68b248cfe41ab22ac60abc9e2951f Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 18 Jun 2013 15:17:14 -0400 Subject: [PATCH 06/63] [feature/auth-refactor] Document the provider interface Provides basic documentation of the auth_provideR_interface. Changes the login method to login($username, $password) for consistency with the providers. acp() is not fully documented. It appears that it is meant to return an array of some sort and take in a variable by reference. PHPBB3-9734 --- phpBB/includes/auth/provider_interface.php | 32 +++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/phpBB/includes/auth/provider_interface.php b/phpBB/includes/auth/provider_interface.php index ac7bb311a3..8d966d8b3e 100644 --- a/phpBB/includes/auth/provider_interface.php +++ b/phpBB/includes/auth/provider_interface.php @@ -22,11 +22,41 @@ if (!defined('IN_PHPBB')) */ class phpbb_auth_provider_interface { + /** + * Checks whether the user is currently identified to the authentication + * provider. + * Called in acp_board while setting authentication plugins. + * + * @return boolean|string False if the user is identified, otherwise an + * error message. + */ public function init(); - public function login(); + /** + * Performs login. + * + * @param $username string The name of the user being authenticated. + * @param $password string The password of the user. + * @return array An associative array of the format: + * array( + * 'status' => status constant + * 'error_msg' => string + * 'user_row' => array + * ) + */ + public function login($username, $password); + /** + * Autologin function + * + * @return array containing the user row or empty if no auto login should + * take place + */ public function autologin(); + /** + * This function is used to output any required fields in the authentication + * admin panel. It also defines any required configuration table fields. + */ public function acp(); } From db27a8c67a9730384a912298a85a7bf38e506d7d Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 18 Jun 2013 15:32:18 -0400 Subject: [PATCH 07/63] [feature/auth-refactor] Fix comment block indentation Comment block indentation was off by one space on the provider_* files due to being incorrectly copied over from the auth_* files. PHPBB3-9734 --- phpBB/includes/auth/provider_apache.php | 52 ++++++++++++------------- phpBB/includes/auth/provider_db.php | 30 +++++++------- phpBB/includes/auth/provider_ldap.php | 34 ++++++++-------- 3 files changed, 58 insertions(+), 58 deletions(-) diff --git a/phpBB/includes/auth/provider_apache.php b/phpBB/includes/auth/provider_apache.php index ca3bf41560..bb25e502a6 100644 --- a/phpBB/includes/auth/provider_apache.php +++ b/phpBB/includes/auth/provider_apache.php @@ -23,12 +23,12 @@ if (!defined('IN_PHPBB')) class phpbb_auth_provider_apache implements phpbb_auth_provider_interface { /** - * Checks whether the user is identified to apache - * Only allow changing authentication to apache if the user is identified - * Called in acp_board while setting authentication plugins - * - * @return boolean|string false if the user is identified and else an error message - */ + * Checks whether the user is identified to apache + * Only allow changing authentication to apache if the user is identified + * Called in acp_board while setting authentication plugins + * + * @return boolean|string false if the user is identified and else an error message + */ public function init() { global $user, $request; @@ -41,8 +41,8 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface } /** - * Login function - */ + * Login function + */ public function login(&$username, &$password) { global $db, $request; @@ -133,11 +133,11 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface } /** - * Autologin function - * - * @return array containing the user row or empty if no auto login should - * take place - */ + * Autologin function + * + * @return array containing the user row or empty if no auto login should + * take place + */ public function autologin() { global $db, $request; @@ -194,14 +194,14 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface } /** - * This function generates an array which can be passed to the user_add - * function in order to create a user - * - * @param str $username The username of the new user. - * @param str $password The password of the new user. - * @return array Contains data that can be passed directly to - * the user_add function. - */ + * This function generates an array which can be passed to the user_add + * function in order to create a user + * + * @param str $username The username of the new user. + * @param str $password The password of the new user. + * @return array Contains data that can be passed directly to + * the user_add function. + */ private function user_row($username, $password) { global $db, $config, $user; @@ -232,11 +232,11 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface } /** - * The session validation function checks whether the user is still logged in - * - * @return boolean true if the given user is authenticated or false if - * the session should be closed - */ + * The session validation function checks whether the user is still logged in + * + * @return boolean true if the given user is authenticated or false if + * the session should be closed + */ public function validate_session(&$user) { global $request; diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php index bba74fc2a3..c55837c685 100644 --- a/phpBB/includes/auth/provider_db.php +++ b/phpBB/includes/auth/provider_db.php @@ -30,21 +30,21 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface } /** - * Login function - * - * @param string $username - * @param string $password - * @param string $ip IP address the login is taking place from. Used to - * limit the number of login attempts per IP address. - * @param string $browser The user agent used to login - * @param string $forwarded_for X_FORWARDED_FOR header sent with login request - * @return array A associative array of the format - * array( - * 'status' => status constant - * 'error_msg' => string - * 'user_row' => array - * ) - */ + * Login function + * + * @param string $username + * @param string $password + * @param string $ip IP address the login is taking place from. Used to + * limit the number of login attempts per IP address. + * @param string $browser The user agent used to login + * @param string $forwarded_for X_FORWARDED_FOR header sent with login request + * @return array A associative array of the format + * array( + * 'status' => status constant + * 'error_msg' => string + * 'user_row' => array + * ) + */ public function login($username, $password, $ip = '', $browser = '', $forwarded_for = '') { global $db, $config; diff --git a/phpBB/includes/auth/provider_ldap.php b/phpBB/includes/auth/provider_ldap.php index fb2be5ae9d..3c54ba212c 100644 --- a/phpBB/includes/auth/provider_ldap.php +++ b/phpBB/includes/auth/provider_ldap.php @@ -25,10 +25,10 @@ if (!defined('IN_PHPBB')) class phpbb_auth_provider_db implements phpbb_auth_provider_interface { /** - * Connect to ldap server - * Only allow changing authentication to ldap if we can connect to the ldap server - * Called in acp_board while setting authentication plugins - */ + * Connect to ldap server + * Only allow changing authentication to ldap if we can connect to the ldap server + * Called in acp_board while setting authentication plugins + */ public function init() { global $config, $user; @@ -100,8 +100,8 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface } /** - * Login function - */ + * Login function + */ public function login(&$username, &$password) { global $db, $config, $user; @@ -278,9 +278,9 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface public function autologin(); /** - * This function is used to output any required fields in the authentication - * admin panel. It also defines any required configuration table fields. - */ + * This function is used to output any required fields in the authentication + * admin panel. It also defines any required configuration table fields. + */ public function acp(&$new) { global $user; @@ -329,12 +329,12 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface } /** - * Generates a filter string for ldap_search to find a user - * - * @param $username string Username identifying the searched user - * - * @return string A filter string for ldap_search - */ + * Generates a filter string for ldap_search to find a user + * + * @param $username string Username identifying the searched user + * + * @return string A filter string for ldap_search + */ public function user_filter($username) { global $config; @@ -349,8 +349,8 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface } /** - * Escapes an LDAP AttributeValue - */ + * Escapes an LDAP AttributeValue + */ public function escape($string) { return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string); From 57689948e252ef3240b2c20be95923d6a0635ca9 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 18 Jun 2013 15:39:51 -0400 Subject: [PATCH 08/63] [feature/auth-refactor] Make Apache consistent with interface Makes the provider_apache consistent with the provider_interface by removing the pass-by-reference of $username and $password. PHPBB3-9734 --- phpBB/includes/auth/provider_apache.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/includes/auth/provider_apache.php b/phpBB/includes/auth/provider_apache.php index bb25e502a6..01aa9400fd 100644 --- a/phpBB/includes/auth/provider_apache.php +++ b/phpBB/includes/auth/provider_apache.php @@ -43,7 +43,7 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface /** * Login function */ - public function login(&$username, &$password) + public function login($username, $password) { global $db, $request; From 204c640c773e707845859d103b74d64596de402d Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 18 Jun 2013 15:57:31 -0400 Subject: [PATCH 09/63] [feature/auth-refactor] Make LDAP consistent with interface Makes the provider_ldap consistent with the provider_interface except for the acp() method which has not yet been finalized. Renames phpbb_auth_provider_ldap::user_filter to phpbb_auth_provider_ldap::ldap_user_filter to maintain the original name of the function from auth_ldap. PHPBB3-9734 --- phpBB/includes/auth/provider_ldap.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/phpBB/includes/auth/provider_ldap.php b/phpBB/includes/auth/provider_ldap.php index 3c54ba212c..3636c7ae6d 100644 --- a/phpBB/includes/auth/provider_ldap.php +++ b/phpBB/includes/auth/provider_ldap.php @@ -68,7 +68,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface $search = @ldap_search( $ldap, htmlspecialchars_decode($config['ldap_base_dn']), - ldap_user_filter($user->data['username']), + $this->ldap_user_filter($user->data['username']), (empty($config['ldap_email'])) ? array(htmlspecialchars_decode($config['ldap_uid'])) : array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])), @@ -102,7 +102,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface /** * Login function */ - public function login(&$username, &$password) + public function login($username, $password) { global $db, $config, $user; @@ -171,7 +171,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface $search = @ldap_search( $ldap, htmlspecialchars_decode($config['ldap_base_dn']), - ldap_user_filter($username), + $this->ldap_user_filter($username), (empty($config['ldap_email'])) ? array(htmlspecialchars_decode($config['ldap_uid'])) : array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])), @@ -275,7 +275,10 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface ); } - public function autologin(); + public function autologin() + { + return; + } /** * This function is used to output any required fields in the authentication @@ -335,7 +338,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface * * @return string A filter string for ldap_search */ - public function user_filter($username) + public function ldap_user_filter($username) { global $config; From 0432c3273992cf44b711fad92d442c81016a96c1 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 18 Jun 2013 16:07:23 -0400 Subject: [PATCH 10/63] [feature/auth-refactor] Make DB auth consistent with interface Makes provider_db consistent with provider_interface. Removes $ip, $browser, and $forwarded_for from the arguments of phpbb_auth_provider_db::login() as these are provided by the global variable $user. PHPBB3-9734 --- phpBB/includes/auth/provider_db.php | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php index c55837c685..9e865f4b5b 100644 --- a/phpBB/includes/auth/provider_db.php +++ b/phpBB/includes/auth/provider_db.php @@ -34,10 +34,6 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface * * @param string $username * @param string $password - * @param string $ip IP address the login is taking place from. Used to - * limit the number of login attempts per IP address. - * @param string $browser The user agent used to login - * @param string $forwarded_for X_FORWARDED_FOR header sent with login request * @return array A associative array of the format * array( * 'status' => status constant @@ -45,10 +41,10 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface * 'user_row' => array * ) */ - public function login($username, $password, $ip = '', $browser = '', $forwarded_for = '') + public function login($username, $password) { global $db, $config; - global $request; + global $request, $user; // Auth plugins get the password untrimmed. // For compatibility we trim() here. @@ -82,19 +78,19 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); - if (($ip && !$config['ip_login_limit_use_forwarded']) || - ($forwarded_for && $config['ip_login_limit_use_forwarded'])) + if (($user->ip && !$config['ip_login_limit_use_forwarded']) || + ($user->forwarded_for && $config['ip_login_limit_use_forwarded'])) { $sql = 'SELECT COUNT(*) AS attempts FROM ' . LOGIN_ATTEMPT_TABLE . ' WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']); if ($config['ip_login_limit_use_forwarded']) { - $sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($forwarded_for) . "'"; + $sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($user->forwarded_for) . "'"; } else { - $sql .= " AND attempt_ip = '" . $db->sql_escape($ip) . "' "; + $sql .= " AND attempt_ip = '" . $db->sql_escape($user->ip) . "' "; } $result = $db->sql_query($sql); @@ -102,9 +98,9 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface $db->sql_freeresult($result); $attempt_data = array( - 'attempt_ip' => $ip, - 'attempt_browser' => trim(substr($browser, 0, 149)), - 'attempt_forwarded_for' => $forwarded_for, + 'attempt_ip' => $user->ip, + 'attempt_browser' => trim(substr($user->browser, 0, 149)), + 'attempt_forwarded_for' => $user->forwarded_for, 'attempt_time' => time(), 'user_id' => ($row) ? (int) $row['user_id'] : 0, 'username' => $username, From ffed3d109e25756c4de2116b09d34c4c92d9b61c Mon Sep 17 00:00:00 2001 From: Dhruv Date: Sat, 20 Apr 2013 19:26:01 +0530 Subject: [PATCH 11/63] [ticket/11437] avoid $start becoming negative when no search results are found When search returns no results there is no need to go inside the if statement. Since $result_count becomes zero, $start becomes negative which leads to failed assertion. PHPBB3-11437 --- phpBB/includes/search/fulltext_sphinx.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/includes/search/fulltext_sphinx.php b/phpBB/includes/search/fulltext_sphinx.php index 63e35eb4af..889324bbda 100644 --- a/phpBB/includes/search/fulltext_sphinx.php +++ b/phpBB/includes/search/fulltext_sphinx.php @@ -611,7 +611,7 @@ class phpbb_search_fulltext_sphinx $result_count = $result['total_found']; - if ($start >= $result_count) + if ($result_count && $start >= $result_count) { $start = floor(($result_count - 1) / $per_page) * $per_page; From 7bdab205a13380242ef2469d192abc22b48010d8 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 18 Jun 2013 16:55:35 -0400 Subject: [PATCH 12/63] [feature/auth-refactor] Refactor login to use new interface Refactors auth.php to use the provider_interface during login. PHPBB-9734 --- phpBB/includes/auth/auth.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/phpBB/includes/auth/auth.php b/phpBB/includes/auth/auth.php index 2535247571..009e621e13 100644 --- a/phpBB/includes/auth/auth.php +++ b/phpBB/includes/auth/auth.php @@ -932,10 +932,11 @@ class phpbb_auth $method = trim(basename($config['auth_method'])); include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); - $method = 'login_' . $method; - if (function_exists($method)) + $class = 'phpbb_auth_provider_' . $method; + if (class_exists($class)) { - $login = $method($username, $password, $user->ip, $user->browser, $user->forwarded_for); + $provider = new $class(); + $login = $provider->login($username, $password); // If the auth module wants us to create an empty profile do so and then treat the status as LOGIN_SUCCESS if ($login['status'] == LOGIN_SUCCESS_CREATE_PROFILE) From 553c300688818c36acc4d579762b3eb428d27321 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Wed, 19 Jun 2013 14:20:29 -0400 Subject: [PATCH 13/63] [feature/auth-refactor] Fix typos causing changes to not work Replaces short tags with long tags. Fixes the interface to be an interface and not class in the file. Removes unnecessary include_once from auth.php. PHPBB-9734 --- phpBB/includes/auth/auth.php | 1 - phpBB/includes/auth/provider_apache.php | 2 +- phpBB/includes/auth/provider_db.php | 2 +- phpBB/includes/auth/provider_interface.php | 4 ++-- phpBB/includes/auth/provider_ldap.php | 2 +- 5 files changed, 5 insertions(+), 6 deletions(-) diff --git a/phpBB/includes/auth/auth.php b/phpBB/includes/auth/auth.php index 009e621e13..ab84619977 100644 --- a/phpBB/includes/auth/auth.php +++ b/phpBB/includes/auth/auth.php @@ -930,7 +930,6 @@ class phpbb_auth global $config, $db, $user, $phpbb_root_path, $phpEx; $method = trim(basename($config['auth_method'])); - include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); $class = 'phpbb_auth_provider_' . $method; if (class_exists($class)) diff --git a/phpBB/includes/auth/provider_apache.php b/phpBB/includes/auth/provider_apache.php index 01aa9400fd..a923fb4265 100644 --- a/phpBB/includes/auth/provider_apache.php +++ b/phpBB/includes/auth/provider_apache.php @@ -1,4 +1,4 @@ - Date: Wed, 19 Jun 2013 14:57:11 -0400 Subject: [PATCH 14/63] [feature/auth-refactor] Refactor acp_board for new auth interface Partially refactors acp_board for the new authentication interface. Leaves some questionable if statements in the file. Modifies the interface to correctly impletment the acp() method. Modifies each provider to comply with the above mentioned interface modification. PHPBB3-9734 --- phpBB/includes/acp/acp_board.php | 35 +++++++++++----------- phpBB/includes/auth/provider_apache.php | 2 +- phpBB/includes/auth/provider_db.php | 2 +- phpBB/includes/auth/provider_interface.php | 2 +- phpBB/includes/auth/provider_ldap.php | 4 +-- 5 files changed, 22 insertions(+), 23 deletions(-) diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 6881e03fdb..9407d81575 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -530,9 +530,9 @@ class acp_board { while (($file = readdir($dp)) !== false) { - if (preg_match('#^auth_(.*?)\.' . $phpEx . '$#', $file)) + if (preg_match('#^provider_(.*?)\.' . $phpEx . '$#', $file) && !preg_match('#^provider_interface\.' . $phpEx . '$#', $file)) { - $auth_plugins[] = basename(preg_replace('#^auth_(.*?)\.' . $phpEx . '$#', '\1', $file)); + $auth_plugins[] = basename(preg_replace('#^provider_(.*?)\.' . $phpEx . '$#', '\1', $file)); } } closedir($dp); @@ -544,14 +544,13 @@ class acp_board $old_auth_config = array(); foreach ($auth_plugins as $method) { - if ($method && file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx)) + if ($method) { - include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); - - $method = 'acp_' . $method; - if (function_exists($method)) + $class = 'phpbb_auth_provider_' . $method; + if (class_exists($class)) { - if ($fields = $method($this->new_config)) + $provider = new $class(); + if ($fields = $provider->acp($this->new_config)) { // Check if we need to create config fields for this plugin and save config when submit was pressed foreach ($fields['config'] as $field) @@ -585,14 +584,13 @@ class acp_board if ($submit && (($cfg_array['auth_method'] != $this->new_config['auth_method']) || $updated_auth_settings)) { $method = basename($cfg_array['auth_method']); - if ($method && in_array($method, $auth_plugins)) + if ($method) { - include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); - - $method = 'init_' . $method; - if (function_exists($method)) + $class = 'phpbb_auth_provider_' . $method; + if (class_exists($class)) { - if ($error = $method()) + $provider = new $class(); + if ($error = $provider->init()) { foreach ($old_auth_config as $config_name => $config_value) { @@ -685,12 +683,13 @@ class acp_board foreach ($auth_plugins as $method) { - if ($method && file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx)) + if ($method) { - $method = 'acp_' . $method; - if (function_exists($method)) + $class = 'phpbb_auth_provider_' . $method; + if (class_exists($class)) { - $fields = $method($this->new_config); + $provider = new $class(); + $fields = $provider->acp($this->new_config); if ($fields['tpl']) { diff --git a/phpBB/includes/auth/provider_apache.php b/phpBB/includes/auth/provider_apache.php index a923fb4265..2d26b85877 100644 --- a/phpBB/includes/auth/provider_apache.php +++ b/phpBB/includes/auth/provider_apache.php @@ -258,7 +258,7 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface return false; } - public function acp() + public function acp($new) { return; } diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php index 60ea105236..df935fcd73 100644 --- a/phpBB/includes/auth/provider_db.php +++ b/phpBB/includes/auth/provider_db.php @@ -298,7 +298,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface return; } - public function acp() + public function acp($new) { return; } diff --git a/phpBB/includes/auth/provider_interface.php b/phpBB/includes/auth/provider_interface.php index 3dd1dba9be..a789dccce7 100644 --- a/phpBB/includes/auth/provider_interface.php +++ b/phpBB/includes/auth/provider_interface.php @@ -58,5 +58,5 @@ interface phpbb_auth_provider_interface * This function is used to output any required fields in the authentication * admin panel. It also defines any required configuration table fields. */ - public function acp(); + public function acp($new); } diff --git a/phpBB/includes/auth/provider_ldap.php b/phpBB/includes/auth/provider_ldap.php index 4d0e68233b..c1f5b3e186 100644 --- a/phpBB/includes/auth/provider_ldap.php +++ b/phpBB/includes/auth/provider_ldap.php @@ -22,7 +22,7 @@ if (!defined('IN_PHPBB')) * * @package auth */ -class phpbb_auth_provider_db implements phpbb_auth_provider_interface +class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface { /** * Connect to ldap server @@ -284,7 +284,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface * This function is used to output any required fields in the authentication * admin panel. It also defines any required configuration table fields. */ - public function acp(&$new) + public function acp($new) { global $user; From f4def220ce00a6be06857d5bd9f164473c0411c4 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Wed, 19 Jun 2013 15:12:00 -0400 Subject: [PATCH 15/63] [feature/auth-refactor] Refactor session for new auth interface Refactors phpbb_session to use the new auth interface. PHPBB3-9734 --- phpBB/includes/session.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 6bc71da0c1..85ca8abf3d 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -568,12 +568,12 @@ class phpbb_session } $method = basename(trim($config['auth_method'])); - include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); - $method = 'autologin_' . $method; - if (function_exists($method)) + $class = 'phpbb_auth_provider_' . $method; + if (class_exists($class)) { - $this->data = $method(); + $provider = new $class(); + $this->data = $class->autologin(); if (sizeof($this->data)) { From 8214e6e8377b0858092e48aba3ba2a01994be47f Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Wed, 19 Jun 2013 15:32:20 -0400 Subject: [PATCH 16/63] [feature/auth-refactor] Finish refactoring auth plugins I believe that this commit should have final minimal changes needed to replace the old auth plugins with the refactored auth plugins. Added a few more elements to the interface based on the old auth plugins. Documentation is not complete and need works on these new elements. PHPBB3-9734 --- phpBB/includes/auth/provider_apache.php | 7 ++++++- phpBB/includes/auth/provider_db.php | 10 ++++++++++ phpBB/includes/auth/provider_interface.php | 19 +++++++++++++++++++ phpBB/includes/auth/provider_ldap.php | 10 ++++++++++ phpBB/includes/session.php | 19 ++++++++++--------- 5 files changed, 55 insertions(+), 10 deletions(-) diff --git a/phpBB/includes/auth/provider_apache.php b/phpBB/includes/auth/provider_apache.php index 2d26b85877..2ba76e26a9 100644 --- a/phpBB/includes/auth/provider_apache.php +++ b/phpBB/includes/auth/provider_apache.php @@ -237,7 +237,7 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface * @return boolean true if the given user is authenticated or false if * the session should be closed */ - public function validate_session(&$user) + public function validate_session($user) { global $request; @@ -262,4 +262,9 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface { return; } + + public function logout($data, $new_session) + { + return; + } } diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php index df935fcd73..e24e701911 100644 --- a/phpBB/includes/auth/provider_db.php +++ b/phpBB/includes/auth/provider_db.php @@ -302,4 +302,14 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface { return; } + + public function logout($data, $new_session) + { + return; + } + + public function validate_session($user) + { + return; + } } diff --git a/phpBB/includes/auth/provider_interface.php b/phpBB/includes/auth/provider_interface.php index a789dccce7..534f198c21 100644 --- a/phpBB/includes/auth/provider_interface.php +++ b/phpBB/includes/auth/provider_interface.php @@ -57,6 +57,25 @@ interface phpbb_auth_provider_interface /** * This function is used to output any required fields in the authentication * admin panel. It also defines any required configuration table fields. + * + * @param type $new */ public function acp($new); + + /** + * Special logout function. + * + * @param type $data + * @param type $new_session + */ + public function logout($data, $new_session); + + /** + * The session validation function checks whether the user is still logged in. + * + * @param type $user + * @return boolean true if the given user is authenticated, false if the + * session should be closed, or null if not implemented. + */ + public function validate_session($user); } diff --git a/phpBB/includes/auth/provider_ldap.php b/phpBB/includes/auth/provider_ldap.php index c1f5b3e186..8270f50440 100644 --- a/phpBB/includes/auth/provider_ldap.php +++ b/phpBB/includes/auth/provider_ldap.php @@ -358,4 +358,14 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface { return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string); } + + public function logout($data, $new_session) + { + return; + } + + public function validate_session($user) + { + return; + } } diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 85ca8abf3d..f12ba1329c 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -402,12 +402,13 @@ class phpbb_session // Check whether the session is still valid if we have one $method = basename(trim($config['auth_method'])); - include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); - $method = 'validate_session_' . $method; - if (function_exists($method)) + $class = 'phpbb_auth_provider_' . $method; + if (class_exists($class)) { - if (!$method($this->data)) + $provider = new $class(); + $ret = $provider->validate_session($this->data); + if ($ret !== null && !$ret) { $session_expired = true; } @@ -573,7 +574,7 @@ class phpbb_session if (class_exists($class)) { $provider = new $class(); - $this->data = $class->autologin(); + $this->data = $provider->autologin(); if (sizeof($this->data)) { @@ -893,12 +894,12 @@ class phpbb_session // Allow connecting logout with external auth method logout $method = basename(trim($config['auth_method'])); - include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); - $method = 'logout_' . $method; - if (function_exists($method)) + $class = 'phpbb_auth_provider_' . $method; + if (class_exists($class)) { - $method($this->data, $new_session); + $provider = new $class(); + $provider->logout($this->data, $new_session); } if ($this->data['user_id'] != ANONYMOUS) From 0633666e2b5e39a7ebf7d2a68dc4c1b4dbbc0db1 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Thu, 20 Jun 2013 16:46:25 -0400 Subject: [PATCH 17/63] [feature/auth-refactor] Fix LDAP conversion error I messed up when converting over auth_ldap this commit fixes that error. I have not been able to extensively test ldap due to not having ldap set up on this computer yet. Apache authentication appears to work. PHPBB3-9734 --- phpBB/includes/auth/provider_ldap.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/phpBB/includes/auth/provider_ldap.php b/phpBB/includes/auth/provider_ldap.php index 8270f50440..ee9b8100ee 100644 --- a/phpBB/includes/auth/provider_ldap.php +++ b/phpBB/includes/auth/provider_ldap.php @@ -338,11 +338,11 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface * * @return string A filter string for ldap_search */ - public function ldap_user_filter($username) + private function ldap_user_filter($username) { global $config; - $filter = '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')'; + $filter = '(' . $config['ldap_uid'] . '=' . $this->ldap_escape(htmlspecialchars_decode($username)) . ')'; if ($config['ldap_user_filter']) { $_filter = ($config['ldap_user_filter'][0] == '(' && substr($config['ldap_user_filter'], -1) == ')') ? $config['ldap_user_filter'] : "({$config['ldap_user_filter']})"; @@ -354,7 +354,7 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface /** * Escapes an LDAP AttributeValue */ - public function escape($string) + private function ldap_escape($string) { return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string); } From 6601c3d64e7a3a57a6c956ee0eba19523b04e52f Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Thu, 20 Jun 2013 21:29:16 -0400 Subject: [PATCH 18/63] [feature/auth-refactor] Start turning auth providers into services Creates auth_provider.yml and includes auth_providers.yml in services.yml. PHPBB3-9734 --- phpBB/config/auth_providers.yml | 1 + phpBB/config/services.yml | 1 + 2 files changed, 2 insertions(+) create mode 100644 phpBB/config/auth_providers.yml diff --git a/phpBB/config/auth_providers.yml b/phpBB/config/auth_providers.yml new file mode 100644 index 0000000000..0baad47661 --- /dev/null +++ b/phpBB/config/auth_providers.yml @@ -0,0 +1 @@ +services: diff --git a/phpBB/config/services.yml b/phpBB/config/services.yml index bb96953bcf..4b272c6abd 100644 --- a/phpBB/config/services.yml +++ b/phpBB/config/services.yml @@ -5,6 +5,7 @@ imports: - { resource: migrator.yml } - { resource: avatars.yml } - { resource: feed.yml } + - { resource: auth_providers.yml } services: auth: From 24825b9dc8cd94204da4180a044dbeab563d5563 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Thu, 20 Jun 2013 21:55:25 -0400 Subject: [PATCH 19/63] [feature/auth-refactor] Turn provider_db into a service Removes globals from provider_db and turns it into a service. PHPBB3-9734 --- phpBB/config/auth_providers.yml | 17 +++++ phpBB/includes/auth/provider_db.php | 98 +++++++++++++++++------------ 2 files changed, 74 insertions(+), 41 deletions(-) diff --git a/phpBB/config/auth_providers.yml b/phpBB/config/auth_providers.yml index 0baad47661..e702ec665a 100644 --- a/phpBB/config/auth_providers.yml +++ b/phpBB/config/auth_providers.yml @@ -1 +1,18 @@ services: + auth.provider.db: + class: phpbb_auth_provider_db + arguments: + - @dbal.conn + - @config + - @request + - @user + - %core.root_path% + - %core.php_ext% + auth.provider.apache: + class: phpbb_auth_provider_apache + arguments: + + auth.provider.ldap: + class: phpbb_auth_provider_ldap + arguments: + diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php index e24e701911..aaf9cda735 100644 --- a/phpBB/includes/auth/provider_db.php +++ b/phpBB/includes/auth/provider_db.php @@ -24,6 +24,27 @@ if (!defined('IN_PHPBB')) */ class phpbb_auth_provider_db implements phpbb_auth_provider_interface { + + /** + * Database Authentication Constructor + * + * @param phpbb_db_driver $db + * @param phpbb_config $config + * @param phpbb_request $request + * @param phpbb_user $user + * @param string $phpbb_root_path + * @param string $phpEx + */ + public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $phpbb_root_path, $phpEx) + { + $this->db = $db; + $this->config = $config; + $this->request = $request; + $this->user = $user; + $this->phpbb_root_path = $phpbb_root_path; + $this->phpEx = $phpEx; + } + public function init() { return; @@ -43,9 +64,6 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface */ public function login($username, $password) { - global $db, $config; - global $request, $user; - // Auth plugins get the password untrimmed. // For compatibility we trim() here. $password = trim($password); @@ -73,41 +91,41 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts FROM ' . USERS_TABLE . " - WHERE username_clean = '" . $db->sql_escape($username_clean) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); + WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); - if (($user->ip && !$config['ip_login_limit_use_forwarded']) || - ($user->forwarded_for && $config['ip_login_limit_use_forwarded'])) + if (($this->user->ip && !$this->config['ip_login_limit_use_forwarded']) || + ($this->user->forwarded_for && $this->config['ip_login_limit_use_forwarded'])) { $sql = 'SELECT COUNT(*) AS attempts FROM ' . LOGIN_ATTEMPT_TABLE . ' - WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']); - if ($config['ip_login_limit_use_forwarded']) + WHERE attempt_time > ' . (time() - (int) $this->config['ip_login_limit_time']); + if ($this->config['ip_login_limit_use_forwarded']) { - $sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($user->forwarded_for) . "'"; + $sql .= " AND attempt_forwarded_for = '" . $this->db->sql_escape($this->user->forwarded_for) . "'"; } else { - $sql .= " AND attempt_ip = '" . $db->sql_escape($user->ip) . "' "; + $sql .= " AND attempt_ip = '" . $this->db->sql_escape($this->user->ip) . "' "; } - $result = $db->sql_query($sql); - $attempts = (int) $db->sql_fetchfield('attempts'); - $db->sql_freeresult($result); + $result = $this->db->sql_query($sql); + $attempts = (int) $this->db->sql_fetchfield('attempts'); + $this->db->sql_freeresult($result); $attempt_data = array( - 'attempt_ip' => $user->ip, - 'attempt_browser' => trim(substr($user->browser, 0, 149)), - 'attempt_forwarded_for' => $user->forwarded_for, + 'attempt_ip' => $this->user->ip, + 'attempt_browser' => trim(substr($this->user->browser, 0, 149)), + 'attempt_forwarded_for' => $this->user->forwarded_for, 'attempt_time' => time(), 'user_id' => ($row) ? (int) $row['user_id'] : 0, 'username' => $username, 'username_clean' => $username_clean, ); - $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data); - $result = $db->sql_query($sql); + $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $this->db->sql_build_array('INSERT', $attempt_data); + $result = $this->db->sql_query($sql); } else { @@ -116,7 +134,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface if (!$row) { - if ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']) + if ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']) { return array( 'status' => LOGIN_ERROR_ATTEMPTS, @@ -132,8 +150,8 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface ); } - $show_captcha = ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) || - ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']); + $show_captcha = ($this->config['max_login_attempts'] && $row['user_login_attempts'] >= $this->config['max_login_attempts']) || + ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']); // If there are too much login attempts, we need to check for an confirm image // Every auth module is able to define what to do by itself... @@ -142,11 +160,10 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface // Visual Confirmation handling if (!class_exists('phpbb_captcha_factory', false)) { - global $phpbb_root_path, $phpEx; - include ($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx); + include ($this->phpbb_root_path . 'includes/captcha/captcha_factory.' . $this->phpEx); } - $captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']); + $captcha = phpbb_captcha_factory::get_instance($this->config['captcha_plugin']); $captcha->init(CONFIRM_LOGIN); $vc_response = $captcha->validate($row); if ($vc_response) @@ -169,28 +186,27 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface { // enable super globals to get literal value // this is needed to prevent unicode normalization - $super_globals_disabled = $request->super_globals_disabled(); + $super_globals_disabled = $this->request->super_globals_disabled(); if ($super_globals_disabled) { - $request->enable_super_globals(); + $this->request->enable_super_globals(); } // in phpBB2 passwords were used exactly as they were sent, with addslashes applied $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; - $password_new_format = $request->variable('password', '', true); + $password_new_format = $this->request->variable('password', '', true); if ($super_globals_disabled) { - $request->disable_super_globals(); + $this->request->disable_super_globals(); } if ($password == $password_new_format) { if (!function_exists('utf8_to_cp1252')) { - global $phpbb_root_path, $phpEx; - include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx); + include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->phpEx); } // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding @@ -202,10 +218,10 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface // Update the password in the users table to the new format and remove user_pass_convert flag $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_password = \'' . $db->sql_escape($hash) . '\', + SET user_password = \'' . $this->db->sql_escape($hash) . '\', user_pass_convert = 0 WHERE user_id = ' . $row['user_id']; - $db->sql_query($sql); + $this->db->sql_query($sql); $row['user_pass_convert'] = 0; $row['user_password'] = $hash; @@ -218,7 +234,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface SET user_login_attempts = user_login_attempts + 1 WHERE user_id = ' . (int) $row['user_id'] . ' AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; - $db->sql_query($sql); + $this->db->sql_query($sql); return array( 'status' => LOGIN_ERROR_PASSWORD_CONVERT, @@ -239,17 +255,17 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface // Update the password in the users table to the new format $sql = 'UPDATE ' . USERS_TABLE . " - SET user_password = '" . $db->sql_escape($hash) . "', + SET user_password = '" . $this->db->sql_escape($hash) . "', user_pass_convert = 0 WHERE user_id = {$row['user_id']}"; - $db->sql_query($sql); + $this->db->sql_query($sql); $row['user_password'] = $hash; } $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . ' WHERE user_id = ' . $row['user_id']; - $db->sql_query($sql); + $this->db->sql_query($sql); if ($row['user_login_attempts'] != 0) { @@ -257,7 +273,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = 0 WHERE user_id = ' . $row['user_id']; - $db->sql_query($sql); + $this->db->sql_query($sql); } // User inactive... @@ -283,7 +299,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface SET user_login_attempts = user_login_attempts + 1 WHERE user_id = ' . (int) $row['user_id'] . ' AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; - $db->sql_query($sql); + $this->db->sql_query($sql); // Give status about wrong password... return array( From c253189e85f780d50aa82c483b432717a967bb1c Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Thu, 20 Jun 2013 22:11:24 -0400 Subject: [PATCH 20/63] [feature/auth-refactor] Convert provider_ldap to a service Removes globals from provider_ldap and converts it into a service. PHPBB3-9734 --- phpBB/config/auth_providers.yml | 4 +- phpBB/includes/auth/provider_ldap.php | 122 ++++++++++++++------------ 2 files changed, 67 insertions(+), 59 deletions(-) diff --git a/phpBB/config/auth_providers.yml b/phpBB/config/auth_providers.yml index e702ec665a..e4855d2b95 100644 --- a/phpBB/config/auth_providers.yml +++ b/phpBB/config/auth_providers.yml @@ -15,4 +15,6 @@ services: auth.provider.ldap: class: phpbb_auth_provider_ldap arguments: - + - @dbal.conn + - @config + - @user diff --git a/phpBB/includes/auth/provider_ldap.php b/phpBB/includes/auth/provider_ldap.php index ee9b8100ee..67d8d8335f 100644 --- a/phpBB/includes/auth/provider_ldap.php +++ b/phpBB/includes/auth/provider_ldap.php @@ -24,6 +24,20 @@ if (!defined('IN_PHPBB')) */ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface { + /** + * LDAP Authentication Constructor + * + * @param phpbb_db_driver $db + * @param phpbb_config $config + * @param phpbb_user $user + */ + public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_user $user) + { + $this->db = $db; + $this->config = $config; + $this->user = $user; + } + /** * Connect to ldap server * Only allow changing authentication to ldap if we can connect to the ldap server @@ -31,54 +45,52 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface */ public function init() { - global $config, $user; - if (!@extension_loaded('ldap')) { - return $user->lang['LDAP_NO_LDAP_EXTENSION']; + return $this->user->lang['LDAP_NO_LDAP_EXTENSION']; } - $config['ldap_port'] = (int) $config['ldap_port']; - if ($config['ldap_port']) + $this->config['ldap_port'] = (int) $this->config['ldap_port']; + if ($this->config['ldap_port']) { - $ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']); + $ldap = @ldap_connect($this->config['ldap_server'], $this->config['ldap_port']); } else { - $ldap = @ldap_connect($config['ldap_server']); + $ldap = @ldap_connect($this->config['ldap_server']); } if (!$ldap) { - return $user->lang['LDAP_NO_SERVER_CONNECTION']; + return $this->user->lang['LDAP_NO_SERVER_CONNECTION']; } @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); - if ($config['ldap_user'] || $config['ldap_password']) + if ($this->config['ldap_user'] || $this->config['ldap_password']) { - if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password']))) + if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password']))) { - return $user->lang['LDAP_INCORRECT_USER_PASSWORD']; + return $this->user->lang['LDAP_INCORRECT_USER_PASSWORD']; } } // ldap_connect only checks whether the specified server is valid, so the connection might still fail $search = @ldap_search( $ldap, - htmlspecialchars_decode($config['ldap_base_dn']), - $this->ldap_user_filter($user->data['username']), - (empty($config['ldap_email'])) ? - array(htmlspecialchars_decode($config['ldap_uid'])) : - array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])), + htmlspecialchars_decode($this->config['ldap_base_dn']), + $this->ldap_user_filter($this->user->data['username']), + (empty($this->config['ldap_email'])) ? + array(htmlspecialchars_decode($this->config['ldap_uid'])) : + array(htmlspecialchars_decode($this->config['ldap_uid']), htmlspecialchars_decode($this->config['ldap_email'])), 0, 1 ); if ($search === false) { - return $user->lang['LDAP_SEARCH_FAILED']; + return $this->user->lang['LDAP_SEARCH_FAILED']; } $result = @ldap_get_entries($ldap, $search); @@ -88,12 +100,12 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface if (!is_array($result) || sizeof($result) < 2) { - return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']); + return sprintf($this->user->lang['LDAP_NO_IDENTITY'], $this->user->data['username']); } - if (!empty($config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($config['ldap_email'])])) + if (!empty($this->config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($this->config['ldap_email'])])) { - return $user->lang['LDAP_NO_EMAIL']; + return $this->user->lang['LDAP_NO_EMAIL']; } return false; @@ -104,8 +116,6 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface */ public function login($username, $password) { - global $db, $config, $user; - // do not allow empty password if (!$password) { @@ -134,14 +144,14 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface ); } - $config['ldap_port'] = (int) $config['ldap_port']; - if ($config['ldap_port']) + $this->config['ldap_port'] = (int) $this->config['ldap_port']; + if ($this->config['ldap_port']) { - $ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']); + $ldap = @ldap_connect($this->config['ldap_server'], $this->config['ldap_port']); } else { - $ldap = @ldap_connect($config['ldap_server']); + $ldap = @ldap_connect($this->config['ldap_server']); } if (!$ldap) @@ -156,9 +166,9 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); - if ($config['ldap_user'] || $config['ldap_password']) + if ($this->config['ldap_user'] || $this->config['ldap_password']) { - if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password']))) + if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password']))) { return array( 'status' => LOGIN_ERROR_EXTERNAL_AUTH, @@ -170,11 +180,11 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface $search = @ldap_search( $ldap, - htmlspecialchars_decode($config['ldap_base_dn']), + htmlspecialchars_decode($this->config['ldap_base_dn']), $this->ldap_user_filter($username), - (empty($config['ldap_email'])) ? - array(htmlspecialchars_decode($config['ldap_uid'])) : - array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])), + (empty($this->config['ldap_email'])) ? + array(htmlspecialchars_decode($this->config['ldap_uid'])) : + array(htmlspecialchars_decode($this->config['ldap_uid']), htmlspecialchars_decode($this->config['ldap_email'])), 0, 1 ); @@ -189,10 +199,10 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface $sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type FROM ' . USERS_TABLE . " - WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); + WHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($username)) . "'"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); if ($row) { @@ -220,11 +230,11 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface // retrieve default group id $sql = 'SELECT group_id FROM ' . GROUPS_TABLE . " - WHERE group_name = '" . $db->sql_escape('REGISTERED') . "' + WHERE group_name = '" . $this->db->sql_escape('REGISTERED') . "' AND group_type = " . GROUP_SPECIAL; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); if (!$row) { @@ -235,11 +245,11 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface $ldap_user_row = array( 'username' => $username, 'user_password' => phpbb_hash($password), - 'user_email' => (!empty($config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($config['ldap_email'])][0]) : '', + 'user_email' => (!empty($this->config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($this->config['ldap_email'])][0]) : '', 'group_id' => (int) $row['group_id'], 'user_type' => USER_NORMAL, - 'user_ip' => $user->ip, - 'user_new' => ($config['new_member_post_limit']) ? 1 : 0, + 'user_ip' => $this->user->ip, + 'user_new' => ($this->config['new_member_post_limit']) ? 1 : 0, ); unset($ldap_result); @@ -286,40 +296,38 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface */ public function acp($new) { - global $user; - $tpl = '
-

' . $user->lang['LDAP_SERVER_EXPLAIN'] . '
+

' . $this->user->lang['LDAP_SERVER_EXPLAIN'] . '
-

' . $user->lang['LDAP_PORT_EXPLAIN'] . '
+

' . $this->user->lang['LDAP_PORT_EXPLAIN'] . '
-

' . $user->lang['LDAP_DN_EXPLAIN'] . '
+

' . $this->user->lang['LDAP_DN_EXPLAIN'] . '
-

' . $user->lang['LDAP_UID_EXPLAIN'] . '
+

' . $this->user->lang['LDAP_UID_EXPLAIN'] . '
-

' . $user->lang['LDAP_USER_FILTER_EXPLAIN'] . '
+

' . $this->user->lang['LDAP_USER_FILTER_EXPLAIN'] . '
-

' . $user->lang['LDAP_EMAIL_EXPLAIN'] . '
+

' . $this->user->lang['LDAP_EMAIL_EXPLAIN'] . '
-

' . $user->lang['LDAP_USER_EXPLAIN'] . '
+

' . $this->user->lang['LDAP_USER_EXPLAIN'] . '
-

' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '
+

' . $this->user->lang['LDAP_PASSWORD_EXPLAIN'] . '
'; @@ -340,12 +348,10 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface */ private function ldap_user_filter($username) { - global $config; - - $filter = '(' . $config['ldap_uid'] . '=' . $this->ldap_escape(htmlspecialchars_decode($username)) . ')'; - if ($config['ldap_user_filter']) + $filter = '(' . $this->config['ldap_uid'] . '=' . $this->ldap_escape(htmlspecialchars_decode($username)) . ')'; + if ($this->config['ldap_user_filter']) { - $_filter = ($config['ldap_user_filter'][0] == '(' && substr($config['ldap_user_filter'], -1) == ')') ? $config['ldap_user_filter'] : "({$config['ldap_user_filter']})"; + $_filter = ($this->config['ldap_user_filter'][0] == '(' && substr($this->config['ldap_user_filter'], -1) == ')') ? $this->config['ldap_user_filter'] : "({$this->config['ldap_user_filter']})"; $filter = "(&{$filter}{$_filter})"; } return $filter; From c9062fc1ee9bade7c2b4d84c99b3b71a78d5570c Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Thu, 20 Jun 2013 22:21:22 -0400 Subject: [PATCH 21/63] [feature/auth-refactor] Convert provider_apache to a service Removes globals from provider_apache and turns it into a service. PHPBB3-9734 --- phpBB/config/auth_providers.yml | 7 +- phpBB/includes/auth/provider_apache.php | 89 ++++++++++++++----------- 2 files changed, 55 insertions(+), 41 deletions(-) diff --git a/phpBB/config/auth_providers.yml b/phpBB/config/auth_providers.yml index e4855d2b95..e91fd8ff99 100644 --- a/phpBB/config/auth_providers.yml +++ b/phpBB/config/auth_providers.yml @@ -11,7 +11,12 @@ services: auth.provider.apache: class: phpbb_auth_provider_apache arguments: - + - @dbal.conn + - @config + - @request + - @user + - %core.root_path% + - %core.php_ext% auth.provider.ldap: class: phpbb_auth_provider_ldap arguments: diff --git a/phpBB/includes/auth/provider_apache.php b/phpBB/includes/auth/provider_apache.php index 2ba76e26a9..adb1fb6cea 100644 --- a/phpBB/includes/auth/provider_apache.php +++ b/phpBB/includes/auth/provider_apache.php @@ -22,6 +22,26 @@ if (!defined('IN_PHPBB')) */ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface { + /** + * Apache Authentication Constructor + * + * @param phpbb_db_driver $db + * @param phpbb_config $config + * @param phpbb_request $request + * @param phpbb_user $user + * @param string $phpbb_root_path + * @param string $phpEx + */ + public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $phpbb_root_path, $phpEx) + { + $this->db = $db; + $this->config = $config; + $this->request = $request; + $this->user = $user; + $this->phpbb_root_path = $phpbb_root_path; + $this->phpEx = $phpEx; + } + /** * Checks whether the user is identified to apache * Only allow changing authentication to apache if the user is identified @@ -31,11 +51,9 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface */ public function init() { - global $user, $request; - - if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $user->data['username'] !== htmlspecialchars_decode($request->server('PHP_AUTH_USER'))) + if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $this->user->data['username'] !== htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'))) { - return $user->lang['APACHE_SETUP_BEFORE_USE']; + return $this->user->lang['APACHE_SETUP_BEFORE_USE']; } return false; } @@ -45,8 +63,6 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface */ public function login($username, $password) { - global $db, $request; - // do not allow empty password if (!$password) { @@ -66,7 +82,7 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface ); } - if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) + if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) { return array( 'status' => LOGIN_ERROR_EXTERNAL_AUTH, @@ -75,8 +91,8 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface ); } - $php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER')); - $php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW')); + $php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER')); + $php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW')); if (!empty($php_auth_user) && !empty($php_auth_pw)) { @@ -91,10 +107,10 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type FROM ' . USERS_TABLE . " - WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); + WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); if ($row) { @@ -140,15 +156,13 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface */ public function autologin() { - global $db, $request; - - if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) + if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) { return array(); } - $php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER')); - $php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW')); + $php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER')); + $php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW')); if (!empty($php_auth_user) && !empty($php_auth_pw)) { @@ -157,10 +171,10 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface $sql = 'SELECT * FROM ' . USERS_TABLE . " - WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); + WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); if ($row) { @@ -169,9 +183,7 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface if (!function_exists('user_add')) { - global $phpbb_root_path, $phpEx; - - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + include($this->phpbb_root_path . 'includes/functions_user.' . $this->phpEx); } // create the user if he does not exist yet @@ -179,10 +191,10 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface $sql = 'SELECT * FROM ' . USERS_TABLE . " - WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($php_auth_user)) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); + WHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($php_auth_user)) . "'"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); if ($row) { @@ -204,15 +216,14 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface */ private function user_row($username, $password) { - global $db, $config, $user; // first retrieve default group id $sql = 'SELECT group_id FROM ' . GROUPS_TABLE . " - WHERE group_name = '" . $db->sql_escape('REGISTERED') . "' + WHERE group_name = '" . $this->db->sql_escape('REGISTERED') . "' AND group_type = " . GROUP_SPECIAL; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); if (!$row) { @@ -226,8 +237,8 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface 'user_email' => '', 'group_id' => (int) $row['group_id'], 'user_type' => USER_NORMAL, - 'user_ip' => $user->ip, - 'user_new' => ($config['new_member_post_limit']) ? 1 : 0, + 'user_ip' => $this->user->ip, + 'user_new' => ($this->config['new_member_post_limit']) ? 1 : 0, ); } @@ -239,12 +250,10 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface */ public function validate_session($user) { - global $request; - // Check if PHP_AUTH_USER is set and handle this case - if ($request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) + if ($this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) { - $php_auth_user = $request->server('PHP_AUTH_USER'); + $php_auth_user = $this->request->server('PHP_AUTH_USER'); return ($php_auth_user === $user['username']) ? true : false; } From 95f38b457e6b00cbc3b15b7768d435d467f5bc2c Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Thu, 20 Jun 2013 22:50:35 -0400 Subject: [PATCH 22/63] [feature/auth-refactor] Create an auth.provider_collector service Creates an auth.provider_collector service for all auth providers. PHPBB3-9734 --- phpBB/config/auth_providers.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/phpBB/config/auth_providers.yml b/phpBB/config/auth_providers.yml index e91fd8ff99..bcc448e4d7 100644 --- a/phpBB/config/auth_providers.yml +++ b/phpBB/config/auth_providers.yml @@ -1,4 +1,10 @@ services: + auth.provider_collection: + class: phpbb_di_service_collection + arguments: + - @service_container + tags: + - { name: service_collection, tag: auth.provider } auth.provider.db: class: phpbb_auth_provider_db arguments: @@ -8,6 +14,8 @@ services: - @user - %core.root_path% - %core.php_ext% + tags: + - { name: auth.provider } auth.provider.apache: class: phpbb_auth_provider_apache arguments: @@ -17,9 +25,13 @@ services: - @user - %core.root_path% - %core.php_ext% + tags: + - { name: auth.provider } auth.provider.ldap: class: phpbb_auth_provider_ldap arguments: - @dbal.conn - @config - @user + tags: + - { name: auth.provider } From b8610c4b989fd1e4e9e310de776de38dfe4a09a2 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Fri, 21 Jun 2013 18:04:11 -0400 Subject: [PATCH 23/63] [feature/auth-refactor] Refactor code to use services Refactors all loading of auth providers to use services instead of directly calling the class. PHPBB3-9734 --- phpBB/includes/acp/acp_board.php | 15 +++++------- phpBB/includes/auth/auth.php | 7 +++--- phpBB/includes/session.php | 42 ++++++++++++-------------------- 3 files changed, 24 insertions(+), 40 deletions(-) diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 9407d81575..383e035817 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -546,10 +546,9 @@ class acp_board { if ($method) { - $class = 'phpbb_auth_provider_' . $method; - if (class_exists($class)) + $provider = $phpbb_container->get('auth.provider.' . $method); + if ($provider) { - $provider = new $class(); if ($fields = $provider->acp($this->new_config)) { // Check if we need to create config fields for this plugin and save config when submit was pressed @@ -586,10 +585,9 @@ class acp_board $method = basename($cfg_array['auth_method']); if ($method) { - $class = 'phpbb_auth_provider_' . $method; - if (class_exists($class)) + $provider = $phpbb_container->get('auth.provider.' . $method); + if ($provider) { - $provider = new $class(); if ($error = $provider->init()) { foreach ($old_auth_config as $config_name => $config_value) @@ -685,10 +683,9 @@ class acp_board { if ($method) { - $class = 'phpbb_auth_provider_' . $method; - if (class_exists($class)) + $provider = $phpbb_container->get('auth.provider.' . $method); + if ($provider) { - $provider = new $class(); $fields = $provider->acp($this->new_config); if ($fields['tpl']) diff --git a/phpBB/includes/auth/auth.php b/phpBB/includes/auth/auth.php index ab84619977..279959974d 100644 --- a/phpBB/includes/auth/auth.php +++ b/phpBB/includes/auth/auth.php @@ -927,14 +927,13 @@ class phpbb_auth */ function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0) { - global $config, $db, $user, $phpbb_root_path, $phpEx; + global $config, $db, $user, $phpbb_root_path, $phpEx, $phpbb_container; $method = trim(basename($config['auth_method'])); - $class = 'phpbb_auth_provider_' . $method; - if (class_exists($class)) + $provider = $phpbb_container->get('auth.provider.' . $method); + if ($provider) { - $provider = new $class(); $login = $provider->login($username, $password); // If the auth module wants us to create an empty profile do so and then treat the status as LOGIN_SUCCESS diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index f12ba1329c..66bf053f7d 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -207,7 +207,7 @@ class phpbb_session function session_begin($update_session_page = true) { global $phpEx, $SID, $_SID, $_EXTRA_URL, $db, $config, $phpbb_root_path; - global $request; + global $request, $phpbb_container; // Give us some basic information $this->time_now = time(); @@ -403,15 +403,11 @@ class phpbb_session // Check whether the session is still valid if we have one $method = basename(trim($config['auth_method'])); - $class = 'phpbb_auth_provider_' . $method; - if (class_exists($class)) + $provider = $phpbb_container->get('auth.provider.' . $method); + $ret = $provider->validate_session($this->data); + if ($ret !== null && !$ret) { - $provider = new $class(); - $ret = $provider->validate_session($this->data); - if ($ret !== null && !$ret) - { - $session_expired = true; - } + $session_expired = true; } if (!$session_expired) @@ -505,7 +501,7 @@ class phpbb_session */ function session_create($user_id = false, $set_admin = false, $persist_login = false, $viewonline = true) { - global $SID, $_SID, $db, $config, $cache, $phpbb_root_path, $phpEx; + global $SID, $_SID, $db, $config, $cache, $phpbb_root_path, $phpEx, $phpbb_container; $this->data = array(); @@ -570,17 +566,13 @@ class phpbb_session $method = basename(trim($config['auth_method'])); - $class = 'phpbb_auth_provider_' . $method; - if (class_exists($class)) - { - $provider = new $class(); - $this->data = $provider->autologin(); + $provider = $phpbb_container->get('auth.provider.' . $method); + $this->data = $provider->autologin(); - if (sizeof($this->data)) - { - $this->cookie_data['k'] = ''; - $this->cookie_data['u'] = $this->data['user_id']; - } + if (sizeof($this->data)) + { + $this->cookie_data['k'] = ''; + $this->cookie_data['u'] = $this->data['user_id']; } // If we're presented with an autologin key we'll join against it. @@ -885,7 +877,7 @@ class phpbb_session */ function session_kill($new_session = true) { - global $SID, $_SID, $db, $config, $phpbb_root_path, $phpEx; + global $SID, $_SID, $db, $config, $phpbb_root_path, $phpEx, $phpbb_container; $sql = 'DELETE FROM ' . SESSIONS_TABLE . " WHERE session_id = '" . $db->sql_escape($this->session_id) . "' @@ -895,12 +887,8 @@ class phpbb_session // Allow connecting logout with external auth method logout $method = basename(trim($config['auth_method'])); - $class = 'phpbb_auth_provider_' . $method; - if (class_exists($class)) - { - $provider = new $class(); - $provider->logout($this->data, $new_session); - } + $provider = $phpbb_container->get('auth.provider.' . $method); + $provider->logout($this->data, $new_session); if ($this->data['user_id'] != ANONYMOUS) { From 80e2d65399e7dcf9b53dada4929d7194275721ad Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Mon, 24 Jun 2013 12:05:29 -0400 Subject: [PATCH 24/63] [feature/auth-refactor] Initial auth unit test provider_db Initial work on a unit test for the provider_db login function. Does not work currently. PHPBB3-9734 --- tests/auth/fixtures/user.xml | 33 +++++++++++++++++++++++++++ tests/auth/provider_db_test.php | 40 +++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 tests/auth/fixtures/user.xml create mode 100644 tests/auth/provider_db_test.php diff --git a/tests/auth/fixtures/user.xml b/tests/auth/fixtures/user.xml new file mode 100644 index 0000000000..34584babbf --- /dev/null +++ b/tests/auth/fixtures/user.xml @@ -0,0 +1,33 @@ + + + + user_id + username + username_clean + user_password + user_passchg + user_pass_convert + user_email + user_type + user_login_attempts + user_permissions + user_sig + user_occ + user_interests + + 1 + foobar + foobar + $H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/ + 0 + 0 + example@example.com + 0 + 0 + + + + + +
+ diff --git a/tests/auth/provider_db_test.php b/tests/auth/provider_db_test.php new file mode 100644 index 0000000000..c6355ae7f9 --- /dev/null +++ b/tests/auth/provider_db_test.php @@ -0,0 +1,40 @@ +createXMLDataSet(dirname(__FILE__).'/fixtures/user.xml'); + } + + public function test_login() + { + global $phpbb_root_path, $phpEx; + + $db = $this->new_dbal(); + $config = new phpbb_config(array( + 'ip_login_limit_max' => 0, + 'ip_login_limit_use_forwarded' => 0, + 'max_login_attempts' => 0, + )); + $request = $this->getMock('phpbb_request'); + $user = $this->getMock('phpbb_user'); + $provider = new phpbb_auth_provider_db($db, $config, $request, $user, $phpbb_root_path, $phpEx); + + $expected = array( + 'status' => LOGIN_SUCCESS, + 'error_msg' => false, + 'user_row' => '', + ); + $this->assertEquals($expected, $provider->login('example', 'example')); + } +} From 8e1a503f4437eb38de6a349a841db75648a81678 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 25 Jun 2013 13:22:56 -0400 Subject: [PATCH 25/63] [feature/auth-refactor] Finish provider_db unit test for login Finishes the provider_db unit test for login. The test currently passes. PHPBB3-9734 --- tests/auth/provider_db_test.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/tests/auth/provider_db_test.php b/tests/auth/provider_db_test.php index c6355ae7f9..d876683f84 100644 --- a/tests/auth/provider_db_test.php +++ b/tests/auth/provider_db_test.php @@ -33,8 +33,18 @@ class phpbb_auth_provider_db_test extends phpbb_database_test_case $expected = array( 'status' => LOGIN_SUCCESS, 'error_msg' => false, - 'user_row' => '', + 'user_row' => array( + 'user_id' => '1', + 'username' => 'foobar', + 'user_password' => '$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/', + 'user_passchg' => '0', + 'user_pass_convert' => '0', + 'user_email' => 'example@example.com', + 'user_type' => '0', + 'user_login_attempts' => '0', + ), ); - $this->assertEquals($expected, $provider->login('example', 'example')); + + $this->assertEquals($expected, $provider->login('foobar', 'example')); } } From 91c80dfc8eed6ed3cfa90732087741c8433acabf Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 25 Jun 2013 13:34:43 -0400 Subject: [PATCH 26/63] [feature/auth-refactor] Skeleton of provider_apache_test Creates a skeleton of the tests for provider_apache. PHPBB3-9734 --- tests/auth/provider_apache_test.php | 49 +++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 tests/auth/provider_apache_test.php diff --git a/tests/auth/provider_apache_test.php b/tests/auth/provider_apache_test.php new file mode 100644 index 0000000000..d552c4131e --- /dev/null +++ b/tests/auth/provider_apache_test.php @@ -0,0 +1,49 @@ +new_dbal(); + $config = new phpbb_config(array()); + $request = $this->getMock('phpbb_request'); + $user = $this->getMock('phpbb_user'); + + $this->provider = new phpbb_auth_provider_apache($db, $config, $request, $user, $phpbb_root_path, $phpEx); + } + + public function getDataSet() + { + return $this->createXMLDataSet(dirname(__FILE__).'/fixtures/user.xml'); + } + + public function test_init() + { + $this->markTestIncomplete(); + } + + public function test_login() + { + $this->markTestIncomplete(); + } + + public function test_validate_session() + { + $this->markTestIncomplete(); + } +} From e5de05d8dbbcf0a38aa5c1c2a872765b163ccb31 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 25 Jun 2013 14:05:40 -0400 Subject: [PATCH 27/63] [feature/auth-refactor] Test for init on provider_apache Provides a test for the init() method of provider_apache. Appears to be failing due to an error with the mock request class. PHPBB3-9734 --- tests/auth/provider_apache_test.php | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/tests/auth/provider_apache_test.php b/tests/auth/provider_apache_test.php index d552c4131e..1530dcb746 100644 --- a/tests/auth/provider_apache_test.php +++ b/tests/auth/provider_apache_test.php @@ -12,6 +12,8 @@ require_once dirname(__FILE__).'/../../phpBB/includes/functions.php'; class phpbb_auth_provider_apache_test extends phpbb_database_test_case { protected $provider; + protected $user; + protected $request; protected function setup() { @@ -21,10 +23,10 @@ class phpbb_auth_provider_apache_test extends phpbb_database_test_case $db = $this->new_dbal(); $config = new phpbb_config(array()); - $request = $this->getMock('phpbb_request'); - $user = $this->getMock('phpbb_user'); + $this->request = $this->getMock('phpbb_request'); + $this->user = $this->getMock('phpbb_user'); - $this->provider = new phpbb_auth_provider_apache($db, $config, $request, $user, $phpbb_root_path, $phpEx); + $this->provider = new phpbb_auth_provider_apache($db, $config, $this->request, $this->user, $phpbb_root_path, $phpEx); } public function getDataSet() @@ -32,9 +34,15 @@ class phpbb_auth_provider_apache_test extends phpbb_database_test_case return $this->createXMLDataSet(dirname(__FILE__).'/fixtures/user.xml'); } + /** + * Test to see if a user is identified to Apache. Expects false if they are. + */ public function test_init() { - $this->markTestIncomplete(); + $this->user->data['username'] = 'foobar'; + $this->request->overwrite('PHP_AUTH_USER', 'foobar', phpbb_request_interface::SERVER); + + $this->assertFalse($this->provider->init()); } public function test_login() From 307dd9777b67e8a7628bb74eeba8cc55ab6a8f58 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 25 Jun 2013 14:12:31 -0400 Subject: [PATCH 28/63] [feature/auth-refactor] Test login() for provider_apache Provides a test for the login() method for provider_apache. Appears to be failing due to an issue with the mock phpBB request class. PHPBB3-9734 --- tests/auth/provider_apache_test.php | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/tests/auth/provider_apache_test.php b/tests/auth/provider_apache_test.php index 1530dcb746..4773e4fdc3 100644 --- a/tests/auth/provider_apache_test.php +++ b/tests/auth/provider_apache_test.php @@ -47,7 +47,26 @@ class phpbb_auth_provider_apache_test extends phpbb_database_test_case public function test_login() { - $this->markTestIncomplete(); + $username = 'foobar'; + $password = 'example'; + + $this->request->overwrite('PHP_AUTH_USER', $username, phpbb_request_interface::SERVER); + $this->request->overwrite('PHP_AUTH_PW', $password, phpbb_request_interface::SERVER); + + $expected = array( + 'status' => LOGIN_SUCCESS, + 'error_msg' => false, + 'user_row' => array( + 'user_id' => '1', + 'username' => 'foobar', + 'user_password' => '$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/', + 'user_passchg' => '0', + 'user_email' => 'example@example.com', + 'user_type' => '0', + ), + ); + + $this->assertEquals($expected, $this->provider->login($username, $password)); } public function test_validate_session() From 9e04328545c933aa801c52c1567efd3d2e06fcf3 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 25 Jun 2013 14:24:47 -0400 Subject: [PATCH 29/63] [feature/auth-refactor] Test autologin() on provider_apache Provides a test for the autologin() method of provider_apache that assumes the user already exists in the database. PHPBB3-9734 --- tests/auth/provider_apache_test.php | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/tests/auth/provider_apache_test.php b/tests/auth/provider_apache_test.php index 4773e4fdc3..6cfd676fc2 100644 --- a/tests/auth/provider_apache_test.php +++ b/tests/auth/provider_apache_test.php @@ -69,6 +69,34 @@ class phpbb_auth_provider_apache_test extends phpbb_database_test_case $this->assertEquals($expected, $this->provider->login($username, $password)); } + public function test_autologin() + { + $this->request->overwrite('PHP_AUTH_USER', 'foobar', phpbb_request_interface::SERVER); + $this->request->overwrite('PHP_AUTH_PW', 'example', phpbb_request_interface::SERVER); + + $expected = array( + 'status' => LOGIN_SUCCESS, + 'error_msg' => false, + 'user_row' => array( + 'user_id' => '1', + 'username' => 'foobar', + 'username_clean' => 'foobar', + 'user_password' => '$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/', + 'user_passchg' => '0', + 'user_pass_convert' => '0', + 'user_email' => 'example@example.com', + 'user_type' => '0', + 'user_login_attempts' => '0', + 'user_permission' => '', + 'user_sig' => '', + 'user_occ' => '', + 'user_interests' => '', + ), + ); + + $this->assertEquals($expected, $this->provider->autologin()); + } + public function test_validate_session() { $this->markTestIncomplete(); From 5444e5b6831d5ce87ff2adaf1f7b0e4788592bc3 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 25 Jun 2013 14:28:16 -0400 Subject: [PATCH 30/63] [feature/auth-refactor] Test validate_session on provider_apache Provides a test for the validate_session() method of provider_apache. PHPBB3-9734 --- tests/auth/provider_apache_test.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/auth/provider_apache_test.php b/tests/auth/provider_apache_test.php index 6cfd676fc2..092b90bea3 100644 --- a/tests/auth/provider_apache_test.php +++ b/tests/auth/provider_apache_test.php @@ -99,6 +99,10 @@ class phpbb_auth_provider_apache_test extends phpbb_database_test_case public function test_validate_session() { - $this->markTestIncomplete(); + $user = $this->getMock('phpbb_user'); + $user->data['username'] = 'foobar'; + $this->request->overwrite('PHP_AUTH_USER', 'foobar', phpbb_request_interface::SERVER); + + $this->assertTrue($this->provider->validate_session($user)); } } From 5f3ed197e73550e78b37dd38496210737cf3f39d Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 25 Jun 2013 16:25:45 -0400 Subject: [PATCH 31/63] [feature/auth-refactor] Fix auth tests to use mock objects correctly PHPBB3-9734 --- tests/auth/provider_apache_test.php | 148 +++++++++++++++++++++++----- 1 file changed, 123 insertions(+), 25 deletions(-) diff --git a/tests/auth/provider_apache_test.php b/tests/auth/provider_apache_test.php index 092b90bea3..0ca6ef763e 100644 --- a/tests/auth/provider_apache_test.php +++ b/tests/auth/provider_apache_test.php @@ -40,7 +40,15 @@ class phpbb_auth_provider_apache_test extends phpbb_database_test_case public function test_init() { $this->user->data['username'] = 'foobar'; - $this->request->overwrite('PHP_AUTH_USER', 'foobar', phpbb_request_interface::SERVER); + $this->request->expects($this->once()) + ->method('is_set') + ->with('PHP_AUTH_USER', + phpbb_request_interface::SERVER) + ->will($this->returnValue(true)); + $this->request->expects($this->once()) + ->method('server') + ->with('PHP_AUTH_USER') + ->will($this->returnValue('foobar')); $this->assertFalse($this->provider->init()); } @@ -50,8 +58,19 @@ class phpbb_auth_provider_apache_test extends phpbb_database_test_case $username = 'foobar'; $password = 'example'; - $this->request->overwrite('PHP_AUTH_USER', $username, phpbb_request_interface::SERVER); - $this->request->overwrite('PHP_AUTH_PW', $password, phpbb_request_interface::SERVER); + $this->request->expects($this->once()) + ->method('is_set') + ->with('PHP_AUTH_USER', + phpbb_request_interface::SERVER) + ->will($this->returnValue(true)); + $this->request->expects($this->at(1)) + ->method('server') + ->with('PHP_AUTH_USER') + ->will($this->returnValue('foobar')); + $this->request->expects($this->at(2)) + ->method('server') + ->with('PHP_AUTH_PW') + ->will($this->returnValue('example')); $expected = array( 'status' => LOGIN_SUCCESS, @@ -71,27 +90,96 @@ class phpbb_auth_provider_apache_test extends phpbb_database_test_case public function test_autologin() { - $this->request->overwrite('PHP_AUTH_USER', 'foobar', phpbb_request_interface::SERVER); - $this->request->overwrite('PHP_AUTH_PW', 'example', phpbb_request_interface::SERVER); + $this->request->expects($this->once()) + ->method('is_set') + ->with('PHP_AUTH_USER', + phpbb_request_interface::SERVER) + ->will($this->returnValue(true)); + $this->request->expects($this->at(1)) + ->method('server') + ->with('PHP_AUTH_USER') + ->will($this->returnValue('foobar')); + $this->request->expects($this->at(2)) + ->method('server') + ->with('PHP_AUTH_PW') + ->will($this->returnValue('example')); $expected = array( - 'status' => LOGIN_SUCCESS, - 'error_msg' => false, - 'user_row' => array( - 'user_id' => '1', - 'username' => 'foobar', - 'username_clean' => 'foobar', - 'user_password' => '$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/', - 'user_passchg' => '0', - 'user_pass_convert' => '0', - 'user_email' => 'example@example.com', - 'user_type' => '0', - 'user_login_attempts' => '0', - 'user_permission' => '', - 'user_sig' => '', - 'user_occ' => '', - 'user_interests' => '', - ), + 'user_id' => '1', + 'user_type' => '0', + 'group_id' => '3', + 'user_permissions' => '', + 'user_perm_from' => '0', + 'user_ip' => '', + 'user_regdate' => '0', + 'username' => 'foobar', + 'username_clean' => 'foobar', + 'user_password' => '$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/', + 'user_passchg' => '0', + 'user_pass_convert' => '0', + 'user_email' => 'example@example.com', + 'user_email_hash' => '0', + 'user_birthday' => '', + 'user_lastvisit' => '0', + 'user_lastmark' => '0', + 'user_lastpost_time' => '0', + 'user_lastpage' => '', + 'user_last_confirm_key' => '', + 'user_last_search' => '0', + 'user_warnings' => '0', + 'user_last_warning' => '0', + 'user_login_attempts' => '0', + 'user_inactive_reason' => '0', + 'user_inactive_time' => '0', + 'user_posts' => '0', + 'user_lang' => '', + 'user_timezone' => 'UTC', + 'user_dateformat' => 'd M Y H:i', + 'user_style' => '0', + 'user_rank' => '0', + 'user_colour' => '', + 'user_new_privmsg' => '0', + 'user_unread_privmsg' => '0', + 'user_last_privmsg' => '0', + 'user_message_rules' => '0', + 'user_full_folder' => '-3', + 'user_emailtime' => '0', + 'user_topic_show_days' => '0', + 'user_topic_sortby_type' => 't', + 'user_topic_sortby_dir' => 'd', + 'user_post_show_days' => '0', + 'user_post_sortby_type' => 't', + 'user_post_sortby_dir' => 'a', + 'user_notify' => '0', + 'user_notify_pm' => '1', + 'user_notify_type' => '0', + 'user_allow_pm' => '1', + 'user_allow_viewonline' => '1', + 'user_allow_viewemail' => '1', + 'user_allow_massemail' => '1', + 'user_options' => '230271', + 'user_avatar' => '', + 'user_avatar_type' => '', + 'user_avatar_width' => '0', + 'user_avatar_height' => '0', + 'user_sig' => '', + 'user_sig_bbcode_uid' => '', + 'user_sig_bbcode_bitfield' => '', + 'user_from' => '', + 'user_icq' => '', + 'user_aim' => '', + 'user_yim' => '', + 'user_msnm' => '', + 'user_jabber' => '', + 'user_website' => '', + 'user_occ' => '', + 'user_interests' => '', + 'user_actkey' => '', + 'user_newpasswd' => '', + 'user_form_salt' => '', + 'user_new' => '1', + 'user_reminded' => '0', + 'user_reminded_time' => '0', ); $this->assertEquals($expected, $this->provider->autologin()); @@ -99,9 +187,19 @@ class phpbb_auth_provider_apache_test extends phpbb_database_test_case public function test_validate_session() { - $user = $this->getMock('phpbb_user'); - $user->data['username'] = 'foobar'; - $this->request->overwrite('PHP_AUTH_USER', 'foobar', phpbb_request_interface::SERVER); + $user = array( + 'username' => 'foobar', + 'user_type' + ); + $this->request->expects($this->once()) + ->method('is_set') + ->with('PHP_AUTH_USER', + phpbb_request_interface::SERVER) + ->will($this->returnValue(true)); + $this->request->expects($this->once()) + ->method('server') + ->with('PHP_AUTH_USER') + ->will($this->returnValue('foobar')); $this->assertTrue($this->provider->validate_session($user)); } From 4f3f0a8791cea806cc63cfe4709605ad63f8cbd4 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 25 Jun 2013 21:56:58 -0400 Subject: [PATCH 32/63] [feature/auth-refactor] Remove references to old auth plugins Removes what is hopefully the last references to the old auth plugins in the code base. PHPBB3-9734 --- phpBB/includes/acp/acp_board.php | 38 ++++++++------------------------ 1 file changed, 9 insertions(+), 29 deletions(-) diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 383e035817..1ac6697255 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -523,21 +523,11 @@ class acp_board { // Retrieve a list of auth plugins and check their config values $auth_plugins = array(); + $auth_providers = $phpbb_container->get('auth.provider_collection'); - $dp = @opendir($phpbb_root_path . 'includes/auth'); - - if ($dp) + foreach($auth_providers as $key => $value) { - while (($file = readdir($dp)) !== false) - { - if (preg_match('#^provider_(.*?)\.' . $phpEx . '$#', $file) && !preg_match('#^provider_interface\.' . $phpEx . '$#', $file)) - { - $auth_plugins[] = basename(preg_replace('#^provider_(.*?)\.' . $phpEx . '$#', '\1', $file)); - } - } - closedir($dp); - - sort($auth_plugins); + $auth_plugins[] = str_replace('auth.provider.', '', $key); } $updated_auth_settings = false; @@ -546,7 +536,7 @@ class acp_board { if ($method) { - $provider = $phpbb_container->get('auth.provider.' . $method); + $provider = $auth_providers['auth.provider.' . $method]; if ($provider) { if ($fields = $provider->acp($this->new_config)) @@ -585,7 +575,7 @@ class acp_board $method = basename($cfg_array['auth_method']); if ($method) { - $provider = $phpbb_container->get('auth.provider.' . $method); + $provider = $auth_providers['auth.provider.' . $method]; if ($provider) { if ($error = $provider->init()) @@ -683,7 +673,7 @@ class acp_board { if ($method) { - $provider = $phpbb_container->get('auth.provider.' . $method); + $provider = $auth_providers['auth.provider.' . $method]; if ($provider) { $fields = $provider->acp($this->new_config); @@ -709,23 +699,13 @@ class acp_board global $phpbb_root_path, $phpEx; $auth_plugins = array(); + $auth_providers = $phpbb_container->get('auth.provider_collection'); - $dp = @opendir($phpbb_root_path . 'includes/auth'); - - if (!$dp) + foreach($auth_providers as $key => $value) { - return ''; + $auth_plugins[] = str_replace('auth.provider.', '', $key); } - while (($file = readdir($dp)) !== false) - { - if (preg_match('#^auth_(.*?)\.' . $phpEx . '$#', $file)) - { - $auth_plugins[] = preg_replace('#^auth_(.*?)\.' . $phpEx . '$#', '\1', $file); - } - } - closedir($dp); - sort($auth_plugins); $auth_select = ''; From 09372d765d5adbca743063a7410b97abf4536015 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 25 Jun 2013 22:01:00 -0400 Subject: [PATCH 33/63] [feature/auth-refactor] Remove old auth plugins PHPBB3-9734 --- phpBB/includes/auth/auth_apache.php | 247 -------------------- phpBB/includes/auth/auth_db.php | 289 ----------------------- phpBB/includes/auth/auth_ldap.php | 350 ---------------------------- 3 files changed, 886 deletions(-) delete mode 100644 phpBB/includes/auth/auth_apache.php delete mode 100644 phpBB/includes/auth/auth_db.php delete mode 100644 phpBB/includes/auth/auth_ldap.php diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php deleted file mode 100644 index 10b288aa09..0000000000 --- a/phpBB/includes/auth/auth_apache.php +++ /dev/null @@ -1,247 +0,0 @@ -is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $user->data['username'] !== htmlspecialchars_decode($request->server('PHP_AUTH_USER'))) - { - return $user->lang['APACHE_SETUP_BEFORE_USE']; - } - return false; -} - -/** -* Login function -*/ -function login_apache(&$username, &$password) -{ - global $db, $request; - - // do not allow empty password - if (!$password) - { - return array( - 'status' => LOGIN_ERROR_PASSWORD, - 'error_msg' => 'NO_PASSWORD_SUPPLIED', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - if (!$username) - { - return array( - 'status' => LOGIN_ERROR_USERNAME, - 'error_msg' => 'LOGIN_ERROR_USERNAME', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) - { - return array( - 'status' => LOGIN_ERROR_EXTERNAL_AUTH, - 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - $php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER')); - $php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW')); - - if (!empty($php_auth_user) && !empty($php_auth_pw)) - { - if ($php_auth_user !== $username) - { - return array( - 'status' => LOGIN_ERROR_USERNAME, - 'error_msg' => 'LOGIN_ERROR_USERNAME', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type - FROM ' . USERS_TABLE . " - WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if ($row) - { - // User inactive... - if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) - { - return array( - 'status' => LOGIN_ERROR_ACTIVE, - 'error_msg' => 'ACTIVE_ERROR', - 'user_row' => $row, - ); - } - - // Successful login... - return array( - 'status' => LOGIN_SUCCESS, - 'error_msg' => false, - 'user_row' => $row, - ); - } - - // this is the user's first login so create an empty profile - return array( - 'status' => LOGIN_SUCCESS_CREATE_PROFILE, - 'error_msg' => false, - 'user_row' => user_row_apache($php_auth_user, $php_auth_pw), - ); - } - - // Not logged into apache - return array( - 'status' => LOGIN_ERROR_EXTERNAL_AUTH, - 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE', - 'user_row' => array('user_id' => ANONYMOUS), - ); -} - -/** -* Autologin function -* -* @return array containing the user row or empty if no auto login should take place -*/ -function autologin_apache() -{ - global $db, $request; - - if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) - { - return array(); - } - - $php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER')); - $php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW')); - - if (!empty($php_auth_user) && !empty($php_auth_pw)) - { - set_var($php_auth_user, $php_auth_user, 'string', true); - set_var($php_auth_pw, $php_auth_pw, 'string', true); - - $sql = 'SELECT * - FROM ' . USERS_TABLE . " - WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if ($row) - { - return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row; - } - - if (!function_exists('user_add')) - { - global $phpbb_root_path, $phpEx; - - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); - } - - // create the user if he does not exist yet - user_add(user_row_apache($php_auth_user, $php_auth_pw)); - - $sql = 'SELECT * - FROM ' . USERS_TABLE . " - WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($php_auth_user)) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if ($row) - { - return $row; - } - } - - return array(); -} - -/** -* This function generates an array which can be passed to the user_add function in order to create a user -*/ -function user_row_apache($username, $password) -{ - global $db, $config, $user; - // first retrieve default group id - $sql = 'SELECT group_id - FROM ' . GROUPS_TABLE . " - WHERE group_name = '" . $db->sql_escape('REGISTERED') . "' - AND group_type = " . GROUP_SPECIAL; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if (!$row) - { - trigger_error('NO_GROUP'); - } - - // generate user account data - return array( - 'username' => $username, - 'user_password' => phpbb_hash($password), - 'user_email' => '', - 'group_id' => (int) $row['group_id'], - 'user_type' => USER_NORMAL, - 'user_ip' => $user->ip, - 'user_new' => ($config['new_member_post_limit']) ? 1 : 0, - ); -} - -/** -* The session validation function checks whether the user is still logged in -* -* @return boolean true if the given user is authenticated or false if the session should be closed -*/ -function validate_session_apache(&$user) -{ - global $request; - - // Check if PHP_AUTH_USER is set and handle this case - if ($request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) - { - $php_auth_user = $request->server('PHP_AUTH_USER'); - - return ($php_auth_user === $user['username']) ? true : false; - } - - // PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not) - if ($user['user_type'] == USER_IGNORE) - { - return true; - } - - return false; -} diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php deleted file mode 100644 index ac944532a5..0000000000 --- a/phpBB/includes/auth/auth_db.php +++ /dev/null @@ -1,289 +0,0 @@ - status constant -* 'error_msg' => string -* 'user_row' => array -* ) -*/ -function login_db($username, $password, $ip = '', $browser = '', $forwarded_for = '') -{ - global $db, $config; - global $request; - - // Auth plugins get the password untrimmed. - // For compatibility we trim() here. - $password = trim($password); - - // do not allow empty password - if (!$password) - { - return array( - 'status' => LOGIN_ERROR_PASSWORD, - 'error_msg' => 'NO_PASSWORD_SUPPLIED', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - if (!$username) - { - return array( - 'status' => LOGIN_ERROR_USERNAME, - 'error_msg' => 'LOGIN_ERROR_USERNAME', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - $username_clean = utf8_clean_string($username); - - $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts - FROM ' . USERS_TABLE . " - WHERE username_clean = '" . $db->sql_escape($username_clean) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if (($ip && !$config['ip_login_limit_use_forwarded']) || - ($forwarded_for && $config['ip_login_limit_use_forwarded'])) - { - $sql = 'SELECT COUNT(*) AS attempts - FROM ' . LOGIN_ATTEMPT_TABLE . ' - WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']); - if ($config['ip_login_limit_use_forwarded']) - { - $sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($forwarded_for) . "'"; - } - else - { - $sql .= " AND attempt_ip = '" . $db->sql_escape($ip) . "' "; - } - - $result = $db->sql_query($sql); - $attempts = (int) $db->sql_fetchfield('attempts'); - $db->sql_freeresult($result); - - $attempt_data = array( - 'attempt_ip' => $ip, - 'attempt_browser' => trim(substr($browser, 0, 149)), - 'attempt_forwarded_for' => $forwarded_for, - 'attempt_time' => time(), - 'user_id' => ($row) ? (int) $row['user_id'] : 0, - 'username' => $username, - 'username_clean' => $username_clean, - ); - $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data); - $result = $db->sql_query($sql); - } - else - { - $attempts = 0; - } - - if (!$row) - { - if ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']) - { - return array( - 'status' => LOGIN_ERROR_ATTEMPTS, - 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - return array( - 'status' => LOGIN_ERROR_USERNAME, - 'error_msg' => 'LOGIN_ERROR_USERNAME', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - $show_captcha = ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) || - ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']); - - // If there are too much login attempts, we need to check for an confirm image - // Every auth module is able to define what to do by itself... - if ($show_captcha) - { - // Visual Confirmation handling - if (!class_exists('phpbb_captcha_factory', false)) - { - global $phpbb_root_path, $phpEx; - include ($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx); - } - - $captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']); - $captcha->init(CONFIRM_LOGIN); - $vc_response = $captcha->validate($row); - if ($vc_response) - { - return array( - 'status' => LOGIN_ERROR_ATTEMPTS, - 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', - 'user_row' => $row, - ); - } - else - { - $captcha->reset(); - } - - } - - // If the password convert flag is set we need to convert it - if ($row['user_pass_convert']) - { - // enable super globals to get literal value - // this is needed to prevent unicode normalization - $super_globals_disabled = $request->super_globals_disabled(); - if ($super_globals_disabled) - { - $request->enable_super_globals(); - } - - // in phpBB2 passwords were used exactly as they were sent, with addslashes applied - $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; - $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; - $password_new_format = $request->variable('password', '', true); - - if ($super_globals_disabled) - { - $request->disable_super_globals(); - } - - if ($password == $password_new_format) - { - if (!function_exists('utf8_to_cp1252')) - { - global $phpbb_root_path, $phpEx; - include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx); - } - - // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding - // plain md5 support left in for conversions from other systems. - if ((strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password']))) - || (strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password']))) - { - $hash = phpbb_hash($password_new_format); - - // Update the password in the users table to the new format and remove user_pass_convert flag - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_password = \'' . $db->sql_escape($hash) . '\', - user_pass_convert = 0 - WHERE user_id = ' . $row['user_id']; - $db->sql_query($sql); - - $row['user_pass_convert'] = 0; - $row['user_password'] = $hash; - } - else - { - // Although we weren't able to convert this password we have to - // increase login attempt count to make sure this cannot be exploited - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_login_attempts = user_login_attempts + 1 - WHERE user_id = ' . (int) $row['user_id'] . ' - AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; - $db->sql_query($sql); - - return array( - 'status' => LOGIN_ERROR_PASSWORD_CONVERT, - 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT', - 'user_row' => $row, - ); - } - } - } - - // Check password ... - if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password'])) - { - // Check for old password hash... - if (strlen($row['user_password']) == 32) - { - $hash = phpbb_hash($password); - - // Update the password in the users table to the new format - $sql = 'UPDATE ' . USERS_TABLE . " - SET user_password = '" . $db->sql_escape($hash) . "', - user_pass_convert = 0 - WHERE user_id = {$row['user_id']}"; - $db->sql_query($sql); - - $row['user_password'] = $hash; - } - - $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . ' - WHERE user_id = ' . $row['user_id']; - $db->sql_query($sql); - - if ($row['user_login_attempts'] != 0) - { - // Successful, reset login attempts (the user passed all stages) - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_login_attempts = 0 - WHERE user_id = ' . $row['user_id']; - $db->sql_query($sql); - } - - // User inactive... - if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) - { - return array( - 'status' => LOGIN_ERROR_ACTIVE, - 'error_msg' => 'ACTIVE_ERROR', - 'user_row' => $row, - ); - } - - // Successful login... set user_login_attempts to zero... - return array( - 'status' => LOGIN_SUCCESS, - 'error_msg' => false, - 'user_row' => $row, - ); - } - - // Password incorrect - increase login attempts - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_login_attempts = user_login_attempts + 1 - WHERE user_id = ' . (int) $row['user_id'] . ' - AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; - $db->sql_query($sql); - - // Give status about wrong password... - return array( - 'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD, - 'error_msg' => ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD', - 'user_row' => $row, - ); -} diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php deleted file mode 100644 index 98355dd044..0000000000 --- a/phpBB/includes/auth/auth_ldap.php +++ /dev/null @@ -1,350 +0,0 @@ -lang['LDAP_NO_LDAP_EXTENSION']; - } - - $config['ldap_port'] = (int) $config['ldap_port']; - if ($config['ldap_port']) - { - $ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']); - } - else - { - $ldap = @ldap_connect($config['ldap_server']); - } - - if (!$ldap) - { - return $user->lang['LDAP_NO_SERVER_CONNECTION']; - } - - @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); - @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); - - if ($config['ldap_user'] || $config['ldap_password']) - { - if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password']))) - { - return $user->lang['LDAP_INCORRECT_USER_PASSWORD']; - } - } - - // ldap_connect only checks whether the specified server is valid, so the connection might still fail - $search = @ldap_search( - $ldap, - htmlspecialchars_decode($config['ldap_base_dn']), - ldap_user_filter($user->data['username']), - (empty($config['ldap_email'])) ? - array(htmlspecialchars_decode($config['ldap_uid'])) : - array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])), - 0, - 1 - ); - - if ($search === false) - { - return $user->lang['LDAP_SEARCH_FAILED']; - } - - $result = @ldap_get_entries($ldap, $search); - - @ldap_close($ldap); - - - if (!is_array($result) || sizeof($result) < 2) - { - return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']); - } - - if (!empty($config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($config['ldap_email'])])) - { - return $user->lang['LDAP_NO_EMAIL']; - } - - return false; -} - -/** -* Login function -*/ -function login_ldap(&$username, &$password) -{ - global $db, $config, $user; - - // do not allow empty password - if (!$password) - { - return array( - 'status' => LOGIN_ERROR_PASSWORD, - 'error_msg' => 'NO_PASSWORD_SUPPLIED', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - if (!$username) - { - return array( - 'status' => LOGIN_ERROR_USERNAME, - 'error_msg' => 'LOGIN_ERROR_USERNAME', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - if (!@extension_loaded('ldap')) - { - return array( - 'status' => LOGIN_ERROR_EXTERNAL_AUTH, - 'error_msg' => 'LDAP_NO_LDAP_EXTENSION', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - $config['ldap_port'] = (int) $config['ldap_port']; - if ($config['ldap_port']) - { - $ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']); - } - else - { - $ldap = @ldap_connect($config['ldap_server']); - } - - if (!$ldap) - { - return array( - 'status' => LOGIN_ERROR_EXTERNAL_AUTH, - 'error_msg' => 'LDAP_NO_SERVER_CONNECTION', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); - @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); - - if ($config['ldap_user'] || $config['ldap_password']) - { - if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password']))) - { - return array( - 'status' => LOGIN_ERROR_EXTERNAL_AUTH, - 'error_msg' => 'LDAP_NO_SERVER_CONNECTION', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - } - - $search = @ldap_search( - $ldap, - htmlspecialchars_decode($config['ldap_base_dn']), - ldap_user_filter($username), - (empty($config['ldap_email'])) ? - array(htmlspecialchars_decode($config['ldap_uid'])) : - array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])), - 0, - 1 - ); - - $ldap_result = @ldap_get_entries($ldap, $search); - - if (is_array($ldap_result) && sizeof($ldap_result) > 1) - { - if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password))) - { - @ldap_close($ldap); - - $sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type - FROM ' . USERS_TABLE . " - WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if ($row) - { - unset($ldap_result); - - // User inactive... - if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) - { - return array( - 'status' => LOGIN_ERROR_ACTIVE, - 'error_msg' => 'ACTIVE_ERROR', - 'user_row' => $row, - ); - } - - // Successful login... set user_login_attempts to zero... - return array( - 'status' => LOGIN_SUCCESS, - 'error_msg' => false, - 'user_row' => $row, - ); - } - else - { - // retrieve default group id - $sql = 'SELECT group_id - FROM ' . GROUPS_TABLE . " - WHERE group_name = '" . $db->sql_escape('REGISTERED') . "' - AND group_type = " . GROUP_SPECIAL; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if (!$row) - { - trigger_error('NO_GROUP'); - } - - // generate user account data - $ldap_user_row = array( - 'username' => $username, - 'user_password' => phpbb_hash($password), - 'user_email' => (!empty($config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($config['ldap_email'])][0]) : '', - 'group_id' => (int) $row['group_id'], - 'user_type' => USER_NORMAL, - 'user_ip' => $user->ip, - 'user_new' => ($config['new_member_post_limit']) ? 1 : 0, - ); - - unset($ldap_result); - - // this is the user's first login so create an empty profile - return array( - 'status' => LOGIN_SUCCESS_CREATE_PROFILE, - 'error_msg' => false, - 'user_row' => $ldap_user_row, - ); - } - } - else - { - unset($ldap_result); - @ldap_close($ldap); - - // Give status about wrong password... - return array( - 'status' => LOGIN_ERROR_PASSWORD, - 'error_msg' => 'LOGIN_ERROR_PASSWORD', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - } - - @ldap_close($ldap); - - return array( - 'status' => LOGIN_ERROR_USERNAME, - 'error_msg' => 'LOGIN_ERROR_USERNAME', - 'user_row' => array('user_id' => ANONYMOUS), - ); -} - -/** -* Generates a filter string for ldap_search to find a user -* -* @param $username string Username identifying the searched user -* -* @return string A filter string for ldap_search -*/ -function ldap_user_filter($username) -{ - global $config; - - $filter = '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')'; - if ($config['ldap_user_filter']) - { - $_filter = ($config['ldap_user_filter'][0] == '(' && substr($config['ldap_user_filter'], -1) == ')') ? $config['ldap_user_filter'] : "({$config['ldap_user_filter']})"; - $filter = "(&{$filter}{$_filter})"; - } - return $filter; -} - -/** -* Escapes an LDAP AttributeValue -*/ -function ldap_escape($string) -{ - return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string); -} - -/** -* This function is used to output any required fields in the authentication -* admin panel. It also defines any required configuration table fields. -*/ -function acp_ldap(&$new) -{ - global $user; - - $tpl = ' - -
-

' . $user->lang['LDAP_SERVER_EXPLAIN'] . '
-
-
-
-

' . $user->lang['LDAP_PORT_EXPLAIN'] . '
-
-
-
-

' . $user->lang['LDAP_DN_EXPLAIN'] . '
-
-
-
-

' . $user->lang['LDAP_UID_EXPLAIN'] . '
-
-
-
-

' . $user->lang['LDAP_USER_FILTER_EXPLAIN'] . '
-
-
-
-

' . $user->lang['LDAP_EMAIL_EXPLAIN'] . '
-
-
-
-

' . $user->lang['LDAP_USER_EXPLAIN'] . '
-
-
-
-

' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '
-
-
- '; - - // These are fields required in the config table - return array( - 'tpl' => $tpl, - 'config' => array('ldap_server', 'ldap_port', 'ldap_base_dn', 'ldap_uid', 'ldap_user_filter', 'ldap_email', 'ldap_user', 'ldap_password') - ); -} From b78b6711c80f2a47f3ab71dde9b733e04d9b523d Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 25 Jun 2013 22:14:39 -0400 Subject: [PATCH 34/63] [feature/auth-refactor] Don't truncate name then reattach same thing PHPBB3-9734 --- phpBB/includes/acp/acp_board.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 1ac6697255..bff5a3e64d 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -527,7 +527,7 @@ class acp_board foreach($auth_providers as $key => $value) { - $auth_plugins[] = str_replace('auth.provider.', '', $key); + $auth_plugins[] = $key; } $updated_auth_settings = false; @@ -536,7 +536,7 @@ class acp_board { if ($method) { - $provider = $auth_providers['auth.provider.' . $method]; + $provider = $auth_providers[$method]; if ($provider) { if ($fields = $provider->acp($this->new_config)) @@ -575,7 +575,7 @@ class acp_board $method = basename($cfg_array['auth_method']); if ($method) { - $provider = $auth_providers['auth.provider.' . $method]; + $provider = $auth_providers[$method]; if ($provider) { if ($error = $provider->init()) @@ -673,7 +673,7 @@ class acp_board { if ($method) { - $provider = $auth_providers['auth.provider.' . $method]; + $provider = $auth_providers[$method]; if ($provider) { $fields = $provider->acp($this->new_config); From 3c394aee6208277eb852764ca6b4ef50e2832301 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 25 Jun 2013 22:21:38 -0400 Subject: [PATCH 35/63] [feature/auth-refactor] Refactor auth in acp_board Changes the acp_board code to directly call the auth providers out of the $auth_providers variable that is populated by the phpbb_container. PHPBB3-9734 --- phpBB/includes/acp/acp_board.php | 25 +++---------------------- 1 file changed, 3 insertions(+), 22 deletions(-) diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index bff5a3e64d..d6bf2d637b 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -525,20 +525,10 @@ class acp_board $auth_plugins = array(); $auth_providers = $phpbb_container->get('auth.provider_collection'); - foreach($auth_providers as $key => $value) - { - $auth_plugins[] = $key; - } - $updated_auth_settings = false; $old_auth_config = array(); - foreach ($auth_plugins as $method) + foreach ($auth_providers as $provider) { - if ($method) - { - $provider = $auth_providers[$method]; - if ($provider) - { if ($fields = $provider->acp($this->new_config)) { // Check if we need to create config fields for this plugin and save config when submit was pressed @@ -566,8 +556,6 @@ class acp_board } } unset($fields); - } - } } if ($submit && (($cfg_array['auth_method'] != $this->new_config['auth_method']) || $updated_auth_settings)) @@ -575,7 +563,7 @@ class acp_board $method = basename($cfg_array['auth_method']); if ($method) { - $provider = $auth_providers[$method]; + $provider = $auth_providers['auth.provider.' . $method]; if ($provider) { if ($error = $provider->init()) @@ -669,13 +657,8 @@ class acp_board { $template->assign_var('S_AUTH', true); - foreach ($auth_plugins as $method) + foreach ($auth_provider as $provider) { - if ($method) - { - $provider = $auth_providers[$method]; - if ($provider) - { $fields = $provider->acp($this->new_config); if ($fields['tpl']) @@ -685,8 +668,6 @@ class acp_board ); } unset($fields); - } - } } } } From 08614e2b8540766037e13f3eb1e6d4d64eea7b46 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 25 Jun 2013 22:25:40 -0400 Subject: [PATCH 36/63] [feature/auth-refactor] Fix indentation on acp_board PHPBB3-9734 --- phpBB/includes/acp/acp_board.php | 79 +++++++++++++++----------------- 1 file changed, 38 insertions(+), 41 deletions(-) diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index d6bf2d637b..5e8efaa60c 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -529,51 +529,48 @@ class acp_board $old_auth_config = array(); foreach ($auth_providers as $provider) { - if ($fields = $provider->acp($this->new_config)) + if ($fields = $provider->acp($this->new_config)) + { + // Check if we need to create config fields for this plugin and save config when submit was pressed + foreach ($fields['config'] as $field) + { + if (!isset($config[$field])) { - // Check if we need to create config fields for this plugin and save config when submit was pressed - foreach ($fields['config'] as $field) - { - if (!isset($config[$field])) - { - set_config($field, ''); - } - - if (!isset($cfg_array[$field]) || strpos($field, 'legend') !== false) - { - continue; - } - - $old_auth_config[$field] = $this->new_config[$field]; - $config_value = $cfg_array[$field]; - $this->new_config[$field] = $config_value; - - if ($submit) - { - $updated_auth_settings = true; - set_config($field, $config_value); - } - } + set_config($field, ''); } - unset($fields); + + if (!isset($cfg_array[$field]) || strpos($field, 'legend') !== false) + { + continue; + } + + $old_auth_config[$field] = $this->new_config[$field]; + $config_value = $cfg_array[$field]; + $this->new_config[$field] = $config_value; + + if ($submit) + { + $updated_auth_settings = true; + set_config($field, $config_value); + } + } + } + unset($fields); } if ($submit && (($cfg_array['auth_method'] != $this->new_config['auth_method']) || $updated_auth_settings)) { $method = basename($cfg_array['auth_method']); - if ($method) + if (array_key_exists('auth.provider.' . $method, $auth_providers)) { $provider = $auth_providers['auth.provider.' . $method]; - if ($provider) + if ($error = $provider->init()) { - if ($error = $provider->init()) + foreach ($old_auth_config as $config_name => $config_value) { - foreach ($old_auth_config as $config_name => $config_value) - { - set_config($config_name, $config_value); - } - trigger_error($error . adm_back_link($this->u_action), E_USER_WARNING); + set_config($config_name, $config_value); } + trigger_error($error . adm_back_link($this->u_action), E_USER_WARNING); } set_config('auth_method', basename($cfg_array['auth_method'])); } @@ -659,15 +656,15 @@ class acp_board foreach ($auth_provider as $provider) { - $fields = $provider->acp($this->new_config); + $fields = $provider->acp($this->new_config); - if ($fields['tpl']) - { - $template->assign_block_vars('auth_tpl', array( - 'TPL' => $fields['tpl']) - ); - } - unset($fields); + if ($fields['tpl']) + { + $template->assign_block_vars('auth_tpl', array( + 'TPL' => $fields['tpl']) + ); + } + unset($fields); } } } From 59929669f508f06b2440bf36af463851acbeb711 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 25 Jun 2013 22:26:45 -0400 Subject: [PATCH 37/63] [feature/auth-refactor] Fix errors in acp_board Fixes errors introduced by the last several commits. PHPBB3-9734 --- phpBB/includes/acp/acp_board.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 5e8efaa60c..4a758207fd 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -654,7 +654,7 @@ class acp_board { $template->assign_var('S_AUTH', true); - foreach ($auth_provider as $provider) + foreach ($auth_providers as $provider) { $fields = $provider->acp($this->new_config); @@ -674,7 +674,7 @@ class acp_board */ function select_auth_method($selected_method, $key = '') { - global $phpbb_root_path, $phpEx; + global $phpbb_root_path, $phpEx, $phpbb_container; $auth_plugins = array(); $auth_providers = $phpbb_container->get('auth.provider_collection'); From 4afdd650cdea0a09da14e8dff23cee1b30e5980d Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Wed, 26 Jun 2013 00:02:03 -0400 Subject: [PATCH 38/63] [feature/auth-refactor] Removed no longer used variable PHPBB3-9734 --- phpBB/includes/acp/acp_board.php | 1 - 1 file changed, 1 deletion(-) diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 4a758207fd..4d07f96c6f 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -522,7 +522,6 @@ class acp_board if ($mode == 'auth') { // Retrieve a list of auth plugins and check their config values - $auth_plugins = array(); $auth_providers = $phpbb_container->get('auth.provider_collection'); $updated_auth_settings = false; From 19bbf7b7de4a2575405b84c8a253cbf9de315b7c Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Wed, 26 Jun 2013 11:31:11 -0400 Subject: [PATCH 39/63] [feature/auth-refactor] Fix two session tests broken by changes PHPBB3-9734 --- tests/session/continue_test.php | 13 +++++++++++++ tests/session/init_test.php | 13 +++++++++++++ 2 files changed, 26 insertions(+) diff --git a/tests/session/continue_test.php b/tests/session/continue_test.php index ad78d92299..e5a7f7a4a1 100644 --- a/tests/session/continue_test.php +++ b/tests/session/continue_test.php @@ -53,7 +53,20 @@ class phpbb_session_continue_test extends phpbb_database_test_case */ public function test_session_begin_valid_session($session_id, $user_id, $user_agent, $ip, $expected_sessions, $expected_cookies, $message) { + global $phpbb_container, $phpbb_root_path, $phpEx; + $db = $this->new_dbal(); + $config = new phpbb_config(array()); + $request = $this->getMock('phpbb_request'); + $user = $this->getMock('phpbb_user'); + + $auth_provider = new phpbb_auth_provider_db($db, $config, $request, $user, $phpbb_root_path, $phpEx); + $phpbb_container = $this->getMock('Symfony\Component\DependencyInjection\ContainerInterface'); + $phpbb_container->expects($this->any()) + ->method('get') + ->with('auth.provider.db') + ->will($this->returnValue($auth_provider)); + $session_factory = new phpbb_session_testable_factory; $session_factory->set_cookies(array( '_sid' => $session_id, diff --git a/tests/session/init_test.php b/tests/session/init_test.php index 830de34ed0..43af8c554f 100644 --- a/tests/session/init_test.php +++ b/tests/session/init_test.php @@ -20,7 +20,20 @@ class phpbb_session_init_test extends phpbb_database_test_case public function test_login_session_create() { + global $phpbb_container, $phpbb_root_path, $phpEx; + $db = $this->new_dbal(); + $config = new phpbb_config(array()); + $request = $this->getMock('phpbb_request'); + $user = $this->getMock('phpbb_user'); + + $auth_provider = new phpbb_auth_provider_db($db, $config, $request, $user, $phpbb_root_path, $phpEx); + $phpbb_container = $this->getMock('Symfony\Component\DependencyInjection\ContainerInterface'); + $phpbb_container->expects($this->any()) + ->method('get') + ->with('auth.provider.db') + ->will($this->returnValue($auth_provider)); + $session_factory = new phpbb_session_testable_factory; $session = $session_factory->get_session($db); From 5af7d2b07f788f6795865225612175b65c596a4b Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Wed, 26 Jun 2013 21:45:16 -0400 Subject: [PATCH 40/63] [feature/auth-refactor] Change phpEx to php_ext in new classes PHPBB3-9734 --- phpBB/includes/auth/provider_apache.php | 8 ++++---- phpBB/includes/auth/provider_db.php | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/phpBB/includes/auth/provider_apache.php b/phpBB/includes/auth/provider_apache.php index adb1fb6cea..0a6811bbcb 100644 --- a/phpBB/includes/auth/provider_apache.php +++ b/phpBB/includes/auth/provider_apache.php @@ -30,16 +30,16 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface * @param phpbb_request $request * @param phpbb_user $user * @param string $phpbb_root_path - * @param string $phpEx + * @param string $php_ext */ - public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $phpbb_root_path, $phpEx) + public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $phpbb_root_path, $php_ext) { $this->db = $db; $this->config = $config; $this->request = $request; $this->user = $user; $this->phpbb_root_path = $phpbb_root_path; - $this->phpEx = $phpEx; + $this->php_ext = $php_ext; } /** @@ -183,7 +183,7 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface if (!function_exists('user_add')) { - include($this->phpbb_root_path . 'includes/functions_user.' . $this->phpEx); + include($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext); } // create the user if he does not exist yet diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php index aaf9cda735..c8b0c44654 100644 --- a/phpBB/includes/auth/provider_db.php +++ b/phpBB/includes/auth/provider_db.php @@ -33,16 +33,16 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface * @param phpbb_request $request * @param phpbb_user $user * @param string $phpbb_root_path - * @param string $phpEx + * @param string $php_ext */ - public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $phpbb_root_path, $phpEx) + public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $phpbb_root_path, $php_ext) { $this->db = $db; $this->config = $config; $this->request = $request; $this->user = $user; $this->phpbb_root_path = $phpbb_root_path; - $this->phpEx = $phpEx; + $this->php_ext = $php_ext; } public function init() @@ -160,7 +160,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface // Visual Confirmation handling if (!class_exists('phpbb_captcha_factory', false)) { - include ($this->phpbb_root_path . 'includes/captcha/captcha_factory.' . $this->phpEx); + include ($this->phpbb_root_path . 'includes/captcha/captcha_factory.' . $this->php_ext); } $captcha = phpbb_captcha_factory::get_instance($this->config['captcha_plugin']); @@ -206,7 +206,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface { if (!function_exists('utf8_to_cp1252')) { - include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->phpEx); + include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->php_ext); } // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding From 24e323d59353810293dea41d6b9b4114dd627543 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Thu, 27 Jun 2013 14:17:29 -0400 Subject: [PATCH 41/63] [feature/auth-refactor] Finish and clean up documentation PHPBB3-9734 --- phpBB/includes/auth/provider_apache.php | 26 +----------- phpBB/includes/auth/provider_db.php | 24 +++-------- phpBB/includes/auth/provider_interface.php | 46 ++++++++++++++-------- phpBB/includes/auth/provider_ldap.php | 21 +++------- 4 files changed, 43 insertions(+), 74 deletions(-) diff --git a/phpBB/includes/auth/provider_apache.php b/phpBB/includes/auth/provider_apache.php index 0a6811bbcb..054316db19 100644 --- a/phpBB/includes/auth/provider_apache.php +++ b/phpBB/includes/auth/provider_apache.php @@ -42,13 +42,6 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface $this->php_ext = $php_ext; } - /** - * Checks whether the user is identified to apache - * Only allow changing authentication to apache if the user is identified - * Called in acp_board while setting authentication plugins - * - * @return boolean|string false if the user is identified and else an error message - */ public function init() { if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $this->user->data['username'] !== htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'))) @@ -58,9 +51,6 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface return false; } - /** - * Login function - */ public function login($username, $password) { // do not allow empty password @@ -148,12 +138,6 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface ); } - /** - * Autologin function - * - * @return array containing the user row or empty if no auto login should - * take place - */ public function autologin() { if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) @@ -209,8 +193,8 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface * This function generates an array which can be passed to the user_add * function in order to create a user * - * @param str $username The username of the new user. - * @param str $password The password of the new user. + * @param string $username The username of the new user. + * @param string $password The password of the new user. * @return array Contains data that can be passed directly to * the user_add function. */ @@ -242,12 +226,6 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface ); } - /** - * The session validation function checks whether the user is still logged in - * - * @return boolean true if the given user is authenticated or false if - * the session should be closed - */ public function validate_session($user) { // Check if PHP_AUTH_USER is set and handle this case diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php index c8b0c44654..e8fff26650 100644 --- a/phpBB/includes/auth/provider_db.php +++ b/phpBB/includes/auth/provider_db.php @@ -28,12 +28,12 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface /** * Database Authentication Constructor * - * @param phpbb_db_driver $db - * @param phpbb_config $config - * @param phpbb_request $request - * @param phpbb_user $user - * @param string $phpbb_root_path - * @param string $php_ext + * @param phpbb_db_driver $db + * @param phpbb_config $config + * @param phpbb_request $request + * @param phpbb_user $user + * @param string $phpbb_root_path + * @param string $php_ext */ public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $phpbb_root_path, $php_ext) { @@ -50,18 +50,6 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface return; } - /** - * Login function - * - * @param string $username - * @param string $password - * @return array A associative array of the format - * array( - * 'status' => status constant - * 'error_msg' => string - * 'user_row' => array - * ) - */ public function login($username, $password) { // Auth plugins get the password untrimmed. diff --git a/phpBB/includes/auth/provider_interface.php b/phpBB/includes/auth/provider_interface.php index 534f198c21..2d1935f8f0 100644 --- a/phpBB/includes/auth/provider_interface.php +++ b/phpBB/includes/auth/provider_interface.php @@ -26,31 +26,33 @@ interface phpbb_auth_provider_interface * Checks whether the user is currently identified to the authentication * provider. * Called in acp_board while setting authentication plugins. + * Changing to an authentication provider will not be permitted in acp_board + * if there is an error. * * @return boolean|string False if the user is identified, otherwise an - * error message. + * error message, or null if not implemented. */ public function init(); /** * Performs login. * - * @param $username string The name of the user being authenticated. - * @param $password string The password of the user. - * @return array An associative array of the format: - * array( - * 'status' => status constant - * 'error_msg' => string - * 'user_row' => array - * ) + * @param string $username The name of the user being authenticated. + * @param string $password The password of the user. + * @return array An associative array of the format: + * array( + * 'status' => status constant + * 'error_msg' => string + * 'user_row' => array + * ) */ public function login($username, $password); /** * Autologin function * - * @return array containing the user row or empty if no auto login should - * take place + * @return array|null containing the user row, empty if no auto login + * should take place, or null if not impletmented. */ public function autologin(); @@ -58,22 +60,32 @@ interface phpbb_auth_provider_interface * This function is used to output any required fields in the authentication * admin panel. It also defines any required configuration table fields. * - * @param type $new + * @param array $new Contains the new configuration values that have + * been set in acp_board. + * @return array|null Returns null if not implemented or an array of the + * form: + * array( + * 'tpl' => string + * 'config' => array + * ) */ public function acp($new); /** - * Special logout function. + * Performs additional actions during logout. * - * @param type $data - * @param type $new_session + * @param array $data An array corresponding to + * phpbb_session::data + * @param boolean $new_session True for a new session, false for no new + * session. */ public function logout($data, $new_session); /** - * The session validation function checks whether the user is still logged in. + * The session validation function checks whether the user is still logged + * into phpBB. * - * @param type $user + * @param array $user * @return boolean true if the given user is authenticated, false if the * session should be closed, or null if not implemented. */ diff --git a/phpBB/includes/auth/provider_ldap.php b/phpBB/includes/auth/provider_ldap.php index 67d8d8335f..2140e7dd63 100644 --- a/phpBB/includes/auth/provider_ldap.php +++ b/phpBB/includes/auth/provider_ldap.php @@ -27,9 +27,9 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface /** * LDAP Authentication Constructor * - * @param phpbb_db_driver $db - * @param phpbb_config $config - * @param phpbb_user $user + * @param phpbb_db_driver $db + * @param phpbb_config $config + * @param phpbb_user $user */ public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_user $user) { @@ -38,11 +38,6 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface $this->user = $user; } - /** - * Connect to ldap server - * Only allow changing authentication to ldap if we can connect to the ldap server - * Called in acp_board while setting authentication plugins - */ public function init() { if (!@extension_loaded('ldap')) @@ -111,9 +106,6 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface return false; } - /** - * Login function - */ public function login($username, $password) { // do not allow empty password @@ -290,10 +282,6 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface return; } - /** - * This function is used to output any required fields in the authentication - * admin panel. It also defines any required configuration table fields. - */ public function acp($new) { $tpl = ' @@ -359,6 +347,9 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface /** * Escapes an LDAP AttributeValue + * + * @param string $string The string to be escaped + * @return string The escaped string */ private function ldap_escape($string) { From 27f0b9ff4359a60f98533aff2a87c1848d622d4c Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Fri, 28 Jun 2013 13:43:41 -0400 Subject: [PATCH 42/63] [feature/auth-refactor] Forgot @inheritdoc on methods PHPBB3-9734 --- phpBB/includes/auth/provider_apache.php | 18 ++++++++++++++++++ phpBB/includes/auth/provider_db.php | 18 ++++++++++++++++++ phpBB/includes/auth/provider_ldap.php | 18 ++++++++++++++++++ 3 files changed, 54 insertions(+) diff --git a/phpBB/includes/auth/provider_apache.php b/phpBB/includes/auth/provider_apache.php index 054316db19..5f6f2862b6 100644 --- a/phpBB/includes/auth/provider_apache.php +++ b/phpBB/includes/auth/provider_apache.php @@ -42,6 +42,9 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface $this->php_ext = $php_ext; } + /** + * {@inheritdoc} + */ public function init() { if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $this->user->data['username'] !== htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'))) @@ -51,6 +54,9 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface return false; } + /** + * {@inheritdoc} + */ public function login($username, $password) { // do not allow empty password @@ -138,6 +144,9 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface ); } + /** + * {@inheritdoc} + */ public function autologin() { if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) @@ -226,6 +235,9 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface ); } + /** + * {@inheritdoc} + */ public function validate_session($user) { // Check if PHP_AUTH_USER is set and handle this case @@ -245,11 +257,17 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface return false; } + /** + * {@inheritdoc} + */ public function acp($new) { return; } + /** + * {@inheritdoc} + */ public function logout($data, $new_session) { return; diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php index e8fff26650..a79d031048 100644 --- a/phpBB/includes/auth/provider_db.php +++ b/phpBB/includes/auth/provider_db.php @@ -45,11 +45,17 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface $this->php_ext = $php_ext; } + /** + * {@inheritdoc} + */ public function init() { return; } + /** + * {@inheritdoc} + */ public function login($username, $password) { // Auth plugins get the password untrimmed. @@ -297,21 +303,33 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface ); } + /** + * {@inheritdoc} + */ public function autologin() { return; } + /** + * {@inheritdoc} + */ public function acp($new) { return; } + /** + * {@inheritdoc} + */ public function logout($data, $new_session) { return; } + /** + * {@inheritdoc} + */ public function validate_session($user) { return; diff --git a/phpBB/includes/auth/provider_ldap.php b/phpBB/includes/auth/provider_ldap.php index 2140e7dd63..f67c1e9247 100644 --- a/phpBB/includes/auth/provider_ldap.php +++ b/phpBB/includes/auth/provider_ldap.php @@ -38,6 +38,9 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface $this->user = $user; } + /** + * {@inheritdoc} + */ public function init() { if (!@extension_loaded('ldap')) @@ -106,6 +109,9 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface return false; } + /** + * {@inheritdoc} + */ public function login($username, $password) { // do not allow empty password @@ -277,11 +283,17 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface ); } + /** + * {@inheritdoc} + */ public function autologin() { return; } + /** + * {@inheritdoc} + */ public function acp($new) { $tpl = ' @@ -356,11 +368,17 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string); } + /** + * {@inheritdoc} + */ public function logout($data, $new_session) { return; } + /** + * {@inheritdoc} + */ public function validate_session($user) { return; From 5701c753a7446acd72a3d55702db96e4a149f515 Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Sat, 29 Jun 2013 12:17:12 -0700 Subject: [PATCH 43/63] [ticket/11577] Readjust min-height to 35px Changing min-height to 35px in order to get pixel-for-pixel accurate height settings as before for topic-rows. PHPBB3-11577 --- phpBB/styles/prosilver/theme/content.css | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/styles/prosilver/theme/content.css b/phpBB/styles/prosilver/theme/content.css index 5f58addb54..4b8c972697 100644 --- a/phpBB/styles/prosilver/theme/content.css +++ b/phpBB/styles/prosilver/theme/content.css @@ -159,7 +159,7 @@ dl.icon dt .list-inner { } dl.icon dt, dl.icon dd { - min-height: 30px; + min-height: 35px; } dd.posts, dd.topics, dd.views, dd.extra, dd.mark { From 7a2e3b4354b495f7f46bc57dfde070ce7270bd25 Mon Sep 17 00:00:00 2001 From: Dhruv Date: Mon, 3 Jun 2013 23:38:48 +0530 Subject: [PATCH 44/63] [ticket/11566] add interface for captcha Add basic captcha template while reporting post when the user is not a registered user. PHPBB3-11566 --- phpBB/report.php | 14 ++++++++++++++ phpBB/styles/prosilver/template/report_body.html | 3 +++ 2 files changed, 17 insertions(+) diff --git a/phpBB/report.php b/phpBB/report.php index c1172ec1d5..06fc086d4d 100644 --- a/phpBB/report.php +++ b/phpBB/report.php @@ -133,6 +133,13 @@ else } } +if ($config['enable_post_confirm'] && !$user->data['is_registered']) +{ + include($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx); + $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']); + $captcha->init(CONFIRM_POST); +} + // Submit report? if ($submit && $reason_id) { @@ -224,6 +231,13 @@ display_reasons($reason_id); $page_title = ($pm_id) ? $user->lang['REPORT_MESSAGE'] : $user->lang['REPORT_POST']; +if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === false)) +{ + $template->assign_vars(array( + 'CAPTCHA_TEMPLATE' => $captcha->get_template(), + )); +} + $template->assign_vars(array( 'S_REPORT_POST' => ($pm_id) ? false : true, 'REPORT_TEXT' => $report_text, diff --git a/phpBB/styles/prosilver/template/report_body.html b/phpBB/styles/prosilver/template/report_body.html index b0c6e08049..8bf639791b 100644 --- a/phpBB/styles/prosilver/template/report_body.html +++ b/phpBB/styles/prosilver/template/report_body.html @@ -27,6 +27,9 @@

{L_CAN_LEAVE_BLANK}
+ + + From eafd0ae29f649213cf71b7575131b7f5555c4e67 Mon Sep 17 00:00:00 2001 From: Dhruv Date: Mon, 10 Jun 2013 23:52:41 +0530 Subject: [PATCH 45/63] [ticket/11566] add error functionality add $error which stores the captcha error when captcha validation fails PHPBB3-11566 --- phpBB/report.php | 149 ++++++++++++++++++++++++++--------------------- 1 file changed, 81 insertions(+), 68 deletions(-) diff --git a/phpBB/report.php b/phpBB/report.php index 06fc086d4d..7f6cd4a792 100644 --- a/phpBB/report.php +++ b/phpBB/report.php @@ -140,90 +140,101 @@ if ($config['enable_post_confirm'] && !$user->data['is_registered']) $captcha->init(CONFIRM_POST); } +$error = array(); + // Submit report? if ($submit && $reason_id) { - $sql = 'SELECT * - FROM ' . REPORTS_REASONS_TABLE . " - WHERE reason_id = $reason_id"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if (!$row || (!$report_text && strtolower($row['reason_title']) == 'other')) + $vc_response = $captcha->validate(); + if ($vc_response) { - trigger_error('EMPTY_REPORT'); + $error[] = $vc_response; } - $sql_ary = array( - 'reason_id' => (int) $reason_id, - 'post_id' => $post_id, - 'pm_id' => $pm_id, - 'user_id' => (int) $user->data['user_id'], - 'user_notify' => (int) $user_notify, - 'report_closed' => 0, - 'report_time' => (int) time(), - 'report_text' => (string) $report_text - ); - - $sql = 'INSERT INTO ' . REPORTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); - $db->sql_query($sql); - $report_id = $db->sql_nextid(); - - if ($post_id) + if (!sizeof($error)) { - $sql = 'UPDATE ' . POSTS_TABLE . ' - SET post_reported = 1 - WHERE post_id = ' . $post_id; - $db->sql_query($sql); + $sql = 'SELECT * + FROM ' . REPORTS_REASONS_TABLE . " + WHERE reason_id = $reason_id"; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if (!$report_data['topic_reported']) + if (!$row || (!$report_text && strtolower($row['reason_title']) == 'other')) { - $sql = 'UPDATE ' . TOPICS_TABLE . ' - SET topic_reported = 1 - WHERE topic_id = ' . $report_data['topic_id'] . ' - OR topic_moved_id = ' . $report_data['topic_id']; - $db->sql_query($sql); + trigger_error('EMPTY_REPORT'); } - $lang_return = $user->lang['RETURN_TOPIC']; - $lang_success = $user->lang['POST_REPORTED_SUCCESS']; - } - else - { - $sql = 'UPDATE ' . PRIVMSGS_TABLE . ' - SET message_reported = 1 - WHERE msg_id = ' . $pm_id; - $db->sql_query($sql); - $sql_ary = array( - 'msg_id' => $pm_id, - 'user_id' => ANONYMOUS, - 'author_id' => (int) $report_data['author_id'], - 'pm_deleted' => 0, - 'pm_new' => 0, - 'pm_unread' => 0, - 'pm_replied' => 0, - 'pm_marked' => 0, - 'pm_forwarded' => 0, - 'folder_id' => PRIVMSGS_INBOX, + 'reason_id' => (int) $reason_id, + 'post_id' => $post_id, + 'pm_id' => $pm_id, + 'user_id' => (int) $user->data['user_id'], + 'user_notify' => (int) $user_notify, + 'report_closed' => 0, + 'report_time' => (int) time(), + 'report_text' => (string) $report_text ); - $sql = 'INSERT INTO ' . PRIVMSGS_TO_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); + $sql = 'INSERT INTO ' . REPORTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); $db->sql_query($sql); + $report_id = $db->sql_nextid(); - $lang_return = $user->lang['RETURN_PM']; - $lang_success = $user->lang['PM_REPORTED_SUCCESS']; + if ($post_id) + { + $sql = 'UPDATE ' . POSTS_TABLE . ' + SET post_reported = 1 + WHERE post_id = ' . $post_id; + $db->sql_query($sql); + + if (!$report_data['topic_reported']) + { + $sql = 'UPDATE ' . TOPICS_TABLE . ' + SET topic_reported = 1 + WHERE topic_id = ' . $report_data['topic_id'] . ' + OR topic_moved_id = ' . $report_data['topic_id']; + $db->sql_query($sql); + } + + $lang_return = $user->lang['RETURN_TOPIC']; + $lang_success = $user->lang['POST_REPORTED_SUCCESS']; + } + else + { + $sql = 'UPDATE ' . PRIVMSGS_TABLE . ' + SET message_reported = 1 + WHERE msg_id = ' . $pm_id; + $db->sql_query($sql); + + $sql_ary = array( + 'msg_id' => $pm_id, + 'user_id' => ANONYMOUS, + 'author_id' => (int) $report_data['author_id'], + 'pm_deleted' => 0, + 'pm_new' => 0, + 'pm_unread' => 0, + 'pm_replied' => 0, + 'pm_marked' => 0, + 'pm_forwarded' => 0, + 'folder_id' => PRIVMSGS_INBOX, + ); + + $sql = 'INSERT INTO ' . PRIVMSGS_TO_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); + $db->sql_query($sql); + + $lang_return = $user->lang['RETURN_PM']; + $lang_success = $user->lang['PM_REPORTED_SUCCESS']; + } + + meta_refresh(3, $redirect_url); + + $message = $lang_success . '

' . sprintf($lang_return, '', ''); + if ($return_forum_url) + { + $message .= '

' . sprintf($user->lang['RETURN_FORUM'], '', ''); + } + trigger_error($message); } - - meta_refresh(3, $redirect_url); - - $message = $lang_success . '

' . sprintf($lang_return, '', ''); - if ($return_forum_url) - { - $message .= '

' . sprintf($user->lang['RETURN_FORUM'], '', ''); - } - trigger_error($message); } // Generate the reasons @@ -231,14 +242,16 @@ display_reasons($reason_id); $page_title = ($pm_id) ? $user->lang['REPORT_MESSAGE'] : $user->lang['REPORT_POST']; -if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === false)) +if ((isset($captcha) && $captcha->is_solved() === false)) { $template->assign_vars(array( + 'S_CONFIRM_CODE' => true, 'CAPTCHA_TEMPLATE' => $captcha->get_template(), )); } $template->assign_vars(array( + 'ERROR' => (sizeof($error)) ? implode('
', $error) : '', 'S_REPORT_POST' => ($pm_id) ? false : true, 'REPORT_TEXT' => $report_text, 'S_REPORT_ACTION' => append_sid("{$phpbb_root_path}report.$phpEx", 'f=' . $forum_id . '&p=' . $post_id . '&pm=' . $pm_id), From 7c9a1cbca9719eccbee11db418cb4e531f539a0c Mon Sep 17 00:00:00 2001 From: Dhruv Date: Mon, 10 Jun 2013 23:53:33 +0530 Subject: [PATCH 46/63] [ticket/11566] add error in template Check if error exists, then display it in the report post template. PHPBB3-11566 --- phpBB/styles/prosilver/template/report_body.html | 1 + 1 file changed, 1 insertion(+) diff --git a/phpBB/styles/prosilver/template/report_body.html b/phpBB/styles/prosilver/template/report_body.html index 8bf639791b..2d6a857afb 100644 --- a/phpBB/styles/prosilver/template/report_body.html +++ b/phpBB/styles/prosilver/template/report_body.html @@ -10,6 +10,7 @@

{L_REPORT_POST_EXPLAIN}{L_REPORT_MESSAGE_EXPLAIN}

+
{ERROR}
From 2c240f8a7b36feab129336b7e36273cdb9798364 Mon Sep 17 00:00:00 2001 From: Dhruv Date: Tue, 11 Jun 2013 00:09:14 +0530 Subject: [PATCH 47/63] [ticket/11566] display error instead of trigger_error When the error report is empty display error in the template instead of trigger_error PHPBB3-11566 --- phpBB/report.php | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/phpBB/report.php b/phpBB/report.php index 7f6cd4a792..1ae0abcdc2 100644 --- a/phpBB/report.php +++ b/phpBB/report.php @@ -151,20 +151,20 @@ if ($submit && $reason_id) $error[] = $vc_response; } + $sql = 'SELECT * + FROM ' . REPORTS_REASONS_TABLE . " + WHERE reason_id = $reason_id"; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if (!$row || (!$report_text && strtolower($row['reason_title']) == 'other')) + { + $error[] = $user->lang('EMPTY_REPORT'); + } + if (!sizeof($error)) { - $sql = 'SELECT * - FROM ' . REPORTS_REASONS_TABLE . " - WHERE reason_id = $reason_id"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if (!$row || (!$report_text && strtolower($row['reason_title']) == 'other')) - { - trigger_error('EMPTY_REPORT'); - } - $sql_ary = array( 'reason_id' => (int) $reason_id, 'post_id' => $post_id, From c4fbed251db058d808823d2700c441383edc3e63 Mon Sep 17 00:00:00 2001 From: Dhruv Date: Tue, 11 Jun 2013 00:20:26 +0530 Subject: [PATCH 48/63] [ticket/11566] add captcha reset and hidden fields If captcha is solved and some other error pops up, store the captcha in a hidden field. Reset captcha if reporting the post is successful PHPBB3-11566 --- phpBB/report.php | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/phpBB/report.php b/phpBB/report.php index 1ae0abcdc2..b876b5c94f 100644 --- a/phpBB/report.php +++ b/phpBB/report.php @@ -141,6 +141,7 @@ if ($config['enable_post_confirm'] && !$user->data['is_registered']) } $error = array(); +$s_hidden_fields = ''; // Submit report? if ($submit && $reason_id) @@ -165,6 +166,11 @@ if ($submit && $reason_id) if (!sizeof($error)) { + if (isset($captcha)) + { + $captcha->reset(); + } + $sql_ary = array( 'reason_id' => (int) $reason_id, 'post_id' => $post_id, @@ -235,6 +241,10 @@ if ($submit && $reason_id) } trigger_error($message); } + else if (isset($captcha) && $captcha->is_solved() !== false) + { + $s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields()); + } } // Generate the reasons @@ -255,6 +265,7 @@ $template->assign_vars(array( 'S_REPORT_POST' => ($pm_id) ? false : true, 'REPORT_TEXT' => $report_text, 'S_REPORT_ACTION' => append_sid("{$phpbb_root_path}report.$phpEx", 'f=' . $forum_id . '&p=' . $post_id . '&pm=' . $pm_id), + 'S_HIDDEN_FIELDS' => (sizeof($s_hidden_fields)) ? $s_hidden_fields : null, 'S_NOTIFY' => $user_notify, 'S_CAN_NOTIFY' => ($user->data['is_registered']) ? true : false) From 43053c541ac0f998a3925b7277cfb77f1ceafb11 Mon Sep 17 00:00:00 2001 From: Dhruv Date: Wed, 12 Jun 2013 01:45:07 +0530 Subject: [PATCH 49/63] [ticket/11566] add tests for reporting post Functional test for reporting post and check if captcha validation is required for guests and not for registerted users PHPBB3-11566 --- tests/functional/report_post_captcha.php | 55 ++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 tests/functional/report_post_captcha.php diff --git a/tests/functional/report_post_captcha.php b/tests/functional/report_post_captcha.php new file mode 100644 index 0000000000..6b112c3538 --- /dev/null +++ b/tests/functional/report_post_captcha.php @@ -0,0 +1,55 @@ +login(); + $crawler = self::request('GET', 'report.php?f=2&p=1'); + $this->assertNotContains($this->lang('CONFIRM_CODE'), $crawler->filter('html')->text()); + } + + public function test_guest_report_post() + { + $this->enable_reporting_guest(); + $crawler = self::request('GET', 'report.php?f=2&p=1'); + $this->assertContains($this->lang('CONFIRM_CODE'), $crawler->filter('html')->text()); + } + + protected function enable_reporting_guest() + { + $this->login(); + $this->admin_login(); + + $crawler = self::request('GET', 'adm/index.php?i=permissions&icat=12&mode=setting_group_local&sid=' . $this->sid); + $form = $crawler->selectButton('Submit')->form(); + $values = $form->getValues(); + $values["group_id[0]"] = 1; + $form->setValues($values); + $crawler = self::submit($form); + + $form = $crawler->selectButton('Submit')->form(); + $values = $form->getValues(); + $values["forum_id"] = 2; + $form->setValues($values); + $crawler = self::submit($form); + + $form = $crawler->selectButton('Apply all permissions')->form(); + $values = $form->getValues(); + $values["setting[1][2][f_report]"] = 1; + $form->setValues($values); + $crawler = self::submit($form); + + $crawler = self::request('GET', 'ucp.php?mode=logout&sid=' . $this->sid); + } +} From 1abc3d91d05919f20b31876dbafbb8edec83d724 Mon Sep 17 00:00:00 2001 From: Dhruv Date: Wed, 12 Jun 2013 02:00:24 +0530 Subject: [PATCH 50/63] [ticket/11566] Use language variable instead of hardcode Add language variable in tests PHPBB3-11566 --- tests/functional/report_post_captcha.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/functional/report_post_captcha.php b/tests/functional/report_post_captcha.php index 6b112c3538..e0a67ab6fa 100644 --- a/tests/functional/report_post_captcha.php +++ b/tests/functional/report_post_captcha.php @@ -44,7 +44,8 @@ class phpbb_functional_report_post_captcha_test extends phpbb_functional_test_ca $form->setValues($values); $crawler = self::submit($form); - $form = $crawler->selectButton('Apply all permissions')->form(); + $this->add_lang('acp/permissions'); + $form = $crawler->selectButton($this->lang('APPLY_ALL_PERMISSIONS'))->form(); $values = $form->getValues(); $values["setting[1][2][f_report]"] = 1; $form->setValues($values); From 434d14e1d5c2341584c9d5cfd93840f3eb1a6941 Mon Sep 17 00:00:00 2001 From: Dhruv Date: Wed, 12 Jun 2013 20:00:51 +0530 Subject: [PATCH 51/63] [ticket/11566] Revert forum permission changes Revert the f_report permission for guests in the functional tests PHPBB3-11566 --- tests/functional/report_post_captcha.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/functional/report_post_captcha.php b/tests/functional/report_post_captcha.php index e0a67ab6fa..0585be1332 100644 --- a/tests/functional/report_post_captcha.php +++ b/tests/functional/report_post_captcha.php @@ -21,12 +21,13 @@ class phpbb_functional_report_post_captcha_test extends phpbb_functional_test_ca public function test_guest_report_post() { - $this->enable_reporting_guest(); + $this->set_reporting_guest(1); $crawler = self::request('GET', 'report.php?f=2&p=1'); $this->assertContains($this->lang('CONFIRM_CODE'), $crawler->filter('html')->text()); + $this->set_reporting_guest(-1); } - protected function enable_reporting_guest() + protected function set_reporting_guest($report_post_allowed) { $this->login(); $this->admin_login(); @@ -47,7 +48,7 @@ class phpbb_functional_report_post_captcha_test extends phpbb_functional_test_ca $this->add_lang('acp/permissions'); $form = $crawler->selectButton($this->lang('APPLY_ALL_PERMISSIONS'))->form(); $values = $form->getValues(); - $values["setting[1][2][f_report]"] = 1; + $values["setting[1][2][f_report]"] = $report_post_allowed; $form->setValues($values); $crawler = self::submit($form); From 88b5180aa11ba90f37d598737bb46a054382042f Mon Sep 17 00:00:00 2001 From: Dhruv Date: Sat, 22 Jun 2013 03:54:21 +0530 Subject: [PATCH 52/63] [ticket/11566] Rename var to $visual_confirmation_response PHPBB3-11566 --- phpBB/report.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/phpBB/report.php b/phpBB/report.php index b876b5c94f..4fecaf4046 100644 --- a/phpBB/report.php +++ b/phpBB/report.php @@ -146,10 +146,10 @@ $s_hidden_fields = ''; // Submit report? if ($submit && $reason_id) { - $vc_response = $captcha->validate(); - if ($vc_response) + $visual_confirmation_response = $captcha->validate(); + if ($visual_confirmation_response) { - $error[] = $vc_response; + $error[] = $visual_confirmation_response; } $sql = 'SELECT * From 4ad1d9aa6530ebe1d554909a978b9ee124377625 Mon Sep 17 00:00:00 2001 From: Dhruv Date: Sat, 22 Jun 2013 04:07:21 +0530 Subject: [PATCH 53/63] [ticket/11566] Use the new constant CONFIRM_REPORT for captcha init PHPBB3-11566 --- phpBB/includes/constants.php | 1 + phpBB/report.php | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 17c25ee3c6..ad5b43bc9a 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -157,6 +157,7 @@ define('PHYSICAL_LINK', 2); define('CONFIRM_REG', 1); define('CONFIRM_LOGIN', 2); define('CONFIRM_POST', 3); +define('CONFIRM_REPORT', 4); // Categories - Attachments define('ATTACHMENT_CATEGORY_NONE', 0); diff --git a/phpBB/report.php b/phpBB/report.php index 4fecaf4046..f89a18fa8e 100644 --- a/phpBB/report.php +++ b/phpBB/report.php @@ -137,7 +137,7 @@ if ($config['enable_post_confirm'] && !$user->data['is_registered']) { include($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx); $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']); - $captcha->init(CONFIRM_POST); + $captcha->init(CONFIRM_REPORT); } $error = array(); From ea8a4abe66b7142fd8b16dc9732bac181031875a Mon Sep 17 00:00:00 2001 From: Dhruv Date: Sun, 23 Jun 2013 21:47:42 +0530 Subject: [PATCH 54/63] [ticket/11566] Add captcha to report post template in subsilver PHPBB3-11566 --- phpBB/styles/subsilver2/template/report_body.html | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/phpBB/styles/subsilver2/template/report_body.html b/phpBB/styles/subsilver2/template/report_body.html index 7cd7d1040f..1653875799 100644 --- a/phpBB/styles/subsilver2/template/report_body.html +++ b/phpBB/styles/subsilver2/template/report_body.html @@ -3,6 +3,11 @@
+ + + + + @@ -25,6 +30,9 @@ + + + From 84ec1f542365d38763b099e0cb9dcc78cc341258 Mon Sep 17 00:00:00 2001 From: Dhruv Date: Mon, 1 Jul 2013 01:34:21 +0530 Subject: [PATCH 55/63] [ticket/11566] Check that guest doesn't have reporting permission by default PHPBB3-11566 --- tests/functional/report_post_captcha.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/functional/report_post_captcha.php b/tests/functional/report_post_captcha.php index 0585be1332..af713775c5 100644 --- a/tests/functional/report_post_captcha.php +++ b/tests/functional/report_post_captcha.php @@ -21,6 +21,10 @@ class phpbb_functional_report_post_captcha_test extends phpbb_functional_test_ca public function test_guest_report_post() { + $crawler = self::request('GET', 'report.php?f=2&p=1'); + $this->add_lang('mcp'); + $this->assertContains($this->lang('USER_CANNOT_REPORT'), $crawler->filter('html')->text()); + $this->set_reporting_guest(1); $crawler = self::request('GET', 'report.php?f=2&p=1'); $this->assertContains($this->lang('CONFIRM_CODE'), $crawler->filter('html')->text()); From d4645575fdf0b787721fb8c8a240d2bd01e784f2 Mon Sep 17 00:00:00 2001 From: Dhruv Date: Mon, 1 Jul 2013 15:23:45 +0530 Subject: [PATCH 56/63] [ticket/11566] Remove extra pair of brackets from conditional statement PHPBB3-11566 --- phpBB/report.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/report.php b/phpBB/report.php index f89a18fa8e..c92ecdfdcc 100644 --- a/phpBB/report.php +++ b/phpBB/report.php @@ -252,7 +252,7 @@ display_reasons($reason_id); $page_title = ($pm_id) ? $user->lang['REPORT_MESSAGE'] : $user->lang['REPORT_POST']; -if ((isset($captcha) && $captcha->is_solved() === false)) +if (isset($captcha) && $captcha->is_solved() === false) { $template->assign_vars(array( 'S_CONFIRM_CODE' => true, From 045e04fb6fa55ae96ba82245010a684cd2d61e5d Mon Sep 17 00:00:00 2001 From: Dhruv Date: Mon, 1 Jul 2013 21:52:04 +0530 Subject: [PATCH 57/63] [ticket/11566] Subsilver template error displayed after table headers PHPBB3-11561 --- phpBB/styles/subsilver2/template/report_body.html | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/phpBB/styles/subsilver2/template/report_body.html b/phpBB/styles/subsilver2/template/report_body.html index 1653875799..57747ffac0 100644 --- a/phpBB/styles/subsilver2/template/report_body.html +++ b/phpBB/styles/subsilver2/template/report_body.html @@ -3,14 +3,14 @@
{ERROR}
{L_REPORT_POST}{L_REPORT_MESSAGE}
{L_MORE_INFO}:
{L_CAN_LEAVE_BLANK}
 
- - - - - + + + + + From 66118ea49e2dc1a54ce1a76fa4856ff158df9511 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Mon, 1 Jul 2013 13:32:16 -0400 Subject: [PATCH 58/63] [feature/auth-refactor] A possible fix for the functional test failures I don't like this fix as it really shouldn't be needed. But it makes the functional tests pass. PHPBB3-9734 --- phpBB/includes/request/request.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/includes/request/request.php b/phpBB/includes/request/request.php index ae3c526d89..c0bb453c7c 100644 --- a/phpBB/includes/request/request.php +++ b/phpBB/includes/request/request.php @@ -79,7 +79,7 @@ class phpbb_request implements phpbb_request_interface // simulate request_order = GP $this->original_request = $this->input[phpbb_request_interface::REQUEST]; - $this->input[phpbb_request_interface::REQUEST] = $this->input[phpbb_request_interface::POST] + $this->input[phpbb_request_interface::GET]; + $this->input[phpbb_request_interface::REQUEST] = (array)$this->input[phpbb_request_interface::POST] + (array)$this->input[phpbb_request_interface::GET]; if ($disable_super_globals) { From f48effb00197a9ace8de82f3a961992215113257 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Mon, 1 Jul 2013 22:37:55 -0400 Subject: [PATCH 59/63] [feature/auth-refactor] Fix the actual cause of test failures Enables super globals before the new container is instantiated in the final step of installation to prevent issues caused by trying to create a phpbb_request object when super globals are disabled. PHPBB3-9734 --- phpBB/includes/request/request.php | 2 +- phpBB/install/install_install.php | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/phpBB/includes/request/request.php b/phpBB/includes/request/request.php index c0bb453c7c..ae3c526d89 100644 --- a/phpBB/includes/request/request.php +++ b/phpBB/includes/request/request.php @@ -79,7 +79,7 @@ class phpbb_request implements phpbb_request_interface // simulate request_order = GP $this->original_request = $this->input[phpbb_request_interface::REQUEST]; - $this->input[phpbb_request_interface::REQUEST] = (array)$this->input[phpbb_request_interface::POST] + (array)$this->input[phpbb_request_interface::GET]; + $this->input[phpbb_request_interface::REQUEST] = $this->input[phpbb_request_interface::POST] + $this->input[phpbb_request_interface::GET]; if ($disable_super_globals) { diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php index 5bf3f572d9..3d7b6f7c88 100644 --- a/phpBB/install/install_install.php +++ b/phpBB/install/install_install.php @@ -53,7 +53,7 @@ class install_install extends module function main($mode, $sub) { global $lang, $template, $language, $phpbb_root_path, $phpEx; - global $phpbb_container, $cache, $phpbb_log; + global $phpbb_container, $cache, $phpbb_log, $request; switch ($sub) { @@ -102,6 +102,9 @@ class install_install extends module break; case 'final': + // Enable super globals to prevent issues with the new phpbb_request object + $request->enable_super_globals(); + // Create a normal container now $phpbb_container = phpbb_create_default_container($phpbb_root_path, $phpEx); From 274308148991a498eab875826d6c7615acdef108 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 2 Jul 2013 00:04:17 -0400 Subject: [PATCH 60/63] [feature/auth-refactor] Fix comment grammar PHPBB3-9734 --- phpBB/includes/auth/provider_db.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php index a79d031048..894041c9cf 100644 --- a/phpBB/includes/auth/provider_db.php +++ b/phpBB/includes/auth/provider_db.php @@ -147,7 +147,7 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface $show_captcha = ($this->config['max_login_attempts'] && $row['user_login_attempts'] >= $this->config['max_login_attempts']) || ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']); - // If there are too much login attempts, we need to check for an confirm image + // If there are too many login attempts, we need to check for a confirm image // Every auth module is able to define what to do by itself... if ($show_captcha) { From f9672e9b45a0f0d26702ca0f55a884a24e21bf77 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Tue, 2 Jul 2013 14:03:22 -0400 Subject: [PATCH 61/63] [feature/auth-refactor] Fix code style issue PHPBB3-9734 --- phpBB/includes/acp/acp_board.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 4d07f96c6f..24b913260b 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -660,8 +660,8 @@ class acp_board if ($fields['tpl']) { $template->assign_block_vars('auth_tpl', array( - 'TPL' => $fields['tpl']) - ); + 'TPL' => $fields['tpl'], + )); } unset($fields); } From fba3a9d600e9b79c8530b026fa781c99ea9ba833 Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Tue, 2 Jul 2013 16:52:15 -0700 Subject: [PATCH 62/63] [ticket/11617] Missing U_ACTION in acp_captcha.php http://tracker.phpbb.com/browse/PHPBB3-11617 PHPBB3-11617 --- phpBB/includes/acp/acp_captcha.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/phpBB/includes/acp/acp_captcha.php b/phpBB/includes/acp/acp_captcha.php index 469a367bba..5b553d6a0d 100644 --- a/phpBB/includes/acp/acp_captcha.php +++ b/phpBB/includes/acp/acp_captcha.php @@ -124,6 +124,8 @@ class acp_captcha 'CAPTCHA_PREVIEW_TPL' => $demo_captcha->get_demo_template($id), 'S_CAPTCHA_HAS_CONFIG' => $demo_captcha->has_config(), 'CAPTCHA_SELECT' => $captcha_select, + + 'U_ACTION' => $this->u_action, )); } } From 5ef4987ffe15fe1fbafc9d9eae005f29a028dd3e Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Tue, 2 Jul 2013 18:47:56 -0700 Subject: [PATCH 63/63] [ticket/11617] Remove spaces and tabs from empty lines PHPBB3-11617 --- phpBB/includes/acp/acp_captcha.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/includes/acp/acp_captcha.php b/phpBB/includes/acp/acp_captcha.php index 5b553d6a0d..bfec7c27d8 100644 --- a/phpBB/includes/acp/acp_captcha.php +++ b/phpBB/includes/acp/acp_captcha.php @@ -124,7 +124,7 @@ class acp_captcha 'CAPTCHA_PREVIEW_TPL' => $demo_captcha->get_demo_template($id), 'S_CAPTCHA_HAS_CONFIG' => $demo_captcha->has_config(), 'CAPTCHA_SELECT' => $captcha_select, - + 'U_ACTION' => $this->u_action, )); }
{ERROR}
{L_REPORT_POST}{L_REPORT_MESSAGE}
{ERROR}
{L_REPORT_POST_EXPLAIN}{L_REPORT_MESSAGE_EXPLAIN}