makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-09 04:48:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

[feature/auth-refactor] Convert provider_apache to a service

Browse source 
Removes globals from provider_apache and turns it into a service.

PHPBB3-9734
This commit is contained in:
Joseph Warner 2013-06-20 22:21:22 -04:00
parent c253189e85
commit c9062fc1ee
2 changed files with 55 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
phpBB/config/auth_providers.yml
View file

@ -11,7 +11,12 @@ services:
auth.provider.apache:
class: phpbb_auth_provider_apache
arguments:
- @dbal.conn
- @config
- @request
- @user
- %core.root_path%
- %core.php_ext%
auth.provider.ldap:
class: phpbb_auth_provider_ldap
arguments:

89
phpBB/includes/auth/provider_apache.php
View file

@ -22,6 +22,26 @@ if (!defined('IN_PHPBB'))
*/
class phpbb_auth_provider_apache implements phpbb_auth_provider_interface
{
/**
* Apache Authentication Constructor
*
* @param phpbb_db_driver $db
* @param phpbb_config $config
* @param phpbb_request $request
* @param phpbb_user $user
* @param string $phpbb_root_path
* @param string $phpEx
*/
public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $phpbb_root_path, $phpEx)
{
$this->db = $db;
$this->config = $config;
$this->request = $request;
$this->user = $user;
$this->phpbb_root_path = $phpbb_root_path;
$this->phpEx = $phpEx;
}
/**
* Checks whether the user is identified to apache
* Only allow changing authentication to apache if the user is identified
@ -31,11 +51,9 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface
*/
public function init()
{
global $user, $request;
if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $user->data['username'] !== htmlspecialchars_decode($request->server('PHP_AUTH_USER')))
if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $this->user->data['username'] !== htmlspecialchars_decode($this->request->server('PHP_AUTH_USER')))
{
return $user->lang['APACHE_SETUP_BEFORE_USE'];
return $this->user->lang['APACHE_SETUP_BEFORE_USE'];
}
return false;
}
@ -45,8 +63,6 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface
*/
public function login($username, $password)
{
global $db, $request;
// do not allow empty password
if (!$password)
{
@ -66,7 +82,7 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface
);
}
if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
{
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
@ -75,8 +91,8 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface
);
}
$php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER'));
$php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW'));
$php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'));
$php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW'));
if (!empty($php_auth_user) && !empty($php_auth_pw))
{
@ -91,10 +107,10 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "
WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'";
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if ($row)
{
@ -140,15 +156,13 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface
*/
public function autologin()
{
global $db, $request;
if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
{
return array();
}
$php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER'));
$php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW'));
$php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'));
$php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW'));
if (!empty($php_auth_user) && !empty($php_auth_pw))
{
@ -157,10 +171,10 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface
$sql = 'SELECT *
FROM ' . USERS_TABLE . "
WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'";
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if ($row)
{
@ -169,9 +183,7 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface
if (!function_exists('user_add'))
{
global $phpbb_root_path, $phpEx;
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
include($this->phpbb_root_path . 'includes/functions_user.' . $this->phpEx);
}
// create the user if he does not exist yet
@ -179,10 +191,10 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface
$sql = 'SELECT *
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($php_auth_user)) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
WHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($php_auth_user)) . "'";
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if ($row)
{
@ -204,15 +216,14 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface
*/
private function user_row($username, $password)
{
global $db, $config, $user;
// first retrieve default group id
$sql = 'SELECT group_id
FROM ' . GROUPS_TABLE . "
WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
WHERE group_name = '" . $this->db->sql_escape('REGISTERED') . "'
AND group_type = " . GROUP_SPECIAL;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if (!$row)
{
@ -226,8 +237,8 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface
'user_email' => '',
'group_id' => (int) $row['group_id'],
'user_type' => USER_NORMAL,
'user_ip' => $user->ip,
'user_new' => ($config['new_member_post_limit']) ? 1 : 0,
'user_ip' => $this->user->ip,
'user_new' => ($this->config['new_member_post_limit']) ? 1 : 0,
);
}
@ -239,12 +250,10 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface
*/
public function validate_session($user)
{
global $request;
// Check if PHP_AUTH_USER is set and handle this case
if ($request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
if ($this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
{
$php_auth_user = $request->server('PHP_AUTH_USER');
$php_auth_user = $this->request->server('PHP_AUTH_USER');
return ($php_auth_user === $user['username']) ? true : false;
}