makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Some changes to the returned data format + cleanups

Browse source 
git-svn-id: file:///svn/phpbb/trunk@3622 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2003-03-09 16:09:37 +00:00
parent aa718d4a02
commit cd9b3af2b5
3 changed files with 45 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
phpBB/includes/auth/auth_apache.php
View file

@ -1,24 +1,32 @@
<?php
// Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
//
// Authentication plug-ins is largely down to
// Sergey Kanareykin, our thanks to him.
// This is for initial authentication via Apaches basic realm authentication methods,
// user data is then obtained from the integrated user table
//
// You can do any kind of checking you like here ... the return data format is
// either the resulting row of user information, an integer zero (indicating an
// inactive user) or some error string
function login_apache(&$username, &$password)
{
global $HTTP_SERVER_VARS, $HTTP_ENV_VARS;
global $db;
$php_auth_user = ( !empty($HTTP_SERVER_VARS['PHP_AUTH_USER']) ) ? $HTTP_SERVER_VARS['PHP_AUTH_USER'] : $HTTP_GET_VARS['PHP_AUTH_USER'];
$php_auth_pw = ( !empty($HTTP_SERVER_VARS['PHP_AUTH_PW']) ) ? $HTTP_SERVER_VARS['PHP_AUTH_PW'] : $HTTP_GET_VARS['PHP_AUTH_PW'];
$php_auth_user = (!empty($_SERVER['PHP_AUTH_USER'])) ? $_SERVER['PHP_AUTH_USER'] : $_GET['PHP_AUTH_USER'];
$php_auth_pw = (!empty($_SERVER['PHP_AUTH_PW'])) ? $_SERVER['PHP_AUTH_PW'] : $_GET['PHP_AUTH_PW'];
if ( $php_auth_user && $php_auth_pw )
if ($php_auth_user && $php_auth_pw)
{
$sql = "SELECT user_id, username, user_password, user_email, user_active
FROM " . USERS_TABLE . "
WHERE username = '" . str_replace("\'", "''", $username) . "'";
WHERE username = '" . $db->sql_escape($username) . "'";
$result = $db->sql_query($sql);
return ( $row = $db->sql_fetchrow($result) ) ? $row : false;
if ($row = $db->sql_fetchrow($result))
{
$db->sql_freeresult($result);
return (empty($row['user_active'])) ? 0 : $row;
}
}
return false;

17
phpBB/includes/auth/auth_db.php
View file

@ -1,24 +1,27 @@
<?php
// Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
//
// Authentication plug-ins is largely down to
// Sergey Kanareykin, our thanks to him.
// This is for authentication via the integrated user table
//
// You can do any kind of checking you like here ... the return data format is
// either the resulting row of user information, an integer zero (indicating an
// inactive user) or some error string
function login_db(&$username, &$password)
{
global $db, $board_config;
global $db, $config;
$sql = "SELECT user_id, username, user_password, user_email, user_active
FROM " . USERS_TABLE . "
WHERE username = '" . str_replace("\'", "''", $username) . "'";
WHERE username = '" . $db->sql_escape($username) . "'";
$result = $db->sql_query($sql);
if ( $row = $db->sql_fetchrow($result) )
if ($row = $db->sql_fetchrow($result))
{
$db->sql_freeresult($result);
if ( md5($password) == $row['user_password'] && $row['user_active'] )
if (md5($password) == $row['user_password'])
{
return $row;
return (empty($row['user_active'])) ? 0 : $row;
}
}

35
phpBB/includes/auth/auth_ldap.php
View file

@ -1,38 +1,46 @@
<?php
// Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
//
// Authentication plug-ins is largely down to
// Sergey Kanareykin, our thanks to him.
// This is for initial authentication via an LDAP server, user information is then
// obtained from the integrated user table
//
// You can do any kind of checking you like here ... the return data format is
// either the resulting row of user information, an integer zero (indicating an
// inactive user) or some error string
function login_ldap(&$username, &$password)
{
global $board_config;
global $db, $config;
if ( !extension_loaded('ldap') )
if (!extension_loaded('ldap'))
{
return 'LDAP extension not available';
}
if ( !($ldap = @ldap_connect($board_config['ldap_server'])) )
if (!($ldap = @ldap_connect($config['ldap_server'])))
{
return 'Could not connect to LDAP server';
}
$search = @ldap_search($ldap, $board_config['ldap_base_dn'], $board_config['ldap_uid'] . '=' . $username, array($board_config['ldap_uid']));
$search = @ldap_search($ldap, $config['ldap_base_dn'], $config['ldap_uid'] . '=' . $username, array($config['ldap_uid']));
$result = @ldap_get_entries($ldap, $search);
if ( is_array($result) && count($result) > 1 )
if (is_array($result) && count($result) > 1)
{
if ( @ldap_bind($ldap, $result[0]['dn'], $password) )
if (@ldap_bind($ldap, $result[0]['dn'], $password))
{
@ldap_close($ldap);
$sql = "SELECT user_id, username, user_password, user_email, user_active
FROM " . USERS_TABLE . "
WHERE username = '" . str_replace("\'", "''", $username) . "'";
WHERE username = '" . $db->sql_escape($username) . "'";
$result = $db->sql_query($sql);
return ( $row = $db->sql_fetchrow($result) ) ? $row : false;
if ($row = $db->sql_fetchrow($result))
{
$db->sql_freeresult($result);
return (empty($row['user_active'])) ? 0 : $row;
}
}
}
@ -41,10 +49,8 @@ function login_ldap(&$username, &$password)
return false;
}
//
// This function is used to output any required fields in the authentication
// admin panel. It also defines any required configuration table fields.
//
function admin_ldap(&$new)
{
global $user;
@ -64,22 +70,19 @@ function admin_ldap(&$new)
</tr>
<?php
//
// These are fields required in the config table
//
return array('ldap_server', 'ldap_base_dn', 'ldap_uid');
}
//
// Would be nice to allow syncing of 'appropriate' data when user updates
// their username, password, etc. ... should be up to the plugin what data
// is updated.
//
// $mode perhaps being one of NEW, UPDATE, DELETE
//
function usercp_ldap($mode)
{
global $db, $config;
}