Verzeichnisstruktur phpBB-3.1.0
- Veröffentlicht
- 27.10.2014
So funktioniert es
|
|
Auf das letzte Element klicken. Dies geht jeweils ein Schritt zurück |
Auf das Icon klicken, dies öffnet das Verzeichnis. Nochmal klicken schließt das Verzeichnis. |
|
|
(Beispiel Datei-Icons)
|
Auf das Icon klicken um den Quellcode anzuzeigen |
db.php
001 <?php
002 /**
003 *
004 * This file is part of the phpBB Forum Software package.
005 *
006 * @copyright (c) phpBB Limited <https://www.phpbb.com>
007 * @license GNU General Public License, version 2 (GPL-2.0)
008 *
009 * For full copyright and license information, please see
010 * the docs/CREDITS.txt file.
011 *
012 */
013
014 namespace phpbb\auth\provider;
015
016 /**
017 * Database authentication provider for phpBB3
018 * This is for authentication via the integrated user table
019 */
020 class db extends \phpbb\auth\provider\base
021 {
022 /**
023 * phpBB passwords manager
024 *
025 * @var \phpbb\passwords\manager
026 */
027 protected $passwords_manager;
028
029 /**
030 * DI container
031 *
032 * @var \Symfony\Component\DependencyInjection\ContainerInterface
033 */
034 protected $phpbb_container;
035
036 /**
037 * Database Authentication Constructor
038 *
039 * @param \phpbb\db\driver\driver_interface $db
040 * @param \phpbb\config\config $config
041 * @param \phpbb\passwords\manager $passwords_manager
042 * @param \phpbb\request\request $request
043 * @param \phpbb\user $user
044 * @param \Symfony\Component\DependencyInjection\ContainerInterface $phpbb_container DI container
045 * @param string $phpbb_root_path
046 * @param string $php_ext
047 */
048 public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request $request, \phpbb\user $user, \Symfony\Component\DependencyInjection\ContainerInterface $phpbb_container, $phpbb_root_path, $php_ext)
049 {
050 $this->db = $db;
051 $this->config = $config;
052 $this->passwords_manager = $passwords_manager;
053 $this->request = $request;
054 $this->user = $user;
055 $this->phpbb_root_path = $phpbb_root_path;
056 $this->php_ext = $php_ext;
057 $this->phpbb_container = $phpbb_container;
058 }
059
060 /**
061 * {@inheritdoc}
062 */
063 public function login($username, $password)
064 {
065 // Auth plugins get the password untrimmed.
066 // For compatibility we trim() here.
067 $password = trim($password);
068
069 // do not allow empty password
070 if (!$password)
071 {
072 return array(
073 'status' => LOGIN_ERROR_PASSWORD,
074 'error_msg' => 'NO_PASSWORD_SUPPLIED',
075 'user_row' => array('user_id' => ANONYMOUS),
076 );
077 }
078
079 if (!$username)
080 {
081 return array(
082 'status' => LOGIN_ERROR_USERNAME,
083 'error_msg' => 'LOGIN_ERROR_USERNAME',
084 'user_row' => array('user_id' => ANONYMOUS),
085 );
086 }
087
088 $username_clean = utf8_clean_string($username);
089
090 $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts
091 FROM ' . USERS_TABLE . "
092 WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'";
093 $result = $this->db->sql_query($sql);
094 $row = $this->db->sql_fetchrow($result);
095 $this->db->sql_freeresult($result);
096
097 if (($this->user->ip && !$this->config['ip_login_limit_use_forwarded']) ||
098 ($this->user->forwarded_for && $this->config['ip_login_limit_use_forwarded']))
099 {
100 $sql = 'SELECT COUNT(*) AS attempts
101 FROM ' . LOGIN_ATTEMPT_TABLE . '
102 WHERE attempt_time > ' . (time() - (int) $this->config['ip_login_limit_time']);
103 if ($this->config['ip_login_limit_use_forwarded'])
104 {
105 $sql .= " AND attempt_forwarded_for = '" . $this->db->sql_escape($this->user->forwarded_for) . "'";
106 }
107 else
108 {
109 $sql .= " AND attempt_ip = '" . $this->db->sql_escape($this->user->ip) . "' ";
110 }
111
112 $result = $this->db->sql_query($sql);
113 $attempts = (int) $this->db->sql_fetchfield('attempts');
114 $this->db->sql_freeresult($result);
115
116 $attempt_data = array(
117 'attempt_ip' => $this->user->ip,
118 'attempt_browser' => trim(substr($this->user->browser, 0, 149)),
119 'attempt_forwarded_for' => $this->user->forwarded_for,
120 'attempt_time' => time(),
121 'user_id' => ($row) ? (int) $row['user_id'] : 0,
122 'username' => $username,
123 'username_clean' => $username_clean,
124 );
125 $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $this->db->sql_build_array('INSERT', $attempt_data);
126 $result = $this->db->sql_query($sql);
127 }
128 else
129 {
130 $attempts = 0;
131 }
132
133 if (!$row)
134 {
135 if ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max'])
136 {
137 return array(
138 'status' => LOGIN_ERROR_ATTEMPTS,
139 'error_msg' => 'LOGIN_ERROR_ATTEMPTS',
140 'user_row' => array('user_id' => ANONYMOUS),
141 );
142 }
143
144 return array(
145 'status' => LOGIN_ERROR_USERNAME,
146 'error_msg' => 'LOGIN_ERROR_USERNAME',
147 'user_row' => array('user_id' => ANONYMOUS),
148 );
149 }
150
151 $show_captcha = ($this->config['max_login_attempts'] && $row['user_login_attempts'] >= $this->config['max_login_attempts']) ||
152 ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']);
153
154 // If there are too many login attempts, we need to check for a confirm image
155 // Every auth module is able to define what to do by itself...
156 if ($show_captcha)
157 {
158 $captcha_factory = $this->phpbb_container->get('captcha.factory');
159 $captcha = $captcha_factory->get_instance($this->config['captcha_plugin']);
160 $captcha->init(CONFIRM_LOGIN);
161 $vc_response = $captcha->validate($row);
162 if ($vc_response)
163 {
164 return array(
165 'status' => LOGIN_ERROR_ATTEMPTS,
166 'error_msg' => 'LOGIN_ERROR_ATTEMPTS',
167 'user_row' => $row,
168 );
169 }
170 else
171 {
172 $captcha->reset();
173 }
174
175 }
176
177 // Check password ...
178 if ($this->passwords_manager->check($password, $row['user_password']))
179 {
180 // Check for old password hash...
181 if ($this->passwords_manager->convert_flag || strlen($row['user_password']) == 32)
182 {
183 $hash = $this->passwords_manager->hash($password);
184
185 // Update the password in the users table to the new format
186 $sql = 'UPDATE ' . USERS_TABLE . "
187 SET user_password = '" . $this->db->sql_escape($hash) . "'
188 WHERE user_id = {$row['user_id']}";
189 $this->db->sql_query($sql);
190
191 $row['user_password'] = $hash;
192 }
193
194 $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
195 WHERE user_id = ' . $row['user_id'];
196 $this->db->sql_query($sql);
197
198 if ($row['user_login_attempts'] != 0)
199 {
200 // Successful, reset login attempts (the user passed all stages)
201 $sql = 'UPDATE ' . USERS_TABLE . '
202 SET user_login_attempts = 0
203 WHERE user_id = ' . $row['user_id'];
204 $this->db->sql_query($sql);
205 }
206
207 // User inactive...
208 if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
209 {
210 return array(
211 'status' => LOGIN_ERROR_ACTIVE,
212 'error_msg' => 'ACTIVE_ERROR',
213 'user_row' => $row,
214 );
215 }
216
217 // Successful login... set user_login_attempts to zero...
218 return array(
219 'status' => LOGIN_SUCCESS,
220 'error_msg' => false,
221 'user_row' => $row,
222 );
223 }
224
225 // Password incorrect - increase login attempts
226 $sql = 'UPDATE ' . USERS_TABLE . '
227 SET user_login_attempts = user_login_attempts + 1
228 WHERE user_id = ' . (int) $row['user_id'] . '
229 AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
230 $this->db->sql_query($sql);
231
232 // Give status about wrong password...
233 return array(
234 'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD,
235 'error_msg' => ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD',
236 'user_row' => $row,
237 );
238 }
239 }
240