Verzeichnisstruktur phpBB-3.2.0
- Veröffentlicht
- 06.01.2017
So funktioniert es
|
|
Auf das letzte Element klicken. Dies geht jeweils ein Schritt zurück |
Auf das Icon klicken, dies öffnet das Verzeichnis. Nochmal klicken schließt das Verzeichnis. |
|
|
(Beispiel Datei-Icons)
|
Auf das Icon klicken um den Quellcode anzuzeigen |
apache.php
001 <?php
002 /**
003 *
004 * This file is part of the phpBB Forum Software package.
005 *
006 * @copyright (c) phpBB Limited <https://www.phpbb.com>
007 * @license GNU General Public License, version 2 (GPL-2.0)
008 *
009 * For full copyright and license information, please see
010 * the docs/CREDITS.txt file.
011 *
012 */
013
014 namespace phpbb\auth\provider;
015
016 /**
017 * Apache authentication provider for phpBB3
018 */
019 class apache extends \phpbb\auth\provider\base
020 {
021 /**
022 * phpBB passwords manager
023 *
024 * @var \phpbb\passwords\manager
025 */
026 protected $passwords_manager;
027
028 /**
029 * Apache Authentication Constructor
030 *
031 * @param \phpbb\db\driver\driver_interface $db Database object
032 * @param \phpbb\config\config $config Config object
033 * @param \phpbb\passwords\manager $passwords_manager Passwords Manager object
034 * @param \phpbb\request\request $request Request object
035 * @param \phpbb\user $user User object
036 * @param string $phpbb_root_path Relative path to phpBB root
037 * @param string $php_ext PHP file extension
038 */
039 public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request $request, \phpbb\user $user, $phpbb_root_path, $php_ext)
040 {
041 $this->db = $db;
042 $this->config = $config;
043 $this->passwords_manager = $passwords_manager;
044 $this->request = $request;
045 $this->user = $user;
046 $this->phpbb_root_path = $phpbb_root_path;
047 $this->php_ext = $php_ext;
048 }
049
050 /**
051 * {@inheritdoc}
052 */
053 public function init()
054 {
055 if (!$this->request->is_set('PHP_AUTH_USER', \phpbb\request\request_interface::SERVER) || $this->user->data['username'] !== htmlspecialchars_decode($this->request->server('PHP_AUTH_USER')))
056 {
057 return $this->user->lang['APACHE_SETUP_BEFORE_USE'];
058 }
059 return false;
060 }
061
062 /**
063 * {@inheritdoc}
064 */
065 public function login($username, $password)
066 {
067 // do not allow empty password
068 if (!$password)
069 {
070 return array(
071 'status' => LOGIN_ERROR_PASSWORD,
072 'error_msg' => 'NO_PASSWORD_SUPPLIED',
073 'user_row' => array('user_id' => ANONYMOUS),
074 );
075 }
076
077 if (!$username)
078 {
079 return array(
080 'status' => LOGIN_ERROR_USERNAME,
081 'error_msg' => 'LOGIN_ERROR_USERNAME',
082 'user_row' => array('user_id' => ANONYMOUS),
083 );
084 }
085
086 if (!$this->request->is_set('PHP_AUTH_USER', \phpbb\request\request_interface::SERVER))
087 {
088 return array(
089 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
090 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
091 'user_row' => array('user_id' => ANONYMOUS),
092 );
093 }
094
095 $php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'));
096 $php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW'));
097
098 if (!empty($php_auth_user) && !empty($php_auth_pw))
099 {
100 if ($php_auth_user !== $username)
101 {
102 return array(
103 'status' => LOGIN_ERROR_USERNAME,
104 'error_msg' => 'LOGIN_ERROR_USERNAME',
105 'user_row' => array('user_id' => ANONYMOUS),
106 );
107 }
108
109 $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
110 FROM ' . USERS_TABLE . "
111 WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'";
112 $result = $this->db->sql_query($sql);
113 $row = $this->db->sql_fetchrow($result);
114 $this->db->sql_freeresult($result);
115
116 if ($row)
117 {
118 // User inactive...
119 if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
120 {
121 return array(
122 'status' => LOGIN_ERROR_ACTIVE,
123 'error_msg' => 'ACTIVE_ERROR',
124 'user_row' => $row,
125 );
126 }
127
128 // Successful login...
129 return array(
130 'status' => LOGIN_SUCCESS,
131 'error_msg' => false,
132 'user_row' => $row,
133 );
134 }
135
136 // this is the user's first login so create an empty profile
137 return array(
138 'status' => LOGIN_SUCCESS_CREATE_PROFILE,
139 'error_msg' => false,
140 'user_row' => $this->user_row($php_auth_user, $php_auth_pw),
141 );
142 }
143
144 // Not logged into apache
145 return array(
146 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
147 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
148 'user_row' => array('user_id' => ANONYMOUS),
149 );
150 }
151
152 /**
153 * {@inheritdoc}
154 */
155 public function autologin()
156 {
157 if (!$this->request->is_set('PHP_AUTH_USER', \phpbb\request\request_interface::SERVER))
158 {
159 return array();
160 }
161
162 $php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'));
163 $php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW'));
164
165 if (!empty($php_auth_user) && !empty($php_auth_pw))
166 {
167 set_var($php_auth_user, $php_auth_user, 'string', true);
168 set_var($php_auth_pw, $php_auth_pw, 'string', true);
169
170 $sql = 'SELECT *
171 FROM ' . USERS_TABLE . "
172 WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'";
173 $result = $this->db->sql_query($sql);
174 $row = $this->db->sql_fetchrow($result);
175 $this->db->sql_freeresult($result);
176
177 if ($row)
178 {
179 return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row;
180 }
181
182 if (!function_exists('user_add'))
183 {
184 include($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext);
185 }
186
187 // create the user if he does not exist yet
188 user_add($this->user_row($php_auth_user, $php_auth_pw));
189
190 $sql = 'SELECT *
191 FROM ' . USERS_TABLE . "
192 WHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($php_auth_user)) . "'";
193 $result = $this->db->sql_query($sql);
194 $row = $this->db->sql_fetchrow($result);
195 $this->db->sql_freeresult($result);
196
197 if ($row)
198 {
199 return $row;
200 }
201 }
202
203 return array();
204 }
205
206 /**
207 * This function generates an array which can be passed to the user_add
208 * function in order to create a user
209 *
210 * @param string $username The username of the new user.
211 * @param string $password The password of the new user.
212 * @return array Contains data that can be passed directly to
213 * the user_add function.
214 */
215 private function user_row($username, $password)
216 {
217 // first retrieve default group id
218 $sql = 'SELECT group_id
219 FROM ' . GROUPS_TABLE . "
220 WHERE group_name = '" . $this->db->sql_escape('REGISTERED') . "'
221 AND group_type = " . GROUP_SPECIAL;
222 $result = $this->db->sql_query($sql);
223 $row = $this->db->sql_fetchrow($result);
224 $this->db->sql_freeresult($result);
225
226 if (!$row)
227 {
228 trigger_error('NO_GROUP');
229 }
230
231 // generate user account data
232 return array(
233 'username' => $username,
234 'user_password' => $this->passwords_manager->hash($password),
235 'user_email' => '',
236 'group_id' => (int) $row['group_id'],
237 'user_type' => USER_NORMAL,
238 'user_ip' => $this->user->ip,
239 'user_new' => ($this->config['new_member_post_limit']) ? 1 : 0,
240 );
241 }
242
243 /**
244 * {@inheritdoc}
245 */
246 public function validate_session($user)
247 {
248 // Check if PHP_AUTH_USER is set and handle this case
249 if ($this->request->is_set('PHP_AUTH_USER', \phpbb\request\request_interface::SERVER))
250 {
251 $php_auth_user = $this->request->server('PHP_AUTH_USER');
252
253 return ($php_auth_user === $user['username']) ? true : false;
254 }
255
256 // PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not)
257 if ($user['user_type'] == USER_IGNORE)
258 {
259 return true;
260 }
261
262 return false;
263 }
264 }
265