Verzeichnisstruktur phpBB-3.3.15
- Veröffentlicht
- 28.08.2024
So funktioniert es
|
|
Auf das letzte Element klicken. Dies geht jeweils ein Schritt zurück |
Auf das Icon klicken, dies öffnet das Verzeichnis. Nochmal klicken schließt das Verzeichnis. |
|
|
(Beispiel Datei-Icons)
|
Auf das Icon klicken um den Quellcode anzuzeigen |
apache.php
001 <?php
002 /**
003 *
004 * This file is part of the phpBB Forum Software package.
005 *
006 * @copyright (c) phpBB Limited <https://www.phpbb.com>
007 * @license GNU General Public License, version 2 (GPL-2.0)
008 *
009 * For full copyright and license information, please see
010 * the docs/CREDITS.txt file.
011 *
012 */
013
014 namespace phpbb\auth\provider;
015
016 use phpbb\config\config;
017 use phpbb\db\driver\driver_interface;
018 use phpbb\language\language;
019 use phpbb\request\request_interface;
020 use phpbb\request\type_cast_helper;
021 use phpbb\user;
022
023 /**
024 * Apache authentication provider for phpBB3
025 */
026 class apache extends base
027 {
028 /** @var config phpBB config */
029 protected $config;
030
031 /** @var driver_interface Database object */
032 protected $db;
033
034 /** @var language Language object */
035 protected $language;
036
037 /** @var request_interface Request object */
038 protected $request;
039
040 /** @var user User object */
041 protected $user;
042
043 /** @var string Relative path to phpBB root */
044 protected $phpbb_root_path;
045
046 /** @var string PHP file extension */
047 protected $php_ext;
048
049 /**
050 * Apache Authentication Constructor
051 *
052 * @param config $config Config object
053 * @param driver_interface $db Database object
054 * @param language $language Language object
055 * @param request_interface $request Request object
056 * @param user $user User object
057 * @param string $phpbb_root_path Relative path to phpBB root
058 * @param string $php_ext PHP file extension
059 */
060 public function __construct(config $config, driver_interface $db, language $language, request_interface $request, user $user, $phpbb_root_path, $php_ext)
061 {
062 $this->config = $config;
063 $this->db = $db;
064 $this->language = $language;
065 $this->request = $request;
066 $this->user = $user;
067 $this->phpbb_root_path = $phpbb_root_path;
068 $this->php_ext = $php_ext;
069 }
070
071 /**
072 * {@inheritdoc}
073 */
074 public function init()
075 {
076 if (!$this->request->is_set('PHP_AUTH_USER', request_interface::SERVER) || $this->user->data['username'] !== html_entity_decode($this->request->server('PHP_AUTH_USER'), ENT_COMPAT))
077 {
078 return $this->language->lang('APACHE_SETUP_BEFORE_USE');
079 }
080 return false;
081 }
082
083 /**
084 * {@inheritdoc}
085 */
086 public function login($username, $password)
087 {
088 // do not allow empty password
089 if (!$password)
090 {
091 return array(
092 'status' => LOGIN_ERROR_PASSWORD,
093 'error_msg' => 'NO_PASSWORD_SUPPLIED',
094 'user_row' => array('user_id' => ANONYMOUS),
095 );
096 }
097
098 if (!$username)
099 {
100 return array(
101 'status' => LOGIN_ERROR_USERNAME,
102 'error_msg' => 'LOGIN_ERROR_USERNAME',
103 'user_row' => array('user_id' => ANONYMOUS),
104 );
105 }
106
107 if (!$this->request->is_set('PHP_AUTH_USER', request_interface::SERVER))
108 {
109 return array(
110 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
111 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
112 'user_row' => array('user_id' => ANONYMOUS),
113 );
114 }
115
116 $php_auth_user = html_entity_decode($this->request->server('PHP_AUTH_USER'), ENT_COMPAT);
117 $php_auth_pw = html_entity_decode($this->request->server('PHP_AUTH_PW'), ENT_COMPAT);
118
119 if (!empty($php_auth_user) && !empty($php_auth_pw))
120 {
121 if ($php_auth_user !== $username)
122 {
123 return array(
124 'status' => LOGIN_ERROR_USERNAME,
125 'error_msg' => 'LOGIN_ERROR_USERNAME',
126 'user_row' => array('user_id' => ANONYMOUS),
127 );
128 }
129
130 $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
131 FROM ' . USERS_TABLE . "
132 WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'";
133 $result = $this->db->sql_query($sql);
134 $row = $this->db->sql_fetchrow($result);
135 $this->db->sql_freeresult($result);
136
137 if ($row)
138 {
139 // User inactive...
140 if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
141 {
142 return array(
143 'status' => LOGIN_ERROR_ACTIVE,
144 'error_msg' => 'ACTIVE_ERROR',
145 'user_row' => $row,
146 );
147 }
148
149 // Successful login...
150 return array(
151 'status' => LOGIN_SUCCESS,
152 'error_msg' => false,
153 'user_row' => $row,
154 );
155 }
156
157 // this is the user's first login so create an empty profile
158 return array(
159 'status' => LOGIN_SUCCESS_CREATE_PROFILE,
160 'error_msg' => false,
161 'user_row' => $this->user_row($php_auth_user),
162 );
163 }
164
165 // Not logged into apache
166 return array(
167 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
168 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
169 'user_row' => array('user_id' => ANONYMOUS),
170 );
171 }
172
173 /**
174 * {@inheritdoc}
175 */
176 public function autologin()
177 {
178 if (!$this->request->is_set('PHP_AUTH_USER', request_interface::SERVER))
179 {
180 return array();
181 }
182
183 $php_auth_user = html_entity_decode($this->request->server('PHP_AUTH_USER'), ENT_COMPAT);
184 $php_auth_pw = html_entity_decode($this->request->server('PHP_AUTH_PW'), ENT_COMPAT);
185
186 if (!empty($php_auth_user) && !empty($php_auth_pw))
187 {
188 $type_cast_helper = new type_cast_helper();
189 $type_cast_helper->set_var($php_auth_user, $php_auth_user, 'string', true);
190
191 $sql = 'SELECT *
192 FROM ' . USERS_TABLE . "
193 WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'";
194 $result = $this->db->sql_query($sql);
195 $row = $this->db->sql_fetchrow($result);
196 $this->db->sql_freeresult($result);
197
198 if ($row)
199 {
200 return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row;
201 }
202
203 if (!function_exists('user_add'))
204 {
205 include($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext);
206 }
207
208 // create the user if he does not exist yet
209 user_add($this->user_row($php_auth_user));
210
211 $sql = 'SELECT *
212 FROM ' . USERS_TABLE . "
213 WHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($php_auth_user)) . "'";
214 $result = $this->db->sql_query($sql);
215 $row = $this->db->sql_fetchrow($result);
216 $this->db->sql_freeresult($result);
217
218 if ($row)
219 {
220 return $row;
221 }
222 }
223
224 return array();
225 }
226
227 /**
228 * This function generates an array which can be passed to the user_add
229 * function in order to create a user
230 *
231 * @param string $username The username of the new user.
232 *
233 * @return array Contains data that can be passed directly to
234 * the user_add function.
235 */
236 private function user_row($username)
237 {
238 // first retrieve default group id
239 $sql = 'SELECT group_id
240 FROM ' . GROUPS_TABLE . "
241 WHERE group_name = '" . $this->db->sql_escape('REGISTERED') . "'
242 AND group_type = " . GROUP_SPECIAL;
243 $result = $this->db->sql_query($sql);
244 $row = $this->db->sql_fetchrow($result);
245 $this->db->sql_freeresult($result);
246
247 if (!$row)
248 {
249 trigger_error('NO_GROUP');
250 }
251
252 // generate user account data
253 return array(
254 'username' => $username,
255 'user_password' => '',
256 'user_email' => '',
257 'group_id' => (int) $row['group_id'],
258 'user_type' => USER_NORMAL,
259 'user_ip' => $this->user->ip,
260 'user_new' => ($this->config['new_member_post_limit']) ? 1 : 0,
261 );
262 }
263
264 /**
265 * {@inheritdoc}
266 */
267 public function validate_session($user)
268 {
269 // Check if PHP_AUTH_USER is set and handle this case
270 if ($this->request->is_set('PHP_AUTH_USER', request_interface::SERVER))
271 {
272 $php_auth_user = $this->request->server('PHP_AUTH_USER');
273
274 return ($php_auth_user === $user['username']) ? true : false;
275 }
276
277 // PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not)
278 if ($user['user_type'] == USER_IGNORE)
279 {
280 return true;
281 }
282
283 return false;
284 }
285 }
286