Verzeichnisstruktur phpBB-3.3.15
- Veröffentlicht
- 28.08.2024
So funktioniert es
|
|
Auf das letzte Element klicken. Dies geht jeweils ein Schritt zurück |
Auf das Icon klicken, dies öffnet das Verzeichnis. Nochmal klicken schließt das Verzeichnis. |
|
|
(Beispiel Datei-Icons)
|
Auf das Icon klicken um den Quellcode anzuzeigen |
db.php
001 <?php
002 /**
003 *
004 * This file is part of the phpBB Forum Software package.
005 *
006 * @copyright (c) phpBB Limited <https://www.phpbb.com>
007 * @license GNU General Public License, version 2 (GPL-2.0)
008 *
009 * For full copyright and license information, please see
010 * the docs/CREDITS.txt file.
011 *
012 */
013
014 namespace phpbb\auth\provider;
015
016 use phpbb\captcha\factory;
017 use phpbb\captcha\plugins\captcha_abstract;
018 use phpbb\config\config;
019 use phpbb\db\driver\driver_interface;
020 use phpbb\passwords\manager;
021 use phpbb\request\request_interface;
022 use phpbb\user;
023
024 /**
025 * Database authentication provider for phpBB3
026 * This is for authentication via the integrated user table
027 */
028 class db extends base
029 {
030 /** @var factory CAPTCHA factory */
031 protected $captcha_factory;
032
033 /** @var config phpBB config */
034 protected $config;
035
036 /** @var driver_interface DBAL driver instance */
037 protected $db;
038
039 /** @var request_interface Request object */
040 protected $request;
041
042 /** @var user User object */
043 protected $user;
044
045 /** @var string phpBB root path */
046 protected $phpbb_root_path;
047
048 /** @var string PHP file extension */
049 protected $php_ext;
050
051 /**
052 * phpBB passwords manager
053 *
054 * @var manager
055 */
056 protected $passwords_manager;
057
058 /**
059 * Database Authentication Constructor
060 *
061 * @param factory $captcha_factory
062 * @param config $config
063 * @param driver_interface $db
064 * @param manager $passwords_manager
065 * @param request_interface $request
066 * @param user $user
067 * @param string $phpbb_root_path
068 * @param string $php_ext
069 */
070 public function __construct(factory $captcha_factory, config $config, driver_interface $db, manager $passwords_manager, request_interface $request, user $user, $phpbb_root_path, $php_ext)
071 {
072 $this->captcha_factory = $captcha_factory;
073 $this->config = $config;
074 $this->db = $db;
075 $this->passwords_manager = $passwords_manager;
076 $this->request = $request;
077 $this->user = $user;
078 $this->phpbb_root_path = $phpbb_root_path;
079 $this->php_ext = $php_ext;
080 }
081
082 /**
083 * {@inheritdoc}
084 */
085 public function login($username, $password)
086 {
087 // Auth plugins get the password untrimmed.
088 // For compatibility we trim() here.
089 $password = trim($password);
090
091 // do not allow empty password
092 if (!$password)
093 {
094 return array(
095 'status' => LOGIN_ERROR_PASSWORD,
096 'error_msg' => 'NO_PASSWORD_SUPPLIED',
097 'user_row' => array('user_id' => ANONYMOUS),
098 );
099 }
100
101 if (!$username)
102 {
103 return array(
104 'status' => LOGIN_ERROR_USERNAME,
105 'error_msg' => 'LOGIN_ERROR_USERNAME',
106 'user_row' => array('user_id' => ANONYMOUS),
107 );
108 }
109
110 $username_clean = utf8_clean_string($username);
111
112 $sql = 'SELECT *
113 FROM ' . USERS_TABLE . "
114 WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'";
115 $result = $this->db->sql_query($sql);
116 $row = $this->db->sql_fetchrow($result);
117 $this->db->sql_freeresult($result);
118
119 if (($this->user->ip && !$this->config['ip_login_limit_use_forwarded']) ||
120 ($this->user->forwarded_for && $this->config['ip_login_limit_use_forwarded']))
121 {
122 $sql = 'SELECT COUNT(*) AS attempts
123 FROM ' . LOGIN_ATTEMPT_TABLE . '
124 WHERE attempt_time > ' . (time() - (int) $this->config['ip_login_limit_time']);
125 if ($this->config['ip_login_limit_use_forwarded'])
126 {
127 $sql .= " AND attempt_forwarded_for = '" . $this->db->sql_escape($this->user->forwarded_for) . "'";
128 }
129 else
130 {
131 $sql .= " AND attempt_ip = '" . $this->db->sql_escape($this->user->ip) . "' ";
132 }
133
134 $result = $this->db->sql_query($sql);
135 $attempts = (int) $this->db->sql_fetchfield('attempts');
136 $this->db->sql_freeresult($result);
137
138 $attempt_data = array(
139 'attempt_ip' => $this->user->ip,
140 'attempt_browser' => trim(substr($this->user->browser, 0, 149)),
141 'attempt_forwarded_for' => $this->user->forwarded_for,
142 'attempt_time' => time(),
143 'user_id' => ($row) ? (int) $row['user_id'] : 0,
144 'username' => $username,
145 'username_clean' => $username_clean,
146 );
147 $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $this->db->sql_build_array('INSERT', $attempt_data);
148 $this->db->sql_query($sql);
149 }
150 else
151 {
152 $attempts = 0;
153 }
154
155 $login_error_attempts = 'LOGIN_ERROR_ATTEMPTS';
156
157 $user_login_attempts = (is_array($row) && $this->config['max_login_attempts'] && $row['user_login_attempts'] >= $this->config['max_login_attempts']);
158 $ip_login_attempts = ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']);
159
160 $show_captcha = $user_login_attempts || $ip_login_attempts;
161
162 if ($show_captcha)
163 {
164 $captcha = $this->captcha_factory->get_instance($this->config['captcha_plugin']);
165
166 // Get custom message for login error when exceeding maximum number of attempts
167 if ($captcha instanceof captcha_abstract)
168 {
169 $login_error_attempts = $captcha->get_login_error_attempts();
170 }
171 }
172
173 if (!$row)
174 {
175 if ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max'])
176 {
177 return array(
178 'status' => LOGIN_ERROR_ATTEMPTS,
179 'error_msg' => $login_error_attempts,
180 'user_row' => array('user_id' => ANONYMOUS),
181 );
182 }
183
184 return array(
185 'status' => LOGIN_ERROR_USERNAME,
186 'error_msg' => 'LOGIN_ERROR_USERNAME',
187 'user_row' => array('user_id' => ANONYMOUS),
188 );
189 }
190
191 // If there are too many login attempts, we need to check for a confirm image
192 // Every auth module is able to define what to do by itself...
193 if ($show_captcha)
194 {
195 $captcha->init(CONFIRM_LOGIN);
196 $vc_response = $captcha->validate($row);
197 if ($vc_response)
198 {
199 return array(
200 'status' => LOGIN_ERROR_ATTEMPTS,
201 'error_msg' => $login_error_attempts,
202 'user_row' => $row,
203 );
204 }
205 else
206 {
207 $captcha->reset();
208 }
209
210 }
211
212 // Check password ...
213 if ($this->passwords_manager->check($password, $row['user_password'], $row))
214 {
215 // Check for old password hash...
216 if ($this->passwords_manager->convert_flag || strlen($row['user_password']) == 32)
217 {
218 $hash = $this->passwords_manager->hash($password);
219
220 // Update the password in the users table to the new format
221 $sql = 'UPDATE ' . USERS_TABLE . "
222 SET user_password = '" . $this->db->sql_escape($hash) . "'
223 WHERE user_id = {$row['user_id']}";
224 $this->db->sql_query($sql);
225
226 $row['user_password'] = $hash;
227 }
228
229 $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
230 WHERE user_id = ' . $row['user_id'];
231 $this->db->sql_query($sql);
232
233 if ($row['user_login_attempts'] != 0)
234 {
235 // Successful, reset login attempts (the user passed all stages)
236 $sql = 'UPDATE ' . USERS_TABLE . '
237 SET user_login_attempts = 0
238 WHERE user_id = ' . $row['user_id'];
239 $this->db->sql_query($sql);
240 }
241
242 // User inactive...
243 if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
244 {
245 return array(
246 'status' => LOGIN_ERROR_ACTIVE,
247 'error_msg' => 'ACTIVE_ERROR',
248 'user_row' => $row,
249 );
250 }
251
252 // Successful login... set user_login_attempts to zero...
253 return array(
254 'status' => LOGIN_SUCCESS,
255 'error_msg' => false,
256 'user_row' => $row,
257 );
258 }
259
260 // Password incorrect - increase login attempts
261 $sql = 'UPDATE ' . USERS_TABLE . '
262 SET user_login_attempts = user_login_attempts + 1
263 WHERE user_id = ' . (int) $row['user_id'] . '
264 AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
265 $this->db->sql_query($sql);
266
267 // Give status about wrong password...
268 return array(
269 'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD,
270 'error_msg' => 'LOGIN_ERROR_PASSWORD',
271 'user_row' => $row,
272 );
273 }
274 }
275