Verzeichnisstruktur phpBB-3.3.16
- Veröffentlicht
- 27.04.2026
So funktioniert es
|
|
Auf das letzte Element klicken. Dies geht jeweils ein Schritt zurück |
Auf das Icon klicken, dies öffnet das Verzeichnis. Nochmal klicken schließt das Verzeichnis. |
|
|
(Beispiel Datei-Icons)
|
Auf das Icon klicken um den Quellcode anzuzeigen |
http_auth_subscriber.php
001 <?php
002 /**
003 *
004 * This file is part of the phpBB Forum Software package.
005 *
006 * @copyright (c) phpBB Limited <https://www.phpbb.com>
007 * @license GNU General Public License, version 2 (GPL-2.0)
008 *
009 * For full copyright and license information, please see
010 * the docs/CREDITS.txt file.
011 *
012 */
013
014 namespace phpbb\feed\event;
015
016 use phpbb\auth\auth;
017 use phpbb\config\config;
018 use phpbb\language\language;
019 use phpbb\request\request_interface;
020 use phpbb\user;
021 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
022 use Symfony\Component\HttpFoundation\Response;
023 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
024 use Symfony\Component\HttpKernel\KernelEvents;
025
026 /**
027 * Event subscriber for HTTP authentication on feed routes
028 */
029 class http_auth_subscriber implements EventSubscriberInterface
030 {
031 /** @var auth */
032 protected $auth;
033
034 /** @var config */
035 protected $config;
036
037 /** @var language */
038 protected $language;
039
040 /** @var request_interface */
041 protected $request;
042
043 /** @var user */
044 protected $user;
045
046 /**
047 * Constructor
048 *
049 * @param auth $auth Auth object
050 * @param config $config Config object
051 * @param language $language Language object
052 * @param request_interface $request Request object
053 * @param user $user User object
054 */
055 public function __construct(auth $auth, config $config, language $language, request_interface $request, user $user)
056 {
057 $this->auth = $auth;
058 $this->config = $config;
059 $this->language = $language;
060 $this->request = $request;
061 $this->user = $user;
062 }
063
064 /**
065 * Handle HTTP authentication for feed routes
066 *
067 * @param GetResponseEvent $event
068 * @return void
069 */
070 public function on_kernel_request(GetResponseEvent $event)
071 {
072 // Check if HTTP authentication is enabled
073 if (!$this->config['feed_http_auth'])
074 {
075 return;
076 }
077
078 $request = $event->getRequest();
079 $route = $request->attributes->get('_route');
080
081 // Only apply to feed routes
082 if (strpos($route, 'phpbb_feed_') !== 0)
083 {
084 return;
085 }
086
087 // Only allow HTTP authentication in secure context (HTTPS)
088 if (!$request->isSecure())
089 {
090 return;
091 }
092
093 // User is already logged in, no need to authenticate
094 if (!empty($this->user->data['is_registered']))
095 {
096 return;
097 }
098
099 // Get HTTP authentication credentials
100 [$username, $password] = $this->get_credentials();
101
102 // If no credentials provided, send authentication challenge
103 if ($username === null || $password === null)
104 {
105 $this->send_auth_challenge($event);
106 return;
107 }
108
109 // Attempt to login with the provided credentials
110 $auth_result = $this->auth->login($username, $password, false, true, false);
111
112 if ($auth_result['status'] == LOGIN_SUCCESS)
113 {
114 // Reload ACL for the newly logged-in user
115 $this->auth->acl($this->user->data);
116 return;
117 }
118 else if ($auth_result['status'] == LOGIN_ERROR_ATTEMPTS)
119 {
120 // Too many login attempts
121 $response = new Response($this->language->lang('LOGIN_ERROR_ATTEMPTS'), Response::HTTP_UNAUTHORIZED);
122 $event->setResponse($response);
123 return;
124 }
125
126 // Authentication failed, send challenge
127 $this->send_auth_challenge($event);
128 }
129
130 /**
131 * Retrieve HTTP authentication credentials from server variables
132 *
133 * @return array [username, password] Array containing the username and password, or null if not found
134 */
135 protected function get_credentials(): array
136 {
137 $username_keys = [
138 'PHP_AUTH_USER',
139 'Authorization',
140 'REMOTE_USER',
141 'REDIRECT_REMOTE_USER',
142 'HTTP_AUTHORIZATION',
143 'REDIRECT_HTTP_AUTHORIZATION',
144 'REMOTE_AUTHORIZATION',
145 'REDIRECT_REMOTE_AUTHORIZATION',
146 'AUTH_USER',
147 ];
148
149 $password_keys = [
150 'PHP_AUTH_PW',
151 'REMOTE_PASSWORD',
152 'AUTH_PASSWORD',
153 ];
154
155 $username = null;
156 foreach ($username_keys as $key)
157 {
158 if ($this->request->is_set($key, request_interface::SERVER))
159 {
160 $username = htmlspecialchars_decode($this->request->server($key));
161 break;
162 }
163 }
164
165 $password = null;
166 foreach ($password_keys as $key)
167 {
168 if ($this->request->is_set($key, request_interface::SERVER))
169 {
170 $password = htmlspecialchars_decode($this->request->server($key));
171 break;
172 }
173 }
174
175 // Decode Basic authentication header if needed
176 if (!is_null($username) && is_null($password) && strpos($username, 'Basic ') === 0)
177 {
178 [$username, $password] = explode(':', base64_decode(substr($username, 6)), 2);
179 }
180
181 return [$username, $password];
182 }
183
184 /**
185 * Send HTTP authentication challenge
186 *
187 * @param GetResponseEvent $event
188 * @return void
189 */
190 protected function send_auth_challenge(GetResponseEvent $event)
191 {
192 $realm = $this->config['sitename'];
193
194 // Filter out non-ASCII characters per RFC2616
195 $realm = preg_replace('/[\x80-\xFF]/', '?', $realm);
196
197 $response = new Response($this->language->lang('NOT_AUTHORISED'), Response::HTTP_UNAUTHORIZED);
198 $response->headers->set('WWW-Authenticate', 'Basic realm="' . $realm . ' - Feed"');
199 $event->setResponse($response);
200 }
201
202 /**
203 * {@inheritdoc}
204 */
205 public static function getSubscribedEvents(): array
206 {
207 return [
208 KernelEvents::REQUEST => ['on_kernel_request', 5],
209 ];
210 }
211 }
212