Login handler rework, alt_auth changes, preparing for Magento authorization option. Could produce some temporary problems

2025-08-03 05:07:27 +02:00 · 2011-09-14 11:30:58 +00:00
parent 6c6a0a9b40
commit d295b576fa
9 changed files with 151 additions and 90 deletions
--- a/class2.php
+++ b/class2.php
@@ -829,6 +829,8 @@ if ((e_QUERY == 'logout')/* || (($pref['user_tracking'] == 'session') && isset($
 	}
 	cookie(e_COOKIE, '', (time() - 2592000));
 	e107::getUser()->logout();
 	e107::getEvent()->trigger('logout');
 	e107::getRedirect()->redirect(SITEURL.'index.php');
 	// header('location:'.e_BASE.'index.php');
--- a/e107_handlers/js_manager.php
+++ b/e107_handlers/js_manager.php
@@ -2,14 +2,12 @@
 /*
 * e107 website system
 *
- * Copyright (C) 2008-2009 e107 Inc (e107.org)
+ * Copyright (C) 2008-2011 e107 Inc (e107.org)
 * Released under the terms and conditions of the
 * GNU General Public License (http://gnu.org).
 *
- * $Source: /cvs_backup/e107_0.8/e107_handlers/js_manager.php,v $
+ * $URL$
- * $Revision$
+ * Id$
 * $Date$
 * $Author$
 *
 */
 global $pref, $eplug_admin, $THEME_JSLIB, $THEME_CORE_JSLIB;
--- a/e107_handlers/login.php
+++ b/e107_handlers/login.php
@@ -3,7 +3,7 @@
 /*
 * e107 website system
 *
- * Copyright (C) 2008-2010 e107 Inc (e107.org)
+ * Copyright (C) 2008-2011 e107 Inc (e107.org)
 * Released under the terms and conditions of the
 * GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
 *
@@ -22,6 +22,7 @@ error_reporting(E_ALL);
 // require_once(e_HANDLER.'user_handler.php'); //shouldn't be necessary
 include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_login.php');
 // TODO - class constants
 define ('LOGIN_TRY_OTHER', 2);		// Try some other authentication method
 define ('LOGIN_CONTINUE',1);		// Not rejected (which is not exactly the same as 'accepted') by alt_auth
 define ('LOGIN_ABORT',-1);			// Rejected by alt_auth
@@ -37,7 +38,9 @@ define ('LOGIN_BANNED', -10);		// Banned user attempting login
 define ('LOGIN_CHAP_FAIL', -11);	// CHAP login failed
 define ('LOGIN_DB_ERROR', -12);		// Error adding user to main DB
-
+/**
 * TODO - use new user model, compact everything in max 2 classes
 */
 class userlogin
 {
 	protected $e107;
@@ -48,7 +51,14 @@ class userlogin
 	protected $passResult = FALSE;	// USed to determine if stored password needs update
-	/** Constructor
+	public function __construct()
 	{
 		$this->e107 = e107::getInstance();
 		$this->userIP = $this->e107->getip();
 		$this->userMethods = e107::getUserSession();
 	}
 	/**
 	# Class called when user attempts to log in
 	#
 	# @param string $username, $_POSTED user name
@@ -59,7 +69,7 @@ class userlogin
 	' @param string $response - response string returned by CHAP login (instead of password)
 	# @return  boolean - FALSE on login fail, TRUE on login successful
 	*/
-	public function __construct($username, $userpass, $autologin, $response = '', $noredirect = false)
+	public function login($username, $userpass, $autologin, $response = '', $noredirect = false)
 	{
 		global $pref, $e_event, $_E107;
@@ -74,9 +84,6 @@ class userlogin
 		$tp = e107::getParser();
 		$sql = e107::getDb();
 		$this->e107 = e107::getInstance();
 		$this->userIP = $this->e107->getip();
 		if($username == "" || (($userpass == "") && ($response == '')))
 		{	// Required fields blank
 			return $this->invalidLogin($username,LOGIN_BLANK_FIELD);
@@ -87,21 +94,32 @@ class userlogin
 		$forceLogin = ($autologin == 'signup');
 		$autologin = intval($autologin);		// Will decode to zero if forced login
-
+		$authorized = false;
 		if (!$forceLogin && $this->e107->isInstalled('alt_auth'))
 		{
 			$authMethod[0] = varset($pref['auth_method'], 'e107');		// Primary authentication method
 			$authMethod[1] = varset($pref['auth_method2'], 'none');		// Secondary authentication method (if defined)
 			$result = false;
 			foreach ($authMethod as $method)
 			{
 				if ($method == 'e107')
 				{
 					if ($this->lookupUser($username, $forceLogin))
 					{
-						if (varset($pref['auth_badpassword'], TRUE) || ($this->checkUserPassword($userpass, $response, $forceLogin) === TRUE))
+						if ($this->checkUserPassword($userpass, $response, $forceLogin) === TRUE)
 						{
 							$authorized = true;
 							$result = LOGIN_CONTINUE;		// Valid User exists in local DB
 						}
 						elseif(varset($pref['auth_badpassword'], TRUE))
 						{
 							$result = LOGIN_TRY_OTHER;
 							continue; // Should use alternate method for password auth
 						}
 						else 
 						{
 							return $this->invalidLogin($username,LOGIN_ABORT);
 						}
 					}
 				}
 				else
@@ -112,18 +130,27 @@ class userlogin
 						if (file_exists($auth_file))
 						{
 							require_once(e_PLUGIN.'alt_auth/alt_auth_login_class.php');
-							$result = new alt_login($method, $username, $userpass);
+							$al = new alt_login($method, $username, $userpass); 
 							$result = $al->loginResult; 
 							switch ($result)
 							{
 								case LOGIN_ABORT :
 									return $this->invalidLogin($username,LOGIN_ABORT);
 								break;
 								case LOGIN_DB_ERROR :
 									return $this->invalidLogin($username,LOGIN_DB_ERROR);
 								break;
 								case AUTH_SUCCESS:
 									$authorized = true;
 								break;
 								case LOGIN_TRY_OTHER:
 									continue;
 								break;
 							}
 						}
 					}
 				}
-				if ($result == LOGIN_CONTINUE)
+				if ($result === LOGIN_CONTINUE)
 				{
 					break;
 				}
@@ -151,10 +178,9 @@ class userlogin
 			}
 		}
-
+		if ($authorized !== true && $this->checkUserPassword($userpass, $response, $forceLogin) !== true)
 		if ($this->checkUserPassword($userpass, $response, $forceLogin) !== TRUE)
 		{
-			return FALSE;
+			return $this->invalidLogin($username,LOGIN_BAD_PW);
 		}
@@ -242,7 +268,7 @@ class userlogin
 			}
 		}
-		if($noredirect) return;
+		if($noredirect) return true;
 		$redir = e_SELF;
 		if (e_QUERY) $redir .= '?'.str_replace('&amp;','&',e_QUERY);
@@ -291,8 +317,7 @@ class userlogin
 	 */
 	protected function lookupUser($username, $forceLogin)
 	{
-		global $pref;
+		$pref = e107::getPref();
 		$maxLength = varset($pref['loginname_maxlength'],30);
 		if(varset($pref['allowEmailLogin'])==1) // Email login only
@@ -307,14 +332,7 @@ class userlogin
 			return FALSE;
 		}
-		$username = preg_replace("/\sOR\s|\=|\#/", "", $username);
+		$query = $this->getLookupQuery($username, $forceLogin);
        $qry[0] = "`user_loginname`= '".$this->e107->tp->toDB($username)."'";  // username only  (default)
 		$qry[1] = "`user_email` = '".$this->e107->tp->toDB($username)."'";   // email only
 		$qry[2] = (strpos($username,'@') !== FALSE ) ? "`user_loginname`= '".$this->e107->tp->toDB($username)."'  OR `user_email` = '".$this->e107->tp -> toDB($username)."'" : $qry[0];  //username or email
 		// Look up user in DB - even if email addresses allowed, still look up by user name as well - user could have specified email address for their login name
        $query = (!$forceLogin && varset($pref['allowEmailLogin'],0)) ? $qry[$pref['allowEmailLogin']] : $qry[0];
 		if ($this->e107->sql->db_Select('user', '*', $query) !== 1) 	// Handle duplicate emails as well
 		{	// Invalid user
@@ -325,9 +343,26 @@ class userlogin
 		$this->userData = $this->e107->sql -> db_Fetch(MYSQL_ASSOC);		// Get user info
 		$this->userData['user_perms'] = trim($this->userData['user_perms']);
 		$this->lookEmail = $this->lookEmail && ($username == $this->userData['user_email']);		// Know whether login name or email address used now
 		return TRUE;
 	}
 	public function getLookupQuery($username, $forceLogin, $dbAlias = '')
 	{
 		$pref = e107::getPref();
 		$username = preg_replace("/\sOR\s|\=|\#/", "", $username);
        $qry[0] = "{$dbAlias}`user_loginname`= '".$this->e107->tp->toDB($username)."'";  // username only  (default)
 		$qry[1] = "{$dbAlias}`user_email` = '".$this->e107->tp->toDB($username)."'";   // email only
 		$qry[2] = (strpos($username,'@') !== FALSE ) ? "{$dbAlias}`user_loginname`= '".$this->e107->tp->toDB($username)."'  OR {$dbAlias}`user_email` = '".$this->e107->tp -> toDB($username)."'" : $qry[0];  //username or email
 		// Look up user in DB - even if email addresses allowed, still look up by user name as well - user could have specified email address for their login name
        $query = (!$forceLogin && varset($pref['allowEmailLogin'],0)) ? $qry[$pref['allowEmailLogin']] : $qry[0];
 		return $query;
 	}
 	/**
 	 * Checks user password againt preferences set etc
@@ -340,7 +375,7 @@ class userlogin
 	 */
 	protected function checkUserPassword($userpass, $response, $forceLogin)
 	{
-		global $pref;
+		$pref = e107::getPref();
 		if ($this->lookEmail && varsettrue($pref['passwordEncoding']))
 		{
 			$tmp = unserialize($this->userData['user_prefs']);
@@ -352,8 +387,9 @@ class userlogin
 			$requiredPassword = $this->userData['user_password'];
 		}
 		// FIXME - [SecretR] $username is not set and I really can't get the idea.
 		// Now check password
 		$this->userMethods = e107::getUserSession();
 		if ($forceLogin)
 		{
 			if (md5($this->userData['user_name'].$this->userData['user_password'].$this->userData['user_join']) != $userpass)
--- a/e107_handlers/user_model.php
+++ b/e107_handlers/user_model.php
@@ -2,7 +2,7 @@
 /*
 * e107 website system
 *
- * Copyright (C) 2008-2010 e107 Inc (e107.org)
+ * Copyright (C) 2008-2011 e107 Inc (e107.org)
 * Released under the terms and conditions of the
 * GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
 *
@@ -1019,7 +1019,9 @@ class e_user extends e_user_model
 	{
 		if($this->isUser()) return false;
-		$userlogin = new userlogin($uname, $upass_plain, $uauto, $uchallange, $noredirect);
+		$userlogin = new userlogin();
 		$userlogin->login($uname, $upass_plain, $uauto, $uchallange, $noredirect);
 		$this->setSessionData(true)
 			->setData($userlogin->getUserData());
--- a/e107_plugins/alt_auth/alt_auth_conf.php
+++ b/e107_plugins/alt_auth/alt_auth_conf.php
@@ -2,16 +2,13 @@
 /*
 * e107 website system
 *
- * Copyright (C) 2008-2009 e107 Inc (e107.org)
+ * Copyright (C) 2008-2011 e107 Inc (e107.org)
 * Released under the terms and conditions of the
 * GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
 *
 * $URL$
 * $Id$
 * 
 *
 * $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/alt_auth_conf.php,v $
 * $Revision$
 * $Date$
 * $Author$
 */
 $eplug_admin = true;
@@ -36,6 +33,7 @@ if(isset($_POST['updateprefs']))
 	$temp['auth_method'] = $tp->toDB($_POST['auth_method']);
 	$temp['auth_noconn'] = intval($_POST['auth_noconn']);
 	$temp['auth_method2'] = $tp->toDB($_POST['auth_method2']);
 	$temp['auth_badpassword'] = intval($_POST['auth_badpassword']);
 	if ($admin_log->logArrayDiffs($temp, $pref, 'AUTH_01'))
 	{
 		save_prefs();		// Only save if changes
@@ -114,7 +112,7 @@ alt_auth_get_dropdown('auth_method', $pref['auth_method'], 'e107')."
 <tr>
 <td>".LAN_ALT_78.":<br /></td>
 <td>
-<select class='tbox' name='auth_noconn'>";
+<select class='tbox' name='auth_badpassword'>";
 $sel = (!$pref['auth_badpassword'] ? "" : " selected = 'selected' ");
 $text .= "<option value='0' {$sel} >".LAN_ALT_FAIL."</option>";
 $sel = ($pref['auth_badpassword'] ? " selected = 'selected' " : "");
--- a/e107_plugins/alt_auth/alt_auth_login_class.php
+++ b/e107_plugins/alt_auth/alt_auth_login_class.php
@@ -2,38 +2,42 @@
 /*
 * e107 website system
 *
- * Copyright (C) 2008-2009 e107 Inc (e107.org)
+ * Copyright (C) 2008-2011 e107 Inc (e107.org)
 * Released under the terms and conditions of the
 * GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
 *
 * Alternate login
 *
 * $URL$
 * $Id$
 * 
 * $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/alt_auth_login_class.php,v $
 * $Revision$
 * $Date$
 * $Author$
 */
 define('AA_DEBUG',FALSE);
 define('AA_DEBUG1',FALSE);
 //TODO convert to class constants
 define('AUTH_SUCCESS', -1);
 define('AUTH_NOUSER', 1);
 define('AUTH_BADPASSWORD', 2);
 define('AUTH_NOCONNECT', 3);
 class alt_login
 {
 	protected $e107;
 	public $loginResult = false;
 	public function __construct($method, &$username, &$userpass)
 	{
 		global $pref;
 		$this->e107 = e107::getInstance();
 		$newvals=array();
 		define('AUTH_SUCCESS', -1);
 		define('AUTH_NOUSER', 1);
 		define('AUTH_BADPASSWORD', 2);
 		define('AUTH_NOCONNECT', 3);
 		if ($method == 'none')
 		{
-			return AUTH_NOCONNECT;
+			$this->loginResult = AUTH_NOCONNECT;
 			return;
 		}
 		require_once(e_PLUGIN.'alt_auth/'.$method.'_auth.php');
@@ -41,7 +45,8 @@ class alt_login
 		if(isset($_login->Available) && ($_login->Available === FALSE))
 		{	// Relevant auth method not available (e.g. PHP extension not loaded)
-			return AUTH_NOCONNECT;
+			$this->loginResult = AUTH_NOCONNECT;
 			return;
 		}
 		$login_result = $_login -> login($username, $userpass, $newvals, FALSE);
@@ -58,7 +63,7 @@ class alt_login
 			$username = preg_replace("/\sOR\s|\=|\#/", "", $username);
 			$username = substr($username, 0, varset($pref['loginname_maxlength'],30));
-			$aa_sql = new db;
+			$aa_sql = e107::getDb('aa');
 			$userMethods = new UserHandler;
 			$db_vals = array('user_password' => $aa_sql->escape($userMethods->HashPassword($userpass,$username)));
 			$xFields = array();					// Possible extended user fields
@@ -88,18 +93,20 @@ class alt_login
 					$db_vals[$k] = $v;
 				}
 			}
 			$ulogin = new userlogin();
 			if (count($xFields))
 			{	// We're going to have to do something with extended fields as well - make sure there's an object
 				require_once (e_HANDLER.'user_extended_class.php');
 				$ue = new e107_user_extended;
 				$q = 
 				$qry = "SELECT u.user_id,u.".implode(',u.',array_keys($db_vals)).", ue.user_extended_id, ue.".implode(',ue.',array_keys($xFields))." FROM `#user` AS u
 						LEFT JOIN `#user_extended` AS ue ON ue.user_extended_id = u.user_id
-						WHERE u.user_loginname='{$username}' ";
+						WHERE ".$ulogin->getLookupQuery($username, FALSE, 'u.');
 				if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","Query: {$qry}[!br!]".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING);
 			}
 			else
 			{
-				$qry = "SELECT * FROM `#user` WHERE `user_loginname`='{$username}'";
+				$qry = "SELECT * FROM `#user` WHERE ".$ulogin->getLookupQuery($username, FALSE);
 			}
 			if($aa_sql -> db_Select_gen($qry))
 			{ // Existing user - get current data, see if any changes
@@ -145,6 +152,7 @@ class alt_login
 			}
 			else
 			{  // Just add a new user
 				if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","Add new user: ".print_r($db_vals,TRUE)."[!br!]".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING);
 				if (!isset($db_vals['user_name'])) $db_vals['user_name'] = $username;
 				if (!isset($db_vals['user_loginname'])) $db_vals['user_loginname'] = $username;
@@ -173,11 +181,13 @@ class alt_login
 				}
 				else
 				{	// Error adding user to database - possibly a conflict on unique fields
-					$this->e107->admin_log->e_log_event(10,__FILE__.'|'.__FUNCTION__.'@'.__LINE__,'ALT_AUTH','Alt auth login','Add user fail: DB Error '.$aa_sql->mySQLlastErrText."[!br!]".print_r($db_vals,TRUE),FALSE,LOG_TO_ROLLING);
+					$this->e107->admin_log->e_log_event(10,__FILE__.'|'.__FUNCTION__.'@'.__LINE__,'ALT_AUTH','Alt auth login','Add user fail: DB Error '.$aa_sql->getLastErrorText()."[!br!]".print_r($db_vals,TRUE),FALSE,LOG_TO_ROLLING);
-					return LOGIN_DB_ERROR;
+					$this->loginResult = LOGIN_DB_ERROR;
 					return;
 				}
 			}
-			return LOGIN_CONTINUE;
+			$this->loginResult = LOGIN_CONTINUE;
 			return;
 		}
 		else
 		{	// Failure modes
@@ -195,22 +205,27 @@ class alt_login
 				case AUTH_NOCONNECT:
 					if(varset($pref['auth_noconn'], TRUE))
 					{
-						return LOGIN_TRY_OTHER;
+						$this->loginResult = LOGIN_TRY_OTHER;
 						return;
 					}
 					$username=md5('xx_noconn_xx');
-					return LOGIN_ABORT;
+					$this->loginResult = LOGIN_ABORT;
 					return;
 					break;
 				case AUTH_BADPASSWORD:
 					if(varset($pref['auth_badpassword'], TRUE))
 					{
-						return LOGIN_TRY_OTHER;
+						$this->loginResult = LOGIN_TRY_OTHER;
 						return;
 					}
 					$userpass=md5('xx_badpassword_xx');
-					return LOGIN_ABORT;					// Not going to magically be able to log in!
+					$this->loginResult = LOGIN_ABORT;					// Not going to magically be able to log in!
 					return;
 					break;
 			}
 		}
-		return LOGIN_ABORT;			// catch-all just in case
+		$this->loginResult = LOGIN_ABORT;			// catch-all just in case
 		return;
 	}
--- a/e107_plugins/alt_auth/languages/English/admin_alt_auth.php
+++ b/e107_plugins/alt_auth/languages/English/admin_alt_auth.php
@@ -1,21 +1,17 @@
 <?php
 /*
-+ ----------------------------------------------------------------------------+
+ * e107 website system
-|     e107 website system
+ *
-|
+ * Copyright (C) 2008-2011 e107 Inc (e107.org)
-|    	Copyright (C) 2008-2009 e107 Inc (e107.org)
+ * Released under the terms and conditions of the
-|     http://e107.org
+ * GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
-|
+ *
-|
+ * Language file
-|     Released under the terms and conditions of the
+ *
-|     GNU General Public License (http://gnu.org).
+ * $URL$
-|
+ * $Id$
-|     $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/languages/English/admin_alt_auth.php,v $
+ * 
-|     $Revision$
+ */
 |     $Date$
 |     $Author$
 +----------------------------------------------------------------------------+
 */
 define('LAN_ALT_1', 'Primary authorisation type');
 define('LAN_ALT_2', 'Update settings');
 define('LAN_ALT_3', 'Choose Alternate Authorisation Type');
@@ -72,7 +68,7 @@ define('LAN_ALT_50', 'Password = ');
 define('LAN_ALT_51', '(blank)');
 define('LAN_ALT_52', 'Authentication failed - ');
 define('LAN_ALT_53', 'unknown cause');
-define('LAN_ALT_54', 'could not connect to DB');
+define('LAN_ALT_54', 'could not connect to DB / service provider');
 define('LAN_ALT_55', 'invalid user');
 define('LAN_ALT_56', 'bad password');
 define('LAN_ALT_57', 'method not available');
--- a/e107_plugins/alt_auth/languages/English/admin_importdb_conf.php
+++ b/e107_plugins/alt_auth/languages/English/admin_importdb_conf.php
@@ -1,4 +1,17 @@
 <?php
 /*
 * e107 website system
 *
 * Copyright (C) 2008-2011 e107 Inc (e107.org)
 * Released under the terms and conditions of the
 * GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
 *
 * Language file
 *
 * $URL$
 * $Id$
 * 
 */
 define('IMPORTDB_LAN_1', 'Database type');
 define('IMPORTDB_LAN_2', 'Plain Text');
 define('IMPORTDB_LAN_3', 'Joomla salted');
@@ -14,6 +27,8 @@ define('IMPORTDB_LAN_11', 'This option is to be used when you have imported some
 							Each user\'s password is converted to E107 format when they log in.');
 define('IMPORTDB_LAN_12', 'PHPBB2/PHPBB3 salted');
 define('IMPORTDB_LAN_13', 'WordPress salted');
 define('IMPORTDB_LAN_14', 'Magento salted');
 define('LAN_AUTHENTICATE_HELP','This authentication method is to be used <i>only</i> when you have imported a user database into E107, and the password is in an incompatible format. The
  original password is read from the local database, and validated against the storage format of the original system. If it verifies, its converted to the current E107-compatible format and
--- a/signup.php
+++ b/signup.php
@@ -2,18 +2,16 @@
 /*
 * e107 website system
 *
- * Copyright (C) 2001-2008 e107 Inc (e107.org)
+ * Copyright (C) 2008-2011 e107 Inc (e107.org)
 * Released under the terms and conditions of the
 * GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
 *
 * User signup
 *
- * $Source: /cvs_backup/e107_0.8/signup.php,v $
+ * $URL$
- * $Revision$
+ * $Id$
 * $Date$
 * $Author$
 * 
-*/
+ */
 require_once("class2.php");
@@ -333,7 +331,8 @@ if (e_QUERY)
 				if (varset($pref['autologinpostsignup']))
 				{
 					require_once(e_HANDLER.'login.php');
-					$usr = new userlogin($row['user_loginname'], md5($row['user_name'].$row['user_password'].$row['user_join']), 'signup', '');
+					$usr = new userlogin();
 					$usr->login($row['user_loginname'], md5($row['user_name'].$row['user_password'].$row['user_join']), 'signup', '');
 				}
 				require_once(HEADERF);
 				$text = LAN_SIGNUP_74." <a href='index.php'>".LAN_SIGNUP_22."</a> ".LAN_SIGNUP_23."<br />".LAN_SIGNUP_24." ".SITENAME;