mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-03-14 17:39:46 +01:00
Code Issues Releases Wiki Activity

Various alt_auth improvements and bug fixes

Browse Source
This commit is contained in:
e107steved 2009-07-05 18:47:52 +00:00
parent 7723d9b836
commit dad824a8d2
7 changed files with 126 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
e107_handlers/login.php
View File

@ -12,9 +12,9 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/e107_handlers/login.php,v $ | $Source: /cvs_backup/e107_0.8/e107_handlers/login.php,v $
| $Revision: 1.22 $ | $Revision: 1.23 $
| $Date: 2009-03-06 20:09:08 $ | $Date: 2009-07-05 18:47:51 $
| $Author: e107coders $ | $Author: e107steved $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
@ -39,6 +39,7 @@ define ('LOGIN_BLANK_FIELD', -8); // Username or password blank
define ('LOGIN_BAD_TRIGGER', -9); // Rejected by trigger event define ('LOGIN_BAD_TRIGGER', -9); // Rejected by trigger event
define ('LOGIN_BANNED', -10); // Banned user attempting login define ('LOGIN_BANNED', -10); // Banned user attempting login
define ('LOGIN_CHAP_FAIL', -11); // CHAP login failed define ('LOGIN_CHAP_FAIL', -11); // CHAP login failed
define ('LOGIN_DB_ERROR', -12); // Error adding user to main DB
class userlogin class userlogin
@ -91,9 +92,12 @@ class userlogin
{ {
require_once(e_PLUGIN."alt_auth/alt_auth_login_class.php"); require_once(e_PLUGIN."alt_auth/alt_auth_login_class.php");
$result = new alt_login($pref['auth_method'], $username, $userpass); $result = new alt_login($pref['auth_method'], $username, $userpass);
if ($result == LOGIN_ABORT) switch ($result)
{ // Invalid user {
return $this->invalidLogin($username,LOGIN_ABORT,$fip); case LOGIN_ABORT :
return $this->invalidLogin($username,LOGIN_ABORT,$fip);
case LOGIN_DB_ERROR :
return $this->invalidLogin($username,LOGIN_DB_ERROR,$fip);
} }
} }
} }
@ -312,6 +316,12 @@ class userlogin
$this->logNote('LAN_ROLL_LOG_04','Alt_Auth: '.$username); $this->logNote('LAN_ROLL_LOG_04','Alt_Auth: '.$username);
$doCheck = TRUE; $doCheck = TRUE;
break; break;
case LOGIN_DB_ERROR : // alt_auth couldn't add valid user
define("LOGINMESSAGE", LAN_LOGIN_31."<br /><br />");
$this->genNote($fip,$username,'Alt_auth: '.LAN_LOGIN_30);
// $this->logNote('LAN_ROLL_LOG_04','Alt_Auth: '.$username); // Added in alt_auth login
$doCheck = TRUE;
break;
case LOGIN_BAD_PW : case LOGIN_BAD_PW :
define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />"); define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
$this->logNote('LAN_ROLL_LOG_03',$username); $this->logNote('LAN_ROLL_LOG_03',$username);

61
e107_languages/English/lan_login.php
View File

@ -4,38 +4,41 @@
| e107 website system - Language File. | e107 website system - Language File.
| |
| $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_login.php,v $ | $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_login.php,v $
| $Revision: 1.4 $ | $Revision: 1.5 $
| $Date: 2009-03-06 20:09:08 $ | $Date: 2009-07-05 18:47:52 $
| $Author: e107coders $ | $Author: e107steved $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
define("LAN_LOGIN_1", "User name"); define('LAN_LOGIN_1', 'User name');
define("LAN_LOGIN_2", "User password"); define('LAN_LOGIN_2', 'User password');
define("LAN_LOGIN_3", "Protected server"); define('LAN_LOGIN_3', 'Protected server');
define("LAN_LOGIN_4", "Please enter your details to gain access."); define('LAN_LOGIN_4', 'Please enter your details to gain access.');
define("LAN_LOGIN_5", "Click here to Sign-Up"); define('LAN_LOGIN_5', 'Click here to Sign-Up');
define("LAN_LOGIN_6", "Not accepting new members at this time"); define('LAN_LOGIN_6', 'Not accepting new members at this time');
define("LAN_LOGIN_7", "Enter visible code"); define('LAN_LOGIN_7', 'Enter visible code');
define("LAN_LOGIN_8", "Remember Me"); define('LAN_LOGIN_8', 'Remember Me');
define("LAN_LOGIN_9", "Log In"); define('LAN_LOGIN_9', 'Log In');
define("LAN_LOGIN_10", "Click to login"); define('LAN_LOGIN_10', 'Click to login');
define("LAN_LOGIN_11", "Register as a New User"); define('LAN_LOGIN_11', 'Register as a New User');
define("LAN_LOGIN_12", "Forgot Password"); define('LAN_LOGIN_12', 'Forgot Password');
define("LAN_LOGIN_13", "Please enter text in image"); define('LAN_LOGIN_13', 'Please enter text in image');
define("LAN_LOGIN_14", "User attempted to login with unrecognised user name"); define('LAN_LOGIN_14', 'User attempted to login with unrecognised user name');
define("LAN_LOGIN_15", "User attempted to login with incorrect password"); define('LAN_LOGIN_15', 'User attempted to login with incorrect password');
define("LAN_LOGIN_16", "User attempted to login with username/password combination that was already in use"); define('LAN_LOGIN_16', 'User attempted to login with username/password combination that was already in use');
define("LAN_LOGIN_17", "User password (hashed)"); define('LAN_LOGIN_17', 'User password (hashed)');
define("LAN_LOGIN_18", "Auto-ban: More than 10 failed login attempts"); define('LAN_LOGIN_18', 'Auto-ban: More than 10 failed login attempts');
define("LAN_LOGIN_19", "> 10 failed login attempts"); define('LAN_LOGIN_19', '> 10 failed login attempts');
define("LAN_LOGIN_20", "You left required field(s) blank"); define('LAN_LOGIN_20', 'You left required field(s) blank');
define("LAN_LOGIN_21", "Incorrect login. The entered data doesn't match to a registered user. Check if you have the CAPS-LOCK key activated as logins on this site are case sensitive"); define('LAN_LOGIN_21', "Incorrect login. The entered data doesn't match to a registered user. Check if you have the CAPS-LOCK key activated as logins on this site are case sensitive");
define("LAN_LOGIN_22", "You have not activated your account. You should have received an email with instructions on how to confirm your account. If not, please click <a href='".e_BASE."signup.php?resend'>here</a>."); define('LAN_LOGIN_22', "You have not activated your account. You should have received an email with instructions on how to confirm your account. If not, please click <a href='".e_BASE."signup.php?resend'>here</a>.");
define("LAN_LOGIN_23", "Incorrect code entered."); define('LAN_LOGIN_23', 'Incorrect code entered.');
define("LAN_LOGIN_24", "That username/password combination is already in use."); define('LAN_LOGIN_24', 'That username/password combination is already in use.');
define("LAN_LOGIN_25", "Banned user attempted to login"); define('LAN_LOGIN_25', 'Banned user attempted to login');
define("LAN_LOGIN_26", "Login fail - reason unknown"); define('LAN_LOGIN_26', 'Login fail - reason unknown');
define('LAN_LOGIN_27', 'User attempted to log in before responding to confirmation email'); define('LAN_LOGIN_27', 'User attempted to log in before responding to confirmation email');
define('LAN_LOGIN_28', 'Email'); define('LAN_LOGIN_28', 'Email');
define('LAN_LOGIN_29', 'Username or Email'); define('LAN_LOGIN_29', 'Username or Email');
define('LAN_LOGIN_30', 'Error adding new alt_auth user to DB');
define('LAN_LOGIN_31', 'Your credentials could not be added to the system');
?> ?>

3
e107_plugins/alt_auth/alt_auth_adminmenu.php
View File

@ -163,7 +163,8 @@ $common_fields = array(
'prefix' => array('fieldname' => 'prefix', 'size' => 35, 'max_size' => 35, 'prompt' => LAN_ALT_39, 'help' => ''), 'prefix' => array('fieldname' => 'prefix', 'size' => 35, 'max_size' => 35, 'prompt' => LAN_ALT_39, 'help' => ''),
'ufield' => array('fieldname' => 'user_field','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_37, 'help' => ''), 'ufield' => array('fieldname' => 'user_field','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_37, 'help' => ''),
'pwfield'=> array('fieldname' => 'password_field','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_38, 'help' => ''), 'pwfield'=> array('fieldname' => 'password_field','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_38, 'help' => ''),
'salt' => array('fieldname' => 'password_salt','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_24, 'help' => LAN_ALT_25) 'salt' => array('fieldname' => 'password_salt','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_24, 'help' => LAN_ALT_25),
'classfilt' => array('fieldname' => 'filter_class', 'size' => 10, 'max_size' => 8, 'prompt' => LAN_ALT_76, 'help' => LAN_ALT_77)
); );

26
e107_plugins/alt_auth/alt_auth_login_class.php
View File

@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/alt_auth_login_class.php,v $ | $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/alt_auth_login_class.php,v $
| $Revision: 1.7 $ | $Revision: 1.8 $
| $Date: 2009-06-12 20:41:34 $ | $Date: 2009-07-05 18:47:52 $
| $Author: e107steved $ | $Author: e107steved $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
@ -152,14 +152,22 @@ class alt_login
$userMethods->addNonDefaulted($newUser); $userMethods->addNonDefaulted($newUser);
validatorClass::addFieldTypes($userMethods->userVettingInfo,$newUser); validatorClass::addFieldTypes($userMethods->userVettingInfo,$newUser);
$newID = $aa_sql->db_Insert('user',$newUser); $newID = $aa_sql->db_Insert('user',$newUser);
if (($newID !== FALSE) && count($xFields)) if ($newID !== FALSE)
{ {
$xFields['user_extended_id'] = $newID; if (count($xFields))
$xArray = array(); {
$xArray['data'] = $xFields; $xFields['user_extended_id'] = $newID;
$ue->addDefaultFields($xArray); // Add in the data types for storage, plus any default values $xArray = array();
$result = $aa_sql->db_Insert('user_extended',$xArray); $xArray['data'] = $xFields;
if (AA_DEBUG) $admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","Add extended: UID={$newID} result={$result}",FALSE,LOG_TO_ROLLING); $ue->addDefaultFields($xArray); // Add in the data types for storage, plus any default values
$result = $aa_sql->db_Insert('user_extended',$xArray);
if (AA_DEBUG) $admin_log->e_log_event(10,debug_backtrace(),'DEBUG','Alt auth login',"Add extended: UID={$newID} result={$result}",FALSE,LOG_TO_ROLLING);
}
}
else
{ // Error adding user to database - possibly a conflict on unique fields
$admin_log->e_log_event(10,__FILE__.'|'.__FUNCTION__.'@'.__LINE__,'ALT_AUTH','Alt auth login','Add user fail: DB Error '.$aa_sql->mySQLlastErrText."[!br!]".print_r($db_vals,TRUE),FALSE,LOG_TO_ROLLING);
return LOGIN_DB_ERROR;
} }
} }
return LOGIN_CONTINUE; return LOGIN_CONTINUE;

89
e107_plugins/alt_auth/e107db_auth.php
View File

@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/e107db_auth.php,v $ | $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/e107db_auth.php,v $
| $Revision: 1.2 $ | $Revision: 1.3 $
| $Date: 2008-09-02 19:39:12 $ | $Date: 2009-07-05 18:47:52 $
| $Author: e107steved $ | $Author: e107steved $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
@ -83,46 +83,65 @@ class auth_login
$sel_fields[] = substr($k,strlen('e107db_xf_')); $sel_fields[] = substr($k,strlen('e107db_xf_'));
} }
} }
$sel_fields[] = 'user_password';
$user_field = 'user_loginname'; $filterClass = intval(varset($this->conf['e107db_filter_class'], e_UC_PUBLIC));
if (($filterClass != e_UC_PUBLIC) && (!in_array('user_class',$sel_fields)))
{
$sel_fields[] = 'user_class';
}
$sel_fields[] = 'user_password';
$user_field = 'user_loginname';
//Get record containing supplied login name //Get record containing supplied login name
$qry = "SELECT ".implode(',',$sel_fields)." FROM ".$this->conf['e107db_prefix']."user WHERE {$user_field} = '{$uname}'"; $qry = "SELECT ".implode(',',$sel_fields)." FROM ".$this->conf['e107db_prefix']."user WHERE {$user_field} = '{$uname}'";
// echo "Query: {$qry}<br />"; // echo "Query: {$qry}<br />";
if(!$r1 = mysql_query($qry)) if(!$r1 = mysql_query($qry))
{ {
mysql_close($res); mysql_close($res);
$this->makeErrorText('Lookup query failed'); $this->makeErrorText('Lookup query failed');
return AUTH_NOCONNECT; return AUTH_NOCONNECT;
} }
if(!$row = mysql_fetch_array($r1)) if(!$row = mysql_fetch_array($r1))
{ {
mysql_close($res); mysql_close($res);
$this->makeErrorText('User not found'); $this->makeErrorText('User not found');
return AUTH_NOUSER; return AUTH_NOUSER;
} }
mysql_close($res); // Finished with 'foreign' DB now
// Got something from the DB - see whether password valid mysql_close($res); // Finished with 'foreign' DB now
require_once(e_PLUGIN.'alt_auth/extended_password_handler.php'); // This auto-loads the 'standard' password handler as well
$pass_check = new ExtendedPasswordHandler();
$passMethod = $pass_check->passwordMapping($this->conf['e107db_password_method']); // Got something from the DB - see whether password valid
if ($passMethod === FALSE) require_once(e_PLUGIN.'alt_auth/extended_password_handler.php'); // This auto-loads the 'standard' password handler as well
{ $pass_check = new ExtendedPasswordHandler();
$this->makeErrorText('Password error - invalid method');
return AUTH_BADPASSWORD;
}
$pwFromDB = $row['user_password']; // Password stored in DB $passMethod = $pass_check->passwordMapping($this->conf['e107db_password_method']);
if ($passMethod === FALSE)
{
$this->makeErrorText('Password error - invalid method');
return AUTH_BADPASSWORD;
}
if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID) $pwFromDB = $row['user_password']; // Password stored in DB
{
$this->makeErrorText('Password incorrect'); if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID)
return AUTH_BADPASSWORD; {
} $this->makeErrorText('Password incorrect');
return AUTH_BADPASSWORD;
}
// Valid user - check he's in an appropriate class
if ($filterClass != e_UC_PUBLIC)
{
$tmp = explode(',', $row['user_class']);
if (!in_array($filterClass, $tmp))
{
$this->makeErrorText('Userc not found');
return AUTH_NOUSER; // Treat as non-existent user
}
unset($tmp);
}
// Now copy across any values we have selected // Now copy across any values we have selected
foreach($this->conf as $k => $v) foreach($this->conf as $k => $v)

2
e107_plugins/alt_auth/e107db_conf.php
View File

@ -57,7 +57,7 @@ function show_e107db_form()
$text .= E107DB_LAN_1; $text .= E107DB_LAN_1;
$text .= "</td></tr>"; $text .= "</td></tr>";
$text .= alt_auth_get_db_fields('e107db', $frm, $parm, 'server|uname|pwd|db|prefix'); $text .= alt_auth_get_db_fields('e107db', $frm, $parm, 'server|uname|pwd|db|prefix|classfilt');
$text .= "<tr><td class='forumheader3'>".E107DB_LAN_9."</td><td class='forumheader3'>"; $text .= "<tr><td class='forumheader3'>".E107DB_LAN_9."</td><td class='forumheader3'>";
$text .= $frm -> form_select_open("e107db_password_method"); $text .= $frm -> form_select_open("e107db_password_method");

6
e107_plugins/alt_auth/languages/English/admin_alt_auth.php
View File

@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/languages/English/admin_alt_auth.php,v $ | $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/languages/English/admin_alt_auth.php,v $
| $Revision: 1.2 $ | $Revision: 1.3 $
| $Date: 2008-12-23 20:31:30 $ | $Date: 2009-07-05 18:47:52 $
| $Author: e107steved $ | $Author: e107steved $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
@ -94,6 +94,8 @@ define('LAN_ALT_72', 'Upper case');
define('LAN_ALT_73', 'Lower case'); define('LAN_ALT_73', 'Lower case');
define('LAN_ALT_74', 'Upper first'); define('LAN_ALT_74', 'Upper first');
define('LAN_ALT_75', 'Upper words'); define('LAN_ALT_75', 'Upper words');
define('LAN_ALT_76', 'User class restriction (a numeric value - zero or blank for everyone)');
define('LAN_ALT_77', 'Only users in this class (on the database set above) are permitted access');
define('LAN_ALT_FALLBACK', 'Use e107 user table'); define('LAN_ALT_FALLBACK', 'Use e107 user table');