mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-01-19 07:08:09 +01:00
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'Hardolaf/feature/auth-refactor' into develop

Browse Source 
* Hardolaf/feature/auth-refactor: (44 commits)
  [feature/auth-refactor] Fix code style issue
  [feature/auth-refactor] Fix comment grammar
  [feature/auth-refactor] Fix the actual cause of test failures
  [feature/auth-refactor] A possible fix for the functional test failures
  [feature/auth-refactor] Forgot @inheritdoc on methods
  [feature/auth-refactor] Finish and clean up documentation
  [feature/auth-refactor] Change phpEx to php_ext in new classes
  [feature/auth-refactor] Fix two session tests broken by changes
  [feature/auth-refactor] Removed no longer used variable
  [feature/auth-refactor] Fix errors in acp_board
  [feature/auth-refactor] Fix indentation on acp_board
  [feature/auth-refactor] Refactor auth in acp_board
  [feature/auth-refactor] Don't truncate name then reattach same thing
  [feature/auth-refactor] Remove old auth plugins
  [feature/auth-refactor] Remove references to old auth plugins
  [feature/auth-refactor] Fix auth tests to use mock objects correctly
  [feature/auth-refactor] Test validate_session on provider_apache
  [feature/auth-refactor] Test autologin() on provider_apache
  [feature/auth-refactor] Test login() for provider_apache
  [feature/auth-refactor] Test for init on provider_apache
  ...
This commit is contained in:
David King 2013-07-03 12:46:18 -04:00
commit 73c289ae49
18 changed files with 1508 additions and 1006 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
phpBB/config/auth_providers.yml Normal file
View File

@ -0,0 +1,37 @@
services:
auth.provider_collection:
class: phpbb_di_service_collection
arguments:
- @service_container
tags:
- { name: service_collection, tag: auth.provider }
auth.provider.db:
class: phpbb_auth_provider_db
arguments:
- @dbal.conn
- @config
- @request
- @user
- %core.root_path%
- %core.php_ext%
tags:
- { name: auth.provider }
auth.provider.apache:
class: phpbb_auth_provider_apache
arguments:
- @dbal.conn
- @config
- @request
- @user
- %core.root_path%
- %core.php_ext%
tags:
- { name: auth.provider }
auth.provider.ldap:
class: phpbb_auth_provider_ldap
arguments:
- @dbal.conn
- @config
- @user
tags:
- { name: auth.provider }

1
phpBB/config/services.yml
View File

@ -5,6 +5,7 @@ imports:
- { resource: migrator.yml }
- { resource: avatars.yml }
- { resource: feed.yml }
- { resource: auth_providers.yml }
services:
auth:

129
phpBB/includes/acp/acp_board.php
View File

@ -522,84 +522,54 @@ class acp_board
if ($mode == 'auth')
{
// Retrieve a list of auth plugins and check their config values
$auth_plugins = array();
$dp = @opendir($phpbb_root_path . 'includes/auth');
if ($dp)
{
while (($file = readdir($dp)) !== false)
{
if (preg_match('#^auth_(.*?)\.' . $phpEx . '$#', $file))
{
$auth_plugins[] = basename(preg_replace('#^auth_(.*?)\.' . $phpEx . '$#', '\1', $file));
}
}
closedir($dp);
sort($auth_plugins);
}
$auth_providers = $phpbb_container->get('auth.provider_collection');
$updated_auth_settings = false;
$old_auth_config = array();
foreach ($auth_plugins as $method)
foreach ($auth_providers as $provider)
{
if ($method && file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
if ($fields = $provider->acp($this->new_config))
{
include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
$method = 'acp_' . $method;
if (function_exists($method))
// Check if we need to create config fields for this plugin and save config when submit was pressed
foreach ($fields['config'] as $field)
{
if ($fields = $method($this->new_config))
if (!isset($config[$field]))
{
// Check if we need to create config fields for this plugin and save config when submit was pressed
foreach ($fields['config'] as $field)
{
if (!isset($config[$field]))
{
set_config($field, '');
}
if (!isset($cfg_array[$field]) || strpos($field, 'legend') !== false)
{
continue;
}
$old_auth_config[$field] = $this->new_config[$field];
$config_value = $cfg_array[$field];
$this->new_config[$field] = $config_value;
if ($submit)
{
$updated_auth_settings = true;
set_config($field, $config_value);
}
}
set_config($field, '');
}
if (!isset($cfg_array[$field]) || strpos($field, 'legend') !== false)
{
continue;
}
$old_auth_config[$field] = $this->new_config[$field];
$config_value = $cfg_array[$field];
$this->new_config[$field] = $config_value;
if ($submit)
{
$updated_auth_settings = true;
set_config($field, $config_value);
}
unset($fields);
}
}
unset($fields);
}
if ($submit && (($cfg_array['auth_method'] != $this->new_config['auth_method']) || $updated_auth_settings))
{
$method = basename($cfg_array['auth_method']);
if ($method && in_array($method, $auth_plugins))
if (array_key_exists('auth.provider.' . $method, $auth_providers))
{
include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
$method = 'init_' . $method;
if (function_exists($method))
$provider = $auth_providers['auth.provider.' . $method];
if ($error = $provider->init())
{
if ($error = $method())
foreach ($old_auth_config as $config_name => $config_value)
{
foreach ($old_auth_config as $config_name => $config_value)
{
set_config($config_name, $config_value);
}
trigger_error($error . adm_back_link($this->u_action), E_USER_WARNING);
set_config($config_name, $config_value);
}
trigger_error($error . adm_back_link($this->u_action), E_USER_WARNING);
}
set_config('auth_method', basename($cfg_array['auth_method']));
}
@ -683,24 +653,17 @@ class acp_board
{
$template->assign_var('S_AUTH', true);
foreach ($auth_plugins as $method)
foreach ($auth_providers as $provider)
{
if ($method && file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
{
$method = 'acp_' . $method;
if (function_exists($method))
{
$fields = $method($this->new_config);
$fields = $provider->acp($this->new_config);
if ($fields['tpl'])
{
$template->assign_block_vars('auth_tpl', array(
'TPL' => $fields['tpl'])
);
}
unset($fields);
}
if ($fields['tpl'])
{
$template->assign_block_vars('auth_tpl', array(
'TPL' => $fields['tpl'],
));
}
unset($fields);
}
}
}
@ -710,26 +673,16 @@ class acp_board
*/
function select_auth_method($selected_method, $key = '')
{
global $phpbb_root_path, $phpEx;
global $phpbb_root_path, $phpEx, $phpbb_container;
$auth_plugins = array();
$auth_providers = $phpbb_container->get('auth.provider_collection');
$dp = @opendir($phpbb_root_path . 'includes/auth');
if (!$dp)
foreach($auth_providers as $key => $value)
{
return '';
$auth_plugins[] = str_replace('auth.provider.', '', $key);
}
while (($file = readdir($dp)) !== false)
{
if (preg_match('#^auth_(.*?)\.' . $phpEx . '$#', $file))
{
$auth_plugins[] = preg_replace('#^auth_(.*?)\.' . $phpEx . '$#', '\1', $file);
}
}
closedir($dp);
sort($auth_plugins);
$auth_select = '';

9
phpBB/includes/auth/auth.php
View File

@ -927,15 +927,14 @@ class phpbb_auth
*/
function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0)
{
global $config, $db, $user, $phpbb_root_path, $phpEx;
global $config, $db, $user, $phpbb_root_path, $phpEx, $phpbb_container;
$method = trim(basename($config['auth_method']));
include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
$method = 'login_' . $method;
if (function_exists($method))
$provider = $phpbb_container->get('auth.provider.' . $method);
if ($provider)
{
$login = $method($username, $password, $user->ip, $user->browser, $user->forwarded_for);
$login = $provider->login($username, $password);
// If the auth module wants us to create an empty profile do so and then treat the status as LOGIN_SUCCESS
if ($login['status'] == LOGIN_SUCCESS_CREATE_PROFILE)

247
phpBB/includes/auth/auth_apache.php
View File

@ -1,247 +0,0 @@
<?php
/**
* Apache auth plug-in for phpBB3
*
* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
*
* @package login
* @copyright (c) 2005 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
/**
* Checks whether the user is identified to apache
* Only allow changing authentication to apache if the user is identified
* Called in acp_board while setting authentication plugins
*
* @return boolean|string false if the user is identified and else an error message
*/
function init_apache()
{
global $user, $request;
if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $user->data['username'] !== htmlspecialchars_decode($request->server('PHP_AUTH_USER')))
{
return $user->lang['APACHE_SETUP_BEFORE_USE'];
}
return false;
}
/**
* Login function
*/
function login_apache(&$username, &$password)
{
global $db, $request;
// do not allow empty password
if (!$password)
{
return array(
'status' => LOGIN_ERROR_PASSWORD,
'error_msg' => 'NO_PASSWORD_SUPPLIED',
'user_row' => array('user_id' => ANONYMOUS),
);
}
if (!$username)
{
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
{
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
'user_row' => array('user_id' => ANONYMOUS),
);
}
$php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER'));
$php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW'));
if (!empty($php_auth_user) && !empty($php_auth_pw))
{
if ($php_auth_user !== $username)
{
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "
WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row)
{
// User inactive...
if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
{
return array(
'status' => LOGIN_ERROR_ACTIVE,
'error_msg' => 'ACTIVE_ERROR',
'user_row' => $row,
);
}
// Successful login...
return array(
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => $row,
);
}
// this is the user's first login so create an empty profile
return array(
'status' => LOGIN_SUCCESS_CREATE_PROFILE,
'error_msg' => false,
'user_row' => user_row_apache($php_auth_user, $php_auth_pw),
);
}
// Not logged into apache
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
'user_row' => array('user_id' => ANONYMOUS),
);
}
/**
* Autologin function
*
* @return array containing the user row or empty if no auto login should take place
*/
function autologin_apache()
{
global $db, $request;
if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
{
return array();
}
$php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER'));
$php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW'));
if (!empty($php_auth_user) && !empty($php_auth_pw))
{
set_var($php_auth_user, $php_auth_user, 'string', true);
set_var($php_auth_pw, $php_auth_pw, 'string', true);
$sql = 'SELECT *
FROM ' . USERS_TABLE . "
WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row)
{
return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row;
}
if (!function_exists('user_add'))
{
global $phpbb_root_path, $phpEx;
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
}
// create the user if he does not exist yet
user_add(user_row_apache($php_auth_user, $php_auth_pw));
$sql = 'SELECT *
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($php_auth_user)) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row)
{
return $row;
}
}
return array();
}
/**
* This function generates an array which can be passed to the user_add function in order to create a user
*/
function user_row_apache($username, $password)
{
global $db, $config, $user;
// first retrieve default group id
$sql = 'SELECT group_id
FROM ' . GROUPS_TABLE . "
WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
AND group_type = " . GROUP_SPECIAL;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row)
{
trigger_error('NO_GROUP');
}
// generate user account data
return array(
'username' => $username,
'user_password' => phpbb_hash($password),
'user_email' => '',
'group_id' => (int) $row['group_id'],
'user_type' => USER_NORMAL,
'user_ip' => $user->ip,
'user_new' => ($config['new_member_post_limit']) ? 1 : 0,
);
}
/**
* The session validation function checks whether the user is still logged in
*
* @return boolean true if the given user is authenticated or false if the session should be closed
*/
function validate_session_apache(&$user)
{
global $request;
// Check if PHP_AUTH_USER is set and handle this case
if ($request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
{
$php_auth_user = $request->server('PHP_AUTH_USER');
return ($php_auth_user === $user['username']) ? true : false;
}
// PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not)
if ($user['user_type'] == USER_IGNORE)
{
return true;
}
return false;
}

289
phpBB/includes/auth/auth_db.php
View File

@ -1,289 +0,0 @@
<?php
/**
* Database auth plug-in for phpBB3
*
* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
*
* This is for authentication via the integrated user table
*
* @package login
* @copyright (c) 2005 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
/**
* Login function
*
* @param string $username
* @param string $password
* @param string $ip IP address the login is taking place from. Used to
* limit the number of login attempts per IP address.
* @param string $browser The user agent used to login
* @param string $forwarded_for X_FORWARDED_FOR header sent with login request
* @return array A associative array of the format
* array(
* 'status' => status constant
* 'error_msg' => string
* 'user_row' => array
* )
*/
function login_db($username, $password, $ip = '', $browser = '', $forwarded_for = '')
{
global $db, $config;
global $request;
// Auth plugins get the password untrimmed.
// For compatibility we trim() here.
$password = trim($password);
// do not allow empty password
if (!$password)
{
return array(
'status' => LOGIN_ERROR_PASSWORD,
'error_msg' => 'NO_PASSWORD_SUPPLIED',
'user_row' => array('user_id' => ANONYMOUS),
);
}
if (!$username)
{
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
$username_clean = utf8_clean_string($username);
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $db->sql_escape($username_clean) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (($ip && !$config['ip_login_limit_use_forwarded']) ||
($forwarded_for && $config['ip_login_limit_use_forwarded']))
{
$sql = 'SELECT COUNT(*) AS attempts
FROM ' . LOGIN_ATTEMPT_TABLE . '
WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']);
if ($config['ip_login_limit_use_forwarded'])
{
$sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($forwarded_for) . "'";
}
else
{
$sql .= " AND attempt_ip = '" . $db->sql_escape($ip) . "' ";
}
$result = $db->sql_query($sql);
$attempts = (int) $db->sql_fetchfield('attempts');
$db->sql_freeresult($result);
$attempt_data = array(
'attempt_ip' => $ip,
'attempt_browser' => trim(substr($browser, 0, 149)),
'attempt_forwarded_for' => $forwarded_for,
'attempt_time' => time(),
'user_id' => ($row) ? (int) $row['user_id'] : 0,
'username' => $username,
'username_clean' => $username_clean,
);
$sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data);
$result = $db->sql_query($sql);
}
else
{
$attempts = 0;
}
if (!$row)
{
if ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max'])
{
return array(
'status' => LOGIN_ERROR_ATTEMPTS,
'error_msg' => 'LOGIN_ERROR_ATTEMPTS',
'user_row' => array('user_id' => ANONYMOUS),
);
}
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
$show_captcha = ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) ||
($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']);
// If there are too much login attempts, we need to check for an confirm image
// Every auth module is able to define what to do by itself...
if ($show_captcha)
{
// Visual Confirmation handling
if (!class_exists('phpbb_captcha_factory', false))
{
global $phpbb_root_path, $phpEx;
include ($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);
}
$captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']);
$captcha->init(CONFIRM_LOGIN);
$vc_response = $captcha->validate($row);
if ($vc_response)
{
return array(
'status' => LOGIN_ERROR_ATTEMPTS,
'error_msg' => 'LOGIN_ERROR_ATTEMPTS',
'user_row' => $row,
);
}
else
{
$captcha->reset();
}
}
// If the password convert flag is set we need to convert it
if ($row['user_pass_convert'])
{
// enable super globals to get literal value
// this is needed to prevent unicode normalization
$super_globals_disabled = $request->super_globals_disabled();
if ($super_globals_disabled)
{
$request->enable_super_globals();
}
// in phpBB2 passwords were used exactly as they were sent, with addslashes applied
$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
$password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
$password_new_format = $request->variable('password', '', true);
if ($super_globals_disabled)
{
$request->disable_super_globals();
}
if ($password == $password_new_format)
{
if (!function_exists('utf8_to_cp1252'))
{
global $phpbb_root_path, $phpEx;
include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx);
}
// cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
// plain md5 support left in for conversions from other systems.
if ((strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password'])))
|| (strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])))
{
$hash = phpbb_hash($password_new_format);
// Update the password in the users table to the new format and remove user_pass_convert flag
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_password = \'' . $db->sql_escape($hash) . '\',
user_pass_convert = 0
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
$row['user_pass_convert'] = 0;
$row['user_password'] = $hash;
}
else
{
// Although we weren't able to convert this password we have to
// increase login attempt count to make sure this cannot be exploited
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . (int) $row['user_id'] . '
AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
$db->sql_query($sql);
return array(
'status' => LOGIN_ERROR_PASSWORD_CONVERT,
'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT',
'user_row' => $row,
);
}
}
}
// Check password ...
if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password']))
{
// Check for old password hash...
if (strlen($row['user_password']) == 32)
{
$hash = phpbb_hash($password);
// Update the password in the users table to the new format
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_password = '" . $db->sql_escape($hash) . "',
user_pass_convert = 0
WHERE user_id = {$row['user_id']}";
$db->sql_query($sql);
$row['user_password'] = $hash;
}
$sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
if ($row['user_login_attempts'] != 0)
{
// Successful, reset login attempts (the user passed all stages)
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = 0
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
}
// User inactive...
if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
{
return array(
'status' => LOGIN_ERROR_ACTIVE,
'error_msg' => 'ACTIVE_ERROR',
'user_row' => $row,
);
}
// Successful login... set user_login_attempts to zero...
return array(
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => $row,
);
}
// Password incorrect - increase login attempts
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . (int) $row['user_id'] . '
AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
$db->sql_query($sql);
// Give status about wrong password...
return array(
'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD,
'error_msg' => ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD',
'user_row' => $row,
);
}

350
phpBB/includes/auth/auth_ldap.php
View File

@ -1,350 +0,0 @@
<?php
/**
*
* LDAP auth plug-in for phpBB3
*
* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
*
* @package login
* @copyright (c) 2005 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
/**
* Connect to ldap server
* Only allow changing authentication to ldap if we can connect to the ldap server
* Called in acp_board while setting authentication plugins
*/
function init_ldap()
{
global $config, $user;
if (!@extension_loaded('ldap'))
{
return $user->lang['LDAP_NO_LDAP_EXTENSION'];
}
$config['ldap_port'] = (int) $config['ldap_port'];
if ($config['ldap_port'])
{
$ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']);
}
else
{
$ldap = @ldap_connect($config['ldap_server']);
}
if (!$ldap)
{
return $user->lang['LDAP_NO_SERVER_CONNECTION'];
}
@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
if ($config['ldap_user'] || $config['ldap_password'])
{
if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password'])))
{
return $user->lang['LDAP_INCORRECT_USER_PASSWORD'];
}
}
// ldap_connect only checks whether the specified server is valid, so the connection might still fail
$search = @ldap_search(
$ldap,
htmlspecialchars_decode($config['ldap_base_dn']),
ldap_user_filter($user->data['username']),
(empty($config['ldap_email'])) ?
array(htmlspecialchars_decode($config['ldap_uid'])) :
array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])),
0,
1
);
if ($search === false)
{
return $user->lang['LDAP_SEARCH_FAILED'];
}
$result = @ldap_get_entries($ldap, $search);
@ldap_close($ldap);
if (!is_array($result) || sizeof($result) < 2)
{
return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']);
}
if (!empty($config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($config['ldap_email'])]))
{
return $user->lang['LDAP_NO_EMAIL'];
}
return false;
}
/**
* Login function
*/
function login_ldap(&$username, &$password)
{
global $db, $config, $user;
// do not allow empty password
if (!$password)
{
return array(
'status' => LOGIN_ERROR_PASSWORD,
'error_msg' => 'NO_PASSWORD_SUPPLIED',
'user_row' => array('user_id' => ANONYMOUS),
);
}
if (!$username)
{
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
if (!@extension_loaded('ldap'))
{
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => 'LDAP_NO_LDAP_EXTENSION',
'user_row' => array('user_id' => ANONYMOUS),
);
}
$config['ldap_port'] = (int) $config['ldap_port'];
if ($config['ldap_port'])
{
$ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']);
}
else
{
$ldap = @ldap_connect($config['ldap_server']);
}
if (!$ldap)
{
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => 'LDAP_NO_SERVER_CONNECTION',
'user_row' => array('user_id' => ANONYMOUS),
);
}
@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
if ($config['ldap_user'] || $config['ldap_password'])
{
if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password'])))
{
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => 'LDAP_NO_SERVER_CONNECTION',
'user_row' => array('user_id' => ANONYMOUS),
);
}
}
$search = @ldap_search(
$ldap,
htmlspecialchars_decode($config['ldap_base_dn']),
ldap_user_filter($username),
(empty($config['ldap_email'])) ?
array(htmlspecialchars_decode($config['ldap_uid'])) :
array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])),
0,
1
);
$ldap_result = @ldap_get_entries($ldap, $search);
if (is_array($ldap_result) && sizeof($ldap_result) > 1)
{
if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password)))
{
@ldap_close($ldap);
$sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row)
{
unset($ldap_result);
// User inactive...
if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
{
return array(
'status' => LOGIN_ERROR_ACTIVE,
'error_msg' => 'ACTIVE_ERROR',
'user_row' => $row,
);
}
// Successful login... set user_login_attempts to zero...
return array(
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => $row,
);
}
else
{
// retrieve default group id
$sql = 'SELECT group_id
FROM ' . GROUPS_TABLE . "
WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
AND group_type = " . GROUP_SPECIAL;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row)
{
trigger_error('NO_GROUP');
}
// generate user account data
$ldap_user_row = array(
'username' => $username,
'user_password' => phpbb_hash($password),
'user_email' => (!empty($config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($config['ldap_email'])][0]) : '',
'group_id' => (int) $row['group_id'],
'user_type' => USER_NORMAL,
'user_ip' => $user->ip,
'user_new' => ($config['new_member_post_limit']) ? 1 : 0,
);
unset($ldap_result);
// this is the user's first login so create an empty profile
return array(
'status' => LOGIN_SUCCESS_CREATE_PROFILE,
'error_msg' => false,
'user_row' => $ldap_user_row,
);
}
}
else
{
unset($ldap_result);
@ldap_close($ldap);
// Give status about wrong password...
return array(
'status' => LOGIN_ERROR_PASSWORD,
'error_msg' => 'LOGIN_ERROR_PASSWORD',
'user_row' => array('user_id' => ANONYMOUS),
);
}
}
@ldap_close($ldap);
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
/**
* Generates a filter string for ldap_search to find a user
*
* @param $username string Username identifying the searched user
*
* @return string A filter string for ldap_search
*/
function ldap_user_filter($username)
{
global $config;
$filter = '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')';
if ($config['ldap_user_filter'])
{
$_filter = ($config['ldap_user_filter'][0] == '(' && substr($config['ldap_user_filter'], -1) == ')') ? $config['ldap_user_filter'] : "({$config['ldap_user_filter']})";
$filter = "(&{$filter}{$_filter})";
}
return $filter;
}
/**
* Escapes an LDAP AttributeValue
*/
function ldap_escape($string)
{
return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string);
}
/**
* This function is used to output any required fields in the authentication
* admin panel. It also defines any required configuration table fields.
*/
function acp_ldap(&$new)
{
global $user;
$tpl = '
<dl>
<dt><label for="ldap_server">' . $user->lang['LDAP_SERVER'] . $user->lang['COLON'] . '</label><br /><span>' . $user->lang['LDAP_SERVER_EXPLAIN'] . '</span></dt>
<dd><input type="text" id="ldap_server" size="40" name="config[ldap_server]" value="' . $new['ldap_server'] . '" /></dd>
</dl>
<dl>
<dt><label for="ldap_port">' . $user->lang['LDAP_PORT'] . $user->lang['COLON'] . '</label><br /><span>' . $user->lang['LDAP_PORT_EXPLAIN'] . '</span></dt>
<dd><input type="text" id="ldap_port" size="40" name="config[ldap_port]" value="' . $new['ldap_port'] . '" /></dd>
</dl>
<dl>
<dt><label for="ldap_dn">' . $user->lang['LDAP_DN'] . $user->lang['COLON'] . '</label><br /><span>' . $user->lang['LDAP_DN_EXPLAIN'] . '</span></dt>
<dd><input type="text" id="ldap_dn" size="40" name="config[ldap_base_dn]" value="' . $new['ldap_base_dn'] . '" /></dd>
</dl>
<dl>
<dt><label for="ldap_uid">' . $user->lang['LDAP_UID'] . $user->lang['COLON'] . '</label><br /><span>' . $user->lang['LDAP_UID_EXPLAIN'] . '</span></dt>
<dd><input type="text" id="ldap_uid" size="40" name="config[ldap_uid]" value="' . $new['ldap_uid'] . '" /></dd>
</dl>
<dl>
<dt><label for="ldap_user_filter">' . $user->lang['LDAP_USER_FILTER'] . $user->lang['COLON'] . '</label><br /><span>' . $user->lang['LDAP_USER_FILTER_EXPLAIN'] . '</span></dt>
<dd><input type="text" id="ldap_user_filter" size="40" name="config[ldap_user_filter]" value="' . $new['ldap_user_filter'] . '" /></dd>
</dl>
<dl>
<dt><label for="ldap_email">' . $user->lang['LDAP_EMAIL'] . $user->lang['COLON'] . '</label><br /><span>' . $user->lang['LDAP_EMAIL_EXPLAIN'] . '</span></dt>
<dd><input type="email" id="ldap_email" size="40" name="config[ldap_email]" value="' . $new['ldap_email'] . '" /></dd>
</dl>
<dl>
<dt><label for="ldap_user">' . $user->lang['LDAP_USER'] . $user->lang['COLON'] . '</label><br /><span>' . $user->lang['LDAP_USER_EXPLAIN'] . '</span></dt>
<dd><input type="text" id="ldap_user" size="40" name="config[ldap_user]" value="' . $new['ldap_user'] . '" /></dd>
</dl>
<dl>
<dt><label for="ldap_password">' . $user->lang['LDAP_PASSWORD'] . $user->lang['COLON'] . '</label><br /><span>' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '</span></dt>
<dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" autocomplete="off" /></dd>
</dl>
';
// These are fields required in the config table
return array(
'tpl' => $tpl,
'config' => array('ldap_server', 'ldap_port', 'ldap_base_dn', 'ldap_uid', 'ldap_user_filter', 'ldap_email', 'ldap_user', 'ldap_password')
);
}

275
phpBB/includes/auth/provider_apache.php Normal file
View File

@ -0,0 +1,275 @@
<?php
/**
*
* @package auth
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
/**
* Apache authentication provider for phpBB3
*
* @package auth
*/
class phpbb_auth_provider_apache implements phpbb_auth_provider_interface
{
/**
* Apache Authentication Constructor
*
* @param phpbb_db_driver $db
* @param phpbb_config $config
* @param phpbb_request $request
* @param phpbb_user $user
* @param string $phpbb_root_path
* @param string $php_ext
*/
public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $phpbb_root_path, $php_ext)
{
$this->db = $db;
$this->config = $config;
$this->request = $request;
$this->user = $user;
$this->phpbb_root_path = $phpbb_root_path;
$this->php_ext = $php_ext;
}
/**
* {@inheritdoc}
*/
public function init()
{
if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $this->user->data['username'] !== htmlspecialchars_decode($this->request->server('PHP_AUTH_USER')))
{
return $this->user->lang['APACHE_SETUP_BEFORE_USE'];
}
return false;
}
/**
* {@inheritdoc}
*/
public function login($username, $password)
{
// do not allow empty password
if (!$password)
{
return array(
'status' => LOGIN_ERROR_PASSWORD,
'error_msg' => 'NO_PASSWORD_SUPPLIED',
'user_row' => array('user_id' => ANONYMOUS),
);
}
if (!$username)
{
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
{
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
'user_row' => array('user_id' => ANONYMOUS),
);
}
$php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'));
$php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW'));
if (!empty($php_auth_user) && !empty($php_auth_pw))
{
if ($php_auth_user !== $username)
{
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "
WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'";
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if ($row)
{
// User inactive...
if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
{
return array(
'status' => LOGIN_ERROR_ACTIVE,
'error_msg' => 'ACTIVE_ERROR',
'user_row' => $row,
);
}
// Successful login...
return array(
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => $row,
);
}
// this is the user's first login so create an empty profile
return array(
'status' => LOGIN_SUCCESS_CREATE_PROFILE,
'error_msg' => false,
'user_row' => user_row_apache($php_auth_user, $php_auth_pw),
);
}
// Not logged into apache
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
'user_row' => array('user_id' => ANONYMOUS),
);
}
/**
* {@inheritdoc}
*/
public function autologin()
{
if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
{
return array();
}
$php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'));
$php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW'));
if (!empty($php_auth_user) && !empty($php_auth_pw))
{
set_var($php_auth_user, $php_auth_user, 'string', true);
set_var($php_auth_pw, $php_auth_pw, 'string', true);
$sql = 'SELECT *
FROM ' . USERS_TABLE . "
WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'";
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if ($row)
{
return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row;
}
if (!function_exists('user_add'))
{
include($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext);
}
// create the user if he does not exist yet
user_add(user_row_apache($php_auth_user, $php_auth_pw));
$sql = 'SELECT *
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($php_auth_user)) . "'";
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if ($row)
{
return $row;
}
}
return array();
}
/**
* This function generates an array which can be passed to the user_add
* function in order to create a user
*
* @param string $username The username of the new user.
* @param string $password The password of the new user.
* @return array Contains data that can be passed directly to
* the user_add function.
*/
private function user_row($username, $password)
{
// first retrieve default group id
$sql = 'SELECT group_id
FROM ' . GROUPS_TABLE . "
WHERE group_name = '" . $this->db->sql_escape('REGISTERED') . "'
AND group_type = " . GROUP_SPECIAL;
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if (!$row)
{
trigger_error('NO_GROUP');
}
// generate user account data
return array(
'username' => $username,
'user_password' => phpbb_hash($password),
'user_email' => '',
'group_id' => (int) $row['group_id'],
'user_type' => USER_NORMAL,
'user_ip' => $this->user->ip,
'user_new' => ($this->config['new_member_post_limit']) ? 1 : 0,
);
}
/**
* {@inheritdoc}
*/
public function validate_session($user)
{
// Check if PHP_AUTH_USER is set and handle this case
if ($this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
{
$php_auth_user = $this->request->server('PHP_AUTH_USER');
return ($php_auth_user === $user['username']) ? true : false;
}
// PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not)
if ($user['user_type'] == USER_IGNORE)
{
return true;
}
return false;
}
/**
* {@inheritdoc}
*/
public function acp($new)
{
return;
}
/**
* {@inheritdoc}
*/
public function logout($data, $new_session)
{
return;
}
}

337
phpBB/includes/auth/provider_db.php Normal file
View File

@ -0,0 +1,337 @@
<?php
/**
*
* @package auth
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
/**
* Database authentication provider for phpBB3
*
* This is for authentication via the integrated user table
*
* @package auth
*/
class phpbb_auth_provider_db implements phpbb_auth_provider_interface
{
/**
* Database Authentication Constructor
*
* @param phpbb_db_driver $db
* @param phpbb_config $config
* @param phpbb_request $request
* @param phpbb_user $user
* @param string $phpbb_root_path
* @param string $php_ext
*/
public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $phpbb_root_path, $php_ext)
{
$this->db = $db;
$this->config = $config;
$this->request = $request;
$this->user = $user;
$this->phpbb_root_path = $phpbb_root_path;
$this->php_ext = $php_ext;
}
/**
* {@inheritdoc}
*/
public function init()
{
return;
}
/**
* {@inheritdoc}
*/
public function login($username, $password)
{
// Auth plugins get the password untrimmed.
// For compatibility we trim() here.
$password = trim($password);
// do not allow empty password
if (!$password)
{
return array(
'status' => LOGIN_ERROR_PASSWORD,
'error_msg' => 'NO_PASSWORD_SUPPLIED',
'user_row' => array('user_id' => ANONYMOUS),
);
}
if (!$username)
{
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
$username_clean = utf8_clean_string($username);
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'";
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if (($this->user->ip && !$this->config['ip_login_limit_use_forwarded']) ||
($this->user->forwarded_for && $this->config['ip_login_limit_use_forwarded']))
{
$sql = 'SELECT COUNT(*) AS attempts
FROM ' . LOGIN_ATTEMPT_TABLE . '
WHERE attempt_time > ' . (time() - (int) $this->config['ip_login_limit_time']);
if ($this->config['ip_login_limit_use_forwarded'])
{
$sql .= " AND attempt_forwarded_for = '" . $this->db->sql_escape($this->user->forwarded_for) . "'";
}
else
{
$sql .= " AND attempt_ip = '" . $this->db->sql_escape($this->user->ip) . "' ";
}
$result = $this->db->sql_query($sql);
$attempts = (int) $this->db->sql_fetchfield('attempts');
$this->db->sql_freeresult($result);
$attempt_data = array(
'attempt_ip' => $this->user->ip,
'attempt_browser' => trim(substr($this->user->browser, 0, 149)),
'attempt_forwarded_for' => $this->user->forwarded_for,
'attempt_time' => time(),
'user_id' => ($row) ? (int) $row['user_id'] : 0,
'username' => $username,
'username_clean' => $username_clean,
);
$sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $this->db->sql_build_array('INSERT', $attempt_data);
$result = $this->db->sql_query($sql);
}
else
{
$attempts = 0;
}
if (!$row)
{
if ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max'])
{
return array(
'status' => LOGIN_ERROR_ATTEMPTS,
'error_msg' => 'LOGIN_ERROR_ATTEMPTS',
'user_row' => array('user_id' => ANONYMOUS),
);
}
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
$show_captcha = ($this->config['max_login_attempts'] && $row['user_login_attempts'] >= $this->config['max_login_attempts']) ||
($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']);
// If there are too many login attempts, we need to check for a confirm image
// Every auth module is able to define what to do by itself...
if ($show_captcha)
{
// Visual Confirmation handling
if (!class_exists('phpbb_captcha_factory', false))
{
include ($this->phpbb_root_path . 'includes/captcha/captcha_factory.' . $this->php_ext);
}
$captcha = phpbb_captcha_factory::get_instance($this->config['captcha_plugin']);
$captcha->init(CONFIRM_LOGIN);
$vc_response = $captcha->validate($row);
if ($vc_response)
{
return array(
'status' => LOGIN_ERROR_ATTEMPTS,
'error_msg' => 'LOGIN_ERROR_ATTEMPTS',
'user_row' => $row,
);
}
else
{
$captcha->reset();
}
}
// If the password convert flag is set we need to convert it
if ($row['user_pass_convert'])
{
// enable super globals to get literal value
// this is needed to prevent unicode normalization
$super_globals_disabled = $this->request->super_globals_disabled();
if ($super_globals_disabled)
{
$this->request->enable_super_globals();
}
// in phpBB2 passwords were used exactly as they were sent, with addslashes applied
$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
$password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
$password_new_format = $this->request->variable('password', '', true);
if ($super_globals_disabled)
{
$this->request->disable_super_globals();
}
if ($password == $password_new_format)
{
if (!function_exists('utf8_to_cp1252'))
{
include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->php_ext);
}
// cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
// plain md5 support left in for conversions from other systems.
if ((strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password'])))
|| (strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])))
{
$hash = phpbb_hash($password_new_format);
// Update the password in the users table to the new format and remove user_pass_convert flag
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_password = \'' . $this->db->sql_escape($hash) . '\',
user_pass_convert = 0
WHERE user_id = ' . $row['user_id'];
$this->db->sql_query($sql);
$row['user_pass_convert'] = 0;
$row['user_password'] = $hash;
}
else
{
// Although we weren't able to convert this password we have to
// increase login attempt count to make sure this cannot be exploited
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . (int) $row['user_id'] . '
AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
$this->db->sql_query($sql);
return array(
'status' => LOGIN_ERROR_PASSWORD_CONVERT,
'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT',
'user_row' => $row,
);
}
}
}
// Check password ...
if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password']))
{
// Check for old password hash...
if (strlen($row['user_password']) == 32)
{
$hash = phpbb_hash($password);
// Update the password in the users table to the new format
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_password = '" . $this->db->sql_escape($hash) . "',
user_pass_convert = 0
WHERE user_id = {$row['user_id']}";
$this->db->sql_query($sql);
$row['user_password'] = $hash;
}
$sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
WHERE user_id = ' . $row['user_id'];
$this->db->sql_query($sql);
if ($row['user_login_attempts'] != 0)
{
// Successful, reset login attempts (the user passed all stages)
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = 0
WHERE user_id = ' . $row['user_id'];
$this->db->sql_query($sql);
}
// User inactive...
if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
{
return array(
'status' => LOGIN_ERROR_ACTIVE,
'error_msg' => 'ACTIVE_ERROR',
'user_row' => $row,
);
}
// Successful login... set user_login_attempts to zero...
return array(
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => $row,
);
}
// Password incorrect - increase login attempts
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . (int) $row['user_id'] . '
AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
$this->db->sql_query($sql);
// Give status about wrong password...
return array(
'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD,
'error_msg' => ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD',
'user_row' => $row,
);
}
/**
* {@inheritdoc}
*/
public function autologin()
{
return;
}
/**
* {@inheritdoc}
*/
public function acp($new)
{
return;
}
/**
* {@inheritdoc}
*/
public function logout($data, $new_session)
{
return;
}
/**
* {@inheritdoc}
*/
public function validate_session($user)
{
return;
}
}

93
phpBB/includes/auth/provider_interface.php Normal file
View File

@ -0,0 +1,93 @@
<?php
/**
*
* @package auth
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
/**
* The interface authentication provider classes have to implement.
*
* @package auth
*/
interface phpbb_auth_provider_interface
{
/**
* Checks whether the user is currently identified to the authentication
* provider.
* Called in acp_board while setting authentication plugins.
* Changing to an authentication provider will not be permitted in acp_board
* if there is an error.
*
* @return boolean|string False if the user is identified, otherwise an
* error message, or null if not implemented.
*/
public function init();
/**
* Performs login.
*
* @param string $username The name of the user being authenticated.
* @param string $password The password of the user.
* @return array An associative array of the format:
* array(
* 'status' => status constant
* 'error_msg' => string
* 'user_row' => array
* )
*/
public function login($username, $password);
/**
* Autologin function
*
* @return array|null containing the user row, empty if no auto login
* should take place, or null if not impletmented.
*/
public function autologin();
/**
* This function is used to output any required fields in the authentication
* admin panel. It also defines any required configuration table fields.
*
* @param array $new Contains the new configuration values that have
* been set in acp_board.
* @return array|null Returns null if not implemented or an array of the
* form:
* array(
* 'tpl' => string
* 'config' => array
* )
*/
public function acp($new);
/**
* Performs additional actions during logout.
*
* @param array $data An array corresponding to
* phpbb_session::data
* @param boolean $new_session True for a new session, false for no new
* session.
*/
public function logout($data, $new_session);
/**
* The session validation function checks whether the user is still logged
* into phpBB.
*
* @param array $user
* @return boolean true if the given user is authenticated, false if the
* session should be closed, or null if not implemented.
*/
public function validate_session($user);
}

386
phpBB/includes/auth/provider_ldap.php Normal file
View File

@ -0,0 +1,386 @@
<?php
/**
*
* @package auth
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
/**
* Database authentication provider for phpBB3
*
* This is for authentication via the integrated user table
*
* @package auth
*/
class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface
{
/**
* LDAP Authentication Constructor
*
* @param phpbb_db_driver $db
* @param phpbb_config $config
* @param phpbb_user $user
*/
public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_user $user)
{
$this->db = $db;
$this->config = $config;
$this->user = $user;
}
/**
* {@inheritdoc}
*/
public function init()
{
if (!@extension_loaded('ldap'))
{
return $this->user->lang['LDAP_NO_LDAP_EXTENSION'];
}
$this->config['ldap_port'] = (int) $this->config['ldap_port'];
if ($this->config['ldap_port'])
{
$ldap = @ldap_connect($this->config['ldap_server'], $this->config['ldap_port']);
}
else
{
$ldap = @ldap_connect($this->config['ldap_server']);
}
if (!$ldap)
{
return $this->user->lang['LDAP_NO_SERVER_CONNECTION'];
}
@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
if ($this->config['ldap_user'] || $this->config['ldap_password'])
{
if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password'])))
{
return $this->user->lang['LDAP_INCORRECT_USER_PASSWORD'];
}
}
// ldap_connect only checks whether the specified server is valid, so the connection might still fail
$search = @ldap_search(
$ldap,
htmlspecialchars_decode($this->config['ldap_base_dn']),
$this->ldap_user_filter($this->user->data['username']),
(empty($this->config['ldap_email'])) ?
array(htmlspecialchars_decode($this->config['ldap_uid'])) :
array(htmlspecialchars_decode($this->config['ldap_uid']), htmlspecialchars_decode($this->config['ldap_email'])),
0,
1
);
if ($search === false)
{
return $this->user->lang['LDAP_SEARCH_FAILED'];
}
$result = @ldap_get_entries($ldap, $search);
@ldap_close($ldap);
if (!is_array($result) || sizeof($result) < 2)
{
return sprintf($this->user->lang['LDAP_NO_IDENTITY'], $this->user->data['username']);
}
if (!empty($this->config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($this->config['ldap_email'])]))
{
return $this->user->lang['LDAP_NO_EMAIL'];
}
return false;
}
/**
* {@inheritdoc}
*/
public function login($username, $password)
{
// do not allow empty password
if (!$password)
{
return array(
'status' => LOGIN_ERROR_PASSWORD,
'error_msg' => 'NO_PASSWORD_SUPPLIED',
'user_row' => array('user_id' => ANONYMOUS),
);
}
if (!$username)
{
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
if (!@extension_loaded('ldap'))
{
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => 'LDAP_NO_LDAP_EXTENSION',
'user_row' => array('user_id' => ANONYMOUS),
);
}
$this->config['ldap_port'] = (int) $this->config['ldap_port'];
if ($this->config['ldap_port'])
{
$ldap = @ldap_connect($this->config['ldap_server'], $this->config['ldap_port']);
}
else
{
$ldap = @ldap_connect($this->config['ldap_server']);
}
if (!$ldap)
{
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => 'LDAP_NO_SERVER_CONNECTION',
'user_row' => array('user_id' => ANONYMOUS),
);
}
@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
if ($this->config['ldap_user'] || $this->config['ldap_password'])
{
if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password'])))
{
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => 'LDAP_NO_SERVER_CONNECTION',
'user_row' => array('user_id' => ANONYMOUS),
);
}
}
$search = @ldap_search(
$ldap,
htmlspecialchars_decode($this->config['ldap_base_dn']),
$this->ldap_user_filter($username),
(empty($this->config['ldap_email'])) ?
array(htmlspecialchars_decode($this->config['ldap_uid'])) :
array(htmlspecialchars_decode($this->config['ldap_uid']), htmlspecialchars_decode($this->config['ldap_email'])),
0,
1
);
$ldap_result = @ldap_get_entries($ldap, $search);
if (is_array($ldap_result) && sizeof($ldap_result) > 1)
{
if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password)))
{
@ldap_close($ldap);
$sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($username)) . "'";
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if ($row)
{
unset($ldap_result);
// User inactive...
if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
{
return array(
'status' => LOGIN_ERROR_ACTIVE,
'error_msg' => 'ACTIVE_ERROR',
'user_row' => $row,
);
}
// Successful login... set user_login_attempts to zero...
return array(
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => $row,
);
}
else
{
// retrieve default group id
$sql = 'SELECT group_id
FROM ' . GROUPS_TABLE . "
WHERE group_name = '" . $this->db->sql_escape('REGISTERED') . "'
AND group_type = " . GROUP_SPECIAL;
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if (!$row)
{
trigger_error('NO_GROUP');
}
// generate user account data
$ldap_user_row = array(
'username' => $username,
'user_password' => phpbb_hash($password),
'user_email' => (!empty($this->config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($this->config['ldap_email'])][0]) : '',
'group_id' => (int) $row['group_id'],
'user_type' => USER_NORMAL,
'user_ip' => $this->user->ip,
'user_new' => ($this->config['new_member_post_limit']) ? 1 : 0,
);
unset($ldap_result);
// this is the user's first login so create an empty profile
return array(
'status' => LOGIN_SUCCESS_CREATE_PROFILE,
'error_msg' => false,
'user_row' => $ldap_user_row,
);
}
}
else
{
unset($ldap_result);
@ldap_close($ldap);
// Give status about wrong password...
return array(
'status' => LOGIN_ERROR_PASSWORD,
'error_msg' => 'LOGIN_ERROR_PASSWORD',
'user_row' => array('user_id' => ANONYMOUS),
);
}
}
@ldap_close($ldap);
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
/**
* {@inheritdoc}
*/
public function autologin()
{
return;
}
/**
* {@inheritdoc}
*/
public function acp($new)
{
$tpl = '
<dl>
<dt><label for="ldap_server">' . $this->user->lang['LDAP_SERVER'] . $this->user->lang['COLON'] . '</label><br /><span>' . $this->user->lang['LDAP_SERVER_EXPLAIN'] . '</span></dt>
<dd><input type="text" id="ldap_server" size="40" name="config[ldap_server]" value="' . $new['ldap_server'] . '" /></dd>
</dl>
<dl>
<dt><label for="ldap_port">' . $this->user->lang['LDAP_PORT'] . $this->user->lang['COLON'] . '</label><br /><span>' . $this->user->lang['LDAP_PORT_EXPLAIN'] . '</span></dt>
<dd><input type="text" id="ldap_port" size="40" name="config[ldap_port]" value="' . $new['ldap_port'] . '" /></dd>
</dl>
<dl>
<dt><label for="ldap_dn">' . $this->user->lang['LDAP_DN'] . $this->user->lang['COLON'] . '</label><br /><span>' . $this->user->lang['LDAP_DN_EXPLAIN'] . '</span></dt>
<dd><input type="text" id="ldap_dn" size="40" name="config[ldap_base_dn]" value="' . $new['ldap_base_dn'] . '" /></dd>
</dl>
<dl>
<dt><label for="ldap_uid">' . $this->user->lang['LDAP_UID'] . $this->user->lang['COLON'] . '</label><br /><span>' . $this->user->lang['LDAP_UID_EXPLAIN'] . '</span></dt>
<dd><input type="text" id="ldap_uid" size="40" name="config[ldap_uid]" value="' . $new['ldap_uid'] . '" /></dd>
</dl>
<dl>
<dt><label for="ldap_user_filter">' . $this->user->lang['LDAP_USER_FILTER'] . $this->user->lang['COLON'] . '</label><br /><span>' . $this->user->lang['LDAP_USER_FILTER_EXPLAIN'] . '</span></dt>
<dd><input type="text" id="ldap_user_filter" size="40" name="config[ldap_user_filter]" value="' . $new['ldap_user_filter'] . '" /></dd>
</dl>
<dl>
<dt><label for="ldap_email">' . $this->user->lang['LDAP_EMAIL'] . $this->user->lang['COLON'] . '</label><br /><span>' . $this->user->lang['LDAP_EMAIL_EXPLAIN'] . '</span></dt>
<dd><input type="email" id="ldap_email" size="40" name="config[ldap_email]" value="' . $new['ldap_email'] . '" /></dd>
</dl>
<dl>
<dt><label for="ldap_user">' . $this->user->lang['LDAP_USER'] . $this->user->lang['COLON'] . '</label><br /><span>' . $this->user->lang['LDAP_USER_EXPLAIN'] . '</span></dt>
<dd><input type="text" id="ldap_user" size="40" name="config[ldap_user]" value="' . $new['ldap_user'] . '" /></dd>
</dl>
<dl>
<dt><label for="ldap_password">' . $this->user->lang['LDAP_PASSWORD'] . $this->user->lang['COLON'] . '</label><br /><span>' . $this->user->lang['LDAP_PASSWORD_EXPLAIN'] . '</span></dt>
<dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" autocomplete="off" /></dd>
</dl>
';
// These are fields required in the config table
return array(
'tpl' => $tpl,
'config' => array('ldap_server', 'ldap_port', 'ldap_base_dn', 'ldap_uid', 'ldap_user_filter', 'ldap_email', 'ldap_user', 'ldap_password')
);
}
/**
* Generates a filter string for ldap_search to find a user
*
* @param $username string Username identifying the searched user
*
* @return string A filter string for ldap_search
*/
private function ldap_user_filter($username)
{
$filter = '(' . $this->config['ldap_uid'] . '=' . $this->ldap_escape(htmlspecialchars_decode($username)) . ')';
if ($this->config['ldap_user_filter'])
{
$_filter = ($this->config['ldap_user_filter'][0] == '(' && substr($this->config['ldap_user_filter'], -1) == ')') ? $this->config['ldap_user_filter'] : "({$this->config['ldap_user_filter']})";
$filter = "(&{$filter}{$_filter})";
}
return $filter;
}
/**
* Escapes an LDAP AttributeValue
*
* @param string $string The string to be escaped
* @return string The escaped string
*/
private function ldap_escape($string)
{
return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string);
}
/**
* {@inheritdoc}
*/
public function logout($data, $new_session)
{
return;
}
/**
* {@inheritdoc}
*/
public function validate_session($user)
{
return;
}
}

41
phpBB/includes/session.php
View File

@ -207,7 +207,7 @@ class phpbb_session
function session_begin($update_session_page = true)
{
global $phpEx, $SID, $_SID, $_EXTRA_URL, $db, $config, $phpbb_root_path;
global $request;
global $request, $phpbb_container;
// Give us some basic information
$this->time_now = time();
@ -402,15 +402,12 @@ class phpbb_session
// Check whether the session is still valid if we have one
$method = basename(trim($config['auth_method']));
include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
$method = 'validate_session_' . $method;
if (function_exists($method))
$provider = $phpbb_container->get('auth.provider.' . $method);
$ret = $provider->validate_session($this->data);
if ($ret !== null && !$ret)
{
if (!$method($this->data))
{
$session_expired = true;
}
$session_expired = true;
}
if (!$session_expired)
@ -504,7 +501,7 @@ class phpbb_session
*/
function session_create($user_id = false, $set_admin = false, $persist_login = false, $viewonline = true)
{
global $SID, $_SID, $db, $config, $cache, $phpbb_root_path, $phpEx;
global $SID, $_SID, $db, $config, $cache, $phpbb_root_path, $phpEx, $phpbb_container;
$this->data = array();
@ -568,18 +565,14 @@ class phpbb_session
}
$method = basename(trim($config['auth_method']));
include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
$method = 'autologin_' . $method;
if (function_exists($method))
$provider = $phpbb_container->get('auth.provider.' . $method);
$this->data = $provider->autologin();
if (sizeof($this->data))
{
$this->data = $method();
if (sizeof($this->data))
{
$this->cookie_data['k'] = '';
$this->cookie_data['u'] = $this->data['user_id'];
}
$this->cookie_data['k'] = '';
$this->cookie_data['u'] = $this->data['user_id'];
}
// If we're presented with an autologin key we'll join against it.
@ -884,7 +877,7 @@ class phpbb_session
*/
function session_kill($new_session = true)
{
global $SID, $_SID, $db, $config, $phpbb_root_path, $phpEx;
global $SID, $_SID, $db, $config, $phpbb_root_path, $phpEx, $phpbb_container;
$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
WHERE session_id = '" . $db->sql_escape($this->session_id) . "'
@ -893,13 +886,9 @@ class phpbb_session
// Allow connecting logout with external auth method logout
$method = basename(trim($config['auth_method']));
include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
$method = 'logout_' . $method;
if (function_exists($method))
{
$method($this->data, $new_session);
}
$provider = $phpbb_container->get('auth.provider.' . $method);
$provider->logout($this->data, $new_session);
if ($this->data['user_id'] != ANONYMOUS)
{

5
phpBB/install/install_install.php
View File

@ -53,7 +53,7 @@ class install_install extends module
function main($mode, $sub)
{
global $lang, $template, $language, $phpbb_root_path, $phpEx;
global $phpbb_container, $cache, $phpbb_log;
global $phpbb_container, $cache, $phpbb_log, $request;
switch ($sub)
{
@ -102,6 +102,9 @@ class install_install extends module
break;
case 'final':
// Enable super globals to prevent issues with the new phpbb_request object
$request->enable_super_globals();
// Create a normal container now
$phpbb_container = phpbb_create_default_container($phpbb_root_path, $phpEx);

33
tests/auth/fixtures/user.xml Normal file
View File

@ -0,0 +1,33 @@
<?xml version="1.0" encoding="UTF-8" ?>
<dataset>
<table name="phpbb_users">
<column>user_id</column>
<column>username</column>
<column>username_clean</column>
<column>user_password</column>
<column>user_passchg</column>
<column>user_pass_convert</column>
<column>user_email</column>
<column>user_type</column>
<column>user_login_attempts</column>
<column>user_permissions</column>
<column>user_sig</column>
<column>user_occ</column>
<column>user_interests</column>
<row>
<value>1</value>
<value>foobar</value>
<value>foobar</value>
<value>$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/</value>
<value>0</value>
<value>0</value>
<value>example@example.com</value>
<value>0</value>
<value>0</value>
<value></value>
<value></value>
<value></value>
<value></value>
</row>
</table>
</dataset>

206
tests/auth/provider_apache_test.php Normal file
View File

@ -0,0 +1,206 @@
<?php
/**
*
* @package testing
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
require_once dirname(__FILE__).'/../../phpBB/includes/functions.php';
class phpbb_auth_provider_apache_test extends phpbb_database_test_case
{
protected $provider;
protected $user;
protected $request;
protected function setup()
{
parent::setUp();
global $phpbb_root_path, $phpEx;
$db = $this->new_dbal();
$config = new phpbb_config(array());
$this->request = $this->getMock('phpbb_request');
$this->user = $this->getMock('phpbb_user');
$this->provider = new phpbb_auth_provider_apache($db, $config, $this->request, $this->user, $phpbb_root_path, $phpEx);
}
public function getDataSet()
{
return $this->createXMLDataSet(dirname(__FILE__).'/fixtures/user.xml');
}
/**
* Test to see if a user is identified to Apache. Expects false if they are.
*/
public function test_init()
{
$this->user->data['username'] = 'foobar';
$this->request->expects($this->once())
->method('is_set')
->with('PHP_AUTH_USER',
phpbb_request_interface::SERVER)
->will($this->returnValue(true));
$this->request->expects($this->once())
->method('server')
->with('PHP_AUTH_USER')
->will($this->returnValue('foobar'));
$this->assertFalse($this->provider->init());
}
public function test_login()
{
$username = 'foobar';
$password = 'example';
$this->request->expects($this->once())
->method('is_set')
->with('PHP_AUTH_USER',
phpbb_request_interface::SERVER)
->will($this->returnValue(true));
$this->request->expects($this->at(1))
->method('server')
->with('PHP_AUTH_USER')
->will($this->returnValue('foobar'));
$this->request->expects($this->at(2))
->method('server')
->with('PHP_AUTH_PW')
->will($this->returnValue('example'));
$expected = array(
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => array(
'user_id' => '1',
'username' => 'foobar',
'user_password' => '$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/',
'user_passchg' => '0',
'user_email' => 'example@example.com',
'user_type' => '0',
),
);
$this->assertEquals($expected, $this->provider->login($username, $password));
}
public function test_autologin()
{
$this->request->expects($this->once())
->method('is_set')
->with('PHP_AUTH_USER',
phpbb_request_interface::SERVER)
->will($this->returnValue(true));
$this->request->expects($this->at(1))
->method('server')
->with('PHP_AUTH_USER')
->will($this->returnValue('foobar'));
$this->request->expects($this->at(2))
->method('server')
->with('PHP_AUTH_PW')
->will($this->returnValue('example'));
$expected = array(
'user_id' => '1',
'user_type' => '0',
'group_id' => '3',
'user_permissions' => '',
'user_perm_from' => '0',
'user_ip' => '',
'user_regdate' => '0',
'username' => 'foobar',
'username_clean' => 'foobar',
'user_password' => '$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/',
'user_passchg' => '0',
'user_pass_convert' => '0',
'user_email' => 'example@example.com',
'user_email_hash' => '0',
'user_birthday' => '',
'user_lastvisit' => '0',
'user_lastmark' => '0',
'user_lastpost_time' => '0',
'user_lastpage' => '',
'user_last_confirm_key' => '',
'user_last_search' => '0',
'user_warnings' => '0',
'user_last_warning' => '0',
'user_login_attempts' => '0',
'user_inactive_reason' => '0',
'user_inactive_time' => '0',
'user_posts' => '0',
'user_lang' => '',
'user_timezone' => 'UTC',
'user_dateformat' => 'd M Y H:i',
'user_style' => '0',
'user_rank' => '0',
'user_colour' => '',
'user_new_privmsg' => '0',
'user_unread_privmsg' => '0',
'user_last_privmsg' => '0',
'user_message_rules' => '0',
'user_full_folder' => '-3',
'user_emailtime' => '0',
'user_topic_show_days' => '0',
'user_topic_sortby_type' => 't',
'user_topic_sortby_dir' => 'd',
'user_post_show_days' => '0',
'user_post_sortby_type' => 't',
'user_post_sortby_dir' => 'a',
'user_notify' => '0',
'user_notify_pm' => '1',
'user_notify_type' => '0',
'user_allow_pm' => '1',
'user_allow_viewonline' => '1',
'user_allow_viewemail' => '1',
'user_allow_massemail' => '1',
'user_options' => '230271',
'user_avatar' => '',
'user_avatar_type' => '',
'user_avatar_width' => '0',
'user_avatar_height' => '0',
'user_sig' => '',
'user_sig_bbcode_uid' => '',
'user_sig_bbcode_bitfield' => '',
'user_from' => '',
'user_icq' => '',
'user_aim' => '',
'user_yim' => '',
'user_msnm' => '',
'user_jabber' => '',
'user_website' => '',
'user_occ' => '',
'user_interests' => '',
'user_actkey' => '',
'user_newpasswd' => '',
'user_form_salt' => '',
'user_new' => '1',
'user_reminded' => '0',
'user_reminded_time' => '0',
);
$this->assertEquals($expected, $this->provider->autologin());
}
public function test_validate_session()
{
$user = array(
'username' => 'foobar',
'user_type'
);
$this->request->expects($this->once())
->method('is_set')
->with('PHP_AUTH_USER',
phpbb_request_interface::SERVER)
->will($this->returnValue(true));
$this->request->expects($this->once())
->method('server')
->with('PHP_AUTH_USER')
->will($this->returnValue('foobar'));
$this->assertTrue($this->provider->validate_session($user));
}
}

50
tests/auth/provider_db_test.php Normal file
View File

@ -0,0 +1,50 @@
<?php
/**
*
* @package testing
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
require_once dirname(__FILE__).'/../../phpBB/includes/functions.php';
class phpbb_auth_provider_db_test extends phpbb_database_test_case
{
public function getDataSet()
{
return $this->createXMLDataSet(dirname(__FILE__).'/fixtures/user.xml');
}
public function test_login()
{
global $phpbb_root_path, $phpEx;
$db = $this->new_dbal();
$config = new phpbb_config(array(
'ip_login_limit_max' => 0,
'ip_login_limit_use_forwarded' => 0,
'max_login_attempts' => 0,
));
$request = $this->getMock('phpbb_request');
$user = $this->getMock('phpbb_user');
$provider = new phpbb_auth_provider_db($db, $config, $request, $user, $phpbb_root_path, $phpEx);
$expected = array(
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => array(
'user_id' => '1',
'username' => 'foobar',
'user_password' => '$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/',
'user_passchg' => '0',
'user_pass_convert' => '0',
'user_email' => 'example@example.com',
'user_type' => '0',
'user_login_attempts' => '0',
),
);
$this->assertEquals($expected, $provider->login('foobar', 'example'));
}
}

13
tests/session/continue_test.php
View File

@ -53,7 +53,20 @@ class phpbb_session_continue_test extends phpbb_database_test_case
*/
public function test_session_begin_valid_session($session_id, $user_id, $user_agent, $ip, $expected_sessions, $expected_cookies, $message)
{
global $phpbb_container, $phpbb_root_path, $phpEx;
$db = $this->new_dbal();
$config = new phpbb_config(array());
$request = $this->getMock('phpbb_request');
$user = $this->getMock('phpbb_user');
$auth_provider = new phpbb_auth_provider_db($db, $config, $request, $user, $phpbb_root_path, $phpEx);
$phpbb_container = $this->getMock('Symfony\Component\DependencyInjection\ContainerInterface');
$phpbb_container->expects($this->any())
->method('get')
->with('auth.provider.db')
->will($this->returnValue($auth_provider));
$session_factory = new phpbb_session_testable_factory;
$session_factory->set_cookies(array(
'_sid' => $session_id,

13
tests/session/creation_test.php
View File

@ -20,7 +20,20 @@ class phpbb_session_creation_test extends phpbb_database_test_case
public function test_login_session_create()
{
global $phpbb_container, $phpbb_root_path, $phpEx;
$db = $this->new_dbal();
$config = new phpbb_config(array());
$request = $this->getMock('phpbb_request');
$user = $this->getMock('phpbb_user');
$auth_provider = new phpbb_auth_provider_db($db, $config, $request, $user, $phpbb_root_path, $phpEx);
$phpbb_container = $this->getMock('Symfony\Component\DependencyInjection\ContainerInterface');
$phpbb_container->expects($this->any())
->method('get')
->with('auth.provider.db')
->will($this->returnValue($auth_provider));
$session_factory = new phpbb_session_testable_factory;
$session = $session_factory->get_session($db);