- display age in user profile and make it available on viewtopic

- various tiny bugfixes including [Bug #2351] [Bug #2549] [Bug #2681] [Bug #3015]
- strip first, then change newlines [Bug #2403]
- added support for creating user profiles to the login function (makes use of user_add), triggered by LOGIN_SUCCESS_CREATE_PROFILE constant
- moved newest user updating from ucp_register to user_add function
- renamed the admin_ auth module function to acp_
- added initialisation code to auth_apache which checks whether it will work
- added user_add support to both auth_ldap and auth_apache
- some auth_ldap tweaks, should work with users deeper in the organisation structure too now
- adjusted global topics in mcp_report to work like mcp_queue


git-svn-id: file:///svn/phpbb/trunk@6151 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/includes/auth/auth_apache.php

@@ -4,13 +4,6 @@
 *
 * Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
 *
-* This is for initial authentication via Apaches basic realm authentication methods,
-* user data is then obtained from the integrated user table
-*
-* You can do any kind of checking you like here ... the return data format is
-* either the resulting row of user information, an integer zero (indicating an
-* inactive user) or some error string
-*
 * @package login
 * @version $Id$
 * @copyright (c) 2005 phpBB Group 
@@ -18,6 +11,24 @@
 *
 */
 
+/**
+* Checks whether the user is identified to apache
+* Only allow changing authentication to apache if the user is identified
+* Called in acp_board while setting authentication plugins
+*
+* @return boolean|string false if the user is identified and else an error message
+*/
+function init_apache()
+{
+	global $user;
+
+	if (!isset($_SERVER['PHP_AUTH_USER']) || $user->data['username'] !== $_SERVER['PHP_AUTH_USER'])
+	{
+		return $user->lang['APACHE_SETUP_BEFORE_USE'];
+	}
+	return false;
+}
+
 /**
 * Login function
 */
@@ -25,11 +36,29 @@ function login_apache(&$username, &$password)
 {
 	global $db;
 
+	if (!isset($_SERVER['PHP_AUTH_USER']))
+	{
+		return array(
+			'status'		=> LOGIN_ERROR_EXTERNAL_AUTH,
+			'error_msg'		=> 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
+			'user_row'		=> array('user_id' => ANONYMOUS),
+		);
+	}
+
 	$php_auth_user = $_SERVER['PHP_AUTH_USER'];
 	$php_auth_pw = $_SERVER['PHP_AUTH_PW'];
 
 	if (!empty($php_auth_user) && !empty($php_auth_pw))
 	{
+		if ($php_auth_user !== $username)
+		{
+			return array(
+				'status'	=> LOGIN_ERROR_USERNAME,
+				'error_msg'	=> 'LOGIN_ERROR_USERNAME',
+				'user_row'	=> array('user_id' => ANONYMOUS),
+			);
+		}
+
 		$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type 
 			FROM ' . USERS_TABLE . "
 			WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
@@ -57,11 +86,11 @@ function login_apache(&$username, &$password)
 			);
 		}
 
-		// the user does not exist
+		// this is the user's first login so create an empty profile
 		return array(
-			'status'	=> LOGIN_ERROR_USERNAME,
-			'error_msg'	=> 'LOGIN_ERROR_USERNAME',
-			'user_row'	=> array('user_id' => ANONYMOUS),
+			'status'		=> LOGIN_SUCCESS_CREATE_PROFILE,
+			'error_msg'		=> false,
+			'user_row'		=> user_row_apache($php_auth_user, $php_auth_pw),
 		);
 	}
 
@@ -82,6 +111,11 @@ function autologin_apache()
 {
 	global $db;
 
+	if (!isset($_SERVER['PHP_AUTH_USER']))
+	{
+		return array();
+	}
+
 	$php_auth_user = $_SERVER['PHP_AUTH_USER'];
 	$php_auth_pw = $_SERVER['PHP_AUTH_PW'];
 
@@ -98,11 +132,57 @@ function autologin_apache()
 		{
 			return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row;
 		}
+
+		// create the user if he does not exist yet
+		user_add(user_row_apache($php_auth_user, $php_auth_pw));
+
+		$sql = 'SELECT *
+			FROM ' . USERS_TABLE . "
+			WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
+		$result = $db->sql_query($sql);
+		$row = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
+
+		if ($row)
+		{
+			return $row;
+		}
 	}
 
 	return array();
 }
 
+/**
+* This function generates an array which can be passed to the user_add function in order to create a user
+*/
+function user_row_apache($username, $password)
+{
+	global $db, $config, $user;
+	// first retrieve default group id
+	$sql = 'SELECT group_id
+		FROM ' . GROUPS_TABLE . "
+		WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
+			AND group_type = " . GROUP_SPECIAL;
+	$result = $db->sql_query($sql);
+	$row = $db->sql_fetchrow($result);
+	$db->sql_freeresult($result);
+
+	if (!$row)
+	{
+		trigger_error('NO_GROUP');
+	}
+
+	// generate user account data
+	return array(
+		'username'		=> $username,
+		'user_password'	=> $password,
+		'user_email'	=> '',
+		'group_id'		=> (int) $row['group_id'],
+		'user_type'		=> USER_NORMAL,
+		'user_ip'		=> $user->ip,
+	);
+}
+
 /**
 * The session validation function checks whether the user is still logged in
 *
@@ -110,7 +190,7 @@ function autologin_apache()
 */
 function validate_session_apache(&$user)
 {
-	return ($_SERVER['PHP_AUTH_USER'] === $user['username']) ? true : false;
+	return (isset($_SERVER['PHP_AUTH_USER']) && ($_SERVER['PHP_AUTH_USER'] === $user['username'])) ? true : false;
 }
 
 ?>