Some changes to the returned data format + cleanups

git-svn-id: file:///svn/phpbb/trunk@3622 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/includes/auth/auth_apache.php

@@ -1,24 +1,32 @@
 <?php
 
+// Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
 //
-// Authentication plug-ins is largely down to
-// Sergey Kanareykin, our thanks to him.
+// This is for initial authentication via Apaches basic realm authentication methods,
+// user data is then obtained from the integrated user table
 //
+// You can do any kind of checking you like here ... the return data format is
+// either the resulting row of user information, an integer zero (indicating an
+// inactive user) or some error string
 function login_apache(&$username, &$password)
 {
-	global $HTTP_SERVER_VARS, $HTTP_ENV_VARS;
+	global $db;
 
-	$php_auth_user = ( !empty($HTTP_SERVER_VARS['PHP_AUTH_USER']) ) ? $HTTP_SERVER_VARS['PHP_AUTH_USER'] : $HTTP_GET_VARS['PHP_AUTH_USER'];
-	$php_auth_pw = ( !empty($HTTP_SERVER_VARS['PHP_AUTH_PW']) ) ? $HTTP_SERVER_VARS['PHP_AUTH_PW'] : $HTTP_GET_VARS['PHP_AUTH_PW'];
+	$php_auth_user = (!empty($_SERVER['PHP_AUTH_USER'])) ? $_SERVER['PHP_AUTH_USER'] : $_GET['PHP_AUTH_USER'];
+	$php_auth_pw = (!empty($_SERVER['PHP_AUTH_PW'])) ? $_SERVER['PHP_AUTH_PW'] : $_GET['PHP_AUTH_PW'];
 
-	if ( $php_auth_user && $php_auth_pw )
+	if ($php_auth_user && $php_auth_pw)
 	{
 		$sql = "SELECT user_id, username, user_password, user_email, user_active
 			FROM " . USERS_TABLE . "
-			WHERE username = '" . str_replace("\'", "''", $username) . "'";
+			WHERE username = '" . $db->sql_escape($username) . "'";
 		$result = $db->sql_query($sql);
 
-		return ( $row = $db->sql_fetchrow($result) ) ? $row : false;
+		if ($row = $db->sql_fetchrow($result))
+		{
+			$db->sql_freeresult($result);
+			return (empty($row['user_active'])) ? 0 : $row;
+		}
 	}
 
 	return false;