phpBB3 include snippets
File auth_django.php
1<?php
2/**
3* Django auth plug-in for phpBB3
4*
5* @package login
6* @copyright (c) 2007 Resolver Systems
7* @license http://opensource.org/licenses/gpl-license.php GNU Public License
8*
9*/
10
11/**
12* @ignore
13*/
14if (!defined('IN_PHPBB'))
15{
16 exit;
17}
18
19require_once("getdjangouser.php");
20include_once($phpbb_root_path . 'includes/utf/utf_tools.' . $phpEx);
21
22
23/**
24 * Sanity check - don't let someone set the auth mode to use Django unless
25 * they themselves are already logged into Django as a real phpBB user.
26 *
27 * @return boolean|string false if the user is identified and else an error message
28 */
29function init_django()
30{
31 global $user;
32
33 $djangoUser = GetDjangoUser();
34 if (!isset($djangoUser) || strtolower($user->data['username']) !== strtolower($djangoUser['username']))
35 {
36 return "You cannot set up Django authentication unless you are logged into Django";
37 }
38 return false;
39}
40
41/**
42* Login function
43*/
44function login_django(&$username, &$password)
45{
46 global $db;
47
48 // do not allow empty password
49 if (!$password)
50 {
51 return array(
52 'status' => LOGIN_BREAK,
53 'error_msg' => 'NO_PASSWORD_SUPPLIED',
54 );
55 }
56
57 $djangoUser = GetDjangoUser();
58 if (!isset($djangoUser))
59 {
60 return array(
61 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
62 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH',
63 'user_row' => array('user_id' => ANONYMOUS),
64 );
65 }
66
67 $php_auth_user = strtolower($djangoUser['username']);
68 $php_auth_pw = "pretend password";
69
70 if (!empty($php_auth_user) && !empty($php_auth_pw))
71 {
72 if ($php_auth_user !== strtolower($username))
73 {
74 return array(
75 'status' => LOGIN_ERROR_USERNAME,
76 'error_msg' => 'LOGIN_ERROR_USERNAME',
77 'user_row' => array('user_id' => ANONYMOUS),
78 );
79 }
80
81 $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
82 FROM ' . USERS_TABLE . "
83 WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; //FIXME might have a problem
84 $result = $db->sql_query($sql);
85 $row = $db->sql_fetchrow($result);
86 $db->sql_freeresult($result);
87
88 if ($row)
89 {
90 // User inactive...
91 if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
92 {
93 return array(
94 'status' => LOGIN_ERROR_ACTIVE,
95 'error_msg' => 'ACTIVE_ERROR',
96 'user_row' => $row,
97 );
98 }
99
100 // Successful login...
101 return array(
102 'status' => LOGIN_SUCCESS,
103 'error_msg' => false,
104 'user_row' => $row,
105 );
106 }
107
108 // this is the user's first login so create an empty profile
109 return array(
110 'status' => LOGIN_SUCCESS_CREATE_PROFILE,
111 'error_msg' => false,
112 'user_row' => user_row_django($php_auth_user, $php_auth_pw),
113 );
114 }
115
116 // Not logged into our website
117 return array(
118 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
119 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH',
120 'user_row' => array('user_id' => ANONYMOUS),
121 );
122}
123
124/**
125* Autologin function
126*
127* @return array containing the user row or empty if no auto login should take place
128*/
129function autologin_django()
130{
131 global $db;
132
133 $djangoUser = GetDjangoUser();
134 if (!isset($djangoUser))
135 {
136 return array();
137 }
138 $php_auth_user = $djangoUser['username'];
139 $php_auth_email = $djangoUser['email'];
140 $php_auth_pw = "pretend password";
141
142 if (!empty($php_auth_user) && !empty($php_auth_pw))
143 {
144// set_var($php_auth_user, $php_auth_user, 'string');
145 set_var($php_auth_email, $php_auth_email, 'string');
146 set_var($php_auth_pw, $php_auth_pw, 'string');
147
148 $sql = 'SELECT *
149 FROM ' . USERS_TABLE . "
150 WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($php_auth_user)) . "'";
151 $result = $db->sql_query($sql);
152 $row = $db->sql_fetchrow($result);
153 $db->sql_freeresult($result);
154
155 if ($row)
156 {
157 return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row;
158 }
159
160 if (!function_exists('user_add'))
161 {
162 global $phpbb_root_path, $phpEx;
163
164 include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
165 }
166
167 // create the user if he does not exist yet
168 user_add(user_row_django($php_auth_user, $php_auth_pw, $php_auth_email));
169
170 $sql = 'SELECT *
171 FROM ' . USERS_TABLE . "
172 WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($php_auth_user)) . "'";
173
174 $result = $db->sql_query($sql);
175 $row = $db->sql_fetchrow($result);
176 $db->sql_freeresult($result);
177
178 if ($row)
179 {
180 return $row;
181 }
182 }
183
184 return array();
185}
186
187/**
188* This function generates an array which can be passed to the user_add function in order to create a user
189*/
190function user_row_django($username, $password, $email)
191{
192 global $db, $config, $user;
193 // first retrieve default group id
194 $sql = 'SELECT group_id
195 FROM ' . GROUPS_TABLE . "
196 WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
197 AND group_type = " . GROUP_SPECIAL;
198 $result = $db->sql_query($sql);
199 $row = $db->sql_fetchrow($result);
200 $db->sql_freeresult($result);
201
202 if (!$row)
203 {
204 trigger_error('NO_GROUP');
205 }
206
207 // generate user account data
208 return array(
209 'username' => $username,
210 'user_password' => phpbb_hash($password),
211 'user_email' => $email,
212 'group_id' => (int) $row['group_id'],
213 'user_type' => USER_NORMAL,
214 'user_ip' => $user->ip,
215 );
216}
217
218/**
219* The session validation function checks whether the user is still logged in
220*
221* @return boolean true if the given user is authenticated or false if the session should be closed
222*/
223function validate_session_django(&$user)
224{
225 $djangoUser = GetDjangoUser();
226 if (!isset($djangoUser))
227 {
228 return false;
229 }
230
231 $php_auth_user = '';
232 set_var($php_auth_user, strtolower($djangoUser['username']), 'string');
233
234 return ($php_auth_user === strtolower($user['username'])) ? true : false;
235}
236?>
File getdjangouser.php
1<?php
2
3
4function GetDBSession()
5{
6 global $django_dbname, $django_dbuser, $django_dbpasswd;
7 $dbSession = pg_connect("dbname={$django_dbname} user=${django_dbuser} password={$django_dbpasswd}");
8 if (!$dbSession)
9 {
10 throw new Exception("cannot connect to DBMS: " . pg_last_error());
11 }
12
13 return $dbSession;
14}
15
16
17function GetDjangoUser()
18{
19 global $django_session_cookie;
20 $djangoSessionID = $_COOKIE[$django_session_cookie];
21 if(!$djangoSessionID){
22 $djangoSessionID = $_COOKIE['sessionid'];
23 }
24
25 $dbSession = GetDBSession();
26 $query =
27 "SELECT u.username as username, u.email as email ".
28 " FROM users_user u, sessionprofile_sessionprofile sp" .
29 " WHERE sp.session_key = '" . pg_escape_string($djangoSessionID) . "' " .
30 " AND u.id = sp.user_id
31 AND u.is_active = True";
32 $queryID = pg_query($dbSession, $query);
33
34 if (!$queryID)
35 {
36 throw new Exception("Could not check whether user was logged in: " , pg_last_error());
37 }
38
39 $row = pg_fetch_array($queryID);
40 if ($row)
41 {
42 return $row;
43 }
44
45 pg_close($dbSession);
46
47 return null;
48}
49
50?>