phpBB3 include snippets

File auth_django.php

  1<?php
  2/**
  3* Django auth plug-in for phpBB3
  4*
  5* @package login
  6* @copyright (c) 2007 Resolver Systems
  7* @license http://opensource.org/licenses/gpl-license.php GNU Public License
  8*
  9*/
 10
 11/**
 12* @ignore
 13*/
 14if (!defined('IN_PHPBB'))
 15{
 16  exit;
 17}
 18
 19require_once("getdjangouser.php");
 20include_once($phpbb_root_path . 'includes/utf/utf_tools.' . $phpEx);
 21
 22
 23/**
 24 * Sanity check - don't let someone set the auth mode to use Django unless
 25 * they themselves are already logged into Django as a real phpBB user.
 26 *
 27 * @return boolean|string false if the user is identified and else an error message
 28 */
 29function init_django()
 30{
 31  global $user;
 32
 33  $djangoUser = GetDjangoUser();
 34  if (!isset($djangoUser) || strtolower($user->data['username']) !== strtolower($djangoUser['username']))
 35  {
 36    return "You cannot set up Django authentication unless you are logged into Django";
 37  }
 38  return false;
 39}
 40
 41/**
 42* Login function
 43*/
 44function login_django(&$username, &$password)
 45{
 46  global $db;
 47
 48  // do not allow empty password
 49  if (!$password)
 50  {
 51    return array(
 52      'status'  => LOGIN_BREAK,
 53      'error_msg' => 'NO_PASSWORD_SUPPLIED',
 54    );
 55  }
 56
 57  $djangoUser = GetDjangoUser();
 58  if (!isset($djangoUser))
 59  {
 60    return array(
 61      'status'    => LOGIN_ERROR_EXTERNAL_AUTH,
 62      'error_msg'   => 'LOGIN_ERROR_EXTERNAL_AUTH',
 63      'user_row'    => array('user_id' => ANONYMOUS),
 64    );
 65  }
 66
 67  $php_auth_user = strtolower($djangoUser['username']);
 68  $php_auth_pw = "pretend password";
 69
 70  if (!empty($php_auth_user) && !empty($php_auth_pw))
 71  {
 72    if ($php_auth_user !== strtolower($username))
 73    {
 74      return array(
 75        'status'  => LOGIN_ERROR_USERNAME,
 76        'error_msg' => 'LOGIN_ERROR_USERNAME',
 77        'user_row'  => array('user_id' => ANONYMOUS),
 78      );
 79    }
 80
 81    $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
 82      FROM ' . USERS_TABLE . "
 83      WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; //FIXME might have a problem
 84    $result = $db->sql_query($sql);
 85    $row = $db->sql_fetchrow($result);
 86    $db->sql_freeresult($result);
 87
 88    if ($row)
 89    {
 90      // User inactive...
 91      if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
 92      {
 93        return array(
 94          'status'    => LOGIN_ERROR_ACTIVE,
 95          'error_msg'   => 'ACTIVE_ERROR',
 96          'user_row'    => $row,
 97        );
 98      }
 99
100      // Successful login...
101      return array(
102        'status'    => LOGIN_SUCCESS,
103        'error_msg'   => false,
104        'user_row'    => $row,
105      );
106    }
107
108    // this is the user's first login so create an empty profile
109    return array(
110      'status'    => LOGIN_SUCCESS_CREATE_PROFILE,
111      'error_msg'   => false,
112      'user_row'    => user_row_django($php_auth_user, $php_auth_pw),
113    );
114  }
115
116  // Not logged into our website
117  return array(
118    'status'    => LOGIN_ERROR_EXTERNAL_AUTH,
119    'error_msg'   => 'LOGIN_ERROR_EXTERNAL_AUTH',
120    'user_row'    => array('user_id' => ANONYMOUS),
121  );
122}
123
124/**
125* Autologin function
126*
127* @return array containing the user row or empty if no auto login should take place
128*/
129function autologin_django()
130{
131  global $db;
132
133  $djangoUser = GetDjangoUser();
134  if (!isset($djangoUser))
135  {
136    return array();
137  }
138  $php_auth_user = $djangoUser['username'];
139  $php_auth_email = $djangoUser['email'];
140  $php_auth_pw = "pretend password";
141
142  if (!empty($php_auth_user) && !empty($php_auth_pw))
143  {
144//    set_var($php_auth_user, $php_auth_user, 'string');
145    set_var($php_auth_email, $php_auth_email, 'string');
146    set_var($php_auth_pw, $php_auth_pw, 'string');
147
148    $sql = 'SELECT *
149      FROM ' . USERS_TABLE . "
150      WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($php_auth_user)) . "'";
151    $result = $db->sql_query($sql);
152    $row = $db->sql_fetchrow($result);
153    $db->sql_freeresult($result);
154
155    if ($row)
156    {
157      return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row;
158    }
159
160    if (!function_exists('user_add'))
161    {
162      global $phpbb_root_path, $phpEx;
163
164      include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
165    }
166
167    // create the user if he does not exist yet
168    user_add(user_row_django($php_auth_user, $php_auth_pw, $php_auth_email));
169
170    $sql = 'SELECT *
171      FROM ' . USERS_TABLE . "
172      WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($php_auth_user)) . "'";
173
174    $result = $db->sql_query($sql);
175    $row = $db->sql_fetchrow($result);
176    $db->sql_freeresult($result);
177
178    if ($row)
179    {
180      return $row;
181    }
182  }
183
184  return array();
185}
186
187/**
188* This function generates an array which can be passed to the user_add function in order to create a user
189*/
190function user_row_django($username, $password, $email)
191{
192  global $db, $config, $user;
193  // first retrieve default group id
194  $sql = 'SELECT group_id
195    FROM ' . GROUPS_TABLE . "
196    WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
197      AND group_type = " . GROUP_SPECIAL;
198  $result = $db->sql_query($sql);
199  $row = $db->sql_fetchrow($result);
200  $db->sql_freeresult($result);
201
202  if (!$row)
203  {
204    trigger_error('NO_GROUP');
205  }
206
207  // generate user account data
208  return array(
209    'username'    => $username,
210    'user_password' => phpbb_hash($password),
211    'user_email'  => $email,
212    'group_id'    => (int) $row['group_id'],
213    'user_type'   => USER_NORMAL,
214    'user_ip'   => $user->ip,
215  );
216}
217
218/**
219* The session validation function checks whether the user is still logged in
220*
221* @return boolean true if the given user is authenticated or false if the session should be closed
222*/
223function validate_session_django(&$user)
224{
225  $djangoUser = GetDjangoUser();
226  if (!isset($djangoUser))
227  {
228    return false;
229  }
230
231  $php_auth_user = '';
232  set_var($php_auth_user, strtolower($djangoUser['username']), 'string');
233
234  return ($php_auth_user === strtolower($user['username'])) ? true : false;
235}
236?>

File getdjangouser.php

 1<?php
 2
 3
 4function GetDBSession()
 5{
 6  global $django_dbname, $django_dbuser, $django_dbpasswd;
 7  $dbSession = pg_connect("dbname={$django_dbname} user=${django_dbuser} password={$django_dbpasswd}");
 8  if (!$dbSession)
 9  {
10    throw new Exception("cannot connect to DBMS: " . pg_last_error());
11  }
12
13  return $dbSession;
14}
15
16
17function GetDjangoUser()
18{
19    global $django_session_cookie;
20    $djangoSessionID = $_COOKIE[$django_session_cookie];
21    if(!$djangoSessionID){
22      $djangoSessionID = $_COOKIE['sessionid'];
23    }
24
25    $dbSession = GetDBSession();
26    $query =
27      "SELECT u.username as username, u.email as email ".
28      "  FROM users_user u, sessionprofile_sessionprofile sp" .
29      " WHERE sp.session_key = '" . pg_escape_string($djangoSessionID) . "' " .
30      "   AND u.id = sp.user_id
31          AND u.is_active = True";
32    $queryID = pg_query($dbSession, $query);
33
34    if (!$queryID)
35    {
36      throw new Exception("Could not check whether user was logged in: " , pg_last_error());
37    }
38
39    $row = pg_fetch_array($queryID);
40    if ($row)
41    {
42      return $row;
43    }
44
45    pg_close($dbSession);
46
47    return null;
48}
49
50?>