3 * Apache auth plug-in for phpBB3
5 * Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
9 * @copyright (c) 2005 phpBB Group
10 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
17 if (!defined('IN_PHPBB'))
23 * Checks whether the user is identified to apache
24 * Only allow changing authentication to apache if the user is identified
25 * Called in acp_board while setting authentication plugins
27 * @return boolean|string false if the user is identified and else an error message
29 function init_apache()
31 if (!isset($_SERVER['PHP_AUTH_USER']) || phpbb
::$user->data
['username'] !== $_SERVER['PHP_AUTH_USER'])
33 return phpbb
::$user->lang
['APACHE_SETUP_BEFORE_USE'];
41 function login_apache(&$username, &$password)
43 // do not allow empty password
47 'status' => LOGIN_ERROR_PASSWORD
,
48 'error_msg' => 'NO_PASSWORD_SUPPLIED',
49 'user_row' => array('user_id' => ANONYMOUS
),
56 'status' => LOGIN_ERROR_USERNAME
,
57 'error_msg' => 'LOGIN_ERROR_USERNAME',
58 'user_row' => array('user_id' => ANONYMOUS
),
62 if (!isset($_SERVER['PHP_AUTH_USER']))
65 'status' => LOGIN_ERROR_EXTERNAL_AUTH
,
66 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
67 'user_row' => array('user_id' => ANONYMOUS
),
71 $php_auth_user = $_SERVER['PHP_AUTH_USER'];
72 $php_auth_pw = $_SERVER['PHP_AUTH_PW'];
74 if (!empty($php_auth_user) && !empty($php_auth_pw))
76 if ($php_auth_user !== $username)
79 'status' => LOGIN_ERROR_USERNAME
,
80 'error_msg' => 'LOGIN_ERROR_USERNAME',
81 'user_row' => array('user_id' => ANONYMOUS
),
85 $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
86 FROM ' . USERS_TABLE
. "
87 WHERE username = '" . phpbb
::$db->sql_escape($php_auth_user) . "'";
88 $result = phpbb
::$db->sql_query($sql);
89 $row = phpbb
::$db->sql_fetchrow($result);
90 phpbb
::$db->sql_freeresult($result);
95 if ($row['user_type'] == phpbb
::USER_INACTIVE ||
$row['user_type'] == phpbb
::USER_IGNORE
)
98 'status' => LOGIN_ERROR_ACTIVE
,
99 'error_msg' => 'ACTIVE_ERROR',
104 // Successful login...
106 'status' => LOGIN_SUCCESS
,
107 'error_msg' => false,
112 // this is the user's first login so create an empty profile
114 'status' => LOGIN_SUCCESS_CREATE_PROFILE
,
115 'error_msg' => false,
116 'user_row' => user_row_apache($php_auth_user, $php_auth_pw),
120 // Not logged into apache
122 'status' => LOGIN_ERROR_EXTERNAL_AUTH
,
123 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
124 'user_row' => array('user_id' => ANONYMOUS
),
131 * @return array containing the user row or empty if no auto login should take place
133 function autologin_apache()
135 if (!isset($_SERVER['PHP_AUTH_USER']))
140 $php_auth_user = $_SERVER['PHP_AUTH_USER'];
141 $php_auth_pw = $_SERVER['PHP_AUTH_PW'];
143 if (!empty($php_auth_user) && !empty($php_auth_pw))
145 set_var($php_auth_user, $php_auth_user, 'string', true);
146 set_var($php_auth_pw, $php_auth_pw, 'string', true);
149 FROM ' . USERS_TABLE
. "
150 WHERE username = '" . phpbb
::$db->sql_escape($php_auth_user) . "'";
151 $result = phpbb
::$db->sql_query($sql);
152 $row = phpbb
::$db->sql_fetchrow($result);
153 phpbb
::$db->sql_freeresult($result);
157 return ($row['user_type'] == phpbb
::USER_INACTIVE ||
$row['user_type'] == phpbb
::USER_IGNORE
) ?
array() : $row;
160 if (!function_exists('user_add'))
162 include(PHPBB_ROOT_PATH
. 'includes/functions_user.' . PHP_EXT
);
165 // create the user if he does not exist yet
166 user_add(user_row_apache($php_auth_user, $php_auth_pw));
169 FROM ' . USERS_TABLE
. "
170 WHERE username_clean = '" . phpbb
::$db->sql_escape(utf8_clean_string($php_auth_user)) . "'";
171 $result = phpbb
::$db->sql_query($sql);
172 $row = phpbb
::$db->sql_fetchrow($result);
173 phpbb
::$db->sql_freeresult($result);
185 * This function generates an array which can be passed to the user_add function in order to create a user
187 function user_row_apache($username, $password)
189 // first retrieve default group id
190 $sql = 'SELECT group_id
191 FROM ' . GROUPS_TABLE
. "
192 WHERE group_name_clean = '" . phpbb
::$db->sql_escape('registered') . "'
193 AND group_type = " . GROUP_SPECIAL
;
194 $result = phpbb
::$db->sql_query($sql);
195 $row = phpbb
::$db->sql_fetchrow($result);
196 phpbb
::$db->sql_freeresult($result);
200 trigger_error('NO_GROUP');
203 // generate user account data
205 'username' => $username,
206 'user_password' => phpbb_hash($password),
208 'group_id' => (int) $row['group_id'],
209 'user_type' => phpbb
::USER_NORMAL
,
210 'user_ip' => phpbb
::$user->ip
,
215 * The session validation function checks whether the user is still logged in
217 * @return boolean true if the given user is authenticated or false if the session should be closed
219 function validate_session_apache(&$user)
221 // We only need to check authenticated users. For anonymous user as well as bots the session of course did not expire.
222 if ($user['user_id'] == ANONYMOUS
)
227 // Checking for a bot is a bit mroe complicated... but we are able to check this with the user type (anonymous has the same as bots)
228 if ($user['user_type'] == USER_IGNORE
)
233 if (!isset($_SERVER['PHP_AUTH_USER']))
236 set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string', true);
238 return ($php_auth_user === $user['username']) ?
true : false;
241 // PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not)
242 if ($user['user_type'] == USER_IGNORE
)