3 * Database auth plug-in for phpBB3
5 * Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
7 * This is for authentication via the integrated user table
11 * @copyright (c) 2005 phpBB Group
12 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
19 if (!defined('IN_PHPBB'))
24 class phpbb_auth_db
/* extends phpbb_auth */
29 function login(&$username, &$password)
31 // do not allow empty password
35 'status' => LOGIN_ERROR_PASSWORD
,
36 'error_msg' => 'NO_PASSWORD_SUPPLIED',
37 'user_row' => array('user_id' => ANONYMOUS
),
44 'status' => LOGIN_ERROR_USERNAME
,
45 'error_msg' => 'LOGIN_ERROR_USERNAME',
46 'user_row' => array('user_id' => ANONYMOUS
),
50 $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
51 FROM ' . USERS_TABLE
. "
52 WHERE username_clean = '" . phpbb
::$db->sql_escape(utf8_clean_string($username)) . "'";
53 $result = phpbb
::$db->sql_query($sql);
54 $row = phpbb
::$db->sql_fetchrow($result);
55 phpbb
::$db->sql_freeresult($result);
60 'status' => LOGIN_ERROR_USERNAME
,
61 'error_msg' => 'LOGIN_ERROR_USERNAME',
62 'user_row' => array('user_id' => ANONYMOUS
),
66 // If there are too much login attempts, we need to check for an confirm image
67 // Every auth module is able to define what to do by itself...
68 if (phpbb
::$config['max_login_attempts'] && $row['user_login_attempts'] >= phpbb
::$config['max_login_attempts'])
70 $confirm_id = request_var('confirm_id', '');
71 $confirm_code = request_var('confirm_code', '');
73 // Visual Confirmation handling
77 'status' => LOGIN_ERROR_ATTEMPTS
,
78 'error_msg' => 'LOGIN_ERROR_ATTEMPTS',
84 $captcha = phpbb_captcha_factory
::get_instance(phpbb
::$config['captcha_plugin']);
85 $captcha->init(CONFIRM_LOGIN
);
86 $vc_response = $captcha->validate();
90 'status' => LOGIN_ERROR_ATTEMPTS
,
91 'error_msg' => 'LOGIN_ERROR_ATTEMPTS',
99 if (!$row['user_pass_convert'] && phpbb
::$security->check_password($password, $row['user_password']))
101 // Check for old password hash...
102 if (strlen($row['user_password']) == 32)
104 $hash = phpbb
::$security->hash_password($password);
106 // Update the password in the users table to the new format
107 $sql = 'UPDATE ' . USERS_TABLE
. "
108 SET user_password = '" . phpbb
::$db->sql_escape($hash) . "',
109 user_pass_convert = 0
110 WHERE user_id = {$row['user_id']}";
111 phpbb
::$db->sql_query($sql);
113 $row['user_password'] = $hash;
116 if ($row['user_login_attempts'] != 0)
118 // Successful, reset login attempts (the user passed all stages)
119 $sql = 'UPDATE ' . USERS_TABLE
. '
120 SET user_login_attempts = 0
121 WHERE user_id = ' . $row['user_id'];
122 phpbb
::$db->sql_query($sql);
126 if ($row['user_type'] == phpbb
::USER_INACTIVE ||
$row['user_type'] == phpbb
::USER_IGNORE
)
129 'status' => LOGIN_ERROR_ACTIVE
,
130 'error_msg' => 'ACTIVE_ERROR',
135 // Successful login... set user_login_attempts to zero...
137 'status' => LOGIN_SUCCESS
,
138 'error_msg' => false,
143 // Password incorrect - increase login attempts
144 $sql = 'UPDATE ' . USERS_TABLE
. '
145 SET user_login_attempts = user_login_attempts + 1
146 WHERE user_id = ' . $row['user_id'];
147 phpbb
::$db->sql_query($sql);
149 // Give status about wrong password...
151 'status' => LOGIN_ERROR_PASSWORD
,
152 'error_msg' => 'LOGIN_ERROR_PASSWORD',