Blame Identity/Webenv/phpBB/3.0.4/includes/auth/auth_db.php

ef5584
ef5584
/**
ef5584
* Database auth plug-in for phpBB3
ef5584
*
ef5584
* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
ef5584
*
ef5584
* This is for authentication via the integrated user table
ef5584
*
ef5584
* @package login
ef5584
* @version $Id: auth_db.php 8479 2008-03-29 00:22:48Z naderman $
ef5584
* @copyright (c) 2005 phpBB Group
ef5584
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
ef5584
*
ef5584
*/
ef5584
ef5584
/**
ef5584
* @ignore
ef5584
*/
ef5584
if (!defined('IN_PHPBB'))
ef5584
{
ef5584
	exit;
ef5584
}
ef5584
ef5584
/**
ef5584
* Login function
ef5584
*/
ef5584
function login_db(&$username, &$password)
ef5584
{
ef5584
	global $db, $config;
ef5584
ef5584
	// do not allow empty password
ef5584
	if (!$password)
ef5584
	{
ef5584
		return array(
ef5584
			'status'	=> LOGIN_ERROR_PASSWORD,
ef5584
			'error_msg'	=> 'NO_PASSWORD_SUPPLIED',
ef5584
			'user_row'	=> array('user_id' => ANONYMOUS),
ef5584
		);
ef5584
	}
ef5584
ef5584
	if (!$username)
ef5584
	{
ef5584
		return array(
ef5584
			'status'	=> LOGIN_ERROR_USERNAME,
ef5584
			'error_msg'	=> 'LOGIN_ERROR_USERNAME',
ef5584
			'user_row'	=> array('user_id' => ANONYMOUS),
ef5584
		);
ef5584
	}
ef5584
ef5584
	$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
ef5584
		FROM ' . USERS_TABLE . "
ef5584
		WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
ef5584
	$result = $db->sql_query($sql);
ef5584
	$row = $db->sql_fetchrow($result);
ef5584
	$db->sql_freeresult($result);
ef5584
ef5584
	if (!$row)
ef5584
	{
ef5584
		return array(
ef5584
			'status'	=> LOGIN_ERROR_USERNAME,
ef5584
			'error_msg'	=> 'LOGIN_ERROR_USERNAME',
ef5584
			'user_row'	=> array('user_id' => ANONYMOUS),
ef5584
		);
ef5584
	}
ef5584
ef5584
	// If there are too much login attempts, we need to check for an confirm image
ef5584
	// Every auth module is able to define what to do by itself...
ef5584
	if ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts'])
ef5584
	{
ef5584
		$confirm_id = request_var('confirm_id', '');
ef5584
		$confirm_code = request_var('confirm_code', '');
ef5584
ef5584
		// Visual Confirmation handling
ef5584
		if (!$confirm_id)
ef5584
		{
ef5584
			return array(
ef5584
				'status'		=> LOGIN_ERROR_ATTEMPTS,
ef5584
				'error_msg'		=> 'LOGIN_ERROR_ATTEMPTS',
ef5584
				'user_row'		=> $row,
ef5584
			);
ef5584
		}
ef5584
		else
ef5584
		{
ef5584
			global $user;
ef5584
ef5584
			$sql = 'SELECT code
ef5584
				FROM ' . CONFIRM_TABLE . "
ef5584
				WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
ef5584
					AND session_id = '" . $db->sql_escape($user->session_id) . "'
ef5584
					AND confirm_type = " . CONFIRM_LOGIN;
ef5584
			$result = $db->sql_query($sql);
ef5584
			$confirm_row = $db->sql_fetchrow($result);
ef5584
			$db->sql_freeresult($result);
ef5584
ef5584
			if ($confirm_row)
ef5584
			{
ef5584
				if (strcasecmp($confirm_row['code'], $confirm_code) === 0)
ef5584
				{
ef5584
					$sql = 'DELETE FROM ' . CONFIRM_TABLE . "
ef5584
						WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
ef5584
							AND session_id = '" . $db->sql_escape($user->session_id) . "'
ef5584
							AND confirm_type = " . CONFIRM_LOGIN;
ef5584
					$db->sql_query($sql);
ef5584
				}
ef5584
				else
ef5584
				{
ef5584
					return array(
ef5584
						'status'		=> LOGIN_ERROR_ATTEMPTS,
ef5584
						'error_msg'		=> 'CONFIRM_CODE_WRONG',
ef5584
						'user_row'		=> $row,
ef5584
					);
ef5584
				}
ef5584
			}
ef5584
			else
ef5584
			{
ef5584
				return array(
ef5584
					'status'		=> LOGIN_ERROR_ATTEMPTS,
ef5584
					'error_msg'		=> 'CONFIRM_CODE_WRONG',
ef5584
					'user_row'		=> $row,
ef5584
				);
ef5584
			}
ef5584
		}
ef5584
	}
ef5584
ef5584
	// If the password convert flag is set we need to convert it
ef5584
	if ($row['user_pass_convert'])
ef5584
	{
ef5584
		// in phpBB2 passwords were used exactly as they were sent, with addslashes applied
ef5584
		$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
ef5584
		$password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
ef5584
		$password_new_format = '';
ef5584
ef5584
		set_var($password_new_format, stripslashes($password_old_format), 'string');
ef5584
ef5584
		if ($password == $password_new_format)
ef5584
		{
ef5584
			if (!function_exists('utf8_to_cp1252'))
ef5584
			{
ef5584
				global $phpbb_root_path, $phpEx;
ef5584
				include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx);
ef5584
			}
ef5584
ef5584
			// cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
ef5584
			if (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])
ef5584
			{
ef5584
				$hash = phpbb_hash($password_new_format);
ef5584
ef5584
				// Update the password in the users table to the new format and remove user_pass_convert flag
ef5584
				$sql = 'UPDATE ' . USERS_TABLE . '
ef5584
					SET user_password = \'' . $db->sql_escape($hash) . '\',
ef5584
						user_pass_convert = 0
ef5584
					WHERE user_id = ' . $row['user_id'];
ef5584
				$db->sql_query($sql);
ef5584
ef5584
				$row['user_pass_convert'] = 0;
ef5584
				$row['user_password'] = $hash;
ef5584
			}
ef5584
			else
ef5584
			{
ef5584
				// Although we weren't able to convert this password we have to
ef5584
				// increase login attempt count to make sure this cannot be exploited
ef5584
				$sql = 'UPDATE ' . USERS_TABLE . '
ef5584
					SET user_login_attempts = user_login_attempts + 1
ef5584
					WHERE user_id = ' . $row['user_id'];
ef5584
				$db->sql_query($sql);
ef5584
ef5584
				return array(
ef5584
					'status'		=> LOGIN_ERROR_PASSWORD_CONVERT,
ef5584
					'error_msg'		=> 'LOGIN_ERROR_PASSWORD_CONVERT',
ef5584
					'user_row'		=> $row,
ef5584
				);
ef5584
			}
ef5584
		}
ef5584
	}
ef5584
ef5584
	// Check password ...
ef5584
	if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password']))
ef5584
	{
ef5584
		// Check for old password hash...
ef5584
		if (strlen($row['user_password']) == 32)
ef5584
		{
ef5584
			$hash = phpbb_hash($password);
ef5584
ef5584
			// Update the password in the users table to the new format
ef5584
			$sql = 'UPDATE ' . USERS_TABLE . "
ef5584
				SET user_password = '" . $db->sql_escape($hash) . "',
ef5584
					user_pass_convert = 0
ef5584
				WHERE user_id = {$row['user_id']}";
ef5584
			$db->sql_query($sql);
ef5584
ef5584
			$row['user_password'] = $hash;
ef5584
		}
ef5584
ef5584
		if ($row['user_login_attempts'] != 0)
ef5584
		{
ef5584
			// Successful, reset login attempts (the user passed all stages)
ef5584
			$sql = 'UPDATE ' . USERS_TABLE . '
ef5584
				SET user_login_attempts = 0
ef5584
				WHERE user_id = ' . $row['user_id'];
ef5584
			$db->sql_query($sql);
ef5584
		}
ef5584
ef5584
		// User inactive...
ef5584
		if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
ef5584
		{
ef5584
			return array(
ef5584
				'status'		=> LOGIN_ERROR_ACTIVE,
ef5584
				'error_msg'		=> 'ACTIVE_ERROR',
ef5584
				'user_row'		=> $row,
ef5584
			);
ef5584
		}
ef5584
ef5584
		// Successful login... set user_login_attempts to zero...
ef5584
		return array(
ef5584
			'status'		=> LOGIN_SUCCESS,
ef5584
			'error_msg'		=> false,
ef5584
			'user_row'		=> $row,
ef5584
		);
ef5584
	}
ef5584
ef5584
	// Password incorrect - increase login attempts
ef5584
	$sql = 'UPDATE ' . USERS_TABLE . '
ef5584
		SET user_login_attempts = user_login_attempts + 1
ef5584
		WHERE user_id = ' . $row['user_id'];
ef5584
	$db->sql_query($sql);
ef5584
ef5584
	// Give status about wrong password...
ef5584
	return array(
ef5584
		'status'		=> LOGIN_ERROR_PASSWORD,
ef5584
		'error_msg'		=> 'LOGIN_ERROR_PASSWORD',
ef5584
		'user_row'		=> $row,
ef5584
	);
ef5584
}
ef5584
ef5584
?>