Jaws auth plugin for phpBB

Transfer content from another CMS, moving to another server or CMS.

Jaws auth plugin for phpBB

Postby mmxbass » Sun Dec 29, 2013 9:54 pm

I thought someone here may find this interesting and/or useful. The code is extremely beta and obviously comes with no guarantee of any kind.

Code: Select all
<?php
/**
* Jaws Project auth plug-in for phpBB3
*
* This is for authentication via the Jaws user table
*
* @package login
* @version $Id$
* @copyright (c) 2014 NeoThinkTank LLC
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/

/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
   exit;
}

/**
* Login function
*/
function login_jaws($username, $password)
{
   global $db;

   // do not allow empty password
   if (!$password)
   {
      return array(
         'status'   => LOGIN_ERROR_PASSWORD,
         'error_msg'   => 'NO_PASSWORD_SUPPLIED',
         'user_row'   => array('user_id' => ANONYMOUS),
      );
   }

   if (!$username)
   {
      return array(
         'status'   => LOGIN_ERROR_USERNAME,
         'error_msg'   => 'LOGIN_ERROR_USERNAME',
         'user_row'   => array('user_id' => ANONYMOUS),
      );
   }
   
   //--
   $sql = 'SELECT * FROM users
         WHERE (username LIKE \''.$db->sql_escape($username).'\')';
   $result = $db->sql_query($sql);
   $jawsUser = $db->sql_fetchrow($result);
   
   if (!$jawsUser)
   {
      return array(
         'status'   => LOGIN_ERROR_USERNAME,
         'error_msg'   => 'LOGIN_ERROR_USERNAME',
         'user_row'   => array('user_id' => ANONYMOUS),
      );
   }
   
   //--
   
   if (!(($jawsUser['password']===md5($password))||($jawsUser['password']===sha1($password))))
   {
      return array(
         'status'   => LOGIN_ERROR_PASSWORD,
         'error_msg'   => 'LOGIN_ERROR_PASSWORD',
         'user_row'   => array('user_id' => ANONYMOUS),
      );
   }
   
   $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
      FROM ' . USERS_TABLE . "
      WHERE username = '" . $db->sql_escape($jawsUser['username']) . "'";
   $result = $db->sql_query($sql);
   $row = $db->sql_fetchrow($result);
   $db->sql_freeresult($result);

   if ($row)
   {
      // User inactive...
      if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
      {
         return array(
            'status'      => LOGIN_ERROR_ACTIVE,
            'error_msg'      => 'ACTIVE_ERROR',
            'user_row'      => $row,
         );
      }

      // Successful login...
      return array(
         'status'      => LOGIN_SUCCESS,
         'error_msg'      => false,
         'user_row'      => $row,
      );
   }

   // this is the user's first login so create an empty profile
   return array(
      'status'      => LOGIN_SUCCESS_CREATE_PROFILE,
      'error_msg'      => false,
      'user_row'      => user_row_jaws($jawsUser),
   );
}

/**
* Autologin function
*
* @return array containing the user row or empty if no auto login should take place
*/
function autologin_jaws()
{
   global $db, $user;

   if (!isset($_COOKIE['JAWSSESSID']))
   {
      return array();
   }
   
   $session = $_COOKIE['JAWSSESSID'];
   $arr = explode("-", $session, 2);
   $sid = $arr[0];
   
   //--
   $sql = 'SELECT users.* FROM users
         INNER JOIN session ON session.user = users.id
         WHERE (sid = \''.$db->sql_escape($sid).'\') AND (ip = \''.ip2long($user->ip).'\') AND ((updatetime + 2592000) > UNIX_TIMESTAMP())';
   $result = $db->sql_query($sql);
   $jawsUser = $db->sql_fetchrow($result);
   //--

   if ($jawsUser)
   {
      $sql = 'SELECT *
         FROM ' . USERS_TABLE . "
         WHERE username = '" . $db->sql_escape($jawsUser['username']) . "'";
      $result = $db->sql_query($sql);
      $row = $db->sql_fetchrow($result);
      $db->sql_freeresult($result);

      if ($row)
      {
         return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row;
      }

      if (!function_exists('user_add'))
      {
         global $phpbb_root_path, $phpEx;

         include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
      }

      // create the user if he does not exist yet
      user_add(user_row_jaws($jawsUser));

      $sql = 'SELECT *
         FROM ' . USERS_TABLE . "
         WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($jawsUser['username'])) . "'";
      $result = $db->sql_query($sql);
      $row = $db->sql_fetchrow($result);
      $db->sql_freeresult($result);

      if ($row)
      {
         return $row;
      }
   }
   return array();
}

/**
* The session validation function checks whether the user is still logged in
*
* @return boolean true if the given user is authenticated or false if the session should be closed
*/
/*function validate_session_jaws($user)
{
   global $db, $user;

   if (!isset($_COOKIE['JAWSSESSID']))
   {
      return array();
   }
   
   $session = $_COOKIE['JAWSSESSID'];
   $arr = explode("-", $session, 2);
   $sid = $arr[0];
   
   //--
   $sql = 'SELECT users.* FROM users
         INNER JOIN session ON session.user = users.id
         WHERE (sid = \''.$db->sql_escape($sid).'\') AND (ip = \''.ip2long($user->ip).'\') AND ((updatetime + 2592000) > UNIX_TIMESTAMP())';
   $result = $db->sql_query($sql);
   $jawsUser = $db->sql_fetchrow($result);
   //--
   
   if (isset($jawsUser)){return ($jawsUser['username'] === $user->username);}
   
   // PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not)
   if ($user['user_type'] == USER_IGNORE){return true;}

   return false;
}*/

function user_row_jaws($jawsUser)
{
   global $db, $config, $user;
   // first retrieve default group id
   $sql = 'SELECT group_id
      FROM ' . GROUPS_TABLE . "
      WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
         AND group_type = " . GROUP_SPECIAL;
   $result = $db->sql_query($sql);
   $row = $db->sql_fetchrow($result);
   $db->sql_freeresult($result);

   if (!$row)
   {
      trigger_error('NO_GROUP');
   }

   // generate user account data
   return array(
      'username'      => $jawsUser['username'],
      'user_password'   => '',
      'user_email'   => $jawsUser['email'],
      'group_id'      => (int) $row['group_id'],
      'user_type'      => USER_NORMAL,
      'user_ip'      => $user->ip,
      'user_new'      => ($config['new_member_post_limit']) ? 1 : 0,
   );
}

?>
mmxbass
 
Posts: 5
Joined: Thu Jun 20, 2013 12:12 pm

Return to Importing and Exporting

Who is online

Users browsing this forum: No registered users and 2 guests

cron