<?php/** * Database auth plug-in for PHPBB - Wordpress Connector * * T

1. <?php
2.  
3. /**
4.  * Database auth plug-in for PHPBB - Wordpress Connector
5.  *
6.  * This is for authentication via the integrated user table
7.  *
8.  * @package login
9.  * @version 0.9
10.  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
11.  *
12.  */
13. //Doesn't load it in the admin area of the plugin, or it will make a conflict
14. if ($_GET['i'] != 'board' && $_GET['mode'] != 'auth') {
15.     include(dirname(__FILE__) . '/auth_db.php');
16. }
17.  
18.  
19. /**
20.  * @ignore
21.  */
22. if (!defined('IN_PHPBB')) {
23.     exit;
24. }
25.  
26. function init_wpbb()
27. {
28.  
29. }
30.  
31. // Provide option for WordPress path
32. function acp_wpbb(&$new)
33. {
34.     // These are fields required in the config table
35.     $tpl = '
36.     <dl>
37.         <dt><label for="op_path">WordPress Path:</label><br /><span>This is the path to your WordPress installation relative to the site\'s root directory.  Most users will not need to change this.</span></dt>
38.         <dd><input type="text" id="wpbb_path" size="40" name="config[wpbb_path]" value="' . $new['wpbb_path'] . '" /></dd>
39.     </dl>
40.     ';
41.  
42.     return array(
43.         'tpl' => $tpl,
44.         'config' => array('wpbb_path')
45.     );
46. }
47.  
48. /**
49.  * Login function
50.  */
51. function login_wpbb(&$username, &$password)
52. {
53.     global $db, $config;
54.  
55.     //checks if Wordpress is loaded, if not uses simple authentication
56.     if (function_exists('wp_signon')) {
57.  
58.         //Manage Autologin -> transfer from BB to WP
59.         if (!empty($_POST['autologin'])) {
60.             $_POST['rememberme'] = 'forever';
61.         }
62.  
63.         global $current_user;
64.  
65.         /*
66.          * * Exists in PHPBB ?
67.          */
68.         $username = strtolower($username);
69.         $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
70.                FROM ' . USERS_TABLE . "
71.                WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
72.         $result = $db->sql_query($sql);
73.         $phpBB_user = $db->sql_fetchrow($result);
74.  
75.         /*
76.          * * Exists in WP ?
77.          */
78.         //SYNC to WP
79.         wpbb_WordPress::loadAdminAPI();
80.  
81.         if (isset($current_user)) {
82.             wp_clear_auth_cookie();
83.         }
84.  
85.         if (
86.             is_ssl() && force_ssl_login() && !force_ssl_admin()
87.             && (0 !== strpos($redirect_to, 'https')) && (0 === strpos($redirect_to, 'http'))
88.         ) {
89.             $secure_cookie = false;
90.         } else {
91.             $secure_cookie = '';
92.         }
93.  
94.         // Use the wp_signon function to get the object of our user from WP
95.         $wp_user = wp_signon(
96.             array(
97.                 'user_login' => $username,
98.                 'user_password' => html_entity_decode($password)
99.             ),
100.             $secure_cookie
101.         );
102.  
103.  
104.         // Flag whether or not the user exists in wordpress
105.         $in_wp = isset($wp_user->errors['invalid_username']) || ($wp_user->ID == 0 && !isset($wp_user->errors['incorrect_password'])) ? FALSE : TRUE;
106.  
107.         //WP 0 BB 1 ?
108.         if ($phpBB_user && !$in_wp) { //if he doesn't exist creates the user in wordpress
109.             $username = $phpBB_user['username'];
110.  
111.             $user_row = array(
112.                 'username' => $username,
113.                 'email' => $phpBB_user['user_email'] ? $phpBB_user['user_email'] : '',
114.                 'password' => html_entity_decode($password)
115.             );
116.  
117.             $wp_user = wpbb_WordPress::addUser($user_row);
118.  
119.             $wp_user = wp_signon(
120.                 array(
121.                     'user_login' => $username,
122.                     'user_password' => html_entity_decode($password)
123.                 ),
124.                 $secure_cookie
125.             );
126.         } else {
127.             if (!$phpBB_user && $in_wp) {
128.                 $email = $wp_user->user_email ? $wp_user->user_email : '';
129.  
130.                 // since group IDs may change, use a query to make sure it is the right default group.
131.                 $sql = 'SELECT group_id FROM ' . GROUPS_TABLE . " WHERE group_name = '" .
132.                     $db->sql_escape(REGISTERED) . "' AND group_type = " . GROUP_SPECIAL;
133.                 $result = $db->sql_query($sql);
134.  
135.                 $row = $db->sql_fetchrow($result);
136.                 $group_id = $row['group_id'];
137.  
138.                 $user_row = array(
139.                     'username' => $username,
140.                     'user_password' => phpbb_hash($password),
141.                     'group_id' => $group_id,
142.                     'user_email' => $email,
143.                     'user_type' => 0
144.                 );
145.  
146.                 $id = wpbb_phpBB3::addUser($user_row);
147.                 $phpBB_user = wpbb_phpBB3::getUserById($id);
148.             }
149.         }
150.  
151.         //logon phpBB is the access right in wordpress ?
152.         if (wp_check_password($password, $wp_user->user_pass, $wp_user->ID)) {
153.             wpbb_phpBB3::changePassword($username, $password);
154.  
155.             return array(
156.                 'status' => LOGIN_SUCCESS,
157.                 'error_msg' => false,
158.                 'user_row' => $phpBB_user,
159.             );
160.         } else {
161.             return array(
162.                 'status' => LOGIN_ERROR_PASSWORD,
163.                 'error_msg' => 'LOGIN_ERROR_PASSWORD',
164.                 'user_row' => $phpBB_user,
165.             );
166.         }
167.     }
168.     return login_db($username, $password);
169. }
170.  
171. //Executed when the session is closed
172. function logout_wpbb($data, $new_session)
173. {
174.     if (function_exists('wp_clear_auth_cookie')) { //if WP is loaded
175.         wp_clear_auth_cookie();
176.     }
177.     return $data;
178. }
179.  
180. function validate_session_wpbb()
181. {
182.     global $phpbb_root_path, $phpEx;
183.     // Need to block registrations for users that already exist
184.     $mode = request_var('mode', '');
185.  
186.     /**
187.      *  There's no hook for password changing in phpBB so we have to reuse validation technique from ucp_profile.php
188.      */
189.     if ($mode == 'reg_details' && !empty($_POST['submit'])) { // password and email changing
190.         global $auth, $config, $user;
191.  
192.         $data = array(
193.             'username' => utf8_normalize_nfc(request_var('username', $user->data['username'], true)),
194.             'email' => strtolower(request_var('email', $user->data['user_email'])),
195.             'email_confirm' => strtolower(request_var('email_confirm', '')),
196.             'new_password' => request_var('new_password', '', true),
197.             'cur_password' => request_var('cur_password', '', true),
198.             'password_confirm' => request_var('password_confirm', '', true),
199.         );
200.  
201.         // Do not check cur_password, it is the old one.
202.         $check_ary = array(
203.             'new_password' => array(
204.                 array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
205.                 array('password')
206.             ),
207.             'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars'])
208.         );
209.  
210.         if ($auth->acl_get('u_chgname') && $config['allow_namechange']) {
211.             $check_ary['username'] = array(
212.                 array('string', false, $config['min_name_chars'], $config['max_name_chars']),
213.                 array('username')
214.             );
215.         }
216.  
217.         if (sizeof(validate_data($data, $check_ary))) {
218.             return true;
219.         }
220.         if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && $data['password_confirm'] != $data['new_password']) {
221.             return true;
222.         }
223.         if (
224.             (
225.                 $data['new_password']
226.                 || ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'])
227.                 || ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])
228.             ) && !phpbb_check_hash($data['cur_password'], $user->data['user_password'])
229.         ) {
230.             return true;
231.         }
232.  
233.         if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'] && $data['email_confirm'] != $data['email']) {
234.             return true;
235.         }
236.  
237.         define('WP_ADMIN', true);
238.         wpbb_WordPress::loadAdminAPI();
239.         wpbb_WordPress::updateUser($data);
240.     }
241.  
242.     if ($mode != 'register' || !request_var('username', '', true)) {
243.         return true;
244.     }
245.  
246.     if ($user->data['is_registered'] || isset($_REQUEST['not_agreed'])) { //FIX BY BRIAN PAN
247.         //if(wpbb_userExists($username, 'phpbb')){
248.         // User exists, TODO -- notify user somehow
249.         redirect(append_sid($phpbb_root_path . 'index' . $phpEx));
250.     } else {
251.         return true;
252.     }
253. }