<?php/** * <pre> * Invision Power Services * IP.Board v3.4.6 * Login

1. <?php
2.  
3. /**
4. * <pre>
5. * Invision Power Services
6. * IP.Board v3.4.6
7. * Login handler abstraction : Internal Method
8. * Last Updated: $Date: 2013-03-19 18:24:44 -0400 (Tue, 19 Mar 2013) $
9. * </pre>
10. *
11. * @author $Author: bfarber $
12. * @copyright (c) 2001 - 2009 Invision Power Services, Inc.
13. *
14. * @package IP.Board
15. *
16. * @since Tuesday 1st March 2005 (11:52)
17. * @version $Revision: 12088 $
18. * @note Be aware that MOST users will not be able to use this login module "out of the box" and will need to adapt it to suit their specific needs and configuration.
19. */
20.  
21. if ( ! defined( 'IN_IPB' ) )
22. {
23. print "<h1>Incorrect access</h1>You cannot access this file directly. If you have recently upgraded, make sure you upgraded 'admin.php'.";
24. exit();
25. }
26.  
27. class login_external extends login_core implements interface_login
28. {
29. /**
30. * Login method configuration
31. *
32. * @access protected
33. * @var array
34. */
35. protected $method_config = array();
36.  
37. /**
38. * Constructor
39. *
40. * @access public
41. * @param object ipsRegistry reference
42. * @param array Configuration info for this method
43. * @param array Custom configuration info for this method
44. * @return @e void
45. */
46. public function __construct( ipsRegistry $registry, $method, $conf=array() )
47. {
48. $this->method_config = $method;
49. $this->external_conf = $conf;
50.  
51. parent::__construct( $registry );
52. }
53.  
54. /**
55. * Compare passwords
56. *
57. * @access protected
58. * @param string Plain text password
59. * @param array Record from the remote table
60. * @return boolean
61. */
62. protected function _comparePasswords( $password, $remote_member )
63. {
64. $check_pass = $password;
65.  
66. switch( REMOTE_PASSWORD_SCHEME )
67. {
68. case 'md5':
69. $check_pass = md5($password);
70. break;
71.  
72. case 'sha1':
73. $check_pass = sha1($password);
74. break;
75. }
76.  
77. if ( $check_pass == $remote_member[ REMOTE_FIELD_PASS ] )
78. {
79. return true;
80. }
81. else
82. {
83. return false;
84. }
85. }
86.  
87. /**
88. * Authenticate the request
89. *
90. * @access public
91. * @param string Username
92. * @param string Email Address
93. * @param string Password
94. * @return boolean Authentication successful
95. */
96. public function authenticate( $username, $email_address, $password )
97. {
98. //-----------------------------------------
99. // Check admin authentication request
100. //-----------------------------------------
101.  
102. if ( $this->is_admin_auth )
103. {
104. $this->adminAuthLocal( $username, $email_address, $password );
105.  
106. if ( $this->return_code == 'SUCCESS' )
107. {
108. return true;
109. }
110. }
111.  
112. /*-------------------------------------------------------------------------*/
113. // SET UP: Edit DB details to suit
114. /*-------------------------------------------------------------------------*/
115.  
116. define( 'REMOTE_DB_SERVER' , $this->external_conf['REMOTE_DB_SERVER'] );
117. define( 'REMOTE_DB_PORT' , $this->external_conf['REMOTE_DB_PORT'] );
118. define( 'REMOTE_DB_DATABASE', $this->external_conf['REMOTE_DB_DATABASE'] );
119. define( 'REMOTE_DB_USER' , $this->external_conf['REMOTE_DB_USER'] );
120. define( 'REMOTE_DB_PASS' , $this->external_conf['REMOTE_DB_PASS'] );
121.  
122. /*-------------------------------------------------------------------------*/
123. // SET UP: Edit these DB tables to suit
124. /*-------------------------------------------------------------------------*/
125.  
126. define( 'REMOTE_TABLE_NAME' , $this->external_conf['REMOTE_TABLE_NAME'] );
127. define( 'REMOTE_FIELD_NAME' , $this->external_conf['REMOTE_FIELD_NAME'] );
128. define( 'REMOTE_FIELD_PASS' , $this->external_conf['REMOTE_FIELD_PASS'] );
129. define( 'REMOTE_EXTRA_QUERY' , $this->external_conf['REMOTE_EXTRA_QUERY'] );
130. define( 'REMOTE_TABLE_PREFIX', $this->external_conf['REMOTE_TABLE_PREFIX'] );
131. define( 'REMOTE_PASSWORD_SCHEME', $this->external_conf['REMOTE_PASSWORD_SCHEME'] );
132.  
133. //-----------------------------------------
134. // GET DB object
135. //-----------------------------------------
136.  
137. if ( ! class_exists( 'dbMain' ) )
138. {
139. require_once( IPS_KERNEL_PATH.'classDb.php' );/*noLibHook*/
140. require_once( IPS_KERNEL_PATH.'classDb' . ucwords($this->settings['sql_driver']) . '.php' );/*noLibHook*/
141. }
142.  
143. $classname = "db_driver_" . $this->settings['sql_driver'];
144.  
145. $RDB = new $classname;
146.  
147. $RDB->obj['sql_database'] = REMOTE_DB_DATABASE;
148. $RDB->obj['sql_user'] = REMOTE_DB_USER;
149. $RDB->obj['sql_pass'] = REMOTE_DB_PASS;
150. $RDB->obj['sql_host'] = REMOTE_DB_SERVER;
151. $RDB->obj['sql_port'] = REMOTE_DB_PORT;
152. $RDB->obj['sql_tbl_prefix'] = REMOTE_TABLE_PREFIX;
153. $RDB->obj['use_shutdown'] = 0;
154. $RDB->obj['force_new_connection'] = 1;
155.  
156. if( $this->external_conf['REMOTE_SQL_TYPE'] )
157. {
158. $RDB->connect_vars['sql_type'] = $this->external_conf['REMOTE_SQL_TYPE'];
159. }
160.  
161. //--------------------------------
162. // Get a DB connection
163. //--------------------------------
164.  
165. $RDB->connect();
166.  
167. //-----------------------------------------
168. // Get member from remote DB
169. //-----------------------------------------
170.  
171. $remote_member = $RDB->buildAndFetch( array( 'select' => '*',
172. 'from' => REMOTE_TABLE_NAME,
173. 'where' => REMOTE_FIELD_NAME."='".$RDB->addSlashes($username)."' ".REMOTE_EXTRA_QUERY ) );
174.  
175. $RDB->disconnect();
176.  
177. //-----------------------------------------
178. // Check
179. //-----------------------------------------
180.  
181. if ( ! $remote_member[ REMOTE_FIELD_NAME ] )
182. {
183. $this->return_code = 'NO_USER';
184. return false;
185. }
186.  
187. //-----------------------------------------
188. // Check password
189. //-----------------------------------------
190.  
191. $password = html_entity_decode($password, ENT_QUOTES);
192. $html_entities = array( "&#33;", "&#036;", "&#092;" );
193. $replacement_char = array( "!", "$", "\\" );
194. $password = str_replace( $html_entities, $replacement_char, $password );
195.  
196. if ( ! $this->_comparePasswords( $password, $remote_member ) )
197. {
198. $this->return_code = 'WRONG_AUTH';
199. return false;
200. }
201.  
202. //-----------------------------------------
203. // Still here? Then we have a username
204. // and matching password.. so get local member
205. // and see if there's a match.. if not, create
206. // one!
207. //-----------------------------------------
208.  
209. $this->_loadMember( $username );
210.  
211. if ( $this->member_data['member_id'] )
212. {
213. $this->return_code = 'SUCCESS';
214. return false;
215. }
216. else
217. {
218. //-----------------------------------------
219. // Got no member - but auth passed - create?
220. //-----------------------------------------
221.  
222. $this->return_code = 'SUCCESS';
223.  
224. $this->member_data = $this->createLocalMember( array( 'members' => array( 'name' => $username, 'password' => $password, 'email' => $email_address ) ) );
225.  
226. return true;
227. }
228. }
229.  
230. /**
231. * Load a member
232. *
233. * @access protected
234. * @param string Username
235. * @return @e void
236. */
237. protected function _loadMember( $username )
238. {
239. $member = $this->DB->buildAndFetch( array( 'select' => 'member_id', 'from' => 'members', 'where' => "members_l_username='" . strtolower($username) . "'" ) );
240.  
241. if( $member['member_id'] )
242. {
243. $this->member_data = IPSMember::load( $member['member_id'], 'extendedProfile,groups' );
244. }
245. }
246. }