phpBB 3.x API Registration Mod v6+ ejabberd exauth

<?php

// Prepare the script to work within phpBB's environment.
define('IN_PHPBB', true);
$phpbb_root_path = '../';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
include($phpbb_root_path . '/includes/functions_user.' . $phpEx);

$doLog = false;
$logHandle = null;
$logfile = "/var/www/forum/xmlrpclog/exauth_phpbb_forumxmlrpc.log";

if ($doLog) {
    $logHandle = fopen($logfile, "a") or die("Error opening log file: ". $logfile);
}

LogExAuth('Received exauth request from ejabberd');

// Hidden secret to confirm we are allowed to request this data (might be handled differently in the future)
$secret = md5(md5($config['eveapi_ejabber_code']));

$type = request_var('type', "");
$result = false;

LogExAuth('Type detected: ' . $type);

if($type != "" && $config['eveapi_jabber_masterswitch'] && $config['eveapi_ejabber_switch'])
{
    LogExAuth('Jabber is enabled on forum. Checking Challenge... ');
    $challenge = request_var('challenge', '');

    if($challenge == $secret)
    {
        LogExAuth('Challenge matches. Checking type: ' . $type);
        if($type == "checkAuth")
        {
            $user = sanitizeUser(urldecode(request_var('user', '')));
            $pass = urldecode(request_var('pass', ''));

            $pass = base64_decode($pass);

            $result = checkAuth($user, $pass);
        }
        elseif($type == "isUser")
        {
            LogExAuth('Received isUser request');
            $user = sanitizeUser(urldecode(request_var('user', '')));

            LogExAuth('Checking if "' . $user . '" is a valid user.');

            $usernames = array($user);
            $userids = array();

            $id = user_get_id_name($userids, $usernames, array(0, 3));
            LogExAuth('Result from user_get_id_name is: ' . $id);
            if($id === false)
            {
                $result = true;
            } else {

            }
        }
    }
}

$response_text = ($result) ? "true" : "false";

header("Content-Type:text/xml");

echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<result>\n";
echo "<response>{$response_text}</response>\n";
echo "</result>\n";

// --------------------------------------------

function checkAuth($username, $password)
{
    global $db, $config;

    // do not allow empty password
    if (!$password)
    {
        return false;
    }

    if (!$username)
    {
        return false;
    }

    $username_clean = utf8_clean_string($username);

    $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
        FROM ' . USERS_TABLE . "
        WHERE username_clean = '" . $db->sql_escape($username_clean) . "'";
    $result = $db->sql_query($sql);
    $row = $db->sql_fetchrow($result);
    $db->sql_freeresult($result);

    if (!$row)
    {
        return false;
    }

    if($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts'])
    {
        return false;
    }

    // Check password ...
    if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password']))
    {
        $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
            WHERE user_id = ' . $row['user_id'];
        $db->sql_query($sql);

        if ($row['user_login_attempts'] != 0)
        {
            // Successful, reset login attempts (the user passed all stages)
            $sql = 'UPDATE ' . USERS_TABLE . '
                SET user_login_attempts = 0
                WHERE user_id = ' . $row['user_id'];
            $db->sql_query($sql);
        }

        // User inactive...
        if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
        {
            return false;
        }

        // Successful login... set user_login_attempts to zero...
        return true;
    }

    // Password incorrect - increase login attempts
    $sql = 'UPDATE ' . USERS_TABLE . '
        SET user_login_attempts = user_login_attempts + 1
        WHERE user_id = ' . (int) $row['user_id'] . '
            AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
    $db->sql_query($sql);

    // Give status about wrong password...
    return false;
}


function LogExAuth($msg, $timestamp = true) {
    global $doLog, $logHandle;

    $time = "";
    if($timestamp)
    {
        $time = "[" . date("D d M Y H:i:s") . "]";
    }

    if($doLog && is_resource($logHandle))
    {
        fwrite($logHandle, $time ." ". $msg ."\n");
    }
}

/**
 * Sanitize users
 *
 * Convert a jabber JID to a Forum Username
 * - perform base64 decode of incoming username
 * - replace underscores with spaces
 * - check if the resulting username is one of the difficult cases where special characters
 *   were removed from the JID and convert to the correct forum username.
 *
 * @param string $username Base64-encoded username coming from ejabberd external auth.
 * @return string sanitized username in a format that phpbb should recognize.
 */
function sanitizeUser($username)
{
    $username = strtolower(str_replace("_", " ", base64_decode($username)));

    $difficultUsers = array(
        "difficult user" => "difficult 'user",
    );

    if (array_key_exists($username, $difficultUsers)) {
        $username = $difficultUsers[$username];
    }

    return $username;
}


//Close log handler
if (is_resource($logHandle)){
    fclose($logHandle);
}

?>