1
diff -Nur a/adm/index.php b/adm/index.php
2
--- a/adm/index.php 2008-12-13 02:20:38.000000000 +1100
3
+++ b/adm/index.php 2009-02-18 11:53:53.000000000 +1100
5
$user->setup('acp/common');
6
// End session management
8
-// Have they authenticated (again) as an admin for this session?
9
-if (!isset($user->data['session_admin']) || !$user->data['session_admin'])
11
- login_box('', $user->lang['LOGIN_ADMIN_CONFIRM'], $user->lang['LOGIN_ADMIN_SUCCESS'], true, false);
14
// Is user any type of admin? No, then stop here, each script needs to
15
// check specific permissions but this is a catchall
16
if (!$auth->acl_get('a_'))
17
diff -Nur a/config.php b/config.php
18
--- a/config.php 2009-02-18 11:47:04.000000000 +1100
19
+++ b/config.php 2009-02-18 12:21:14.000000000 +1100
22
$load_extensions = '';
24
+$ivle_secret = '<FORUM SECRET>';
26
@define('PHPBB_INSTALLED', true);
27
// @define('DEBUG', true);
28
// @define('DEBUG_EXTRA', true);
29
diff -Nur a/includes/session.php b/includes/session.php
30
--- a/includes/session.php 2008-12-13 02:20:37.000000000 +1100
31
+++ b/includes/session.php 2009-02-18 12:32:37.000000000 +1100
33
$this->data = $db->sql_fetchrow($result);
34
$db->sql_freeresult($result);
37
+ $ivle_userid = $this->ivle_auth();
38
+ if ($ivle_userid && ($ivle_userid != $this->data['user_id']))
40
+ return $this->session_create($ivle_userid);
43
// Did the session exist in the DB?
44
if (isset($this->data['user_id']))
46
@@ -2228,6 +2235,135 @@
52
+ * This function attempts to authenticate from a signed cookie provided by
53
+ * IVLE. If it does it will return either the forum user_id for the logged in
54
+ * IVLE user or will create a new one on-the-fly.
56
+ * If the cookie is bad, the ANONYMOUS user will be returned.
58
+ function ivle_auth()
60
+ global $db, $phpbb_root_path, $phpEx;
62
+ // Get the IVLE shared secret from config.php.
63
+ require($phpbb_root_path . 'config.' . $phpEx);
66
+ $ivle_cookie = explode(':',$_COOKIE['ivleforumcookie']);
68
+ if ($ivle_cookie == "NONE") {
72
+ // Decode and unescape the Cookie contents
73
+ $ivle_uid = urldecode($ivle_cookie[0]);
74
+ $ivle_nick = urldecode($ivle_cookie[1]);
75
+ $ivle_email = urldecode($ivle_cookie[2]);
76
+ $ivle_role = urldecode($ivle_cookie[3]);
77
+ $ivle_hash = $ivle_cookie[4];
79
+ // Check if uid + nick + email + secret is the same as the hash
80
+ if(md5($ivle_cookie[0].$ivle_cookie[1].$ivle_cookie[2].
81
+ $ivle_cookie[3].$ivle_secret) == $ivle_hash)
83
+ // Check if the user exists in the database
84
+ $sql = 'SELECT user_id
85
+ FROM ' . USERS_TABLE . "
86
+ WHERE username = '" . $db->sql_escape($ivle_uid) . "';";
87
+ $result = $db->sql_query($sql);
88
+ $row = $db->sql_fetchrow($result);
89
+ $user_id = $row['user_id'];
90
+ $db->sql_freeresult($result);
92
+ // If no user_id is found for the username, create a new user
95
+ // Needed for IVLE auth overide
96
+ include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
98
+ // Add all users to the Registered Group
99
+ $sql = 'SELECT group_id
100
+ FROM ' . GROUPS_TABLE . "
101
+ WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
102
+ AND group_type = " . GROUP_SPECIAL;
103
+ $result = $db->sql_query($sql);
104
+ $row = $db->sql_fetchrow($result);
105
+ $db->sql_freeresult($result);
108
+ trigger_error('NO_GROUP');
111
+ $group_id = $row['group_id'];
113
+ // Get the Time and Timezone
114
+ $timezone = date('Z') / 3600;
115
+ $is_dst = date('I');
116
+ $timezone = ($is_dst) ? $timezone - 1 : $timezone;
120
+ 'username' => $ivle_uid,
121
+ 'user_password' => '', # Not a valid hash
122
+ 'user_email' => $ivle_email,
123
+ 'group_id' => (int) $group_id,
124
+ 'user_timezone' => (float) $timezone,
125
+ 'user_dst' => $is_dst,
126
+ 'user_lang' => 'en',
127
+ 'user_type' => USER_NORMAL,
128
+ 'user_actkey' => '',
129
+ 'user_ip' => $this->ip,
130
+ 'user_regdate' => time(),
131
+ 'user_inactive_reason' => 0,
132
+ 'user_inactive_time' => 0,
136
+ $user_id = user_add($user_row);
138
+ // Add any aditional groups
139
+ // Select the equvialent group
144
+ $group = 'ADMINISTRATORS';
147
+ $group = 'GLOBAL_MODERATORS';
152
+ // Find the group_id
153
+ $sql = 'SELECT group_id
154
+ FROM ' . GROUPS_TABLE . "
155
+ WHERE group_name = '" . $db->sql_escape($group) . "'
156
+ AND group_type = " . GROUP_SPECIAL;
158
+ $result = $db->sql_query($sql);
159
+ $row = $db->sql_fetchrow($result);
160
+ $db->sql_freeresult($result);
164
+ trigger_error('NO_GROUP');
167
+ $group_id = $row['group_id'];
169
+ group_user_add($group_id,Array($user_id));
182
diff -Nur a/styles/prosilver/template/index_body.html b/styles/prosilver/template/index_body.html
183
--- a/styles/prosilver/template/index_body.html 2008-12-13 02:20:37.000000000 +1100
184
+++ b/styles/prosilver/template/index_body.html 2009-02-18 12:05:36.000000000 +1100
187
<!-- INCLUDE forumlist_body.html -->
189
-<!-- IF not S_USER_LOGGED_IN and not S_IS_BOT -->
190
- <form method="post" action="{S_LOGIN_ACTION}" class="headerspace">
191
- <h3><a href="{U_LOGIN_LOGOUT}">{L_LOGIN_LOGOUT}</a><!-- IF S_REGISTER_ENABLED --> • <a href="{U_REGISTER}">{L_REGISTER}</a><!-- ENDIF --></h3>
192
- <fieldset class="quick-login">
193
- <label for="username">{L_USERNAME}:</label> <input type="text" name="username" id="username" size="10" class="inputbox" title="{L_USERNAME}" />
194
- <label for="password">{L_PASSWORD}:</label> <input type="password" name="password" id="password" size="10" class="inputbox" title="{L_PASSWORD}" />
195
- <!-- IF S_AUTOLOGIN_ENABLED -->
196
- | <label for="autologin">{L_LOG_ME_IN} <input type="checkbox" name="autologin" id="autologin" /></label>
198
- <input type="submit" name="login" value="{L_LOGIN}" class="button2" />
203
<!-- IF S_DISPLAY_ONLINE_LIST -->
204
<!-- IF U_VIEWONLINE --><h3><a href="{U_VIEWONLINE}">{L_WHO_IS_ONLINE}</a></h3><!-- ELSE --><h3>{L_WHO_IS_ONLINE}</h3><!-- ENDIF -->
205
<p>{TOTAL_USERS_ONLINE} ({L_ONLINE_EXPLAIN})<br />{RECORD_USERS}<br /> <br />{LOGGED_IN_USER_LIST}
206
diff -Nur a/styles/prosilver/template/overall_header.html b/styles/prosilver/template/overall_header.html
207
--- a/styles/prosilver/template/overall_header.html 2008-12-13 02:20:37.000000000 +1100
208
+++ b/styles/prosilver/template/overall_header.html 2009-02-18 12:06:22.000000000 +1100
210
<li class="icon-faq"><a href="{U_FAQ}" title="{L_FAQ_EXPLAIN}">{L_FAQ}</a></li>
211
<!-- IF not S_IS_BOT -->
212
<!-- IF S_DISPLAY_MEMBERLIST --><li class="icon-members"><a href="{U_MEMBERLIST}" title="{L_MEMBERLIST_EXPLAIN}">{L_MEMBERLIST}</a></li><!-- ENDIF -->
213
- <!-- IF not S_USER_LOGGED_IN and S_REGISTER_ENABLED --><li class="icon-register"><a href="{U_REGISTER}">{L_REGISTER}</a></li><!-- ENDIF -->
214
- <li class="icon-logout"><a href="{U_LOGIN_LOGOUT}" title="{L_LOGIN_LOGOUT}" accesskey="l">{L_LOGIN_LOGOUT}</a></li>
added
removed
ivle/webapp/forum/phpbb3.diff
