« back to all changes in this revision
Viewing changes to www/php/phpBB3/includes/session.php
- browse files at revision 493
- compare with another revision
- compare with revision 1092.1.27
- download diff
- download tarball
- view history from revision 493
- Committer: dcoles
- Date: 2008-02-18 05:57:58 UTC
- Revision ID: svn-v3-trunk0:2b9c9e99-6f39-0410-b283-7f802c844ae2:trunk:493
session.php: More interfaceing between IVLE and phpBB. Adds groups, emails and
a few other nifty features (like setting the right cookies with a better HMAC).
a few other nifty features (like setting the right cookies with a better HMAC).
- files added:
- lib/common/forumutil.py
- files modified:
- www/apps/forum/__init__.py
added
removed
www/php/phpBB3/includes/session.php
183
183
// Add forum to the page for tracking online users - also adding a "x" to the end to properly identify the number
184
184
$this->page['page'] .= (isset($_REQUEST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . (int) $_REQUEST['f'] . 'x' : '';
185
185
186
if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u']))
187
{
188
$this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true);
189
$this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '', false, true);
190
$this->session_id = request_var($config['cookie_name'] . '_sid', '', false, true);
191
192
$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
193
$_SID = (defined('NEED_SID')) ? $this->session_id : '';
194
195
if (empty($this->session_id))
196
{
197
$this->session_id = $_SID = request_var('sid', '');
198
$SID = '?sid=' . $this->session_id;
199
$this->cookie_data = array('u' => 0, 'k' => '');
200
}
201
}
202
else
203
{
204
$this->session_id = $_SID = request_var('sid', '');
205
$SID = '?sid=' . $this->session_id;
206
}
186
187
if (isset($_COOKIE[$config['cookie_name'] . '_sid']) ||
188
isset($_COOKIE[$config['cookie_name'] . '_u']))
189
{
190
$this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0,
191
false, true);
192
$this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '',
193
false, true);
194
$this->session_id = request_var($config['cookie_name'] . '_sid', '',
195
false, true);
196
197
$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
198
$_SID = (defined('NEED_SID')) ? $this->session_id : '';
199
200
if (empty($this->session_id))
201
{
202
$this->session_id = $_SID = request_var('sid', '');
203
$SID = '?sid=' . $this->session_id;
204
$this->cookie_data = array('u' => 0, 'k' => '');
205
}
206
}
207
else
208
{
209
$this->session_id = $_SID = request_var('sid', '');
210
$SID = '?sid=' . $this->session_id;
211
}
207
212
208
213
$_EXTRA_URL = array();
209
214
234
239
FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u
235
240
WHERE s.session_id = '" . $db->sql_escape($this->session_id) . "'
236
241
AND u.user_id = s.session_user_id";
237
$result = $db->sql_query($sql);
242
$result = $db->sql_query($sql);
238
243
$this->data = $db->sql_fetchrow($result);
239
244
$db->sql_freeresult($result);
240
245
246
// IVLE
247
$ivle_userid = $this->ivle_auth();
248
if ($ivle_userid and $ivle_userid != $this->data['user_id']) {
249
#$this->session_kill();
250
#trigger_error($ivle_userid);
251
return $this->session_create($ivle_userid);
252
}
253
241
254
// Did the session exist in the DB?
242
255
if (isset($this->data['user_id']))
243
256
{
244
257
// Validate IP length according to admin ... enforces an IP
245
258
// check on bots if admin requires this
246
// $quadcheck = ($config['ip_check_bot'] && $this->data['user_type'] & USER_BOT) ? 4 : $config['ip_check'];
259
// $quadcheck = ($config['ip_check_bot'] && $this->data['user_type'] & USER_BOT) ? 4 : $config['ip_check'];
247
260
248
261
if (strpos($this->ip, ':') !== false && strpos($this->data['session_ip'], ':') !== false)
249
262
{
357
370
$this->session_gc();
358
371
}*/
359
372
360
// Shared secret between IVLE and the Forum
361
$ivle_secret = 'VERYSECRET';
362
363
// Shared Cookie
364
$ivle_cookie = $_COOKIE['ivlecookie'];
365
366
// Decode and unescape the Cookie contents
367
$cookie = explode(':',$ivle_cookie);
368
$ivle_uid = preg_replace('/\\\(.)/','$1',$cookie[0]);
369
$ivle_nick = preg_replace('/\\\(.)/','$1',$cookie[1]);
370
$ivle_email = preg_replace('/\\\(.)/','$1',$cookie[2]);
371
$ivle_hash = preg_replace('/\\\(.)/','$1',$cookie[3]);
372
373
// Check if uid + nick + email + secret is the same as the hash
374
$ivle_auth = False; // Flag just incase anything else need to know
375
if (md5($ivle_uid.$ivle_nick.$ivle_email.$ivle_secret) == $ivle_hash) {
376
$ivle_auth = True;
377
378
// Check if the user exists in the database
379
$sql = 'SELECT user_id
380
FROM ' . USERS_TABLE . '
381
WHERE username = "' . $db->sql_escape($ivle_uid) . '";';
382
$result = $db->sql_query($sql);
383
$row = $db->sql_fetchrow($result);
384
$user_id = $row['user_id'];
385
$db->sql_freeresult($result);
386
387
// If no user_id is found for the username, create a new user
388
if(!$user_id) {
389
// Needed for IVLE auth overide
390
include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
391
392
// Get the default group
393
$sql = 'SELECT group_id
394
FROM ' . GROUPS_TABLE . "
395
WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
396
AND group_type = " . GROUP_SPECIAL;
397
$result = $db->sql_query($sql);
398
$row = $db->sql_fetchrow($result);
399
$db->sql_freeresult($result);
400
401
if (!$row) {
402
trigger_error('NO_GROUP');
403
}
404
405
$group_id = $row['group_id'];
406
407
// Get the Time and Timezone
408
$timezone = date('Z') / 3600;
409
$is_dst = date('I');
410
$timezone = ($is_dst) ? $timezone - 1 : $timezone;
411
412
$user_row = array(
413
'username' => $ivle_uid,
414
'user_password' => '', # Not a valid hash
415
'user_email' => $ivle_email,
416
'group_id' => (int) $group_id,
417
'user_timezone' => (float) $timezone,
418
'user_dst' => $is_dst,
419
'user_lang' => 'en',
420
'user_type' => USER_NORMAL,
421
'user_actkey' => '',
422
'user_ip' => $this->ip,
423
'user_regdate' => time(),
424
'user_inactive_reason' => 0,
425
'user_inactive_time' => 0,
426
);
427
428
// Add user
429
$user_id = user_add($user_row);
430
}
431
}
432
/* IVLE: End of IVLE Code */
433
434
435
373
// Do we allow autologin on this board? No? Then override anything
436
374
// that may be requested here
437
375
if (!$config['allow_autologin'])
456
394
}
457
395
458
396
// If ip is supplied, we will make sure the ip is matching too...
459
if ($row['bot_ip'] && ($bot || !$row['bot_agent']))
397
if ($row['bot_ip'] && ($bot || !$row['bot_agent']))
460
398
{
461
399
// Set bot to false, then we only have to set it to true if it is matching
462
400
$bot = false;
1094
1032
if (empty($this->session_id))
1095
1033
{
1096
1034
// This seems to be no longer needed? - #14971
1097
// $this->session_create(ANONYMOUS);
1035
//$this->session_create(ANONYMOUS);
1098
1036
}
1099
1037
1100
1038
// Initiate environment ... since it won't be set at this stage
2010
1948
{
2011
1949
return $var;
2012
1950
}
2013
}
1951
}
1952
1953
/** IVLE AUTH
1954
* This function attempts to authenticate from a signed cookie provided by
1955
* IVLE. If it does it will return either the forum user_id for the logged in
1956
* IVLE user or will create a new one on-the-fly.
1957
*
1958
* If a bad authentication is given then the ANONAMOUS user will be returned
1959
*/
1960
function ivle_auth()
1961
{
1962
global $db, $phpEx;
1963
1964
// Shared secret between IVLE and the Forum
1965
$ivle_secret = 'VERYSECRET';
1966
1967
// Shared Cookie
1968
$ivle_cookie = explode(':',$_COOKIE['ivleforumcookie']);
1969
1970
if ($ivle_cookie == "NONE") {
1971
return ANONYMOUS;
1972
}
1973
1974
// Decode and unescape the Cookie contents
1975
$ivle_uid = urldecode($ivle_cookie[0]);
1976
$ivle_nick = urldecode($ivle_cookie[1]);
1977
$ivle_email = urldecode($ivle_cookie[2]);
1978
$ivle_role = urldecode($ivle_cookie[3]);
1979
$ivle_hash = $ivle_cookie[4];
1980
1981
// Check if uid + nick + email + secret is the same as the hash
1982
//$ivle_auth = False; // Flag just incase anything else need to know
1983
if(md5($ivle_cookie[0].$ivle_cookie[1].$ivle_cookie[2].$ivle_cookie[3].$ivle_secret)
1984
== $ivle_hash) {
1985
//$ivle_auth = True;
1986
1987
// Check if the user exists in the database
1988
$sql = 'SELECT user_id
1989
FROM ' . USERS_TABLE . '
1990
WHERE username = "' . $db->sql_escape($ivle_uid) . '";';
1991
$result = $db->sql_query($sql);
1992
$row = $db->sql_fetchrow($result);
1993
$user_id = $row['user_id'];
1994
$db->sql_freeresult($result);
1995
1996
// If no user_id is found for the username, create a new user
1997
if(!$user_id) {
1998
// Needed for IVLE auth overide
1999
include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
2000
2001
// Add all users to the Registered Group
2002
$sql = 'SELECT group_id
2003
FROM ' . GROUPS_TABLE . "
2004
WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
2005
AND group_type = " . GROUP_SPECIAL;
2006
$result = $db->sql_query($sql);
2007
$row = $db->sql_fetchrow($result);
2008
$db->sql_freeresult($result);
2009
2010
if (!$row) {
2011
trigger_error('NO_GROUP');
2012
}
2013
2014
$group_id = $row['group_id'];
2015
2016
// Get the Time and Timezone
2017
$timezone = date('Z') / 3600;
2018
$is_dst = date('I');
2019
$timezone = ($is_dst) ? $timezone - 1 : $timezone;
2020
2021
// Fill into array
2022
$user_row = array(
2023
'username' => $ivle_uid,
2024
'user_password' => '', # Not a valid hash
2025
'user_email' => $ivle_email,
2026
'group_id' => (int) $group_id,
2027
'user_timezone' => (float) $timezone,
2028
'user_dst' => $is_dst,
2029
'user_lang' => 'en',
2030
'user_type' => USER_NORMAL,
2031
'user_actkey' => '',
2032
'user_ip' => $this->ip,
2033
'user_regdate' => time(),
2034
'user_inactive_reason' => 0,
2035
'user_inactive_time' => 0,
2036
);
2037
2038
// Add user
2039
$user_id = user_add($user_row);
2040
2041
// Add any aditional groups
2042
// Select the equvialent group
2043
$group = False;
2044
switch($ivle_role) {
2045
case('admin'):
2046
$group = 'ADMINISTRATORS';
2047
break;
2048
case('lecturer'):
2049
$group = 'GLOBAL_MODERATORS';
2050
break;
2051
}
2052
if ($group) {
2053
// Find the group_id
2054
$sql = 'SELECT group_id
2055
FROM ' . GROUPS_TABLE . "
2056
WHERE group_name = '" . $db->sql_escape($group) . "'
2057
AND group_type = " . GROUP_SPECIAL;
2058
$result = $db->sql_query($sql);
2059
$row = $db->sql_fetchrow($result);
2060
$db->sql_freeresult($result);
2061
2062
if (!$row) {
2063
trigger_error('NO_GROUP');
2064
}
2065
2066
$group_id = $row['group_id'];
2067
2068
group_user_add($group_id,Array($user_id));
2069
}
2070
}
2071
return $user_id;
2072
} else {
2073
return False;
2074
}
2075
}
2014
2076
}
2015
2016
2077
?>
Loggerhead is a web-based interface for Breezy
Version: 2.0.1