« back to all changes in this revision
Viewing changes to www/php/phpBB3/includes/session.php
- browse files at revision 671
- compare with another revision
- compare with revision 1294.2.64
- download diff
- download tarball
- view history from revision 671
- Committer: dcoles
- Date: 2008-03-09 02:34:46 UTC
- Revision ID: svn-v3-trunk0:2b9c9e99-6f39-0410-b283-7f802c844ae2:trunk:671
forum: Now uses a unique secret generated at './setup config' time for shared secret
setup.py: Generate and write forum_secret to config.py and config.php
w/p/p/i/session.php: Use forum_secret from config.php and some code cleaning
l/c/forumutil.py: Use config.py to get forum_secret to make HMAC
setup.py: Generate and write forum_secret to config.py and config.php
w/p/p/i/session.php: Use forum_secret from config.php and some code cleaning
l/c/forumutil.py: Use config.py to get forum_secret to make HMAC
- files modified:
- lib/common/forumutil.py
added
removed
www/php/phpBB3/includes/session.php
1961
1961
{
1962
1962
global $db, $phpEx;
1963
1963
1964
// Shared secret between IVLE and the Forum
1965
$ivle_secret = 'VERYSECRET';
1964
// Get the shared secret between IVLE and the Forum
1965
require($phpbb_root_path . 'config.' . $phpEx);
1966
1966
1967
// Shared Cookie
1967
// Shared Cookie
1968
1968
$ivle_cookie = explode(':',$_COOKIE['ivleforumcookie']);
1969
1969
1970
1970
if ($ivle_cookie == "NONE") {
1980
1980
1981
1981
// Check if uid + nick + email + secret is the same as the hash
1982
1982
//$ivle_auth = False; // Flag just incase anything else need to know
1983
if(md5($ivle_cookie[0].$ivle_cookie[1].$ivle_cookie[2].$ivle_cookie[3].$ivle_secret)
1983
if(md5($ivle_cookie[0].$ivle_cookie[1].$ivle_cookie[2].$ivle_cookie[3].$forum_secret)
1984
1984
== $ivle_hash) {
1985
1985
//$ivle_auth = True;
1986
1986
1987
// Check if the user exists in the database
1988
$sql = 'SELECT user_id
1989
FROM ' . USERS_TABLE . "
1990
WHERE username = '" . $db->sql_escape($ivle_uid) . "';";
1991
$result = $db->sql_query($sql);
1992
$row = $db->sql_fetchrow($result);
1993
$user_id = $row['user_id'];
1994
$db->sql_freeresult($result);
1987
// Check if the user exists in the database
1988
$sql = 'SELECT user_id
1989
FROM ' . USERS_TABLE . "
1990
WHERE username = '" . $db->sql_escape($ivle_uid) . "';";
1991
$result = $db->sql_query($sql);
1992
$row = $db->sql_fetchrow($result);
1993
$user_id = $row['user_id'];
1994
$db->sql_freeresult($result);
1995
1995
1996
// If no user_id is found for the username, create a new user
1997
if(!$user_id) {
1998
// Needed for IVLE auth overide
1999
include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
1996
// If no user_id is found for the username, create a new user
1997
if(!$user_id) {
1998
// Needed for IVLE auth overide
1999
include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
2000
2000
2001
2001
// Add all users to the Registered Group
2002
$sql = 'SELECT group_id
2003
FROM ' . GROUPS_TABLE . "
2002
$sql = 'SELECT group_id
2003
FROM ' . GROUPS_TABLE . "
2004
2004
WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
2005
AND group_type = " . GROUP_SPECIAL;
2006
$result = $db->sql_query($sql);
2007
$row = $db->sql_fetchrow($result);
2008
$db->sql_freeresult($result);
2009
2010
if (!$row) {
2011
trigger_error('NO_GROUP');
2012
}
2013
2014
$group_id = $row['group_id'];
2005
AND group_type = " . GROUP_SPECIAL;
2006
$result = $db->sql_query($sql);
2007
$row = $db->sql_fetchrow($result);
2008
$db->sql_freeresult($result);
2009
if (!$row) {
2010
trigger_error('NO_GROUP');
2011
}
2012
2013
$group_id = $row['group_id'];
2015
2014
2016
2015
// Get the Time and Timezone
2017
$timezone = date('Z') / 3600;
2018
$is_dst = date('I');
2019
$timezone = ($is_dst) ? $timezone - 1 : $timezone;
2020
2016
$timezone = date('Z') / 3600;
2017
$is_dst = date('I');
2018
$timezone = ($is_dst) ? $timezone - 1 : $timezone;
2019
2021
2020
// Fill into array
2022
2021
$user_row = array(
2023
'username' => $ivle_uid,
2024
'user_password' => '', # Not a valid hash
2025
'user_email' => $ivle_email,
2026
'group_id' => (int) $group_id,
2027
'user_timezone' => (float) $timezone,
2028
'user_dst' => $is_dst,
2029
'user_lang' => 'en',
2030
'user_type' => USER_NORMAL,
2031
'user_actkey' => '',
2032
'user_ip' => $this->ip,
2033
'user_regdate' => time(),
2034
'user_inactive_reason' => 0,
2035
'user_inactive_time' => 0,
2036
);
2022
'username' => $ivle_uid,
2023
'user_password' => '', # Not a valid hash
2024
'user_email' => $ivle_email,
2025
'group_id' => (int) $group_id,
2026
'user_timezone' => (float) $timezone,
2027
'user_dst' => $is_dst,
2028
'user_lang' => 'en',
2029
'user_type' => USER_NORMAL,
2030
'user_actkey' => '',
2031
'user_ip' => $this->ip,
2032
'user_regdate' => time(),
2033
'user_inactive_reason' => 0,
2034
'user_inactive_time' => 0,
2035
);
2037
2036
2038
// Add user
2039
$user_id = user_add($user_row);
2037
// Add user
2038
$user_id = user_add($user_row);
2040
2039
2041
2040
// Add any aditional groups
2042
2041
// Select the equvialent group
2052
2051
if ($group) {
2053
2052
// Find the group_id
2054
2053
$sql = 'SELECT group_id
2055
FROM ' . GROUPS_TABLE . "
2056
WHERE group_name = '" . $db->sql_escape($group) . "'
2057
AND group_type = " . GROUP_SPECIAL;
2054
FROM ' . GROUPS_TABLE . "
2055
WHERE group_name = '" . $db->sql_escape($group) . "'
2056
AND group_type = " . GROUP_SPECIAL;
2057
2058
2058
$result = $db->sql_query($sql);
2059
2059
$row = $db->sql_fetchrow($result);
2060
2060
$db->sql_freeresult($result);
Loggerhead is a web-based interface for Breezy
Version: 2.0.1