~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to ivle/webapp/forum/phpbb3.diff

  • Committer: wagrant
  • Date: 2008-07-22 05:03:42 UTC
  • Revision ID: svn-v3-trunk0:2b9c9e99-6f39-0410-b283-7f802c844ae2:trunk:932
dispatch (public): Don't attempt to get user details if we are on the
      public site, as that generates a cookie. While we're at it, don't
      entirely ignore the selected application in public mode - return
      a 403 if it isn't the public app instead.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
diff -Nur a/adm/index.php b/adm/index.php
2
 
--- a/adm/index.php     2008-12-13 02:20:38.000000000 +1100
3
 
+++ b/adm/index.php     2009-02-18 11:53:53.000000000 +1100
4
 
@@ -27,12 +27,6 @@
5
 
 $user->setup('acp/common');
6
 
 // End session management
7
 
 
8
 
-// Have they authenticated (again) as an admin for this session?
9
 
-if (!isset($user->data['session_admin']) || !$user->data['session_admin'])
10
 
-{
11
 
-       login_box('', $user->lang['LOGIN_ADMIN_CONFIRM'], $user->lang['LOGIN_ADMIN_SUCCESS'], true, false);
12
 
-}
13
 
-
14
 
 // Is user any type of admin? No, then stop here, each script needs to
15
 
 // check specific permissions but this is a catchall
16
 
 if (!$auth->acl_get('a_'))
17
 
diff -Nur a/config.php b/config.php
18
 
--- a/config.php        2009-02-18 11:47:04.000000000 +1100
19
 
+++ b/config.php        2009-02-18 12:21:14.000000000 +1100
20
 
@@ -11,6 +11,8 @@
21
 
 $acm_type = 'file';
22
 
 $load_extensions = '';
23
 
 
24
 
+$ivle_secret = '<FORUM SECRET>';
25
 
+
26
 
 @define('PHPBB_INSTALLED', true);
27
 
 // @define('DEBUG', true);
28
 
 // @define('DEBUG_EXTRA', true);
29
 
diff -Nur a/includes/session.php b/includes/session.php
30
 
--- a/includes/session.php      2008-12-13 02:20:37.000000000 +1100
31
 
+++ b/includes/session.php      2009-02-18 12:32:37.000000000 +1100
32
 
@@ -296,6 +296,13 @@
33
 
                        $this->data = $db->sql_fetchrow($result);
34
 
                        $db->sql_freeresult($result);
35
 
 
36
 
+                       // IVLE SSO
37
 
+                       $ivle_userid = $this->ivle_auth();
38
 
+                       if ($ivle_userid && ($ivle_userid != $this->data['user_id']))
39
 
+                       {
40
 
+                               return $this->session_create($ivle_userid);
41
 
+                       }
42
 
+
43
 
                        // Did the session exist in the DB?
44
 
                        if (isset($this->data['user_id']))
45
 
                        {
46
 
@@ -2228,6 +2235,135 @@
47
 
                        return $var;
48
 
                }
49
 
        }
50
 
+
51
 
+       /** IVLE SSO
52
 
+        * This function attempts to authenticate from a signed cookie provided by 
53
 
+        * IVLE. If it does it will return either the forum user_id for the logged in 
54
 
+        * IVLE user or will create a new one on-the-fly.
55
 
+        * 
56
 
+        * If the cookie is bad, the ANONYMOUS user will be returned.
57
 
+        */
58
 
+       function ivle_auth()
59
 
+       {
60
 
+               global $db, $phpbb_root_path, $phpEx;
61
 
+
62
 
+               // Get the IVLE shared secret from config.php.
63
 
+               require($phpbb_root_path . 'config.' . $phpEx);
64
 
+
65
 
+               // Shared Cookie
66
 
+               $ivle_cookie = explode(':',$_COOKIE['ivleforumcookie']);
67
 
+        
68
 
+               if ($ivle_cookie == "NONE") {
69
 
+                       return ANONYMOUS;
70
 
+               }
71
 
+
72
 
+               // Decode and unescape the Cookie contents
73
 
+               $ivle_uid = urldecode($ivle_cookie[0]);
74
 
+               $ivle_nick = urldecode($ivle_cookie[1]);
75
 
+               $ivle_email = urldecode($ivle_cookie[2]);
76
 
+               $ivle_role = urldecode($ivle_cookie[3]);
77
 
+               $ivle_hash = $ivle_cookie[4];
78
 
+
79
 
+               // Check if uid + nick + email + secret is the same as the hash
80
 
+               if(md5($ivle_cookie[0].$ivle_cookie[1].$ivle_cookie[2].
81
 
+                      $ivle_cookie[3].$ivle_secret) == $ivle_hash)
82
 
+               {
83
 
+                       // Check if the user exists in the database
84
 
+                       $sql = 'SELECT user_id
85
 
+                               FROM ' . USERS_TABLE . "
86
 
+                               WHERE username = '" . $db->sql_escape($ivle_uid) . "';";
87
 
+                               $result = $db->sql_query($sql);
88
 
+                               $row = $db->sql_fetchrow($result);
89
 
+                               $user_id = $row['user_id'];
90
 
+                               $db->sql_freeresult($result);
91
 
+
92
 
+                       // If no user_id is found for the username, create a new user
93
 
+                       if(!$user_id)
94
 
+                       {
95
 
+                               // Needed for IVLE auth overide
96
 
+                               include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
97
 
+                  
98
 
+                               // Add all users to the Registered Group
99
 
+                               $sql = 'SELECT group_id
100
 
+                                       FROM ' . GROUPS_TABLE . "
101
 
+                                       WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
102
 
+                                       AND group_type = " . GROUP_SPECIAL;
103
 
+                               $result = $db->sql_query($sql);
104
 
+                               $row = $db->sql_fetchrow($result);
105
 
+                               $db->sql_freeresult($result);
106
 
+                               if (!$row)
107
 
+                               {
108
 
+                                       trigger_error('NO_GROUP');
109
 
+                               }
110
 
+
111
 
+                               $group_id = $row['group_id'];
112
 
+
113
 
+                               // Get the Time and Timezone
114
 
+                               $timezone = date('Z') / 3600;
115
 
+                               $is_dst = date('I');
116
 
+                               $timezone = ($is_dst) ? $timezone - 1 : $timezone;
117
 
+                               
118
 
+                               // Fill into array
119
 
+                               $user_row = array(
120
 
+                                       'username'              => $ivle_uid,
121
 
+                                       'user_password'         => '', # Not a valid hash
122
 
+                                       'user_email'            => $ivle_email,
123
 
+                                       'group_id'              => (int) $group_id,
124
 
+                                       'user_timezone'         => (float) $timezone,
125
 
+                                       'user_dst'              => $is_dst,
126
 
+                                       'user_lang'             => 'en',
127
 
+                                       'user_type'             => USER_NORMAL,
128
 
+                                       'user_actkey'           => '',
129
 
+                                       'user_ip'               => $this->ip,
130
 
+                                       'user_regdate'          => time(),
131
 
+                                       'user_inactive_reason'  => 0,
132
 
+                                       'user_inactive_time'    => 0,
133
 
+                               );
134
 
+                        
135
 
+                               // Add user
136
 
+                               $user_id = user_add($user_row);
137
 
+
138
 
+                               // Add any aditional groups
139
 
+                               // Select the equvialent group
140
 
+                               $group = False;
141
 
+                               switch($ivle_role)
142
 
+                               {
143
 
+                                       case('admin'):
144
 
+                                               $group = 'ADMINISTRATORS';
145
 
+                                               break;
146
 
+                                       case('lecturer'):
147
 
+                                               $group = 'GLOBAL_MODERATORS';
148
 
+                                               break;
149
 
+                               }
150
 
+                               if ($group)
151
 
+                               {
152
 
+                                       // Find the group_id
153
 
+                                       $sql = 'SELECT group_id
154
 
+                                               FROM ' . GROUPS_TABLE . "
155
 
+                                               WHERE group_name = '" . $db->sql_escape($group) . "'
156
 
+                                               AND group_type = " . GROUP_SPECIAL;
157
 
+                                       
158
 
+                                       $result = $db->sql_query($sql);
159
 
+                                       $row = $db->sql_fetchrow($result);
160
 
+                                       $db->sql_freeresult($result);
161
 
+
162
 
+                                       if (!$row)
163
 
+                                       {
164
 
+                                               trigger_error('NO_GROUP');
165
 
+                                       }
166
 
+
167
 
+                                       $group_id = $row['group_id'];
168
 
+
169
 
+                                       group_user_add($group_id,Array($user_id));
170
 
+                               }
171
 
+                       }
172
 
+                       return $user_id;
173
 
+               }
174
 
+               else
175
 
+               {
176
 
+                       return False;
177
 
+               }
178
 
+       }
179
 
 }
180
 
 
181
 
 ?>
182
 
diff -Nur a/styles/prosilver/template/index_body.html b/styles/prosilver/template/index_body.html
183
 
--- a/styles/prosilver/template/index_body.html 2008-12-13 02:20:37.000000000 +1100
184
 
+++ b/styles/prosilver/template/index_body.html 2009-02-18 12:05:36.000000000 +1100
185
 
@@ -14,20 +14,6 @@
186
 
 
187
 
 <!-- INCLUDE forumlist_body.html -->
188
 
 
189
 
-<!-- IF not S_USER_LOGGED_IN and not S_IS_BOT -->
190
 
-       <form method="post" action="{S_LOGIN_ACTION}" class="headerspace">
191
 
-       <h3><a href="{U_LOGIN_LOGOUT}">{L_LOGIN_LOGOUT}</a><!-- IF S_REGISTER_ENABLED -->&nbsp; &bull; &nbsp;<a href="{U_REGISTER}">{L_REGISTER}</a><!-- ENDIF --></h3>
192
 
-               <fieldset class="quick-login">
193
 
-                       <label for="username">{L_USERNAME}:</label>&nbsp;<input type="text" name="username" id="username" size="10" class="inputbox" title="{L_USERNAME}" />  
194
 
-                       <label for="password">{L_PASSWORD}:</label>&nbsp;<input type="password" name="password" id="password" size="10" class="inputbox" title="{L_PASSWORD}" />
195
 
-                       <!-- IF S_AUTOLOGIN_ENABLED -->
196
 
-                               | <label for="autologin">{L_LOG_ME_IN} <input type="checkbox" name="autologin" id="autologin" /></label>
197
 
-                       <!-- ENDIF -->
198
 
-                       <input type="submit" name="login" value="{L_LOGIN}" class="button2" />
199
 
-               </fieldset>
200
 
-       </form>
201
 
-<!-- ENDIF -->
202
 
-
203
 
 <!-- IF S_DISPLAY_ONLINE_LIST -->
204
 
        <!-- IF U_VIEWONLINE --><h3><a href="{U_VIEWONLINE}">{L_WHO_IS_ONLINE}</a></h3><!-- ELSE --><h3>{L_WHO_IS_ONLINE}</h3><!-- ENDIF -->
205
 
        <p>{TOTAL_USERS_ONLINE} ({L_ONLINE_EXPLAIN})<br />{RECORD_USERS}<br /> <br />{LOGGED_IN_USER_LIST}
206
 
diff -Nur a/styles/prosilver/template/overall_header.html b/styles/prosilver/template/overall_header.html
207
 
--- a/styles/prosilver/template/overall_header.html     2008-12-13 02:20:37.000000000 +1100
208
 
+++ b/styles/prosilver/template/overall_header.html     2009-02-18 12:06:22.000000000 +1100
209
 
@@ -151,8 +151,6 @@
210
 
                                <li class="icon-faq"><a href="{U_FAQ}" title="{L_FAQ_EXPLAIN}">{L_FAQ}</a></li>
211
 
                                <!-- IF not S_IS_BOT -->
212
 
                                        <!-- IF S_DISPLAY_MEMBERLIST --><li class="icon-members"><a href="{U_MEMBERLIST}" title="{L_MEMBERLIST_EXPLAIN}">{L_MEMBERLIST}</a></li><!-- ENDIF -->
213
 
-                                       <!-- IF not S_USER_LOGGED_IN and S_REGISTER_ENABLED --><li class="icon-register"><a href="{U_REGISTER}">{L_REGISTER}</a></li><!-- ENDIF -->
214
 
-                                       <li class="icon-logout"><a href="{U_LOGIN_LOGOUT}" title="{L_LOGIN_LOGOUT}" accesskey="l">{L_LOGIN_LOGOUT}</a></li>
215
 
                                <!-- ENDIF -->
216
 
                        </ul>
217