1<?php 2// (c) Copyright by authors of the Tiki Wiki CMS Groupware Project 3// 4// All Rights Reserved. See copyright.txt for details and a complete list of authors. 5// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details. 6// $Id$ 7 8// Tikiwiki authentication backend for phpBB3 with adodb 9// By Jacob 'jacmoe2' Moen 10 Dec 2009 10// Based on: 11// Mediawiki authentication plugin for phpBB3 with mysql4 12// By Steve Streeting 26 Dec 2008 13 14require_once('lib/auth/PasswordHash.php'); 15 16// some definitions for helping with authentication 17// Er, what about definition clashes ? 18define("PHPBB_INVALID_CREDENTIALS", -21); 19define("PHPBB_INVALID_SYNTAX", -23); 20define("PHPBB_NO_SUCH_USER", -25); 21define("PHPBB_SUCCESS", -29); 22define("SERVER_ERROR", -1); 23 24 25//TODO: support other database types 26 27class TikiPhpBBLib 28{ 29 30 var $db; 31 32 function check($user, $pass) 33 { 34 35 // no need to progress further if the user doesn't even exist 36 if (! $this->userExists($user)) { 37 return PHPBB_NO_SUCH_USER; 38 } 39 40 // if the user does exist, authenticate 41 if ($this->authenticate($user, $pass)) { 42 return PHPBB_SUCCESS; 43 } else { 44 return PHPBB_INVALID_CREDENTIALS; 45 } 46 } 47 48 function connectdb() 49 { 50 global $prefs; 51 $dbhost = $prefs['auth_phpbb_dbhost']; 52 $dbuser = $prefs['auth_phpbb_dbuser']; 53 $dbpasswd = $prefs['auth_phpbb_dbpasswd']; 54 $dbname = $prefs['auth_phpbb_dbname']; 55 $dbtype = 'mysql';//$prefs['auth_phpbb_dbtype']; 56 57 // Force autoloading 58 if (! class_exists('ADOConnection')) { 59 return false; 60 } 61 62 63 $dbconnection = NewADOConnection($dbtype); 64 $dbconnection->Connect($dbhost, $dbuser, $dbpasswd, $dbname); 65 66 if ($dbconnection) { 67 return $dbconnection; 68 } 69 return false; 70 } 71 72 /** 73 * Check whether there exists a user account with the given name. 74 * 75 * @param string $username 76 * @return bool 77 * @access public 78 */ 79 function userExists($username) 80 { 81 global $prefs; 82 83 $dbconnection = $this->connectdb(); 84 $username = $dbconnection->Quote($username); 85 86 // MySQL queries are case insensitive anyway 87 $query = "select username from " . $prefs['auth_phpbb_table_prefix'] . "users where lcase(username) = lcase('" . $username . "')"; 88 /** @var ADORecordSet $result */ 89 $result = $dbconnection->Execute($query); 90 if ($result === false) { 91 die('AuthPhpBB : Query failed: ' . $dbconnection->ErrorMsg()); 92 } 93 94 return $result->RecordCount() > 0; 95 } 96 97 /** 98 * Check if a username+password pair is a valid login. 99 * 100 * @param string $username 101 * @param string $password 102 * @return bool 103 * @access public 104 */ 105 function authenticate($username, $password) 106 { 107 global $prefs; 108 109 $dbconnection = $this->connectdb(); 110 $username = $dbconnection->Quote($username); 111 112 $query = "select user_password from " . $prefs['auth_phpbb_table_prefix'] . "users where lcase(username) = lcase('" . $username . "')"; 113 $result = $dbconnection->Execute($query); 114 if ($result === false) { 115 die('AuthPhpBB : Query failed: ' . $dbconnection->ErrorMsg()); 116 } 117 118 if ($result->RecordCount() == 0) { 119 return false; 120 } else { 121 // TODO: check for phpBB version here, and select a different hasher, if needed. 122 // This one is hardcoded for phpbb3 123 $PasswordHasher = new PasswordHash(8, true); 124 125 if ($PasswordHasher->CheckPassword($password, $result->fields[0])) { 126 return true; 127 } else { 128 return false; 129 } 130 } 131 } 132 133 /** 134 * Returns a users email from the phpbb3 user table. 135 * @param Username $username 136 * @access public 137 * @return email or 0 138 */ 139 function grabEmail(&$username) 140 { 141 global $prefs; 142 $dbconnection = $this->connectdb(); 143 $username = $dbconnection->Quote($username); 144 145 // Just add email 146 $query = "select user_email from " . $prefs['auth_phpbb_table_prefix'] . "users where lcase(username) = lcase('" . $username . "')"; 147 $result = $dbconnection->Execute($query); 148 if ($result === false) { 149 die('AuthPhpBB : Query failed: ' . $dbconnection->ErrorMsg()); 150 } 151 152 if ($result->RecordCount() > 0) { 153 return $result->field[0]; 154 } 155 156 return 0; 157 } 158} 159