Viewing file:  auth_joomla15.php (9.78 KB) -rw-rw-r--
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?php
if (!defined('IN_PHPBB') && !defined('JOOM15_PHPBB3')) {
exit;
}
if (!function_exists('login_db')) {
$script_cur_path=dirname(__FILE__) . DIRECTORY_SEPARATOR;
require($script_cur_path. 'auth_db.php');
}
//------ copy of function genRandomPassword in ---------------------------------
//------ libraries/joomla/user/helper.php --------------------------------------
function unforeseenPass($length = 8) {
$salt = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$len = strlen($salt);
$makepass = '';
$stat = @stat(__FILE__);
if (empty($stat) || !is_array($stat)) $stat = array(php_uname());
mt_srand(crc32(microtime() . implode('|', $stat)));
for ($i = 0; $i < $length; $i ++) {
$makepass .= $salt[mt_rand(0, $len -1)];
}
return $makepass;
}//end function unforeseenPass
//-----------------------------------------------------------------------------
//-------- ok inside phpbb, each user is uniquely identified by username_clean
//-------- although the regular one can be used too for login, but it will be "cleaned"
//-------- while in joomla side user are identified by username -----
//-------- you can't login admin account in phpbb if username_clean of phpbb
//-------- doesn't match
//-------- hence solution:
//-------- username of joomla (cleaned) ---> username_clean of phpbb (used for identification)
//-------- username of joomla ---> username of phpbb
//---- file auth.php near line , username "cleaned" by $db->sql_escape(utf8_clean_string($username))
function login_joomla15(&$username, &$password) {
global $db;
if (defined('_JOOM_USER_INTEG_') && !defined('_JOOM_UNTIED_LOGIN_')) { //joomla user integration
$username=$username_clean=$password=''; //I don't use these anyway
$joomUser= & JFactory::getUser();
if ($joomUser->get('guest')) trigger_error('Unexpected login attempt');
$sql ='SELECT assoc_id,phpbb_id FROM '. _JOOMSQL_ . ' WHERE joom_id=' . $joomUser->get('id') ;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$addNewUserTest = true;
$username=$username_clean='';
//---------- according to _JOOMSQL_ table, the user seems to already exist in phpbb, search his username
if ($row) {//retrieve username according to bridge table
$assoc_id = $row['assoc_id'];
$phpbb_id = $row['phpbb_id'];
if ($phpbb_id != ANONYMOUS) {
$sql= 'SELECT username, username_clean FROM ' . USERS_TABLE . ' WHERE user_id=' . $phpbb_id ;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row) { //no mistake
$addNewUserTest = false;
$username = $row['username'];
$username_clean = $row['username_clean'];
}//end if retrieve username according to bridge table
}//end if ($phpbb_id != ANONYMOUS)
//---------------------------------------------------------
if ($addNewUserTest) {//mistake in _JOOMSQL_ table
$sql= 'DELETE FROM '. _JOOMSQL_. ' WHERE assoc_id=' . $assoc_id ;
$db->sql_query($sql);
}//end if mistake in _JOOMSQL_ table
}//end if retrieve username according to bridge table
if ($addNewUserTest) { //let's try to bridge joomla user with a phpbb user, first condition: same username
$username = $joomUser->get('username');
$username_clean = utf8_clean_string($username);
$sql= "SELECT user_id FROM " . USERS_TABLE . " WHERE username_clean= '" . $db->sql_escape($username_clean) . "' " ;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row) {//any matching user ?
$phpbb_id = $row['user_id'];
if ($phpbb_id!= ANONYMOUS) { //this user is not anonymous
//--- check if that user is not already taken in _JOOMSQL_ table
$sql ="SELECT joom_id FROM ". _JOOMSQL_ ." WHERE phpbb_id=" . $phpbb_id ;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row) {//it seems legitimate to associate that phpbb user to the current joomla user
$addNewUserTest= false;
$sql = "INSERT INTO ". _JOOMSQL_ ." ( joom_id, phpbb_id ) VALUES (". $joomUser->get('id') . ", $phpbb_id )";
$db->sql_query($sql);
}//end if it seems legitimate to associate that phpbb user to the current joomla user
}//end if this user is not anonymous
}//end if any matching user ?
}//end if let's try to bridge joomla user with a phpbb user, first condition: same username
if ($addNewUserTest) {//this time we really add a phpbb user
//no need to ask joomla database here ! all details in $joomUser object
//random password to store
//at least when unbridging no one will steal password
$pseudo_pwd= phpbb_hash(unforeseenPass(18)); //and re-encrypted by phpbb anyway
//--- looking for a username that is not already taken ---------------------------------------
//--- will append a number until a free user is found ----------------------------------------
$searchCount = 1;
do {
$username= $joomUser->get('username');
if ($searchCount != 1) $username .= $searchCount ;
$username_clean = utf8_clean_string($username);
//--------- update the query -------------
$sql= "SELECT user_id FROM " . USERS_TABLE . " WHERE username_clean= '" . $db->sql_escape($username_clean) . "' " ;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$searchCount++;
} while ($row && $searchCount<10 );
if ($row) trigger_error('You are very unlucky. Please contact Administrator');
//ok we have now a username and a lame password
//let's create the corresponding phpbb user with the available functions in functions_user.php
//----- meh the group_id for REGISTERED users is by default 2
//----- this sound stupid, but anyway I'll be inspired by function get_group_id in functions_convert.php
$sql = "SELECT group_id FROM " . GROUPS_TABLE . " WHERE group_name= 'REGISTERED' ";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row) trigger_error('Bridge cannot find the standard REGISTERED group.');
$group_id=$row['group_id'];
/* function user_add($user_row, $cp_data = false)
* @param mixed $user_row An array containing the following keys (and the appropriate values): username, group_id (the group to place the user in), user_email and the user_type(usually 0). Additional entries not overridden by defaults will be forwarded.
* @param string $cp_data custom profile fields, see custom_profile::build_insert_sql_array
* @return the new user's ID.*/
$user_row = array(
'user_type' => USER_NORMAL, //standard registred user
'group_id' => $group_id, // standard registred group
'username' => $username,
'user_password' => $pseudo_pwd,
'user_email' => $joomUser->get('email'),
);
$phpbb_id = user_add($user_row);
if (!$phpbb_id) trigger_error('Failed to add user to phpbb table table.');
//ok let's do the final "binding" of phpbb user with joomla user
$sql = "INSERT INTO ". _JOOMSQL_ ." ( joom_id, phpbb_id ) VALUES (". $joomUser->get('id') . ", $phpbb_id )";
$db->sql_query($sql);
}//end if this time we really add a phpbb user
//---------- ok passed this point I suppose the corresponding phpbb exist ---------
if (!$username || !$username_clean ) trigger_error('Unexpected bug at file ' . __FILE__ . 'and line ' . __LINE__ );
$sql = "SELECT user_id, username, user_password, user_passchg , user_email, user_type
FROM " . USERS_TABLE . "
WHERE username_clean = '" . $db->sql_escape($username_clean) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row) trigger_error('Unexpected bug at file ' . __FILE__ . 'and line ' . __LINE__ );
// Successful login...
return array(
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => $row,
);
}//end if joomla user integration
else if (defined('JOOM15_PHPBB3')) {//regular integration
return login_db($username,$password);
}//end if regular integration
else {
trigger_error("This page must be added to the bridge for security reasons.");
}
}//end function login_joomla15
|