Changeset: f26a70a2b158 https://sourceforge.net/p/mrbs/hg-code/ci/f26a70a2b15806a4673ef9f31e16d7ce98589fa6 Author: Campbell Morrison <cimorri...@hg.code.sf.net> Date: Fri Mar 03 14:32:25 2017 +0000 Log message:
Reintegrated login_with_email_address named branch. MRBS now supports login by username or email address, when the authentication type allows it. If login by email address is supported then it is also possible to login using just the local-part of the email address - but this feature has to be enabled by a config variable setting. diffstat: web/Themes/default/header.inc | 14 +- web/auth/auth_auth_basic.inc | 16 +- web/auth/auth_config.inc | 11 +- web/auth/auth_crypt.inc | 17 +- web/auth/auth_db.inc | 240 +++++++++++++++++++++++++++++------ web/auth/auth_db_ext.inc | 19 +- web/auth/auth_ext.inc | 10 +- web/auth/auth_imap.inc | 12 +- web/auth/auth_imap_php.inc | 14 +- web/auth/auth_ldap.inc | 44 +++--- web/auth/auth_nis.inc | 12 +- web/auth/auth_none.inc | 4 +- web/auth/auth_nw.inc | 12 +- web/auth/auth_pop3.inc | 14 +- web/auth/auth_smtp.inc | 13 +- web/auth/auth_wordpress.inc | 16 +- web/css/mrbs.css.php | 2 +- web/lang/lang.ca | 1 + web/lang/lang.cs | 1 + web/lang/lang.da | 1 + web/lang/lang.de | 1 + web/lang/lang.el | 1 + web/lang/lang.en | 3 +- web/lang/lang.es | 1 + web/lang/lang.eu | 1 + web/lang/lang.fi | 1 + web/lang/lang.fr | 1 + web/lang/lang.he | 1 + web/lang/lang.hu | 1 + web/lang/lang.id | 1 + web/lang/lang.it | 1 + web/lang/lang.ja | 1 + web/lang/lang.ko | 1 + web/lang/lang.nb | 1 + web/lang/lang.nl | 2 + web/lang/lang.nn | 1 + web/lang/lang.no | 1 + web/lang/lang.pl | 1 + web/lang/lang.pt | 1 + web/lang/lang.pt-br | 1 + web/lang/lang.ru | 1 + web/lang/lang.sk | 1 + web/lang/lang.sl | 1 + web/lang/lang.sv | 1 + web/lang/lang.th | 1 + web/lang/lang.tr | 2 + web/lang/lang.zh-cn | 1 + web/lang/lang.zh-tw | 1 + web/lib/MRBS/DB_mysql.php | 23 +++ web/lib/MRBS/DB_pgsql.php | 23 +++ web/session/functions_session.inc | 121 ++++++++++++++++++ web/session/session_cookie.inc | 153 ++++++---------------- web/session/session_http.inc | 51 ++----- web/session/session_joomla.inc | 139 +++++--------------- web/session/session_php.inc | 148 ++++++--------------- web/session/session_remote_user.inc | 26 +-- web/session/session_wordpress.inc | 139 +++++--------------- web/systemdefaults.inc.php | 219 ++++++++++++++++---------------- 58 files changed, 806 insertions(+), 741 deletions(-) diffs (truncated from 3237 to 300 lines): diff -r 3bfd711c5fa5 -r f26a70a2b158 web/Themes/default/header.inc --- a/web/Themes/default/header.inc Thu Mar 02 09:33:34 2017 +0000 +++ b/web/Themes/default/header.inc Fri Mar 03 14:32:25 2017 +0000 @@ -147,14 +147,6 @@ } -function print_logon() -{ - echo "<div id=\"logon_box\">\n"; - PrintLogonBox(); - echo "</div>\n"; -} - - function print_nav($day, $month, $year, $area, $room, $search_str = '', $simple=false) { $query_string = "day=$day&month=$month&year=$year"; @@ -197,10 +189,10 @@ echo "</li>\n"; // For session protocols that define their own logon box... - if (function_exists(__NAMESPACE__ . "\\PrintLogonBox")) + if (function_exists(__NAMESPACE__ . "\\print_logon_box")) { - echo "<li>\n"; - print_logon(); + echo "<li id=\"logon_box\">\n"; + print_logon_box(); echo "</li>\n"; } } diff -r 3bfd711c5fa5 -r f26a70a2b158 web/auth/auth_auth_basic.inc --- a/web/auth/auth_auth_basic.inc Thu Mar 02 09:33:34 2017 +0000 +++ b/web/auth/auth_auth_basic.inc Fri Mar 03 14:32:25 2017 +0000 @@ -33,8 +33,8 @@ * $pass - The password * * Returns: - * 0 - The pair are invalid or do not exist - * non-zero - The pair are valid + * false - The pair are invalid or do not exist + * string - The validated username */ function authValidateUser($user, $pass) { @@ -43,18 +43,18 @@ // Check if we do not have a username/password if(!isset($user) || !isset($pass)) { - return 0; + return false; } if (!isset($auth["auth_basic"]["passwd_file"])) { error_log("auth_basic: passwd file not specified"); - return 0; + return false; } if (!isset($auth["auth_basic"]["mode"])) { error_log("auth_basic: mode not specified"); - return 0; + return false; } require_once "File/Passwd/Authbasic.php"; @@ -64,14 +64,12 @@ $f->setMode($auth["auth_basic"]["mode"]); $f->load(); - $ret = 0; - if ($f->verifyPasswd($user, $pass) === true) { - $ret = 1; + return $user; } - return $ret; + return false; } /* authGetUserLevel($user) diff -r 3bfd711c5fa5 -r f26a70a2b158 web/auth/auth_config.inc --- a/web/auth/auth_config.inc Thu Mar 02 09:33:34 2017 +0000 +++ b/web/auth/auth_config.inc Fri Mar 03 14:32:25 2017 +0000 @@ -26,10 +26,9 @@ * $pass - The password * * Returns: - * 0 - The pair are invalid or do not exist - * non-zero - The pair are valid + * false - The pair are invalid or do not exist + * string - The validated username */ - function authValidateUser($user, $pass) { global $auth; @@ -37,7 +36,7 @@ // Check if we do not have a username/password if(!isset($user) || !isset($pass) || strlen($pass)==0) { - return 0; + return false; } if ((isset($auth["user"][$user]) && @@ -47,10 +46,10 @@ ($auth["user"][utf8_strtolower($user)] == $pass) )) { - return 1; // User validated + return $user; // User validated } - return 0; // User unknown or password invalid + return false; // User unknown or password invalid } /* authGetUserLevel($user) diff -r 3bfd711c5fa5 -r f26a70a2b158 web/auth/auth_crypt.inc --- a/web/auth/auth_crypt.inc Thu Mar 02 09:33:34 2017 +0000 +++ b/web/auth/auth_crypt.inc Fri Mar 03 14:32:25 2017 +0000 @@ -30,8 +30,8 @@ * $pass - The password * * Returns: - * 0 - The pair are invalid or do not exist - * non-zero - The pair are valid + * false - The pair are invalid or do not exist + * string - The validated username */ function authValidateUser($user, $pass) { @@ -40,31 +40,34 @@ // Check if we do not have a username/password if(!isset($user) || !isset($pass)) { - return 0; + return false; } if (!isset($auth["crypt"]["passwd_file"])) { error_log("auth_crypt: passwd file not specified"); - return 0; + return false; } + $fh = fopen($auth["crypt"]["passwd_file"], "r"); if (!$fh) { error_log("auth_crypt: couldn't open passwd file\n"); - return 0; + return false; } - $ret = 0; // Default to failure + + $ret = false; // Default to failure while ($line = fgets($fh)) { if (preg_match("/^\Q$user\E:(.*)/", $line, $matches)) { if (crypt($pass, $matches[1]) == $matches[1]) { - $ret = 1; // Success! + $ret = $user; // Success! } } } + fclose($fh); return $ret; } diff -r 3bfd711c5fa5 -r f26a70a2b158 web/auth/auth_db.inc --- a/web/auth/auth_db.inc Thu Mar 02 09:33:34 2017 +0000 +++ b/web/auth/auth_db.inc Fri Mar 03 14:32:25 2017 +0000 @@ -15,54 +15,57 @@ * ******************************************************************************/ -/* session_php.inc and session_cookie.inc will add a link to the user list - in the logon box, if the value $user_list_link is set. */ -$user_list_link = "edit_users.php"; - -/* authValidateUser($user, $pass) - * - * Checks if the specified username/password pair are valid - * - * $user - The user name - * $pass - The password - * - * Returns: - * 0 - The pair are invalid or do not exist - * non-zero - The pair are valid - */ - -function authValidateUser($user, $pass) +function rehash($password_hash, $column_name, $column_value) { global $tbl_users; - $result = 0; + + $sql_params = array(password_hash($password, PASSWORD_DEFAULT)); + + switch ($column_name) + { + case 'name': + $condition = db()->syntax_casesensitive_equals($column_name, utf8_strtolower($column_value), $sql_params); + break; + case 'email': + // For the moment we will assume that email addresses are case insensitive. Whilst it is true + // on most systems, it isn't always true. The domain is case insensitive but the local-part can + // be case sensitive. But before we can take account of this, the email addresses in the database + // need to be normalised so that all the domain names are stored in lower case. Then it will be possible + // to do a case sensitive comparison. + $sql_params[] = $column_value; + $condition = "LOWER($column_name)=LOWER(?)"; + break; + default: + trigger_error("Unsupported column name '$column_name'.", E_USER_NOTICE); + return; + break; + } + + $sql = "UPDATE $tbl_users + SET password_hash=? + WHERE $condition"; + + db()->command($sql, $sql_params); +} - $sql_params = array(); - // We use syntax_casesensitive_equals() rather than just '=' because '=' in MySQL - // permits trailing spacings, eg 'john' = 'john '. We could use LIKE, but that then - // permits wildcards, so we could use a comnination of LIKE and '=' but that's a bit - // messy. WE could use STRCMP, but that's MySQL only. - $sql = "SELECT password_hash - FROM $tbl_users - WHERE " . - db()->syntax_casesensitive_equals('name', utf8_strtolower($user), $sql_params) . - " - LIMIT 1"; - - $res = db()->query($sql, $sql_params); - - $row = $res->row_keyed(0); - +// Checks $password against $password_hash for the row in the user table +// where $column_name=$column_value. Typically $column_name will be either +// 'name' or 'email'. +// Returns a boolean: true if they match, otherwise false. +function checkPassword($password, $password_hash, $column_name, $column_value) +{ + $result = false; $do_rehash = false; /* If the hash starts '$' it's a PHP password hash */ - if (substr($row['password_hash'], 0, 1) == '$') + if (substr($password_hash, 0, 1) == '$') { - if (password_verify($pass, $row['password_hash'])) + if (password_verify($password, $password_hash)) { - $result = 1; - if (password_needs_rehash($row['password_hash'], PASSWORD_DEFAULT)) + $result = true; + if (password_needs_rehash($password_hash, PASSWORD_DEFAULT)) { $do_rehash = true; } @@ -82,9 +85,9 @@ /* Otherwise it's a legacy MD5 hash */ else { - if (md5($pass) == $row['password_hash']) + if (md5($password) == $password_hash) { - $result = 1; + $result = true; if (\PasswordCompat\binary\check()) { @@ -95,17 +98,162 @@ if ($do_rehash) { - $sql_params = array(password_hash($pass, PASSWORD_DEFAULT)); - $sql = "UPDATE $tbl_users - SET password_hash=? - WHERE " . - db()->syntax_casesensitive_equals('name', utf8_strtolower($user), $sql_params); - db()->command($sql, $sql_params); + rehash($password_hash, $column_name, $column_value); } ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Mrbs-commits mailing list Mrbs-commits@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mrbs-commits