Changeset:
f26a70a2b158
https://sourceforge.net/p/mrbs/hg-code/ci/f26a70a2b15806a4673ef9f31e16d7ce98589fa6
Author:
Campbell Morrison <cimorri...@hg.code.sf.net>
Date:
Fri Mar 03 14:32:25 2017 +0000
Log message:
Reintegrated login_with_email_address named branch. MRBS now supports login by
username or email address, when the authentication type allows it. If login by
email address is supported then it is also possible to login using just the
local-part of the email address - but this feature has to be enabled by a config
variable setting.
diffstat:
web/Themes/default/header.inc | 14 +-
web/auth/auth_auth_basic.inc | 16 +-
web/auth/auth_config.inc | 11 +-
web/auth/auth_crypt.inc | 17 +-
web/auth/auth_db.inc | 240 +++++++++++++++++++++++++++++------
web/auth/auth_db_ext.inc | 19 +-
web/auth/auth_ext.inc | 10 +-
web/auth/auth_imap.inc | 12 +-
web/auth/auth_imap_php.inc | 14 +-
web/auth/auth_ldap.inc | 44 +++---
web/auth/auth_nis.inc | 12 +-
web/auth/auth_none.inc | 4 +-
web/auth/auth_nw.inc | 12 +-
web/auth/auth_pop3.inc | 14 +-
web/auth/auth_smtp.inc | 13 +-
web/auth/auth_wordpress.inc | 16 +-
web/css/mrbs.css.php | 2 +-
web/lang/lang.ca | 1 +
web/lang/lang.cs | 1 +
web/lang/lang.da | 1 +
web/lang/lang.de | 1 +
web/lang/lang.el | 1 +
web/lang/lang.en | 3 +-
web/lang/lang.es | 1 +
web/lang/lang.eu | 1 +
web/lang/lang.fi | 1 +
web/lang/lang.fr | 1 +
web/lang/lang.he | 1 +
web/lang/lang.hu | 1 +
web/lang/lang.id | 1 +
web/lang/lang.it | 1 +
web/lang/lang.ja | 1 +
web/lang/lang.ko | 1 +
web/lang/lang.nb | 1 +
web/lang/lang.nl | 2 +
web/lang/lang.nn | 1 +
web/lang/lang.no | 1 +
web/lang/lang.pl | 1 +
web/lang/lang.pt | 1 +
web/lang/lang.pt-br | 1 +
web/lang/lang.ru | 1 +
web/lang/lang.sk | 1 +
web/lang/lang.sl | 1 +
web/lang/lang.sv | 1 +
web/lang/lang.th | 1 +
web/lang/lang.tr | 2 +
web/lang/lang.zh-cn | 1 +
web/lang/lang.zh-tw | 1 +
web/lib/MRBS/DB_mysql.php | 23 +++
web/lib/MRBS/DB_pgsql.php | 23 +++
web/session/functions_session.inc | 121 ++++++++++++++++++
web/session/session_cookie.inc | 153 ++++++----------------
web/session/session_http.inc | 51 ++-----
web/session/session_joomla.inc | 139 +++++---------------
web/session/session_php.inc | 148 ++++++---------------
web/session/session_remote_user.inc | 26 +--
web/session/session_wordpress.inc | 139 +++++---------------
web/systemdefaults.inc.php | 219 ++++++++++++++++----------------
58 files changed, 806 insertions(+), 741 deletions(-)
diffs (truncated from 3237 to 300 lines):
diff -r 3bfd711c5fa5 -r f26a70a2b158 web/Themes/default/header.inc
--- a/web/Themes/default/header.inc Thu Mar 02 09:33:34 2017 +0000
+++ b/web/Themes/default/header.inc Fri Mar 03 14:32:25 2017 +0000
@@ -147,14 +147,6 @@
}
-function print_logon()
-{
- echo "<div id=\"logon_box\">\n";
- PrintLogonBox();
- echo "</div>\n";
-}
-
-
function print_nav($day, $month, $year, $area, $room, $search_str = '',
$simple=false)
{
$query_string = "day=$day&month=$month&year=$year";
@@ -197,10 +189,10 @@
echo "</li>\n";
// For session protocols that define their own logon box...
- if (function_exists(__NAMESPACE__ . "\\PrintLogonBox"))
+ if (function_exists(__NAMESPACE__ . "\\print_logon_box"))
{
- echo "<li>\n";
- print_logon();
+ echo "<li id=\"logon_box\">\n";
+ print_logon_box();
echo "</li>\n";
}
}
diff -r 3bfd711c5fa5 -r f26a70a2b158 web/auth/auth_auth_basic.inc
--- a/web/auth/auth_auth_basic.inc Thu Mar 02 09:33:34 2017 +0000
+++ b/web/auth/auth_auth_basic.inc Fri Mar 03 14:32:25 2017 +0000
@@ -33,8 +33,8 @@
* $pass - The password
*
* Returns:
- * 0 - The pair are invalid or do not exist
- * non-zero - The pair are valid
+ * false - The pair are invalid or do not exist
+ * string - The validated username
*/
function authValidateUser($user, $pass)
{
@@ -43,18 +43,18 @@
// Check if we do not have a username/password
if(!isset($user) || !isset($pass))
{
- return 0;
+ return false;
}
if (!isset($auth["auth_basic"]["passwd_file"]))
{
error_log("auth_basic: passwd file not specified");
- return 0;
+ return false;
}
if (!isset($auth["auth_basic"]["mode"]))
{
error_log("auth_basic: mode not specified");
- return 0;
+ return false;
}
require_once "File/Passwd/Authbasic.php";
@@ -64,14 +64,12 @@
$f->setMode($auth["auth_basic"]["mode"]);
$f->load();
- $ret = 0;
-
if ($f->verifyPasswd($user, $pass) === true)
{
- $ret = 1;
+ return $user;
}
- return $ret;
+ return false;
}
/* authGetUserLevel($user)
diff -r 3bfd711c5fa5 -r f26a70a2b158 web/auth/auth_config.inc
--- a/web/auth/auth_config.inc Thu Mar 02 09:33:34 2017 +0000
+++ b/web/auth/auth_config.inc Fri Mar 03 14:32:25 2017 +0000
@@ -26,10 +26,9 @@
* $pass - The password
*
* Returns:
- * 0 - The pair are invalid or do not exist
- * non-zero - The pair are valid
+ * false - The pair are invalid or do not exist
+ * string - The validated username
*/
-
function authValidateUser($user, $pass)
{
global $auth;
@@ -37,7 +36,7 @@
// Check if we do not have a username/password
if(!isset($user) || !isset($pass) || strlen($pass)==0)
{
- return 0;
+ return false;
}
if ((isset($auth["user"][$user]) &&
@@ -47,10 +46,10 @@
($auth["user"][utf8_strtolower($user)] == $pass)
))
{
- return 1; // User validated
+ return $user; // User validated
}
- return 0; // User unknown or password invalid
+ return false; // User unknown or password invalid
}
/* authGetUserLevel($user)
diff -r 3bfd711c5fa5 -r f26a70a2b158 web/auth/auth_crypt.inc
--- a/web/auth/auth_crypt.inc Thu Mar 02 09:33:34 2017 +0000
+++ b/web/auth/auth_crypt.inc Fri Mar 03 14:32:25 2017 +0000
@@ -30,8 +30,8 @@
* $pass - The password
*
* Returns:
- * 0 - The pair are invalid or do not exist
- * non-zero - The pair are valid
+ * false - The pair are invalid or do not exist
+ * string - The validated username
*/
function authValidateUser($user, $pass)
{
@@ -40,31 +40,34 @@
// Check if we do not have a username/password
if(!isset($user) || !isset($pass))
{
- return 0;
+ return false;
}
if (!isset($auth["crypt"]["passwd_file"]))
{
error_log("auth_crypt: passwd file not specified");
- return 0;
+ return false;
}
+
$fh = fopen($auth["crypt"]["passwd_file"], "r");
if (!$fh)
{
error_log("auth_crypt: couldn't open passwd file\n");
- return 0;
+ return false;
}
- $ret = 0; // Default to failure
+
+ $ret = false; // Default to failure
while ($line = fgets($fh))
{
if (preg_match("/^\Q$user\E:(.*)/", $line, $matches))
{
if (crypt($pass, $matches[1]) == $matches[1])
{
- $ret = 1; // Success!
+ $ret = $user; // Success!
}
}
}
+
fclose($fh);
return $ret;
}
diff -r 3bfd711c5fa5 -r f26a70a2b158 web/auth/auth_db.inc
--- a/web/auth/auth_db.inc Thu Mar 02 09:33:34 2017 +0000
+++ b/web/auth/auth_db.inc Fri Mar 03 14:32:25 2017 +0000
@@ -15,54 +15,57 @@
*
******************************************************************************/
-/* session_php.inc and session_cookie.inc will add a link to the user list
- in the logon box, if the value $user_list_link is set. */
-$user_list_link = "edit_users.php";
-
-/* authValidateUser($user, $pass)
- *
- * Checks if the specified username/password pair are valid
- *
- * $user - The user name
- * $pass - The password
- *
- * Returns:
- * 0 - The pair are invalid or do not exist
- * non-zero - The pair are valid
- */
-
-function authValidateUser($user, $pass)
+function rehash($password_hash, $column_name, $column_value)
{
global $tbl_users;
- $result = 0;
+
+ $sql_params = array(password_hash($password, PASSWORD_DEFAULT));
+
+ switch ($column_name)
+ {
+ case 'name':
+ $condition = db()->syntax_casesensitive_equals($column_name,
utf8_strtolower($column_value), $sql_params);
+ break;
+ case 'email':
+ // For the moment we will assume that email addresses are case
insensitive. Whilst it is true
+ // on most systems, it isn't always true. The domain is case
insensitive but the local-part can
+ // be case sensitive. But before we can take account of this, the
email addresses in the database
+ // need to be normalised so that all the domain names are stored in
lower case. Then it will be possible
+ // to do a case sensitive comparison.
+ $sql_params[] = $column_value;
+ $condition = "LOWER($column_name)=LOWER(?)";
+ break;
+ default:
+ trigger_error("Unsupported column name '$column_name'.", E_USER_NOTICE);
+ return;
+ break;
+ }
+
+ $sql = "UPDATE $tbl_users
+ SET password_hash=?
+ WHERE $condition";
+
+ db()->command($sql, $sql_params);
+}
- $sql_params = array();
- // We use syntax_casesensitive_equals() rather than just '=' because '=' in
MySQL
- // permits trailing spacings, eg 'john' = 'john '. We could use LIKE, but
that then
- // permits wildcards, so we could use a comnination of LIKE and '=' but
that's a bit
- // messy. WE could use STRCMP, but that's MySQL only.
- $sql = "SELECT password_hash
- FROM $tbl_users
- WHERE " .
- db()->syntax_casesensitive_equals('name', utf8_strtolower($user),
$sql_params) .
- "
- LIMIT 1";
-
- $res = db()->query($sql, $sql_params);
-
- $row = $res->row_keyed(0);
-
+// Checks $password against $password_hash for the row in the user table
+// where $column_name=$column_value. Typically $column_name will be either
+// 'name' or 'email'.
+// Returns a boolean: true if they match, otherwise false.
+function checkPassword($password, $password_hash, $column_name, $column_value)
+{
+ $result = false;
$do_rehash = false;
/* If the hash starts '$' it's a PHP password hash */
- if (substr($row['password_hash'], 0, 1) == '$')
+ if (substr($password_hash, 0, 1) == '$')
{
- if (password_verify($pass, $row['password_hash']))
+ if (password_verify($password, $password_hash))
{
- $result = 1;
- if (password_needs_rehash($row['password_hash'], PASSWORD_DEFAULT))
+ $result = true;
+ if (password_needs_rehash($password_hash, PASSWORD_DEFAULT))
{
$do_rehash = true;
}
@@ -82,9 +85,9 @@
/* Otherwise it's a legacy MD5 hash */
else
{
- if (md5($pass) == $row['password_hash'])
+ if (md5($password) == $password_hash)
{
- $result = 1;
+ $result = true;
if (\PasswordCompat\binary\check())
{
@@ -95,17 +98,162 @@
if ($do_rehash)
{
- $sql_params = array(password_hash($pass, PASSWORD_DEFAULT));
- $sql = "UPDATE $tbl_users
- SET password_hash=?
- WHERE " .
- db()->syntax_casesensitive_equals('name', utf8_strtolower($user),
$sql_params);
- db()->command($sql, $sql_params);
+ rehash($password_hash, $column_name, $column_value);
}
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Mrbs-commits mailing list
Mrbs-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mrbs-commits
