phpBB

Code Changes

File: phpbb/auth/provider/oauth/oauth.php

  Unmodified   Added   Modified   Removed
Line 191Line 191
			return $provider->login($username, $password);
}


			return $provider->login($username, $password);
}


		// Requst the name of the OAuth service

		// Request the name of the OAuth service

		$service_name_original = $this->request->variable('oauth_service', '', false);
$service_name = 'auth.provider.oauth.service.' . strtolower($service_name_original);
if ($service_name_original === '' || !array_key_exists($service_name, $this->service_providers))

		$service_name_original = $this->request->variable('oauth_service', '', false);
$service_name = 'auth.provider.oauth.service.' . strtolower($service_name_original);
if ($service_name_original === '' || !array_key_exists($service_name, $this->service_providers))

Line 221Line 221
				'provider'	=> $service_name_original,
'oauth_provider_id' => $unique_id
);

				'provider'	=> $service_name_original,
'oauth_provider_id' => $unique_id
);

 


			$sql = 'SELECT user_id FROM ' . $this->auth_provider_oauth_token_account_assoc . '
WHERE ' . $this->db->sql_build_array('SELECT', $data);
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);

			$sql = 'SELECT user_id FROM ' . $this->auth_provider_oauth_token_account_assoc . '
WHERE ' . $this->db->sql_build_array('SELECT', $data);
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);

 

$redirect_data = array(
'auth_provider' => 'oauth',
'login_link_oauth_service' => $service_name_original,
);


/**
* Event is triggered before check if provider is already associated with an account
*
* @event core.oauth_login_after_check_if_provider_id_has_match


/**
* Event is triggered before check if provider is already associated with an account
*
* @event core.oauth_login_after_check_if_provider_id_has_match

			* @var	array									row		User row
* @var array data Provider data
* @var \OAuth\Common\Service\ServiceInterface service OAuth service


			* @var	array									row				User row
* @var array data Provider data
* @var array redirect_data Data to be appended to the redirect url
* @var \OAuth\Common\Service\ServiceInterface service OAuth service

			* @since 3.2.3-RC1

			* @since 3.2.3-RC1

 
			* @changed 3.2.6-RC1 Added redirect_data

			*/
$vars = array(
'row',
'data',

			*/
$vars = array(
'row',
'data',

 
				'redirect_data',

				'service',
);
extract($this->dispatcher->trigger_event('core.oauth_login_after_check_if_provider_id_has_match', compact($vars)));

				'service',
);
extract($this->dispatcher->trigger_event('core.oauth_login_after_check_if_provider_id_has_match', compact($vars)));

Line 250Line 259
					'status'		=> LOGIN_SUCCESS_LINK_PROFILE,
'error_msg' => 'LOGIN_OAUTH_ACCOUNT_NOT_LINKED',
'user_row' => array(),

					'status'		=> LOGIN_SUCCESS_LINK_PROFILE,
'error_msg' => 'LOGIN_OAUTH_ACCOUNT_NOT_LINKED',
'user_row' => array(),

					'redirect_data'	=> array(
'auth_provider' => 'oauth',
'login_link_oauth_service' => $service_name_original,
),

					'redirect_data'	=> $redirect_data,




				);
}

// Retrieve the user's account

				);
}

// Retrieve the user's account

			$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts

			$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_ip, user_type, user_login_attempts

				FROM ' . $this->users_table . '
WHERE user_id = ' . (int) $row['user_id'];
$result = $this->db->sql_query($sql);

				FROM ' . $this->users_table . '
WHERE user_id = ' . (int) $row['user_id'];
$result = $this->db->sql_query($sql);

Line 268Line 274
			if (!$row)
{
throw new \Exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY');

			if (!$row)
{
throw new \Exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY');

 
			}

/**
* Check if the user is banned.
* The fourth parameter, return, has to be true,
* otherwise the OAuth login is still called and
* an uncaught exception is thrown as there is no
* token stored in the database.
*/
$ban = $this->user->check_ban($row['user_id'], $row['user_ip'], $row['user_email'], true);
if (!empty($ban))
{
$till_date = !empty($ban['ban_end']) ? $this->user->format_date($ban['ban_end']) : '';
$message = !empty($ban['ban_end']) ? 'BOARD_BAN_TIME' : 'BOARD_BAN_PERM';

$contact_link = phpbb_get_board_contact_link($this->config, $this->phpbb_root_path, $this->php_ext);
$message = $this->user->lang($message, $till_date, '<a href="' . $contact_link . '">', '</a>');
$message .= !empty($ban['ban_give_reason']) ? '<br /><br />' . $this->user->lang('BOARD_BAN_REASON', $ban['ban_give_reason']) : '';
$message .= !empty($ban['ban_triggered_by']) ? '<br /><br /><em>' . $this->user->lang('BAN_TRIGGERED_BY_' . strtoupper($ban['ban_triggered_by'])) . '</em>' : '';

return array(
'status' => LOGIN_BREAK,
'error_msg' => $message,
'user_row' => $row,
);

			}

// Update token storage to store the user_id
$storage->set_user_id($row['user_id']);

/**

			}

// Update token storage to store the user_id
$storage->set_user_id($row['user_id']);

/**

			* Event is triggered after user is successfuly logged in via OAuth.

			* Event is triggered after user is successfully logged in via OAuth.

			*
* @event core.auth_oauth_login_after
* @var array row User row

			*
* @event core.auth_oauth_login_after
* @var array row User row

Line 392Line 423
			if ($credentials['key'] && $credentials['secret'])
{
$actual_name = str_replace('auth.provider.oauth.service.', '', $service_name);

			if ($credentials['key'] && $credentials['secret'])
{
$actual_name = str_replace('auth.provider.oauth.service.', '', $service_name);

				$redirect_url = build_url(false) . '&login=external&oauth_service=' . $actual_name;

				$redirect_url = generate_board_url() . '/ucp.' . $this->php_ext . '?mode=login&login=external&oauth_service=' . $actual_name;

				$login_data['BLOCK_VARS'][$service_name] = array(
'REDIRECT_URL' => redirect($redirect_url, true),
'SERVICE_NAME' => $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)],

				$login_data['BLOCK_VARS'][$service_name] = array(
'REDIRECT_URL' => redirect($redirect_url, true),
'SERVICE_NAME' => $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)],

Line 603Line 634
	*/
protected function link_account_perform_link(array $data)
{

	*/
protected function link_account_perform_link(array $data)
{

 
		// Check if the external account is already associated with other user
$sql = 'SELECT user_id
FROM ' . $this->auth_provider_oauth_token_account_assoc . "
WHERE provider = '" . $this->db->sql_escape($data['provider']) . "'
AND oauth_provider_id = '" . $this->db->sql_escape($data['oauth_provider_id']) . "'";
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);

if ($row)
{
trigger_error('AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED');
}

// Link account

		$sql = 'INSERT INTO ' . $this->auth_provider_oauth_token_account_assoc . '
' . $this->db->sql_build_array('INSERT', $data);
$this->db->sql_query($sql);

		$sql = 'INSERT INTO ' . $this->auth_provider_oauth_token_account_assoc . '
' . $this->db->sql_build_array('INSERT', $data);
$this->db->sql_query($sql);

Line 674Line 720
						'oauth_service' => $actual_name,
),


						'oauth_service' => $actual_name,
),


 
					'SERVICE_ID'	=> $actual_name,

					'SERVICE_NAME'	=> $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)],
'UNIQUE_ID' => (isset($oauth_user_ids[$actual_name])) ? $oauth_user_ids[$actual_name] : null,
);

					'SERVICE_NAME'	=> $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)],
'UNIQUE_ID' => (isset($oauth_user_ids[$actual_name])) ? $oauth_user_ids[$actual_name] : null,
);

Line 707Line 754
				AND user_id = " . (int) $user_id;
$this->db->sql_query($sql);


				AND user_id = " . (int) $user_id;
$this->db->sql_query($sql);


		// Clear all tokens belonging to the user on this servce

		// Clear all tokens belonging to the user on this service

		$service_name = 'auth.provider.oauth.service.' . strtolower($link_data['oauth_service']);
$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);
$storage->clearToken($service_name);

		$service_name = 'auth.provider.oauth.service.' . strtolower($link_data['oauth_service']);
$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);
$storage->clearToken($service_name);