userExists($user)) { return PHPBB_NO_SUCH_USER; } // if the user does exist, authenticate if ($this->authenticate($user, $pass)) { return PHPBB_SUCCESS; } else { return PHPBB_INVALID_CREDENTIALS; } } public function connectdb() { global $prefs; $dbhost = $prefs['auth_phpbb_dbhost']; $dbuser = $prefs['auth_phpbb_dbuser']; $dbpasswd = $prefs['auth_phpbb_dbpasswd']; $dbname = $prefs['auth_phpbb_dbname']; $dbtype = 'mysql';//$prefs['auth_phpbb_dbtype']; // Force autoloading if (! class_exists('ADOConnection')) { return false; } $dbconnection = NewADOConnection($dbtype); $dbconnection->Connect($dbhost, $dbuser, $dbpasswd, $dbname); if ($dbconnection) { return $dbconnection; } return false; } /** * Check whether there exists a user account with the given name. * * @param string $username * @return bool * @access public */ public function userExists($username) { global $prefs; $dbconnection = $this->connectdb(); $username = $dbconnection->Quote($username); // MySQL queries are case insensitive anyway $query = "select username from " . $prefs['auth_phpbb_table_prefix'] . "users where lcase(username) = lcase('" . $username . "')"; /** @var ADORecordSet $result */ $result = $dbconnection->Execute($query); if ($result === false) { die('AuthPhpBB : Query failed: ' . $dbconnection->ErrorMsg()); } return $result->RecordCount() > 0; } /** * Check if a username+password pair is a valid login. * * @param string $username * @param string $password * @return bool * @access public */ public function authenticate($username, $password) { global $prefs; $dbconnection = $this->connectdb(); $username = $dbconnection->Quote($username); $query = "select user_password from " . $prefs['auth_phpbb_table_prefix'] . "users where lcase(username) = lcase('" . $username . "')"; $result = $dbconnection->Execute($query); if ($result === false) { die('AuthPhpBB : Query failed: ' . $dbconnection->ErrorMsg()); } if ($result->RecordCount() == 0) { return false; } else { // TODO: check for phpBB version here, and select a different hasher, if needed. // This one is hardcoded for phpbb3 $PasswordHasher = new PasswordHash(8, true); if ($PasswordHasher->CheckPassword($password, $result->fields[0])) { return true; } else { return false; } } } /** * Returns a users email from the phpbb3 user table. * @param Username $username * @access public * @return email or 0 */ public function grabEmail(&$username) { global $prefs; $dbconnection = $this->connectdb(); $username = $dbconnection->Quote($username); // Just add email $query = "select user_email from " . $prefs['auth_phpbb_table_prefix'] . "users where lcase(username) = lcase('" . $username . "')"; $result = $dbconnection->Execute($query); if ($result === false) { die('AuthPhpBB : Query failed: ' . $dbconnection->ErrorMsg()); } if ($result->RecordCount() > 0) { return $result->field[0]; } return 0; } }