为PHPBB加一个oauth认证方式统一登陆SSO
为PHPBB加一个oauth认证方式统一登陆SSO
tag:phpbb,sso,统一登陆,oauth2,oauth
以下文章只是讲述我做这个东西的一个原理,主要实现是采用主站的认证来实现本站点的登陆,论坛采用隐式的密码认证方式;如果想要了解更多,可以联系我caijiche@gmail.com;这是www.caijiche.com用于oauth的原理。发出来和大家一起分享!
操作步骤
一、将auth_oauth2.php加入论坛的includes/auth/这个目录当中,这是一个OAUTH的插件,使其支持这种认证方式
二、将caijicheOauthClient.php这个文件加入PHPBB的根目录中,这个文件是CAIJICHE的oauth客户端文件;
三、将论坛的数据库bbs_config表中的auth_method的值改成“oauth2”,说明使用oauth2认证;
四、为了使后台管理员也可以使用这种认证方式,把functions.php中的以下这段注释掉
if ($admin && utf8_clean_string($username) != utf8_clean_string($user->data['username']))
{
// We log the attempt to use a different username...
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
}
否则会报不匹配的错误;
五、更改注册链接:
将functions.php中的函数page_header中的数组中“U_REGISTER”的值改成“http://www.caijiche.com/reg”
六、更改忘记密码链接:将functions.php中的函数page_header中的数组中“ U_SEND_PASSWORD ”的值改成“http://www.caijiche.com/getpwd”
phpbb报一些警告错误的解决办法:
将对应的函数改成静态函数
七、语言文件:"登录" 改成 "使用采集车帐号登陆" "用户名(USERNAME)"改成 "用户名[email]"
以下是auth_oauth2.php的内容
这个文件主要还是参考auth_db.php简单改动了一下
<?php
/**
* Database auth plug-in for phpBB3
*
* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
*
* This is for authentication via the integrated user table
*
* @package login
* @version $Id: auth_db.php 10431 2010-01-20 00:20:46Z bantu $
* @copyright (c) 2005 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
/**
* Login function
*/
function login_oauth2(&$username, &$password)
{
global $db, $config,$phpbb_root_path;
include ($phpbb_root_path . 'caijicheOauthClient.php');//将客户端的类含进来
require_once($phpbb_root_path.'common.php');
require_once($phpbb_root_path.'includes/functions_user.php');
// require_once($phpbb_root_path.'includes/functions_module.php');
// 密码为空
if (!$password)
{
return array(
'status' => LOGIN_ERROR_PASSWORD,
'error_msg' => 'NO_PASSWORD_SUPPLIED',
'user_row' => array('user_id' => ANONYMOUS),
);
}
//用户名为空
if (!$username)
{
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
$client_config = array(
'client_id' => "3c2d81228736786e5e846fewqrewqrfedsfadsafre",
'client_secret' => "f6996b15ewqrewqt434f4342e237abf4"
);
$client = new CaijicheOAuthClient($client_config);
//$par['username'] = "caijiche@gmail.com";
//$par['password'] = '$caijiche$';
$par['username'] = $username;
$par['password'] = $password;
$o_url = $client->getAccessToken($par,'password');
//var_dump($o_url);
if(isset($o_url['access_token'])){
$caijiche_user = $client->getUserInfo($o_url['access_token']);
// var_dump($caijiche_user);
}
$password='$www.CAIJICHE.com';//在这里更换用户的用户名和密码
$username=$caijiche_user['user_nick'];
$useremail=$caijiche_user['user_email'];//用户邮箱
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row)
{
$timezone = date('Z') / 3600;
$is_dst = date('I');
if ($config['board_timezone'] == $timezone || $config['board_timezone'] == ($timezone - 1))
{
$timezone = ($is_dst) ? $timezone - 1 : $timezone;
if (!isset($user->lang['tz_zones'][(string) $timezone]))
{
$timezone = $config['board_timezone'];
}
}
else
{
$is_dst = $config['board_dst'];
$timezone = $config['board_timezone'];
}
//用户所属组
$coppa=false;
$group_name = ($coppa) ? 'REGISTERED_COPPA' : 'REGISTERED';
$sql = 'SELECT group_id
FROM ' . GROUPS_TABLE . "
WHERE group_name = '" . $db->sql_escape($group_name) . "'
AND group_type = " . GROUP_SPECIAL;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$group_id = $row['group_id'];
if (($coppa ||
$config['require_activation'] == USER_ACTIVATION_SELF ||
$config['require_activation'] == USER_ACTIVATION_ADMIN) && $config['email_enable'])
{
$user_actkey = gen_rand_string(10);
$key_len = 54 - (strlen($server_url));
$key_len = ($key_len < 6) ? 6 : $key_len;
$user_actkey = substr($user_actkey, 0, $key_len);
$user_type = USER_INACTIVE;
$user_inactive_reason = INACTIVE_REGISTER;
$user_inactive_time = time();
}
else
{
$user_type = USER_NORMAL;
$user_actkey = '';
$user_inactive_reason = 0;
$user_inactive_time = 0;
}
//如果这个用户不存在,则自动注册之,然后再登录
$user_row = array(
'username' => utf8_normalize_nfc($username),
'user_password' => phpbb_hash($password),
'user_email' => strtolower($useremail),
'group_id' => (int) $group_id,
'user_timezone' => 0,
'user_dst' => $is_dst,
'user_lang' => 'zh_cmn_hans',
'user_type' => $user_type,
'user_actkey' => $user_actkey,
'user_ip' => $user->ip,
'user_regdate' => time(),
'user_inactive_reason' => $user_inactive_reason,
'user_inactive_time' => $user_inactive_time,
'user_dateformat' => 'Y-m-d G:i',
);
$user_id = user_add($user_row);
if($user_id){
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
}else{
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
}
$show_captcha = $config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts'];
//这一段,好像是密码登录错误次数的统一
// If there are too much login attempts, we need to check for an confirm image
// Every auth module is able to define what to do by itself...
if ($show_captcha)
{
// Visual Confirmation handling
if (!class_exists('phpbb_captcha_factory'))
{
global $phpbb_root_path, $phpEx;
include ($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);
}
$captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
$captcha->init(CONFIRM_LOGIN);
$vc_response = $captcha->validate($row);
if ($vc_response)
{
return array(
'status' => LOGIN_ERROR_ATTEMPTS,
'error_msg' => 'LOGIN_ERROR_ATTEMPTS',
'user_row' => $row,
);
}
else
{
$captcha->reset();
}
}
//接下来采用oauth2的password模式登录
//这一段好像是新旧密码转换功能
// If the password convert flag is set we need to convert it
if ($row['user_pass_convert'])
{
// in phpBB2 passwords were used exactly as they were sent, with addslashes applied
$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
$password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
$password_new_format = '';
set_var($password_new_format, stripslashes($password_old_format), 'string');
if ($password == $password_new_format)
{
if (!function_exists('utf8_to_cp1252'))
{
global $phpbb_root_path, $phpEx;
include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx);
}
// cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
// plain md5 support left in for conversions from other systems.
if ((strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password'])))
|| (strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])))
{
$hash = phpbb_hash($password_new_format);
// Update the password in the users table to the new format and remove user_pass_convert flag
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_password = \'' . $db->sql_escape($hash) . '\',
user_pass_convert = 0
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
$row['user_pass_convert'] = 0;
$row['user_password'] = $hash;
}
else
{
// Although we weren't able to convert this password we have to
// increase login attempt count to make sure this cannot be exploited
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
return array(
'status' => LOGIN_ERROR_PASSWORD_CONVERT,
'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT',
'user_row' => $row,
);
}
}
}
//检查用户输入的密码是否正确
// Check password ...
if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password']))
{
// Check for old password hash...
if (strlen($row['user_password']) == 32)
{
$hash = phpbb_hash($password);
// Update the password in the users table to the new format
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_password = '" . $db->sql_escape($hash) . "',
user_pass_convert = 0
WHERE user_id = {$row['user_id']}";
$db->sql_query($sql);
$row['user_password'] = $hash;
}
//当登录成功时,将用户重试的次数清零
if ($row['user_login_attempts'] != 0)
{
// Successful, reset login attempts (the user passed all stages)
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = 0
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
}
// 用户未激活时返回的错误消息
if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
{
return array(
'status' => LOGIN_ERROR_ACTIVE,
'error_msg' => 'ACTIVE_ERROR',
'user_row' => $row,
);
}
//用户登录成功
// uccessful login... set user_login_attempts to zero...
return array(
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => $row,
);
}
// Password incorrect - increase login attempts
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
// Give status about wrong password...
return array(
'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD,
'error_msg' => ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD',
'user_row' => $row,
);
}
caijicheOauthClient.php的主要内容符下:
<?php
class CaijicheOAuthClient{
//private $params = array();//参数数组
//客户端的用户名
public $client_id;
//客户端的密码
public $client_secret;
//返回网址
public $callback_url;
private $requestToken;
private $requestTokenSecret;
private $access_token;
private $expires_in = 3600;//access_token的生命周期。
// 服务器描述信息
private $server = array(
"server_uri" => "http://www.caijiche.com",
'request_token_uri' => 'http://www.caijiche.com/?mod=OAuth&action=requestToken',
'authorize_uri' => 'http://www.caijiche.com/?mod=OAuth&action=authorize',
'access_token_uri' => 'http://www.caijiche.com/?mod=OAuth&action=accesstoken',//获取请求令牌
'getuserinfo_uri' => 'http://www.caijiche.com/?mod=OAuth&action=getUserInfo',//获取用户信息的服务器地址
);
/**
* authorize接口
*
* @param string $url 授权后的回调地址,站外应用需与回调地址一致,站内应用需要填写canvas page的地址
* @param string $response_type 支持的值包括 code 和token 默认值为code
* @param string $state 用于保持请求和回调的状态。在回调时,会在Query Parameter中回传该参数
* @return array
*/
public function getAuthorizeURL( $url=NULL, $response_type = 'code', $state = NULL, $display = NULL ) {
$params = array();
$params['client_id'] = $this->client_id;
$params['redirect_uri'] = is_null($url)?$this->callbackurl:$url;
$params['response_type'] = $response_type;
$params['state'] = $state;
//log::debug("getAuthorizeURL params".var_export($params,true));
return $this->server['authorize_uri']. "&" . http_build_query($params);
}
/**
* 构造函数
* @param array $config
*/
public function __construct($config)
{
if(is_array($config)){
if(isset($config['client_id']))$this->client_id = $config['client_id'];
if(isset($config['client_secret']))$this->client_secret = $config['client_secret'];
if(isset($config['callback_url']))$this->callbackurl = $config['callback_url'];
}
}
/**
* 获取未授权的令牌
*/
public function getRequestToken(){
$data = "oauth_client_key=".$this->key;
$result = json_decode($this->do_call($this->server['request_token_uri'],$data));
$this->requestToken = $result->token;
$this->requestTokenSecret = $result->token_secret;
return $this->requestToken;
}
/**
* 发送请求用的
* @param unknown_type $url
* @param unknown_type $postdata
*/
private function do_call($url, $postdata=NULL)
{
//log::debug("do_call url = " . $url);
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt($ch, CURLOPT_URL, $url);
$ret =curl_exec($ch);
//var_dump($ret);
//log::debug("do_call return:" . var_export($ret,true));
curl_close($ch);
return $ret;
}
/**
* access_token接口
*
* @param string $type 请求的类型,可以为:code, password, token
* @param array $keys 其他参数:
* - 当$type为code时: array('code'=>..., 'redirect_uri'=>...)
* - 当$type为password时: array('username'=>..., 'password'=>...)
* - 当$type为token时: array('refresh_token'=>...)
* @return array
*/
public function getAccessToken( $keys ,$type = 'code' ) {
$params = array();
$params['client_id'] = $this->client_id;
$params['client_secret'] = $this->client_secret;
if($type=='code'){
$params['grant_type'] = 'authorization_code';
$params['code'] = $keys['code'];
$params['redirect_uri'] = $keys['redirect_uri'];
}else if($type=='password'){
$params['grant_type'] = 'password';
$params['username'] = $keys['username'];
$params['password'] = $keys['password'];
}else{
//未知的请求类型
return;
}
$response = $this->do_call($this->server['access_token_uri']."&".http_build_query($params));
$token = json_decode($response, true);//转换成数组
if ( is_array($token) && !isset($token['error']) ) {
$this->access_token = $token['access_token'];
$this->expires_in = $token['expires_in'];
} else {
//throw new OAuthException("get access token failed." . $token['error']);
//授权出错
}
return $token;
}
/**
*
* 获取用户访问信息
* @param unknown_type $access
* @param unknown_type $openid
* @param unknown_type $aid
*/
public function getUserInfo($access_token){
$data="access_token={$access_token}&format=json";
$user=$this->do_call($this->server['getuserinfo_uri'],$data);
$arr=json_decode($user,true);
return $arr;
}
/**
* 签名生成算法
* @param array $params API调用的请求参数集合的关联数组,不包含sign参数
* @param string $secret 签名的密钥即获取access token时返回的session secret
* @return string 返回参数签名值
*/
function getSignature($params, $secret)
{
$str = ''; //待签名字符串
//先将参数以其参数名的字典序升序进行排序
ksort($params);
//遍历排序后的参数数组中的每一个key/value对
foreach ($params as $k => $v) {
//为key/value对生成一个key=value格式的字符串,并拼接到待签名字符串后面
$str .= "$k=$v";
}
//将签名密钥拼接到签名字符串最后面
$str .= $secret;
//通过md5算法为签名字符串生成一个md5签名,该签名就是我们要追加的sign参数值
return md5($str);
}
}
?>
tag:phpbb,sso,统一登陆,oauth2,oauth
以下文章只是讲述我做这个东西的一个原理,主要实现是采用主站的认证来实现本站点的登陆,论坛采用隐式的密码认证方式;如果想要了解更多,可以联系我caijiche@gmail.com;这是www.caijiche.com用于oauth的原理。发出来和大家一起分享!
操作步骤
一、将auth_oauth2.php加入论坛的includes/auth/这个目录当中,这是一个OAUTH的插件,使其支持这种认证方式
二、将caijicheOauthClient.php这个文件加入PHPBB的根目录中,这个文件是CAIJICHE的oauth客户端文件;
三、将论坛的数据库bbs_config表中的auth_method的值改成“oauth2”,说明使用oauth2认证;
四、为了使后台管理员也可以使用这种认证方式,把functions.php中的以下这段注释掉
if ($admin && utf8_clean_string($username) != utf8_clean_string($user->data['username']))
{
// We log the attempt to use a different username...
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
}
否则会报不匹配的错误;
五、更改注册链接:
将functions.php中的函数page_header中的数组中“U_REGISTER”的值改成“http://www.caijiche.com/reg”
六、更改忘记密码链接:将functions.php中的函数page_header中的数组中“ U_SEND_PASSWORD ”的值改成“http://www.caijiche.com/getpwd”
phpbb报一些警告错误的解决办法:
将对应的函数改成静态函数
七、语言文件:"登录" 改成 "使用采集车帐号登陆" "用户名(USERNAME)"改成 "用户名[email]"
以下是auth_oauth2.php的内容
这个文件主要还是参考auth_db.php简单改动了一下
<?php
/**
* Database auth plug-in for phpBB3
*
* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
*
* This is for authentication via the integrated user table
*
* @package login
* @version $Id: auth_db.php 10431 2010-01-20 00:20:46Z bantu $
* @copyright (c) 2005 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
/**
* Login function
*/
function login_oauth2(&$username, &$password)
{
global $db, $config,$phpbb_root_path;
include ($phpbb_root_path . 'caijicheOauthClient.php');//将客户端的类含进来
require_once($phpbb_root_path.'common.php');
require_once($phpbb_root_path.'includes/functions_user.php');
// require_once($phpbb_root_path.'includes/functions_module.php');
// 密码为空
if (!$password)
{
return array(
'status' => LOGIN_ERROR_PASSWORD,
'error_msg' => 'NO_PASSWORD_SUPPLIED',
'user_row' => array('user_id' => ANONYMOUS),
);
}
//用户名为空
if (!$username)
{
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
$client_config = array(
'client_id' => "3c2d81228736786e5e846fewqrewqrfedsfadsafre",
'client_secret' => "f6996b15ewqrewqt434f4342e237abf4"
);
$client = new CaijicheOAuthClient($client_config);
//$par['username'] = "caijiche@gmail.com";
//$par['password'] = '$caijiche$';
$par['username'] = $username;
$par['password'] = $password;
$o_url = $client->getAccessToken($par,'password');
//var_dump($o_url);
if(isset($o_url['access_token'])){
$caijiche_user = $client->getUserInfo($o_url['access_token']);
// var_dump($caijiche_user);
}
$password='$www.CAIJICHE.com';//在这里更换用户的用户名和密码
$username=$caijiche_user['user_nick'];
$useremail=$caijiche_user['user_email'];//用户邮箱
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row)
{
$timezone = date('Z') / 3600;
$is_dst = date('I');
if ($config['board_timezone'] == $timezone || $config['board_timezone'] == ($timezone - 1))
{
$timezone = ($is_dst) ? $timezone - 1 : $timezone;
if (!isset($user->lang['tz_zones'][(string) $timezone]))
{
$timezone = $config['board_timezone'];
}
}
else
{
$is_dst = $config['board_dst'];
$timezone = $config['board_timezone'];
}
//用户所属组
$coppa=false;
$group_name = ($coppa) ? 'REGISTERED_COPPA' : 'REGISTERED';
$sql = 'SELECT group_id
FROM ' . GROUPS_TABLE . "
WHERE group_name = '" . $db->sql_escape($group_name) . "'
AND group_type = " . GROUP_SPECIAL;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$group_id = $row['group_id'];
if (($coppa ||
$config['require_activation'] == USER_ACTIVATION_SELF ||
$config['require_activation'] == USER_ACTIVATION_ADMIN) && $config['email_enable'])
{
$user_actkey = gen_rand_string(10);
$key_len = 54 - (strlen($server_url));
$key_len = ($key_len < 6) ? 6 : $key_len;
$user_actkey = substr($user_actkey, 0, $key_len);
$user_type = USER_INACTIVE;
$user_inactive_reason = INACTIVE_REGISTER;
$user_inactive_time = time();
}
else
{
$user_type = USER_NORMAL;
$user_actkey = '';
$user_inactive_reason = 0;
$user_inactive_time = 0;
}
//如果这个用户不存在,则自动注册之,然后再登录
$user_row = array(
'username' => utf8_normalize_nfc($username),
'user_password' => phpbb_hash($password),
'user_email' => strtolower($useremail),
'group_id' => (int) $group_id,
'user_timezone' => 0,
'user_dst' => $is_dst,
'user_lang' => 'zh_cmn_hans',
'user_type' => $user_type,
'user_actkey' => $user_actkey,
'user_ip' => $user->ip,
'user_regdate' => time(),
'user_inactive_reason' => $user_inactive_reason,
'user_inactive_time' => $user_inactive_time,
'user_dateformat' => 'Y-m-d G:i',
);
$user_id = user_add($user_row);
if($user_id){
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
}else{
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
}
$show_captcha = $config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts'];
//这一段,好像是密码登录错误次数的统一
// If there are too much login attempts, we need to check for an confirm image
// Every auth module is able to define what to do by itself...
if ($show_captcha)
{
// Visual Confirmation handling
if (!class_exists('phpbb_captcha_factory'))
{
global $phpbb_root_path, $phpEx;
include ($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);
}
$captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
$captcha->init(CONFIRM_LOGIN);
$vc_response = $captcha->validate($row);
if ($vc_response)
{
return array(
'status' => LOGIN_ERROR_ATTEMPTS,
'error_msg' => 'LOGIN_ERROR_ATTEMPTS',
'user_row' => $row,
);
}
else
{
$captcha->reset();
}
}
//接下来采用oauth2的password模式登录
//这一段好像是新旧密码转换功能
// If the password convert flag is set we need to convert it
if ($row['user_pass_convert'])
{
// in phpBB2 passwords were used exactly as they were sent, with addslashes applied
$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
$password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
$password_new_format = '';
set_var($password_new_format, stripslashes($password_old_format), 'string');
if ($password == $password_new_format)
{
if (!function_exists('utf8_to_cp1252'))
{
global $phpbb_root_path, $phpEx;
include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx);
}
// cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
// plain md5 support left in for conversions from other systems.
if ((strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password'])))
|| (strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])))
{
$hash = phpbb_hash($password_new_format);
// Update the password in the users table to the new format and remove user_pass_convert flag
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_password = \'' . $db->sql_escape($hash) . '\',
user_pass_convert = 0
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
$row['user_pass_convert'] = 0;
$row['user_password'] = $hash;
}
else
{
// Although we weren't able to convert this password we have to
// increase login attempt count to make sure this cannot be exploited
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
return array(
'status' => LOGIN_ERROR_PASSWORD_CONVERT,
'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT',
'user_row' => $row,
);
}
}
}
//检查用户输入的密码是否正确
// Check password ...
if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password']))
{
// Check for old password hash...
if (strlen($row['user_password']) == 32)
{
$hash = phpbb_hash($password);
// Update the password in the users table to the new format
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_password = '" . $db->sql_escape($hash) . "',
user_pass_convert = 0
WHERE user_id = {$row['user_id']}";
$db->sql_query($sql);
$row['user_password'] = $hash;
}
//当登录成功时,将用户重试的次数清零
if ($row['user_login_attempts'] != 0)
{
// Successful, reset login attempts (the user passed all stages)
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = 0
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
}
// 用户未激活时返回的错误消息
if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
{
return array(
'status' => LOGIN_ERROR_ACTIVE,
'error_msg' => 'ACTIVE_ERROR',
'user_row' => $row,
);
}
//用户登录成功
// uccessful login... set user_login_attempts to zero...
return array(
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => $row,
);
}
// Password incorrect - increase login attempts
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
// Give status about wrong password...
return array(
'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD,
'error_msg' => ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD',
'user_row' => $row,
);
}
caijicheOauthClient.php的主要内容符下:
<?php
class CaijicheOAuthClient{
//private $params = array();//参数数组
//客户端的用户名
public $client_id;
//客户端的密码
public $client_secret;
//返回网址
public $callback_url;
private $requestToken;
private $requestTokenSecret;
private $access_token;
private $expires_in = 3600;//access_token的生命周期。
// 服务器描述信息
private $server = array(
"server_uri" => "http://www.caijiche.com",
'request_token_uri' => 'http://www.caijiche.com/?mod=OAuth&action=requestToken',
'authorize_uri' => 'http://www.caijiche.com/?mod=OAuth&action=authorize',
'access_token_uri' => 'http://www.caijiche.com/?mod=OAuth&action=accesstoken',//获取请求令牌
'getuserinfo_uri' => 'http://www.caijiche.com/?mod=OAuth&action=getUserInfo',//获取用户信息的服务器地址
);
/**
* authorize接口
*
* @param string $url 授权后的回调地址,站外应用需与回调地址一致,站内应用需要填写canvas page的地址
* @param string $response_type 支持的值包括 code 和token 默认值为code
* @param string $state 用于保持请求和回调的状态。在回调时,会在Query Parameter中回传该参数
* @return array
*/
public function getAuthorizeURL( $url=NULL, $response_type = 'code', $state = NULL, $display = NULL ) {
$params = array();
$params['client_id'] = $this->client_id;
$params['redirect_uri'] = is_null($url)?$this->callbackurl:$url;
$params['response_type'] = $response_type;
$params['state'] = $state;
//log::debug("getAuthorizeURL params".var_export($params,true));
return $this->server['authorize_uri']. "&" . http_build_query($params);
}
/**
* 构造函数
* @param array $config
*/
public function __construct($config)
{
if(is_array($config)){
if(isset($config['client_id']))$this->client_id = $config['client_id'];
if(isset($config['client_secret']))$this->client_secret = $config['client_secret'];
if(isset($config['callback_url']))$this->callbackurl = $config['callback_url'];
}
}
/**
* 获取未授权的令牌
*/
public function getRequestToken(){
$data = "oauth_client_key=".$this->key;
$result = json_decode($this->do_call($this->server['request_token_uri'],$data));
$this->requestToken = $result->token;
$this->requestTokenSecret = $result->token_secret;
return $this->requestToken;
}
/**
* 发送请求用的
* @param unknown_type $url
* @param unknown_type $postdata
*/
private function do_call($url, $postdata=NULL)
{
//log::debug("do_call url = " . $url);
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt($ch, CURLOPT_URL, $url);
$ret =curl_exec($ch);
//var_dump($ret);
//log::debug("do_call return:" . var_export($ret,true));
curl_close($ch);
return $ret;
}
/**
* access_token接口
*
* @param string $type 请求的类型,可以为:code, password, token
* @param array $keys 其他参数:
* - 当$type为code时: array('code'=>..., 'redirect_uri'=>...)
* - 当$type为password时: array('username'=>..., 'password'=>...)
* - 当$type为token时: array('refresh_token'=>...)
* @return array
*/
public function getAccessToken( $keys ,$type = 'code' ) {
$params = array();
$params['client_id'] = $this->client_id;
$params['client_secret'] = $this->client_secret;
if($type=='code'){
$params['grant_type'] = 'authorization_code';
$params['code'] = $keys['code'];
$params['redirect_uri'] = $keys['redirect_uri'];
}else if($type=='password'){
$params['grant_type'] = 'password';
$params['username'] = $keys['username'];
$params['password'] = $keys['password'];
}else{
//未知的请求类型
return;
}
$response = $this->do_call($this->server['access_token_uri']."&".http_build_query($params));
$token = json_decode($response, true);//转换成数组
if ( is_array($token) && !isset($token['error']) ) {
$this->access_token = $token['access_token'];
$this->expires_in = $token['expires_in'];
} else {
//throw new OAuthException("get access token failed." . $token['error']);
//授权出错
}
return $token;
}
/**
*
* 获取用户访问信息
* @param unknown_type $access
* @param unknown_type $openid
* @param unknown_type $aid
*/
public function getUserInfo($access_token){
$data="access_token={$access_token}&format=json";
$user=$this->do_call($this->server['getuserinfo_uri'],$data);
$arr=json_decode($user,true);
return $arr;
}
/**
* 签名生成算法
* @param array $params API调用的请求参数集合的关联数组,不包含sign参数
* @param string $secret 签名的密钥即获取access token时返回的session secret
* @return string 返回参数签名值
*/
function getSignature($params, $secret)
{
$str = ''; //待签名字符串
//先将参数以其参数名的字典序升序进行排序
ksort($params);
//遍历排序后的参数数组中的每一个key/value对
foreach ($params as $k => $v) {
//为key/value对生成一个key=value格式的字符串,并拼接到待签名字符串后面
$str .= "$k=$v";
}
//将签名密钥拼接到签名字符串最后面
$str .= $secret;
//通过md5算法为签名字符串生成一个md5签名,该签名就是我们要追加的sign参数值
return md5($str);
}
}
?>
分享到:
发表评论
相关推荐
而"phpbb_vk_oauth"正是为phpBB 3.1版本提供的一项功能扩展,它允许用户通过VKontakte(简称VK)账号进行OAuth认证登录,大大增加了用户注册和登录的便利性。本文将详细介绍这一扩展的安装、配置和工作原理。 首先...
总结来说,phpbb-ext-evesso扩展为phpBB 3.1.x提供了一种创新且安全的登录解决方案,通过EVE Online的SSO和OAuth2,将游戏社区与论坛紧密相连,极大地丰富了论坛的用户基础和互动体验。对于那些拥有大量EVE Online...
laravel-phpbb-bridge项目是一个身份验证模块,它的核心目标是实现Laravel 5.4与PHPBB 3.2之间的身份认证同步。这意味着用户在Laravel应用中登录后,无需再次登录就能直接访问PHPBB论坛,反之亦然。这提高了用户体验...
这款软件支持多语言环境,其中“PHPBB3中文语言包”是专为中文用户设计的本地化版本,旨在提供更友好的中文界面和用户体验。在安装并使用这个语言包后,用户可以更方便地阅读和理解论坛内容,进一步提升中文社区的...
这些代码修改的作用是为 phpbb 和其他站点/代码/应用程序创建跨不同、多个域的单点登录。 这些修改使用 phpbb 用户表、会话等。 它的作用是通过使用 iframes 为每个域设置 cookie,它加载一些 connect.php 文件,该...
phpBB-WAP 这个名字,是 PHP Bulletin Board Wireless Application Protocol 的缩写。 『主要更新』 * 全新的 MODS 模式 * 首页、自定义页面模块功能,想怎么插就怎么插 * 模块的排版使用中文 Module BBCode ...
- **认证方法**:定义用户如何验证其身份的方式。 - **电子邮件的设定**:配置与电子邮件相关的设置,如发送邮件的服务器等。 - **Jabber设置**:集成即时通讯软件Jabber的功能。 - **Cookie设置**:管理和设置...
解压缩下载的文件,你会得到一个名为"phpBB3"的文件夹,其中包含了所有必要的安装文件。 2. **服务器环境**: 确保你的服务器已经配置了PHP运行环境,包括PHP本身以及支持的数据库驱动。通常,Apache或Nginx等HTTP...
phpBB是一款全球广泛应用的开源论坛软件,它的2.0.22版本在当时是颇受欢迎的一个分支。这款软件以其强大的功能、易用性和灵活性,为互联网社区提供了一个高效且可定制化的交流平台。本文将深入探讨phpBB 2.0.22的...
**phpbb3论坛程序** **概述** `phpBB3` 是一个开源的、基于Web的论坛软件,由PHP编程语言编写,并与MySQL或其他...无论你是想建立一个小型的讨论区,还是一个大型的在线社区,`phpBB3` 都能为你提供一个坚实的基础。
phpBB简介 phpBB是一个论坛软件,使用PHP语言开发的并开放其原始码。是模块化设计,具专业性、安全性高、支持多国语系、支持多种数据库和自定义的版面设计等优越性能,而且功能强大。 phpBB v3.2.2 正體中文 更新...
通过以上分析,我们可以看出PHPBB是一个集成了全面论坛功能的平台,不仅包含基本的发帖、回帖、搜索,还有用户管理、权限控制等高级功能,并且允许用户和开发者通过扩展和源码定制来实现个性化需求。同时,它的更新...
对于开发者而言,阅读和理解phpBB的源代码能够提升他们的编程技能,学习最佳实践,并有可能为他们自己的项目贡献代码或开发插件。 在提供的压缩包文件列表中,"phpBB3"可能包含整个phpBB 3.2.5版本的源代码目录。...
将解压后的文件上传至你的空间,保持目录结构不变,假设目录为phpBB2 2.将phpBB2/config.php的文件属性改为777 3.用浏览器打开http://你的域名/phpBB2/,页面将自动转向安装页面 4.填好所需参数,按下一步 5.将phpBB...
登录到MySQL服务器,创建一个新的数据库和用户用于phpBB: ```bash mysql -u root -p CREATE DATABASE phpbb; GRANT ALL PRIVILEGES ON phpbb.* TO 'phpbbuser'@'localhost' IDENTIFIED BY 'yourpassword'; FLUSH ...
这也会显示一个题目被移动地址的连接,并且让你删除这个隐藏连接.phpBB 版本: 2.0.0 Admin Users List Hack.zip 这个hack提供一个管理您的用户的新方法: 非常有用和方便!你不需搜索任何人.phpBB 版本: 2.0.1 - ...
phpBB 是一款非常流行的开源论坛软件,它基于PHP编程语言和MySQL数据库系统构建,为用户提供了一个功能强大的在线讨论平台。phpBB v2.0.5是该系列的一个特定版本,具有简体中文界面,适合中国用户使用。虚网人汉化...