Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
0.00% |
0 / 87 |
|
0.00% |
0 / 5 |
CRAP | |
0.00% |
0 / 1 |
| ucp_login_link | |
0.00% |
0 / 85 |
|
0.00% |
0 / 5 |
702 | |
0.00% |
0 / 1 |
| main | |
0.00% |
0 / 41 |
|
0.00% |
0 / 1 |
56 | |||
| get_hidden_fields | |
0.00% |
0 / 4 |
|
0.00% |
0 / 1 |
6 | |||
| get_login_link_data_array | |
0.00% |
0 / 9 |
|
0.00% |
0 / 1 |
12 | |||
| process_login_result | |
0.00% |
0 / 28 |
|
0.00% |
0 / 1 |
182 | |||
| perform_redirect | |
0.00% |
0 / 3 |
|
0.00% |
0 / 1 |
2 | |||
| 1 | <?php |
| 2 | /** |
| 3 | * |
| 4 | * This file is part of the phpBB Forum Software package. |
| 5 | * |
| 6 | * @copyright (c) phpBB Limited <https://www.phpbb.com> |
| 7 | * @license GNU General Public License, version 2 (GPL-2.0) |
| 8 | * |
| 9 | * For full copyright and license information, please see |
| 10 | * the docs/CREDITS.txt file. |
| 11 | * |
| 12 | */ |
| 13 | |
| 14 | /** |
| 15 | * @ignore |
| 16 | */ |
| 17 | if (!defined('IN_PHPBB')) |
| 18 | { |
| 19 | exit; |
| 20 | } |
| 21 | |
| 22 | /** |
| 23 | * ucp_login_link |
| 24 | * Allows users of external accounts link those accounts to their phpBB accounts |
| 25 | * during an attempted login. |
| 26 | */ |
| 27 | class ucp_login_link |
| 28 | { |
| 29 | /** |
| 30 | * @var string |
| 31 | */ |
| 32 | public $u_action; |
| 33 | |
| 34 | /** |
| 35 | * Generates the ucp_login_link page and handles login link process |
| 36 | * |
| 37 | * @param int $id |
| 38 | * @param string $mode |
| 39 | */ |
| 40 | function main($id, $mode) |
| 41 | { |
| 42 | global $phpbb_container, $request, $template, $user, $phpbb_dispatcher; |
| 43 | global $phpbb_root_path, $phpEx; |
| 44 | |
| 45 | // Initialize necessary variables |
| 46 | $login_error = null; |
| 47 | $login_link_error = null; |
| 48 | $login_username = null; |
| 49 | |
| 50 | // Build the data array |
| 51 | $data = $this->get_login_link_data_array(); |
| 52 | |
| 53 | // Ensure the person was sent here with login_link data |
| 54 | if (empty($data)) |
| 55 | { |
| 56 | $login_link_error = $user->lang['LOGIN_LINK_NO_DATA_PROVIDED']; |
| 57 | } |
| 58 | |
| 59 | // Use the auth_provider requested even if different from configured |
| 60 | /* @var $provider_collection \phpbb\auth\provider_collection */ |
| 61 | $provider_collection = $phpbb_container->get('auth.provider_collection'); |
| 62 | $auth_provider = $provider_collection->get_provider($request->variable('auth_provider', '')); |
| 63 | |
| 64 | // Set the link_method to login_link |
| 65 | $data['link_method'] = 'login_link'; |
| 66 | |
| 67 | // Have the authentication provider check that all necessary data is available |
| 68 | $result = $auth_provider->login_link_has_necessary_data($data); |
| 69 | if ($result !== null) |
| 70 | { |
| 71 | $login_link_error = $user->lang[$result]; |
| 72 | } |
| 73 | |
| 74 | // Perform link action if there is no error |
| 75 | if (!$login_link_error) |
| 76 | { |
| 77 | if ($request->is_set_post('login')) |
| 78 | { |
| 79 | $login_username = $request->variable('login_username', '', true, \phpbb\request\request_interface::POST); |
| 80 | $login_password = $request->untrimmed_variable('login_password', '', true, \phpbb\request\request_interface::POST); |
| 81 | |
| 82 | $login_result = $auth_provider->login($login_username, $login_password); |
| 83 | |
| 84 | // We only care if there is or is not an error |
| 85 | $login_error = $this->process_login_result($login_result); |
| 86 | |
| 87 | if (!$login_error) |
| 88 | { |
| 89 | // Give the user_id to the data |
| 90 | $data['user_id'] = $login_result['user_row']['user_id']; |
| 91 | |
| 92 | // The user is now logged in, attempt to link the user to the external account |
| 93 | $result = $auth_provider->link_account($data); |
| 94 | |
| 95 | if ($result) |
| 96 | { |
| 97 | $login_link_error = $user->lang[$result]; |
| 98 | } |
| 99 | else |
| 100 | { |
| 101 | // Finish login |
| 102 | $user->session_create($login_result['user_row']['user_id'], false, false, true); |
| 103 | |
| 104 | // Perform a redirect as the account has been linked |
| 105 | $this->perform_redirect(); |
| 106 | } |
| 107 | } |
| 108 | } |
| 109 | } |
| 110 | |
| 111 | $tpl_ary = array( |
| 112 | // Common template elements |
| 113 | 'LOGIN_LINK_ERROR' => $login_link_error, |
| 114 | 'PASSWORD_CREDENTIAL' => 'login_password', |
| 115 | 'USERNAME_CREDENTIAL' => 'login_username', |
| 116 | 'S_HIDDEN_FIELDS' => $this->get_hidden_fields($data), |
| 117 | |
| 118 | // Registration elements |
| 119 | 'REGISTER_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'), |
| 120 | |
| 121 | // Login elements |
| 122 | 'LOGIN_ERROR' => $login_error, |
| 123 | 'LOGIN_USERNAME' => $login_username, |
| 124 | ); |
| 125 | |
| 126 | /** |
| 127 | * Event to perform additional actions before ucp_login_link is displayed |
| 128 | * |
| 129 | * @event core.ucp_login_link_template_after |
| 130 | * @var array data Login link data |
| 131 | * @var \phpbb\auth\provider_interface auth_provider Auth provider |
| 132 | * @var string login_link_error Login link error |
| 133 | * @var string login_error Login error |
| 134 | * @var string login_username Login username |
| 135 | * @var array tpl_ary Template variables |
| 136 | * @since 3.2.4-RC1 |
| 137 | */ |
| 138 | $vars = array('data', 'auth_provider', 'login_link_error', 'login_error', 'login_username', 'tpl_ary'); |
| 139 | extract($phpbb_dispatcher->trigger_event('core.ucp_login_link_template_after', compact($vars))); |
| 140 | |
| 141 | $template->assign_vars($tpl_ary); |
| 142 | |
| 143 | $this->tpl_name = 'ucp_login_link'; |
| 144 | $this->page_title = 'UCP_LOGIN_LINK'; |
| 145 | } |
| 146 | |
| 147 | /** |
| 148 | * Builds the hidden fields string from the data array. |
| 149 | * |
| 150 | * @param array $data This function only includes data in the array |
| 151 | * that has a key that begins with 'login_link_' |
| 152 | * @return string A string of hidden fields that can be included in the |
| 153 | * template |
| 154 | */ |
| 155 | protected function get_hidden_fields($data) |
| 156 | { |
| 157 | $fields = array(); |
| 158 | |
| 159 | foreach ($data as $key => $value) |
| 160 | { |
| 161 | $fields['login_link_' . $key] = $value; |
| 162 | } |
| 163 | |
| 164 | return build_hidden_fields($fields); |
| 165 | } |
| 166 | |
| 167 | /** |
| 168 | * Builds the login_link data array |
| 169 | * |
| 170 | * @return array All login_link data. This is all GET data whose names |
| 171 | * begin with 'login_link_' |
| 172 | */ |
| 173 | protected function get_login_link_data_array() |
| 174 | { |
| 175 | global $request; |
| 176 | |
| 177 | $var_names = $request->variable_names(\phpbb\request\request_interface::GET); |
| 178 | $login_link_data = array(); |
| 179 | $string_start_length = strlen('login_link_'); |
| 180 | |
| 181 | foreach ($var_names as $var_name) |
| 182 | { |
| 183 | if (strpos($var_name, 'login_link_') === 0) |
| 184 | { |
| 185 | $key_name = substr($var_name, $string_start_length); |
| 186 | $login_link_data[$key_name] = $request->variable($var_name, '', false, \phpbb\request\request_interface::GET); |
| 187 | } |
| 188 | } |
| 189 | |
| 190 | return $login_link_data; |
| 191 | } |
| 192 | |
| 193 | /** |
| 194 | * Processes the result array from the login process |
| 195 | * @param array $result The login result array |
| 196 | * @return string|null If there was an error in the process, a string is |
| 197 | * returned. If the login was successful, then null is |
| 198 | * returned. |
| 199 | */ |
| 200 | protected function process_login_result($result) |
| 201 | { |
| 202 | global $config, $template, $user, $phpbb_container, $phpbb_root_path, $phpEx; |
| 203 | |
| 204 | $login_error = null; |
| 205 | |
| 206 | if ($result['status'] != LOGIN_SUCCESS) |
| 207 | { |
| 208 | // Handle all errors first |
| 209 | if ($result['status'] == LOGIN_BREAK) |
| 210 | { |
| 211 | trigger_error($result['error_msg']); |
| 212 | } |
| 213 | |
| 214 | switch ($result['status']) |
| 215 | { |
| 216 | case LOGIN_ERROR_ATTEMPTS: |
| 217 | |
| 218 | $captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']); |
| 219 | $captcha->init(\phpbb\captcha\plugins\confirm_type::LOGIN); |
| 220 | |
| 221 | $template->assign_vars(array( |
| 222 | 'CAPTCHA_TEMPLATE' => $captcha->get_template(), |
| 223 | )); |
| 224 | |
| 225 | $login_error = $user->lang[$result['error_msg']]; |
| 226 | break; |
| 227 | |
| 228 | case LOGIN_ERROR_PASSWORD_CONVERT: |
| 229 | $login_error = sprintf( |
| 230 | $user->lang[$result['error_msg']], |
| 231 | ($config['email_enable']) ? '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') . '">' : '', |
| 232 | ($config['email_enable']) ? '</a>' : '', |
| 233 | ($config['board_contact']) ? '<a href="mailto:' . htmlspecialchars($config['board_contact'], ENT_COMPAT) . '">' : '', |
| 234 | ($config['board_contact']) ? '</a>' : '' |
| 235 | ); |
| 236 | break; |
| 237 | |
| 238 | // Username, password, etc... |
| 239 | default: |
| 240 | $login_error = $user->lang[$result['error_msg']]; |
| 241 | |
| 242 | // Assign admin contact to some error messages |
| 243 | if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD') |
| 244 | { |
| 245 | $login_error = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact'], ENT_COMPAT) . '">', '</a>'); |
| 246 | } |
| 247 | |
| 248 | break; |
| 249 | } |
| 250 | } |
| 251 | |
| 252 | return $login_error; |
| 253 | } |
| 254 | |
| 255 | /** |
| 256 | * Performs a post login redirect |
| 257 | */ |
| 258 | protected function perform_redirect() |
| 259 | { |
| 260 | global $phpbb_root_path, $phpEx; |
| 261 | $url = append_sid($phpbb_root_path . 'index.' . $phpEx); |
| 262 | redirect($url); |
| 263 | } |
| 264 | } |