3.0.5 - 3.0.8 auth_db.php

Support for upgrading any version of your phpBB3 installation
Forum rules
READ: StarTrekGuide.com Board Rules

Support for upgrading any version of phpBB3 to the most recent version.

3.0.5 - 3.0.8 auth_db.php

Postby Sir Glen » 22 Mar 2011, 23:41

So I know this is a big version jump, but I didn't expect any problems. I've done a lot of updates on other forums without any trouble so I'm not sure what's going on here. I'm getting an unexpected $end syntax error on line 290 (the very last line). I can't figure this out for anything. The code is below, if somebody was willing to help me out I would REALLY appreciate it. :D

Code: Select all
<?php
/**
* Database auth plug-in for phpBB3
*
* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
*
* This is for authentication via the integrated user table
*
* @package login
* @version $Id: auth_db.php 9312 2009-02-06 14:51:26Z Kellanved $
* @copyright (c) 2005 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/

/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
   exit;
}

/**
* Login function
*/
function login_db(&$username, &$password)
{
   global $db, $config;
   
    //-- mod : log connections --------------------------------------------------------
    //-- add
   global $user;
    //-- end : log connections --------------------------------------------------------

   // do not allow empty password
   if (!$password)
   {
        //-- mod : log connections --------------------------------------------------------
        //-- add
      if (!$user->data['is_registered'])
      {
         add_log('connections', ANONYMOUS, 'LOG_AUTH_FAIL_NO_PASSWORD', $username);
      }
        //-- end : log connections --------------------------------------------------------


      return array(
         'status'   => LOGIN_ERROR_PASSWORD,
         'error_msg'   => 'NO_PASSWORD_SUPPLIED',
         'user_row'   => array('user_id' => ANONYMOUS),
      );
   }

   if (!$username)
   {

        //-- mod : log connections --------------------------------------------------------
        //-- add
      if (!$user->data['is_registered'])
      {
         add_log('connections', ANONYMOUS, 'LOG_AUTH_FAIL_UNKNOWN', $username);
      }
        //-- end : log connections --------------------------------------------------------

      return array(
         'status'   => LOGIN_ERROR_USERNAME,
         'error_msg'   => 'LOGIN_ERROR_USERNAME',
         'user_row'   => array('user_id' => ANONYMOUS),
      );
   }

   $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
      FROM ' . USERS_TABLE . "
      WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
   $result = $db->sql_query($sql);
   $row = $db->sql_fetchrow($result);
   $db->sql_freeresult($result);

   if (!$row)
   {

        //-- mod : log connections --------------------------------------------------------
        //-- add
      if (!$user->data['is_registered'])
      {
         add_log('connections', ANONYMOUS, 'LOG_AUTH_FAIL_UNKNOWN', $username);
      }
        //-- end : log connections --------------------------------------------------------

      return array(
         'status'   => LOGIN_ERROR_USERNAME,
         'error_msg'   => 'LOGIN_ERROR_USERNAME',
         'user_row'   => array('user_id' => ANONYMOUS),
      );
   }
   $show_captcha = $config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts'];

   // If there are too much login attempts, we need to check for an confirm image
   // Every auth module is able to define what to do by itself...
   if ($show_captcha)
   {
      // Visual Confirmation handling
      if (!class_exists('phpbb_captcha_factory'))
      {
            //-- mod : log connections --------------------------------------------------------
            //-- add
         if (!$user->data['is_registered'])
         {
            add_log('connections', $row['user_id'], 'LOG_AUTH_FAIL');
         }
            //-- end : log connections --------------------------------------------------------
         global $phpbb_root_path, $phpEx;
         include ($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);
      }

      $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
      $captcha->init(CONFIRM_LOGIN);
      $vc_response = $captcha->validate($row);
      if ($vc_response)
            {

                    //-- mod : log connections --------------------------------------------------------
                    //-- add
               if (!$user->data['is_registered'])
               {
                  add_log('connections', $row['user_id'], 'LOG_AUTH_FAIL_CONFIRM');
               }
                    //-- end : log connections --------------------------------------------------------

               return array(
                  'status'      => LOGIN_ERROR_ATTEMPTS,
            'error_msg'      => 'LOGIN_ERROR_ATTEMPTS',
                  'user_row'      => $row,
               );
         }
         else
         {

                //-- mod : log connections --------------------------------------------------------
                //-- add
            if (!$user->data['is_registered'])
                {
                        add_log('connections', $row['user_id'], 'LOG_AUTH_FAIL_CONFIRM');
                //-- end : log connections --------------------------------------------------------
                //-- end : log connections --------------------------------------------------------
         $captcha->reset();
      }
   }

   // If the password convert flag is set we need to convert it
   if ($row['user_pass_convert'])
   {
      // in phpBB2 passwords were used exactly as they were sent, with addslashes applied
      $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
      $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
      $password_new_format = '';

      set_var($password_new_format, stripslashes($password_old_format), 'string');

      if ($password == $password_new_format)
      {
         if (!function_exists('utf8_to_cp1252'))
         {
            global $phpbb_root_path, $phpEx;
            include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx);
         }

         // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
         // plain md5 support left in for conversions from other systems.
         if ((strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password'])))
            || (strlen($row['user_password']) == 32  && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])))
         {
            $hash = phpbb_hash($password_new_format);

            // Update the password in the users table to the new format and remove user_pass_convert flag
            $sql = 'UPDATE ' . USERS_TABLE . '
               SET user_password = \'' . $db->sql_escape($hash) . '\',
                  user_pass_convert = 0
               WHERE user_id = ' . $row['user_id'];
            $db->sql_query($sql);

            $row['user_pass_convert'] = 0;
            $row['user_password'] = $hash;
         }
         else
         {
            // Although we weren't able to convert this password we have to
            // increase login attempt count to make sure this cannot be exploited
            $sql = 'UPDATE ' . USERS_TABLE . '
               SET user_login_attempts = user_login_attempts + 1
               WHERE user_id = ' . (int) $row['user_id'] . '
                  AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
            $db->sql_query($sql);


                //-- mod : log connections --------------------------------------------------------
                //-- add
            if (!$user->data['is_registered'])
            {
               add_log('connections', $row['user_id'], 'LOG_AUTH_FAIL_CONVERT');
            }
                //-- end : log connections --------------------------------------------------------


            return array(
               'status'      => LOGIN_ERROR_PASSWORD_CONVERT,
               'error_msg'      => 'LOGIN_ERROR_PASSWORD_CONVERT',
               'user_row'      => $row,
            );
         }
      }
   }

   // Check password ...
   if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password']))
   {
      // Check for old password hash...
      if (strlen($row['user_password']) == 32)
      {
         $hash = phpbb_hash($password);

         // Update the password in the users table to the new format
         $sql = 'UPDATE ' . USERS_TABLE . "
            SET user_password = '" . $db->sql_escape($hash) . "',
               user_pass_convert = 0
            WHERE user_id = {$row['user_id']}";
         $db->sql_query($sql);

         $row['user_password'] = $hash;
      }

      if ($row['user_login_attempts'] != 0)
      {
         // Successful, reset login attempts (the user passed all stages)
         $sql = 'UPDATE ' . USERS_TABLE . '
            SET user_login_attempts = 0
            WHERE user_id = ' . $row['user_id'];
         $db->sql_query($sql);
      }

      // User inactive...
      if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
      {
            //-- mod : log connections --------------------------------------------------------
            //-- add
         add_log('connections', $row['user_id'], 'LOG_AUTH_FAIL_INACTIVE');
            //-- end : log connections --------------------------------------------------------
         
         return array(
            'status'      => LOGIN_ERROR_ACTIVE,
            'error_msg'      => 'ACTIVE_ERROR',
            'user_row'      => $row,
         );
      }

      // Successful login... set user_login_attempts to zero...
      return array(
         'status'      => LOGIN_SUCCESS,
         'error_msg'      => false,
         'user_row'      => $row,
      );
   }

   // Password incorrect - increase login attempts
   
    //-- mod : log connections --------------------------------------------------------
    //-- add
   if (!$user->data['is_registered'])
   {
      add_log('connections', $row['user_id'], 'LOG_AUTH_FAIL');
   }
    //-- end : log connections --------------------------------------------------------


   $sql = 'UPDATE ' . USERS_TABLE . '
      SET user_login_attempts = user_login_attempts + 1
      WHERE user_id = ' . (int) $row['user_id'] . '
         AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
   $db->sql_query($sql);

   // Give status about wrong password...
   return array(
      'status'      => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD,
      'error_msg'      => ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD',
      'user_row'      => $row,
   );
}

?>


THANKS!
Sir Glen
Supporter
Supporter
 
Posts: 235
Joined: 21 Jun 2008, 20:19
Gender: Male
phpBB Knowledge: 2


Re: 3.0.5 - 3.0.8 auth_db.php

Postby Obsidian » 23 Mar 2011, 00:40

Pastebin it on something like github's gist, or an actual pastebin.

Something with syntax highlighting...makes it easier to figure these things out.
うるさいうるさいうるさい!

StopForumSpam Spam Reporting Database
Giving xrumer and friends a great big "screw you" since 2007.
User avatar
Obsidian    
Supporter
Supporter
 
Posts: 2250
Joined: 04 Mar 2008, 23:35
Gender: Male
phpBB Knowledge: 10

Re: 3.0.5 - 3.0.8 auth_db.php

Postby topdown » 23 Mar 2011, 01:19

Code: Select all
                 $captcha->reset();
            }
           }
 


Cleaning up the syntax a bit, it looks like line 150 is missing a closure }
Do not PM me for Support unless I give permission in a post......PM's only help one, posts help everyone !
User avatar
topdown    
STG Styles Leader
STG Styles Leader
 
Posts: 3030
Joined: 01 Oct 2007, 22:56
Location: Handyman's harddrive
Favorite Team: STG Teams
Gender: Male
phpBB Knowledge: 9

Re: 3.0.5 - 3.0.8 auth_db.php

Postby Sir Glen » 23 Mar 2011, 10:08

Top Down; awesome as always! That was exactly it. Thanks!

Obsidian; good call on the syntax highlighting. Nextime I'll make sure to do that. :)

That issue is down, but there are some other problems showing up here and there and I'm starting to suspect that there is something seriously wrong with the site. I'm doing this as a favor to a friend so I don't have any prior experience with this particular forum. Hopefully it won't be a problem, I guess we'll see. One issue down, who knows how many to go...
Sir Glen
Supporter
Supporter
 
Posts: 235
Joined: 21 Jun 2008, 20:19
Gender: Male
phpBB Knowledge: 2


Return to phpBB3 upgrade support

Who is online

Users browsing this forum: No registered users and 3 guests