Mercurial > prosody-modules
comparison mod_auth_phpbb3/mod_auth_phpbb3.lua @ 665:684cc57a49c1
mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
author | Waqas Hussain <waqas20@gmail.com> |
---|---|
date | Wed, 16 May 2012 17:34:47 +0500 |
parents | f19f723571d9 |
children | 881ec9919144 |
comparison
equal
deleted
inserted
replaced
664:2f11d2473afd | 665:684cc57a49c1 |
---|---|
82 local function get_password(username) | 82 local function get_password(username) |
83 local stmt, err = getsql("SELECT `user_password` FROM `phpbb_users` WHERE `username_clean`=?", username); | 83 local stmt, err = getsql("SELECT `user_password` FROM `phpbb_users` WHERE `username_clean`=?", username); |
84 if stmt then | 84 if stmt then |
85 for row in stmt:rows(true) do | 85 for row in stmt:rows(true) do |
86 return row.user_password; | 86 return row.user_password; |
87 end | |
88 end | |
89 end | |
90 local function check_sessionids(username, session_id) | |
91 -- TODO add session expiration and auto-login check | |
92 local stmt, err = getsql("SELECT phpbb_sessions.session_id FROM phpbb_sessions INNER JOIN phpbb_users ON phpbb_users.user_id = phpbb_sessions.session_user_id WHERE phpbb_users.username_clean =?", username); | |
93 if stmt then | |
94 for row in stmt:rows(true) do | |
95 -- if row.session_id == session_id then return true; end | |
96 | |
97 -- workaround for possible LuaDBI bug | |
98 -- The session_id returned by the sql statement has an additional zero at the end. But that is not in the database. | |
99 if row.session_id == session_id or row.session_id == session_id.."0" then return true; end | |
87 end | 100 end |
88 end | 101 end |
89 end | 102 end |
90 | 103 |
91 | 104 |
237 local prepped = nodeprep(authentication); | 250 local prepped = nodeprep(authentication); |
238 local normalized = jid_unescape(prepped); | 251 local normalized = jid_unescape(prepped); |
239 return normalized and provider.test_password(normalized, password) and prepped; | 252 return normalized and provider.test_password(normalized, password) and prepped; |
240 end | 253 end |
241 local username = test(authentication) or test(jid_escape(authentication)); | 254 local username = test(authentication) or test(jid_escape(authentication)); |
255 if not username and params.sessionid_as_password then | |
256 local function test(authentication) | |
257 local prepped = nodeprep(authentication); | |
258 local normalized = jid_unescape(prepped); | |
259 return normalized and check_sessionids(normalized, password) and prepped; | |
260 end | |
261 username = test(authentication) or test(jid_escape(authentication)); | |
262 end | |
242 if username then | 263 if username then |
243 self.username = username; | 264 self.username = username; |
244 return "success"; | 265 return "success"; |
245 end | 266 end |
246 return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent."; | 267 return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent."; |