# HG changeset patch # User Waqas Hussain # Date 1337171687 -18000 # Node ID 684cc57a49c11ccaa0cb0a119f551e838bc40194 # Parent 2f11d2473afd053672e22d4cd086cbfe0be7bed0 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ). diff -r 2f11d2473afd -r 684cc57a49c1 mod_auth_phpbb3/mod_auth_phpbb3.lua --- a/mod_auth_phpbb3/mod_auth_phpbb3.lua Sun May 06 23:27:28 2012 +0200 +++ b/mod_auth_phpbb3/mod_auth_phpbb3.lua Wed May 16 17:34:47 2012 +0500 @@ -87,6 +87,19 @@ end end end +local function check_sessionids(username, session_id) + -- TODO add session expiration and auto-login check + local stmt, err = getsql("SELECT phpbb_sessions.session_id FROM phpbb_sessions INNER JOIN phpbb_users ON phpbb_users.user_id = phpbb_sessions.session_user_id WHERE phpbb_users.username_clean =?", username); + if stmt then + for row in stmt:rows(true) do + -- if row.session_id == session_id then return true; end + + -- workaround for possible LuaDBI bug + -- The session_id returned by the sql statement has an additional zero at the end. But that is not in the database. + if row.session_id == session_id or row.session_id == session_id.."0" then return true; end + end + end +end local itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; @@ -239,6 +252,14 @@ return normalized and provider.test_password(normalized, password) and prepped; end local username = test(authentication) or test(jid_escape(authentication)); + if not username and params.sessionid_as_password then + local function test(authentication) + local prepped = nodeprep(authentication); + local normalized = jid_unescape(prepped); + return normalized and check_sessionids(normalized, password) and prepped; + end + username = test(authentication) or test(jid_escape(authentication)); + end if username then self.username = username; return "success";