cathyjf/auth_showdown.php

## auth_showdown.php
<?php
/**
 * Pokemon Showdown auth plug-in for phpBB3
 *
 * See https://wiki.phpbb.com/Authentication_plugins
 *
 * @author Cathy J. Fitzpatrick <cathy@cathyjf.com>
 * @licence public domain
 */

if (!defined('IN_PHPBB')) {
	exit;
}

global $psconfig, $psdb, $users, $curuser; // Pokemon Showdown globals
require_once dirname(__FILE__) . '/../../../lib/ntbb-session.lib.php';

function init_showdown() {
	return false;
}

/**
 * Login function
 */
function login_showdown(&$username, &$password) {
	global $users, $curuser; // Pokemon Showdown globals
	global $db; // phpBB3 globals

	// standard error conditions
	if (!$password) {
		return array(
			'status'	=> LOGIN_ERROR_PASSWORD,
			'error_msg'	=> 'NO_PASSWORD_SUPPLIED',
			'user_row'	=> array('user_id' => ANONYMOUS),
		);
	} else if (!$username) {
		return array(
			'status'	=> LOGIN_ERROR_USERNAME,
			'error_msg'	=> 'LOGIN_ERROR_USERNAME',
			'user_row'	=> array('user_id' => ANONYMOUS),
		);
	}

	// phpBB3 runs htmlspecialchars on passwords for some reason
	$password = htmlspecialchars_decode($password);
	$users->login($username, $password, false, true);

	if (!$curuser['loggedin']) {
		// Wrong username or password.
		// Technically, this error code means that the password is wrong (as
		// opposed to the username), but that's precise enough.
		return array(
			'status'		=> LOGIN_ERROR_PASSWORD,
			'error_msg'		=> 'LOGIN_ERROR_PASSWORD',
			'user_row'		=> array('user_id' => ANONYMOUS),
		);
	}

	$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
		FROM ' . USERS_TABLE . "
		WHERE showdown_num = " . (int)$curuser['usernum'];
	$result = $db->sql_query($sql);
	$row = $db->sql_fetchrow($result);
	$db->sql_freeresult($result);

	if ($row) {
		if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) {
			return array(
				'status'		=> LOGIN_ERROR_ACTIVE,
				'error_msg'		=> 'ACTIVE_ERROR',
				'user_row'		=> $row,
			);
		}

		// successful login
		return array(
			'status'		=> LOGIN_SUCCESS,
			'error_msg'		=> false,
			'user_row'		=> $row,
		);
	}

	return array(
		'status'		=> LOGIN_SUCCESS_CREATE_PROFILE,
		'error_msg'		=> false,
		'user_row'		=> user_row_showdown(),
	);
}

/**
 * Autologin function
 */
function autologin_showdown() {
	global $curuser; // Pokemon Showdown globals
	global $db; // phpBB3 globals

	if (!$curuser['loggedin']) {
		return array();
	}

	$result = $db->sql_query(
		'SELECT * FROM ' . USERS_TABLE . ' ' .
		'WHERE showdown_num=' . (int)$curuser['usernum']
	);
	$row = $db->sql_fetchrow($result);
	$db->sql_freeresult($result);

	if ($row) {
		return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row;
	}

	if (!function_exists('user_add')) {
		global $phpbb_root_path, $phpEx;
		include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
	}

	user_add(user_row_showdown());

	$result = $db->sql_query(
		'SELECT * FROM ' . USERS_TABLE . ' ' .
		'WHERE showdown_num=' . (int)$curuser['usernum']
	);
	$row = $db->sql_fetchrow($result);
	$db->sql_freeresult($result);

	return $row ? $row : array();
}

function user_row_showdown() {
	global $users, $curuser; // Pokemon Showdown globals
	global $db, $config; // phpBB3 globals

	$sql = 'SELECT group_id
		FROM ' . GROUPS_TABLE . "
		WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
			AND group_type = " . GROUP_SPECIAL;
	$result = $db->sql_query($sql);
	$row = $db->sql_fetchrow($result);
	$db->sql_freeresult($result);

	if (!$row) {
		trigger_error('NO_GROUP');
	}

	return array(
		'username'		=> $curuser['username'],
		'showdown_num'	=> $curuser['usernum'],
		'user_email'	=> '',
		'group_id'		=> (int)$row['group_id'],
		'user_type'		=> USER_NORMAL,
		'user_ip'		=> $users->getIp(),
		'user_new'		=> ($config['new_member_post_limit']) ? 1 : 0,
	);
}

/**
* Log out
*/
function logout_showdown(&$user_row, $new_session) {
	global $users; // Pokemon Showdown globals

	$users->logout();
}

/**
* The session validation function checks whether the user is still logged in
*/
function validate_session_showdown(&$user) {
	global $curuser; // Pokemon Showdown globals

	if ($curuser['loggedin']) {
		return $curuser['usernum'] === $user['showdown_num'];
	}

	return ($user['user_type'] === USER_IGNORE);
}
	<?php
	/**
	* Pokemon Showdown auth plug-in for phpBB3
	*
	* See https://wiki.phpbb.com/Authentication_plugins
	*
	* @author Cathy J. Fitzpatrick <cathy@cathyjf.com>
	* @licence public domain
	*/

	if (!defined('IN_PHPBB')) {
	exit;
	}

	global $psconfig, $psdb, $users, $curuser; // Pokemon Showdown globals
	require_once dirname(__FILE__) . '/../../../lib/ntbb-session.lib.php';

	function init_showdown() {
	return false;
	}

	/**
	* Login function
	*/
	function login_showdown(&$username, &$password) {
	global $users, $curuser; // Pokemon Showdown globals
	global $db; // phpBB3 globals

	// standard error conditions
	if (!$password) {
	return array(
	'status' => LOGIN_ERROR_PASSWORD,
	'error_msg' => 'NO_PASSWORD_SUPPLIED',
	'user_row' => array('user_id' => ANONYMOUS),
	);
	} else if (!$username) {
	return array(
	'status' => LOGIN_ERROR_USERNAME,
	'error_msg' => 'LOGIN_ERROR_USERNAME',
	'user_row' => array('user_id' => ANONYMOUS),
	);
	}

	// phpBB3 runs htmlspecialchars on passwords for some reason
	$password = htmlspecialchars_decode($password);
	$users->login($username, $password, false, true);

	if (!$curuser['loggedin']) {
	// Wrong username or password.
	// Technically, this error code means that the password is wrong (as
	// opposed to the username), but that's precise enough.
	return array(
	'status' => LOGIN_ERROR_PASSWORD,
	'error_msg' => 'LOGIN_ERROR_PASSWORD',
	'user_row' => array('user_id' => ANONYMOUS),
	);
	}

	$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
	FROM ' . USERS_TABLE . "
	WHERE showdown_num = " . (int)$curuser['usernum'];
	$result = $db->sql_query($sql);
	$row = $db->sql_fetchrow($result);
	$db->sql_freeresult($result);

	if ($row) {
	if ($row['user_type'] == USER_INACTIVE \|\| $row['user_type'] == USER_IGNORE) {
	return array(
	'status' => LOGIN_ERROR_ACTIVE,
	'error_msg' => 'ACTIVE_ERROR',
	'user_row' => $row,
	);
	}

	// successful login
	return array(
	'status' => LOGIN_SUCCESS,
	'error_msg' => false,
	'user_row' => $row,
	);
	}

	return array(
	'status' => LOGIN_SUCCESS_CREATE_PROFILE,
	'error_msg' => false,
	'user_row' => user_row_showdown(),
	);
	}

	/**
	* Autologin function
	*/
	function autologin_showdown() {
	global $curuser; // Pokemon Showdown globals
	global $db; // phpBB3 globals

	if (!$curuser['loggedin']) {
	return array();
	}

	$result = $db->sql_query(
	'SELECT * FROM ' . USERS_TABLE . ' ' .
	'WHERE showdown_num=' . (int)$curuser['usernum']
	);
	$row = $db->sql_fetchrow($result);
	$db->sql_freeresult($result);

	if ($row) {
	return ($row['user_type'] == USER_INACTIVE \|\| $row['user_type'] == USER_IGNORE) ? array() : $row;
	}

	if (!function_exists('user_add')) {
	global $phpbb_root_path, $phpEx;
	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
	}

	user_add(user_row_showdown());

	$result = $db->sql_query(
	'SELECT * FROM ' . USERS_TABLE . ' ' .
	'WHERE showdown_num=' . (int)$curuser['usernum']
	);
	$row = $db->sql_fetchrow($result);
	$db->sql_freeresult($result);

	return $row ? $row : array();
	}

	function user_row_showdown() {
	global $users, $curuser; // Pokemon Showdown globals
	global $db, $config; // phpBB3 globals

	$sql = 'SELECT group_id
	FROM ' . GROUPS_TABLE . "
	WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
	AND group_type = " . GROUP_SPECIAL;
	$result = $db->sql_query($sql);
	$row = $db->sql_fetchrow($result);
	$db->sql_freeresult($result);

	if (!$row) {
	trigger_error('NO_GROUP');
	}

	return array(
	'username' => $curuser['username'],
	'showdown_num' => $curuser['usernum'],
	'user_email' => '',
	'group_id' => (int)$row['group_id'],
	'user_type' => USER_NORMAL,
	'user_ip' => $users->getIp(),
	'user_new' => ($config['new_member_post_limit']) ? 1 : 0,
	);
	}

	/**
	* Log out
	*/
	function logout_showdown(&$user_row, $new_session) {
	global $users; // Pokemon Showdown globals

	$users->logout();
	}

	/**
	* The session validation function checks whether the user is still logged in
	*/
	function validate_session_showdown(&$user) {
	global $curuser; // Pokemon Showdown globals

	if ($curuser['loggedin']) {
	return $curuser['usernum'] === $user['showdown_num'];
	}

	return ($user['user_type'] === USER_IGNORE);
	}