[ Index ]

PHP Cross Reference of MyBB 1.8.29

title

Body

[close]

/inc/datahandlers/ -> login.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  // Disallow direct access to this file for security reasons
  12  if(!defined("IN_MYBB"))
  13  {
  14      die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
  15  }
  16  
  17  /**
  18   * Login handling class, provides common structure to handle login events.
  19   *
  20   */
  21  class LoginDataHandler extends DataHandler
  22  {
  23      /**
  24       * The language file used in the data handler.
  25       *
  26       * @var string
  27       */
  28      public $language_file = 'datahandler_login';
  29  
  30      /**
  31       * The prefix for the language variables used in the data handler.
  32       *
  33       * @var string
  34       */
  35      public $language_prefix = 'logindata';
  36  
  37      /**
  38       * Array of data used via login events.
  39       *
  40       * @var array
  41       */
  42      public $login_data = array();
  43  
  44      /**
  45       * @var bool
  46       */
  47      public $captcha_verified = true;
  48  
  49      /**
  50       * @var bool|captcha
  51       */
  52      private $captcha = false;
  53  
  54      /**
  55       * @var int
  56       */
  57      public $username_method = null;
  58  
  59      /**
  60       * @param int $check_captcha
  61       */
  62  	function verify_attempts($check_captcha = 0)
  63      {
  64          global $db, $mybb;
  65  
  66          $user = &$this->data;
  67  
  68          if($check_captcha)
  69          {
  70              if(!isset($mybb->cookies['loginattempts']))
  71              {
  72                  $mybb->cookies['loginattempts'] = 0;
  73              }
  74              if($mybb->settings['failedcaptchalogincount'] > 0 && (isset($user['loginattempts']) && $user['loginattempts'] > $mybb->settings['failedcaptchalogincount'] || (int)$mybb->cookies['loginattempts'] > $mybb->settings['failedcaptchalogincount']))
  75              {
  76                  $this->captcha_verified = false;
  77                  $this->verify_captcha();
  78              }
  79          }
  80      }
  81  
  82      /**
  83       * @return bool
  84       */
  85  	function verify_captcha()
  86      {
  87          global $db, $mybb;
  88  
  89          $user = &$this->data;
  90  
  91          if($user['imagestring'] || $mybb->settings['captchaimage'] != 1)
  92          {
  93              // Check their current captcha input - if correct, hide the captcha input area
  94              require_once  MYBB_ROOT.'inc/class_captcha.php';
  95              $this->captcha = new captcha;
  96  
  97              if($this->captcha->validate_captcha() == false)
  98              {
  99                  // CAPTCHA validation failed
 100                  foreach($this->captcha->get_errors() as $error)
 101                  {
 102                      $this->set_error($error);
 103                  }
 104                  return false;
 105              }
 106              else
 107              {
 108                  $this->captcha_verified = true;
 109                  return true;
 110              }
 111          }
 112          else if($mybb->input['quick_login'] == 1 && $mybb->input['quick_password'] && $mybb->input['quick_username'])
 113          {
 114              $this->set_error('regimagerequired');
 115              return false;
 116          }
 117          else
 118          {
 119              $this->set_error('regimageinvalid');
 120              return false;
 121          }
 122      }
 123  
 124      /**
 125       * @return bool
 126       */
 127  	function verify_username()
 128      {
 129          $this->get_login_data();
 130  
 131          if(empty($this->login_data) || !$this->login_data['uid'])
 132          {
 133              $this->invalid_combination();
 134              return false;
 135          }
 136  
 137          return true;
 138      }
 139  
 140      /**
 141       * @param bool $strict
 142       *
 143       * @return bool
 144       */
 145  	function verify_password($strict = true)
 146      {
 147          global $db, $mybb, $plugins;
 148  
 149          $this->get_login_data();
 150  
 151          if(empty($this->login_data['username']))
 152          {
 153              // Username must be validated to apply a password to
 154              $this->invalid_combination();
 155              return false;
 156          }
 157  
 158          $args = array(
 159              'this' => &$this,
 160              'strict' => &$strict,
 161          );
 162  
 163          $plugins->run_hooks('datahandler_login_verify_password_start', $args);
 164  
 165          $user = &$this->data;
 166  
 167          if(!$this->login_data['uid'] || $this->login_data['uid'] && !$this->login_data['salt'] && $strict == false)
 168          {
 169              $this->invalid_combination();
 170          }
 171  
 172          if($strict == true)
 173          {
 174              if(!$this->login_data['salt'])
 175              {
 176                  // Generate a salt for this user and assume the password stored in db is a plain md5 password
 177                  $password_fields = create_password($this->login_data['password']);
 178                  $this->login_data = array_merge($this->login_data, $password_fields);
 179                  $db->update_query("users", $password_fields, "uid = '{$this->login_data['uid']}'");
 180              }
 181  
 182              if(!$this->login_data['loginkey'])
 183              {
 184                  $this->login_data['loginkey'] = generate_loginkey();
 185  
 186                  $sql_array = array(
 187                      "loginkey" => $this->login_data['loginkey']
 188                  );
 189  
 190                  $db->update_query("users", $sql_array, "uid = '{$this->login_data['uid']}'");
 191              }
 192          }
 193  
 194          $plugins->run_hooks('datahandler_login_verify_password_end', $args);
 195  
 196          if(!verify_user_password($this->login_data, $user['password']))
 197          {
 198              $this->invalid_combination(true);
 199              return false;
 200          }
 201  
 202          return true;
 203      }
 204  
 205      /**
 206       * @param bool $show_login_attempts
 207       */
 208  	function invalid_combination($show_login_attempts = false)
 209      {
 210          global $db, $lang, $mybb;
 211  
 212          // Don't show an error when the captcha was wrong!
 213          if(!$this->captcha_verified)
 214          {
 215              return;
 216          }
 217  
 218          $login_text = '';
 219          if($show_login_attempts)
 220          {
 221              if($mybb->settings['failedlogincount'] != 0 && $mybb->settings['failedlogintext'] == 1 && $this->login_data['uid'] != 0)
 222              {
 223                  $logins = login_attempt_check($this->login_data['uid'], false) + 1;
 224                  $login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);
 225              }
 226          }
 227  
 228          switch($mybb->settings['username_method'])
 229          {
 230              case 1:
 231                  $this->set_error('invalidpwordusernameemail', $login_text);
 232                  break;
 233              case 2:
 234                  $this->set_error('invalidpwordusernamecombo', $login_text);
 235                  break;
 236              default:
 237                  $this->set_error('invalidpwordusername', $login_text);
 238                  break;
 239          }
 240      }
 241  
 242  	function get_login_data()
 243      {
 244          global $db, $settings;
 245  
 246          $user = &$this->data;
 247  
 248          $options = array(
 249              'fields' => '*',
 250              'username_method' => (int)$settings['username_method']
 251          );
 252  
 253          if($this->username_method !== null)
 254          {
 255              $options['username_method'] = (int)$this->username_method;
 256          }
 257  
 258          $this->login_data = get_user_by_username($user['username'], $options);
 259      }
 260  
 261      /**
 262       * @return bool
 263       */
 264  	function validate_login()
 265      {
 266          global $plugins, $mybb;
 267  
 268          $user = &$this->data;
 269  
 270          $plugins->run_hooks('datahandler_login_validate_start', $this);
 271  
 272          if(!defined('IN_ADMINCP'))
 273          {
 274              $this->verify_attempts($mybb->settings['captchaimage']);
 275          }
 276  
 277          if(array_key_exists('username', $user))
 278          {
 279              $this->verify_username();
 280          }
 281  
 282          if(array_key_exists('password', $user))
 283          {
 284              $this->verify_password();
 285          }
 286  
 287          $plugins->run_hooks('datahandler_login_validate_end', $this);
 288  
 289          $this->set_validated(true);
 290          if(count($this->get_errors()) > 0)
 291          {
 292              return false;
 293          }
 294  
 295          return true;
 296      }
 297  
 298      /**
 299       * @return bool true
 300       */
 301  	function complete_login()
 302      {
 303          global $plugins, $db, $mybb, $session;
 304  
 305          $user = &$this->login_data;
 306  
 307          $plugins->run_hooks('datahandler_login_complete_start', $this);
 308  
 309          // Login to MyBB
 310          my_setcookie('loginattempts', 1);
 311          my_setcookie("sid", $session->sid, -1, true);
 312  
 313          $newsession = array(
 314              "uid" => $user['uid'],
 315          );
 316  
 317          $db->update_query("sessions", $newsession, "sid = '{$session->sid}'");
 318          $db->update_query("users", array("loginattempts" => 1), "uid = '{$user['uid']}'");
 319  
 320          $remember = null;
 321          if(!isset($mybb->input['remember']) || $mybb->input['remember'] != "yes")
 322          {
 323              $remember = -1;
 324          }
 325  
 326          my_setcookie("mybbuser", $user['uid']."_".$user['loginkey'], $remember, true, "lax");
 327  
 328          if($this->captcha !== false)
 329          {
 330              $this->captcha->invalidate_captcha();
 331          }
 332  
 333          $plugins->run_hooks('datahandler_login_complete_end', $this);
 334  
 335          return true;
 336      }
 337  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref