[ Index ] |
PHP Cross Reference of MyBB 1.8.38 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 // Disallow direct access to this file for security reasons 12 if(!defined("IN_MYBB")) 13 { 14 die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined."); 15 } 16 17 /** 18 * Login handling class, provides common structure to handle login events. 19 * 20 */ 21 class LoginDataHandler extends DataHandler 22 { 23 /** 24 * The language file used in the data handler. 25 * 26 * @var string 27 */ 28 public $language_file = 'datahandler_login'; 29 30 /** 31 * The prefix for the language variables used in the data handler. 32 * 33 * @var string 34 */ 35 public $language_prefix = 'logindata'; 36 37 /** 38 * Array of data used via login events. 39 * 40 * @var array 41 */ 42 public $login_data = array(); 43 44 /** 45 * @var bool 46 */ 47 public $captcha_verified = true; 48 49 /** 50 * @var bool|captcha 51 */ 52 private $captcha = false; 53 54 /** 55 * @var int 56 */ 57 public $username_method = null; 58 59 /** 60 * @param int $check_captcha 61 */ 62 function verify_attempts($check_captcha = 0) 63 { 64 global $db, $mybb; 65 66 $user = &$this->data; 67 68 if($check_captcha) 69 { 70 if(!isset($mybb->cookies['loginattempts'])) 71 { 72 $mybb->cookies['loginattempts'] = 0; 73 } 74 if($mybb->settings['failedcaptchalogincount'] > 0 && (isset($user['loginattempts']) && $user['loginattempts'] > $mybb->settings['failedcaptchalogincount'] || (int)$mybb->cookies['loginattempts'] > $mybb->settings['failedcaptchalogincount'])) 75 { 76 $this->captcha_verified = false; 77 $this->verify_captcha(); 78 } 79 } 80 } 81 82 /** 83 * @return bool 84 */ 85 function verify_captcha() 86 { 87 global $db, $mybb; 88 89 $user = &$this->data; 90 91 if($user['imagestring'] || $mybb->settings['captchaimage'] != 1) 92 { 93 // Check their current captcha input - if correct, hide the captcha input area 94 require_once MYBB_ROOT.'inc/class_captcha.php'; 95 $this->captcha = new captcha; 96 97 if($this->captcha->validate_captcha() == false) 98 { 99 // CAPTCHA validation failed 100 foreach($this->captcha->get_errors() as $error) 101 { 102 $this->set_error($error); 103 } 104 return false; 105 } 106 else 107 { 108 $this->captcha_verified = true; 109 return true; 110 } 111 } 112 else if($mybb->input['quick_login'] == 1 && $mybb->input['quick_password'] && $mybb->input['quick_username']) 113 { 114 $this->set_error('regimagerequired'); 115 return false; 116 } 117 else 118 { 119 $this->set_error('regimageinvalid'); 120 return false; 121 } 122 } 123 124 /** 125 * @return bool 126 */ 127 function verify_username() 128 { 129 $this->get_login_data(); 130 131 if(empty($this->login_data) || !$this->login_data['uid']) 132 { 133 $this->invalid_combination(); 134 return false; 135 } 136 137 return true; 138 } 139 140 /** 141 * @param bool $strict 142 * 143 * @return bool 144 */ 145 function verify_password($strict = true) 146 { 147 global $db, $mybb, $plugins; 148 149 $this->get_login_data(); 150 151 if(empty($this->login_data['username'])) 152 { 153 // Username must be validated to apply a password to 154 $this->invalid_combination(); 155 return false; 156 } 157 158 $args = array( 159 'this' => &$this, 160 'strict' => &$strict, 161 ); 162 163 $plugins->run_hooks('datahandler_login_verify_password_start', $args); 164 165 $user = &$this->data; 166 167 if(!$this->login_data['uid'] || $this->login_data['uid'] && !$this->login_data['salt'] && $strict == false) 168 { 169 $this->invalid_combination(); 170 } 171 172 if($strict == true) 173 { 174 if(!$this->login_data['loginkey']) 175 { 176 $this->login_data['loginkey'] = generate_loginkey(); 177 178 $sql_array = array( 179 "loginkey" => $this->login_data['loginkey'] 180 ); 181 182 $db->update_query("users", $sql_array, "uid = '{$this->login_data['uid']}'"); 183 } 184 } 185 186 $plugins->run_hooks('datahandler_login_verify_password_end', $args); 187 188 if(!verify_user_password($this->login_data, $user['password'])) 189 { 190 $this->invalid_combination(true); 191 return false; 192 } 193 194 return true; 195 } 196 197 /** 198 * @param bool $show_login_attempts 199 */ 200 function invalid_combination($show_login_attempts = false) 201 { 202 global $db, $lang, $mybb; 203 204 // Don't show an error when the captcha was wrong! 205 if(!$this->captcha_verified) 206 { 207 return; 208 } 209 210 $login_text = ''; 211 if($show_login_attempts) 212 { 213 if($mybb->settings['failedlogincount'] != 0 && $mybb->settings['failedlogintext'] == 1 && $this->login_data['uid'] != 0) 214 { 215 $logins = login_attempt_check($this->login_data['uid'], false) + 1; 216 $login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins); 217 } 218 } 219 220 switch($mybb->settings['username_method']) 221 { 222 case 1: 223 $this->set_error('invalidpwordusernameemail', $login_text); 224 break; 225 case 2: 226 $this->set_error('invalidpwordusernamecombo', $login_text); 227 break; 228 default: 229 $this->set_error('invalidpwordusername', $login_text); 230 break; 231 } 232 } 233 234 function get_login_data() 235 { 236 global $db, $settings; 237 238 $user = &$this->data; 239 240 $options = array( 241 'fields' => '*', 242 'username_method' => (int)$settings['username_method'] 243 ); 244 245 if($this->username_method !== null) 246 { 247 $options['username_method'] = (int)$this->username_method; 248 } 249 250 $this->login_data = get_user_by_username($user['username'], $options); 251 } 252 253 /** 254 * @return bool 255 */ 256 function validate_login() 257 { 258 global $plugins, $mybb; 259 260 $user = &$this->data; 261 262 $plugins->run_hooks('datahandler_login_validate_start', $this); 263 264 if(!defined('IN_ADMINCP')) 265 { 266 $this->verify_attempts($mybb->settings['captchaimage']); 267 } 268 269 if(array_key_exists('username', $user)) 270 { 271 $this->verify_username(); 272 } 273 274 if(array_key_exists('password', $user)) 275 { 276 $this->verify_password(); 277 } 278 279 $plugins->run_hooks('datahandler_login_validate_end', $this); 280 281 $this->set_validated(true); 282 if(count($this->get_errors()) > 0) 283 { 284 return false; 285 } 286 287 return true; 288 } 289 290 /** 291 * @return bool true 292 */ 293 function complete_login() 294 { 295 global $plugins, $db, $mybb, $session; 296 297 $user = &$this->login_data; 298 299 $plugins->run_hooks('datahandler_login_complete_start', $this); 300 301 // Login to MyBB 302 my_setcookie('loginattempts', 1); 303 my_setcookie("sid", $session->sid, -1, true); 304 305 $newsession = array( 306 "uid" => $user['uid'], 307 ); 308 309 $db->update_query("sessions", $newsession, "sid = '{$session->sid}'"); 310 $db->update_query("users", array("loginattempts" => 1), "uid = '{$user['uid']}'"); 311 312 $remember = null; 313 if(!isset($mybb->input['remember']) || $mybb->input['remember'] != "yes") 314 { 315 $remember = -1; 316 } 317 318 my_setcookie("mybbuser", $user['uid']."_".$user['loginkey'], $remember, true, "lax"); 319 320 if($this->captcha !== false) 321 { 322 $this->captcha->invalidate_captcha(); 323 } 324 325 $plugins->run_hooks('datahandler_login_complete_end', $this); 326 327 return true; 328 } 329 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup | Cross-referenced by PHPXref |