mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-25 17:01:43 +02:00
Code Issues Releases Wiki Activity

Bugtracker #3290

Browse Source
This commit is contained in:
mcfly
2007-01-12 02:49:56 +00:00
parent 2b265536fc
commit 1bbfab82ca
2 changed files with 84 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

150
e107_handlers/login.php
View File

@@ -12,19 +12,15 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/e107_handlers/login.php,v $ | $Source: /cvs_backup/e107_0.8/e107_handlers/login.php,v $
| $Revision: 1.2 $ | $Revision: 1.3 $
| $Date: 2006-12-31 14:46:30 $ | $Date: 2007-01-12 02:49:56 $
| $Author: e107coders $ | $Author: mcfly_e107 $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
if (!defined('e107_INIT')) { exit; } if (!defined('e107_INIT')) { exit; }
if(is_readable(e_LANGUAGEDIR.e_LANGUAGE."/lan_login.php")){ include_lan(e_LANGUAGEDIR.e_LANGUAGE."/lan_login.php");
@include_once(e_LANGUAGEDIR.e_LANGUAGE."/lan_login.php");
}else{
@include_once(e_LANGUAGEDIR."English/lan_login.php");
}
class userlogin { class userlogin {
function userlogin($username, $userpass, $autologin) { function userlogin($username, $userpass, $autologin) {
@@ -38,6 +34,14 @@ class userlogin {
*/ */
global $pref, $e_event, $sql, $e107, $tp; global $pref, $e_event, $sql, $e107, $tp;
$username = trim($username);
$userpass = trim($userpass);
if($username == "" || $userpass == "")
{
define("LOGINMESSAGE", LAN_27."<br /><br />");
return FALSE;
}
if(!is_object($sql)){ if(!is_object($sql)){
$sql = new db; $sql = new db;
} }
@@ -65,83 +69,77 @@ class userlogin {
return FALSE; return FALSE;
} }
} }
if ($username != "" && $userpass != "") { $username = preg_replace("/\sOR\s|\=|\#/", "", $username);
$username = preg_replace("/\sOR\s|\=|\#/", "", $username); $username = substr($username, 0, 30);
$ouserpass = $userpass; $ouserpass = $userpass;
$userpass = md5($ouserpass); $userpass = md5($ouserpass);
$username = substr($username, 0, 30); // This is only required for upgrades and only for those not using utf-8 to begin with..
if(isset($pref['utf-compatmode']) && (CHARSET == "utf-8" || CHARSET == "UTF-8")){
$username = utf8_decode($username);
$userpass = md5(utf8_decode($ouserpass));
}
// This is only required for upgrades and only for those not using utf-8 to begin with.. if (!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."'")) {
if(isset($pref['utf-compatmode']) && (CHARSET == "utf-8" || CHARSET == "UTF-8")){ define("LOGINMESSAGE", LAN_300."<br /><br />");
$username = utf8_decode($username); $sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '{$fip}', 0, '".LAN_LOGIN_14." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username)."'");
$userpass = md5(utf8_decode($ouserpass)); $this -> checkibr($fip);
} return FALSE;
}
if (!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."'")) { else if(!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."' AND user_password = '{$userpass}'")) {
define("LOGINMESSAGE", LAN_300."<br /><br />"); define("LOGINMESSAGE", LAN_300."<br /><br />");
$sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '{$fip}', 0, '".LAN_LOGIN_14." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username)."'"); return FALSE;
}
else if(!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."' AND user_password = '{$userpass}' AND user_ban!=2 ")) {
define("LOGINMESSAGE", LAN_302."<br /><br />");
$sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '{$fip}', 0, '".LAN_LOGIN_15." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username)."'");
$this -> checkibr($fip); $this -> checkibr($fip);
return FALSE; return FALSE;
} } else {
else if(!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."' AND user_password = '{$userpass}'")) { $ret = $e_event->trigger("preuserlogin", $username);
define("LOGINMESSAGE", LAN_300."<br /><br />"); if ($ret!='') {
return FALSE; define("LOGINMESSAGE", $ret."<br /><br />");
}
else if(!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."' AND user_password = '{$userpass}' AND user_ban!=2 ")) {
define("LOGINMESSAGE", LAN_302."<br /><br />");
$sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '{$fip}', 0, '".LAN_LOGIN_15." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username)."'");
$this -> checkibr($fip);
return FALSE; return FALSE;
} else { } else {
$ret = $e_event->trigger("preuserlogin", $username); $lode = $sql -> db_Fetch();
if ($ret!='') { $user_id = $lode['user_id'];
define("LOGINMESSAGE", $ret."<br /><br />"); $user_name = $lode['user_name'];
return FALSE; $user_xup = $lode['user_xup'];
} else {
$lode = $sql -> db_Fetch();
$user_id = $lode['user_id'];
$user_name = $lode['user_name'];
$user_xup = $lode['user_xup'];
/* restrict more than one person logging in using same us/pw */ /* restrict more than one person logging in using same us/pw */
if($pref['disallowMultiLogin']) { if($pref['disallowMultiLogin']) {
if($sql -> db_Select("online", "online_ip", "online_user_id='".$user_id.".".$user_name."'")) { if($sql -> db_Select("online", "online_ip", "online_user_id='".$user_id.".".$user_name."'")) {
define("LOGINMESSAGE", LAN_304."<br /><br />"); define("LOGINMESSAGE", LAN_304."<br /><br />");
$sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '$fip', '$user_id', '".LAN_LOGIN_16." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' "); $sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '$fip', '$user_id', '".LAN_LOGIN_16." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
$this -> checkibr($fip); $this -> checkibr($fip);
return FALSE; return FALSE;
}
}
$cookieval = $user_id.".".md5($userpass);
if($user_xup) {
$this->update_xup($user_id, $user_xup);
}
if ($pref['user_tracking'] == "session") {
$_SESSION[$pref['cookie_name']] = $cookieval;
} else {
if ($autologin == 1) {
cookie($pref['cookie_name'], $cookieval, (time() + 3600 * 24 * 30));
} else {
cookie($pref['cookie_name'], $cookieval);
}
}
$edata_li = array("user_id" => $user_id, "user_name" => $username);
$e_event->trigger("login", $edata_li);
$redir = (e_QUERY ? e_SELF."?".e_QUERY : e_SELF);
if (strstr($_SERVER['SERVER_SOFTWARE'], "Apache")) {
header("Location: ".$redir);
exit;
} else {
echo "<script type='text/javascript'>document.location.href='{$redir}'</script>\n";
} }
} }
$cookieval = $user_id.".".md5($userpass);
if($user_xup) {
$this->update_xup($user_id, $user_xup);
}
if ($pref['user_tracking'] == "session") {
$_SESSION[$pref['cookie_name']] = $cookieval;
} else {
if ($autologin == 1) {
cookie($pref['cookie_name'], $cookieval, (time() + 3600 * 24 * 30));
} else {
cookie($pref['cookie_name'], $cookieval);
}
}
$edata_li = array("user_id" => $user_id, "user_name" => $username);
$e_event->trigger("login", $edata_li);
$redir = (e_QUERY ? e_SELF."?".e_QUERY : e_SELF);
if (strstr($_SERVER['SERVER_SOFTWARE'], "Apache")) {
header("Location: ".$redir);
exit;
} else {
echo "<script type='text/javascript'>document.location.href='{$redir}'</script>\n";
}
} }
} else {
define("LOGINMESSAGE", LAN_27."<br /><br />");
return FALSE;
} }
} }

13
e107_plugins/alt_auth/alt_auth_login_class.php
View File

@@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/alt_auth_login_class.php,v $ | $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/alt_auth_login_class.php,v $
| $Revision: 1.1.1.1 $ | $Revision: 1.2 $
| $Date: 2006-12-02 04:34:43 $ | $Date: 2007-01-12 02:49:56 $
| $Author: mcfly_e107 $ | $Author: mcfly_e107 $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
@@ -39,7 +39,14 @@ class alt_login
if($login_result === AUTH_SUCCESS ) if($login_result === AUTH_SUCCESS )
{ {
$sql = new db; $sql = new db;
if(!$sql -> db_Select("user","*","user_loginname='{$username}' ")) if (MAGIC_QUOTES_GPC == FALSE)
{
$username = mysql_real_escape_string($username);
}
$username = preg_replace("/\sOR\s|\=|\#/", "", $username);
$username = substr($username, 0, 30);
if(!$sql -> db_Select("user", "user_id", "user_loginname='{$username}' "))
{ {
// User not found in e107 database - add it now. // User not found in e107 database - add it now.
$qry = "INSERT INTO #user (user_id, user_loginname, user_name, user_join) VALUES ('0','{$username}','{$username}',".time().")"; $qry = "INSERT INTO #user (user_id, user_loginname, user_name, user_join) VALUES ('0','{$username}','{$username}',".time().")";