verify_code($_POST['rand_num'], $_POST['code_verify'])) { echo "\n"; header("location: ../index.php"); exit; } } require_once(e_HANDLER.'user_handler.php'); $row = $authresult = $obj->authcheck($_POST['authname'], $_POST['authpass'], varset($_POST['hashchallenge'],'')); if ($row[0] == "authfail") { $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",LAN_ROLL_LOG_11,"U: ".$tp->toDB($_POST['authname']),FALSE,LOG_TO_ROLLING); echo "\n"; header("location: ../index.php"); exit; } else { $cookieval = $row['user_id'].".".md5($row['user_password']); // $sql->db_Select("user", "*", "user_name='".$tp -> toDB($_POST['authname'])."'"); // list($user_id, $user_name, $userpass) = $sql->db_Fetch(); // Calculate class membership - needed for a couple of things // Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point $class_list = explode(',',$row['user_class']); if ($row['user_admin'] && strlen($row['user_perms'])) { $class_list[] = e_UC_ADMIN; if (strpos($row['user_perms'],'0') === 0) { $class_list[] = e_UC_MAINADMIN; } } $class_list[] = e_UC_MEMBER; $class_list[] = e_UC_PUBLIC; $user_logging_opts = array_flip(explode(',',varset($pref['user_audit_opts'],''))); if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'],''),$class_list)) { // Need to note in user audit trail $admin_log->user_audit(USER_AUDIT_LOGIN,'', $user_id,$user_name); } $edata_li = array("user_id" => $row['user_id'], "user_name" => $row['user_name'], 'class_list' => implode(',',$class_list)); $e_event->trigger("login", $edata_li); if ($pref['user_tracking'] == "session") { $_SESSION[$pref['cookie_name']] = $cookieval; } else { cookie($pref['cookie_name'], $cookieval, (time()+3600 * 24 * 30)); } echo "\n"; } } $e_sub_cat = 'logout'; if(!defset('NO_HEADER')) require_once(e_ADMIN."header.php"); if (ADMIN == FALSE) { $obj = new auth; $obj->authform(); if(!defset('NO_HEADER')) require_once(e_ADMIN."footer.php"); exit; } } //------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------// class auth { function authform() { /* # Admin auth login # # - parameters none # - return null # - scope public */ global $use_imagecode, $sec_img,$imode, $pref; $text = "
\n" : "\n" )." ".ADLAN_89." \n ".ADLAN_90." \n"; if (isset($_SESSION['challenge']) && varset($pref['password_CHAP'],0)) $text .= "\n\n"; $text .= " "; if ($use_imagecode) { $text .= " ".ADLAN_152." ". $sec_img->r_image(). "
"; } $text .= "
"; $au = new e107table; $au->tablerender(ADLAN_92, $text); } function authcheck($authname, $authpass, $authresponse = '') { /* # Admin auth check # - parameter #1: string $authname, entered name # - parameter #2: string $authpass, entered pass # - return boolean if fail, else result array # - scope public */ global $tp, $pref; $sql_auth = new db; $reason = ''; $user_info = new UserHandler; $authname = $tp -> toDB(preg_replace("/\sOR\s|\=|\#/", "", trim($authname))); $authpass = trim($authpass); if (($authpass == '') || ($authname == '')) $reason = 'np'; if (strlen($authname) > varset($pref['loginname_maxlength'],30)) $reason = 'lu'; if (!$reason) { if ($sql_auth->db_Select("user", "*", "user_loginname='{$authname}' AND user_admin='1' ")) { $row = $sql_auth->db_Fetch(); } elseif ($sql_auth->db_Select("user", "*", "user_name='{$authname}' AND user_admin='1' ")) { $row = $sql_auth->db_Fetch(); $authname = $row['user_loginname']; } else { $reason = 'iu'; } } if (!$reason && ($row['user_id'])) { // Can validate password if (($authresponse && isset($_SESSION['challenge'])) && ($authresponse != $_SESSION['challenge'])) { // Verify using CHAP (can't handle login by email address - only loginname - although with this code it does still work if the password is stored unsalted) if (($pass_result = $user_info->CheckCHAP($_SESSION['challenge'], $authresponse, $authname, $row['user_password'])) !== PASSWORD_INVALID) { return $$row; } } else { // Plaintext password if (($pass_result = $user_info->CheckPassword($authpass, $authname,$row['user_password'])) !== PASSWORD_INVALID) { return $row; } } } return array("authfail", "reason" => $reason); } } //------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------// ?>