verify_code($_POST['rand_num'], $_POST['code_verify'])) { echo "\n"; header("location: ../index.php"); exit; } } // require_once (e_HANDLER.'user_handler.php'); $row = $authresult = $obj->authcheck($_POST['authname'], $_POST['authpass'], varset($_POST['hashchallenge'], '')); if ($row[0] == "authfail") { $admin_log->e_log_event(4, __FILE__."|".__FUNCTION__."@".__LINE__, "LOGIN", LAN_ROLL_LOG_11, "U: ".$tp->toDB($_POST['authname']), FALSE, LOG_TO_ROLLING); echo "\n"; // header("location: ../index.php"); e107::getRedirect()->redirect('../index.php'); exit; } else { $cookieval = $row['user_id'].".".md5($row['user_password']); // $sql->db_Select("user", "*", "user_name='".$tp -> toDB($_POST['authname'])."'"); // list($user_id, $user_name, $userpass) = $sql->db_Fetch(); // Calculate class membership - needed for a couple of things // Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point $class_list = explode(',', $row['user_class']); if ($row['user_admin'] && strlen($row['user_perms'])) { $class_list[] = e_UC_ADMIN; if (strpos($row['user_perms'], '0') === 0) { $class_list[] = e_UC_MAINADMIN; } } $class_list[] = e_UC_MEMBER; $class_list[] = e_UC_PUBLIC; $user_logging_opts = array_flip(explode(',', varset($pref['user_audit_opts'], ''))); if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'], ''), $class_list)) { // Need to note in user audit trail e107::getAdminLog()->user_audit(USER_AUDIT_LOGIN, '', $user_id, $user_name); } $edata_li = array("user_id"=>$row['user_id'], "user_name"=>$row['user_name'], 'class_list'=>implode(',', $class_list)); e107::getEvent()->trigger("login", $edata_li); session_set(e_COOKIE, $cookieval, (time() + 3600 * 24 * 30)); echo "\n"; } } $e_sub_cat = 'logout'; if (!defset('NO_HEADER')) require_once (e_ADMIN."header.php"); if (ADMIN == FALSE) { $obj = new auth; $obj->authform(); if (!defset('NO_HEADER')) require_once (e_ADMIN."footer.php"); exit; } } //------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------// class auth { /** * Admin auth login * @return null */ public function authform() //TODO Template { global $use_imagecode,$sec_img,$pref; $frm = e107::getForm(); $incChap = (vartrue($pref['password_CHAP'], 0)) ? " onsubmit='hashLoginPassword(this)'" : ""; $text = "
\n"; if ($use_imagecode) { $text .= " "; } $text .= "
".(file_exists(THEME."images/password.png") ? "\n" : "\n")." ".ADLAN_89." \n
".ADLAN_90." \n"; if (isset($_SESSION['challenge']) && varset($pref['password_CHAP'], 0)) $text .= "\n\n"; $text .= "
".ADLAN_152." ".$sec_img->r_image()."
" .$frm->admin_button('authsubmit',ADLAN_91). "
"; e107::getRender()->tablerender(ADLAN_92, $text); } /** * Admin auth check * @param string $authname, entered name * @param string $authpass, entered pass * @param object $authresponse [optional] * @return boolean if fail, else result array */ public function authcheck($authname, $authpass, $authresponse = '') { global $pref; $tp = e107::getParser(); $sql_auth = e107::getDb('sql_auth'); $user_info = e107::getSession(); $reason = ''; $authname = $tp->toDB(preg_replace("/\sOR\s|\=|\#/", "", trim($authname))); $authpass = trim($authpass); if (($authpass == '') || ($authname == '')) $reason = 'np'; if (strlen($authname) > varset($pref['loginname_maxlength'], 30)) $reason = 'lu'; if (!$reason) { if ($sql_auth->db_Select("user", "*", "user_loginname='{$authname}' AND user_admin='1' ")) { $row = $sql_auth->db_Fetch(); } elseif ($sql_auth->db_Select("user", "*", "user_name='{$authname}' AND user_admin='1' ")) { $row = $sql_auth->db_Fetch(); $authname = $row['user_loginname']; } else { $reason = 'iu'; } } if (!$reason && ($row['user_id'])) // Can validate password { if (($authresponse && isset($_SESSION['challenge'])) && ($authresponse != $_SESSION['challenge'])) { // Verify using CHAP (can't handle login by email address - only loginname - although with this code it does still work if the password is stored unsalted) if (($pass_result = $user_info->CheckCHAP($_SESSION['challenge'], $authresponse, $authname, $row['user_password'])) !== PASSWORD_INVALID) { return $$row; } } else { // Plaintext password if (($pass_result = $user_info->CheckPassword($authpass, $authname, $row['user_password'])) !== PASSWORD_INVALID) { return $row; } } } return array("authfail", "reason"=>$reason); } } //------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------// ?>