[ Index ]

PHP Cross Reference of MyBB 1.8.38

title

Body

[close]

/inc/datahandlers/ -> login.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  // Disallow direct access to this file for security reasons
  12  if(!defined("IN_MYBB"))
  13  {
  14      die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
  15  }
  16  
  17  /**
  18   * Login handling class, provides common structure to handle login events.
  19   *
  20   */
  21  class LoginDataHandler extends DataHandler
  22  {
  23      /**
  24       * The language file used in the data handler.
  25       *
  26       * @var string
  27       */
  28      public $language_file = 'datahandler_login';
  29  
  30      /**
  31       * The prefix for the language variables used in the data handler.
  32       *
  33       * @var string
  34       */
  35      public $language_prefix = 'logindata';
  36  
  37      /**
  38       * Array of data used via login events.
  39       *
  40       * @var array
  41       */
  42      public $login_data = array();
  43  
  44      /**
  45       * @var bool
  46       */
  47      public $captcha_verified = true;
  48  
  49      /**
  50       * @var bool|captcha
  51       */
  52      private $captcha = false;
  53  
  54      /**
  55       * @var int
  56       */
  57      public $username_method = null;
  58  
  59      /**
  60       * @param int $check_captcha
  61       */
  62  	function verify_attempts($check_captcha = 0)
  63      {
  64          global $db, $mybb;
  65  
  66          $user = &$this->data;
  67  
  68          if($check_captcha)
  69          {
  70              if(!isset($mybb->cookies['loginattempts']))
  71              {
  72                  $mybb->cookies['loginattempts'] = 0;
  73              }
  74              if($mybb->settings['failedcaptchalogincount'] > 0 && (isset($user['loginattempts']) && $user['loginattempts'] > $mybb->settings['failedcaptchalogincount'] || (int)$mybb->cookies['loginattempts'] > $mybb->settings['failedcaptchalogincount']))
  75              {
  76                  $this->captcha_verified = false;
  77                  $this->verify_captcha();
  78              }
  79          }
  80      }
  81  
  82      /**
  83       * @return bool
  84       */
  85  	function verify_captcha()
  86      {
  87          global $db, $mybb;
  88  
  89          $user = &$this->data;
  90  
  91          if($user['imagestring'] || $mybb->settings['captchaimage'] != 1)
  92          {
  93              // Check their current captcha input - if correct, hide the captcha input area
  94              require_once  MYBB_ROOT.'inc/class_captcha.php';
  95              $this->captcha = new captcha;
  96  
  97              if($this->captcha->validate_captcha() == false)
  98              {
  99                  // CAPTCHA validation failed
 100                  foreach($this->captcha->get_errors() as $error)
 101                  {
 102                      $this->set_error($error);
 103                  }
 104                  return false;
 105              }
 106              else
 107              {
 108                  $this->captcha_verified = true;
 109                  return true;
 110              }
 111          }
 112          else if($mybb->input['quick_login'] == 1 && $mybb->input['quick_password'] && $mybb->input['quick_username'])
 113          {
 114              $this->set_error('regimagerequired');
 115              return false;
 116          }
 117          else
 118          {
 119              $this->set_error('regimageinvalid');
 120              return false;
 121          }
 122      }
 123  
 124      /**
 125       * @return bool
 126       */
 127  	function verify_username()
 128      {
 129          $this->get_login_data();
 130  
 131          if(empty($this->login_data) || !$this->login_data['uid'])
 132          {
 133              $this->invalid_combination();
 134              return false;
 135          }
 136  
 137          return true;
 138      }
 139  
 140      /**
 141       * @param bool $strict
 142       *
 143       * @return bool
 144       */
 145  	function verify_password($strict = true)
 146      {
 147          global $db, $mybb, $plugins;
 148  
 149          $this->get_login_data();
 150  
 151          if(empty($this->login_data['username']))
 152          {
 153              // Username must be validated to apply a password to
 154              $this->invalid_combination();
 155              return false;
 156          }
 157  
 158          $args = array(
 159              'this' => &$this,
 160              'strict' => &$strict,
 161          );
 162  
 163          $plugins->run_hooks('datahandler_login_verify_password_start', $args);
 164  
 165          $user = &$this->data;
 166  
 167          if(!$this->login_data['uid'] || $this->login_data['uid'] && !$this->login_data['salt'] && $strict == false)
 168          {
 169              $this->invalid_combination();
 170          }
 171  
 172          if($strict == true)
 173          {
 174              if(!$this->login_data['loginkey'])
 175              {
 176                  $this->login_data['loginkey'] = generate_loginkey();
 177  
 178                  $sql_array = array(
 179                      "loginkey" => $this->login_data['loginkey']
 180                  );
 181  
 182                  $db->update_query("users", $sql_array, "uid = '{$this->login_data['uid']}'");
 183              }
 184          }
 185  
 186          $plugins->run_hooks('datahandler_login_verify_password_end', $args);
 187  
 188          if(!verify_user_password($this->login_data, $user['password']))
 189          {
 190              $this->invalid_combination(true);
 191              return false;
 192          }
 193  
 194          return true;
 195      }
 196  
 197      /**
 198       * @param bool $show_login_attempts
 199       */
 200  	function invalid_combination($show_login_attempts = false)
 201      {
 202          global $db, $lang, $mybb;
 203  
 204          // Don't show an error when the captcha was wrong!
 205          if(!$this->captcha_verified)
 206          {
 207              return;
 208          }
 209  
 210          $login_text = '';
 211          if($show_login_attempts)
 212          {
 213              if($mybb->settings['failedlogincount'] != 0 && $mybb->settings['failedlogintext'] == 1 && $this->login_data['uid'] != 0)
 214              {
 215                  $logins = login_attempt_check($this->login_data['uid'], false) + 1;
 216                  $login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);
 217              }
 218          }
 219  
 220          switch($mybb->settings['username_method'])
 221          {
 222              case 1:
 223                  $this->set_error('invalidpwordusernameemail', $login_text);
 224                  break;
 225              case 2:
 226                  $this->set_error('invalidpwordusernamecombo', $login_text);
 227                  break;
 228              default:
 229                  $this->set_error('invalidpwordusername', $login_text);
 230                  break;
 231          }
 232      }
 233  
 234  	function get_login_data()
 235      {
 236          global $db, $settings;
 237  
 238          $user = &$this->data;
 239  
 240          $options = array(
 241              'fields' => '*',
 242              'username_method' => (int)$settings['username_method']
 243          );
 244  
 245          if($this->username_method !== null)
 246          {
 247              $options['username_method'] = (int)$this->username_method;
 248          }
 249  
 250          $this->login_data = get_user_by_username($user['username'], $options);
 251      }
 252  
 253      /**
 254       * @return bool
 255       */
 256  	function validate_login()
 257      {
 258          global $plugins, $mybb;
 259  
 260          $user = &$this->data;
 261  
 262          $plugins->run_hooks('datahandler_login_validate_start', $this);
 263  
 264          if(!defined('IN_ADMINCP'))
 265          {
 266              $this->verify_attempts($mybb->settings['captchaimage']);
 267          }
 268  
 269          if(array_key_exists('username', $user))
 270          {
 271              $this->verify_username();
 272          }
 273  
 274          if(array_key_exists('password', $user))
 275          {
 276              $this->verify_password();
 277          }
 278  
 279          $plugins->run_hooks('datahandler_login_validate_end', $this);
 280  
 281          $this->set_validated(true);
 282          if(count($this->get_errors()) > 0)
 283          {
 284              return false;
 285          }
 286  
 287          return true;
 288      }
 289  
 290      /**
 291       * @return bool true
 292       */
 293  	function complete_login()
 294      {
 295          global $plugins, $db, $mybb, $session;
 296  
 297          $user = &$this->login_data;
 298  
 299          $plugins->run_hooks('datahandler_login_complete_start', $this);
 300  
 301          // Login to MyBB
 302          my_setcookie('loginattempts', 1);
 303          my_setcookie("sid", $session->sid, -1, true);
 304  
 305          $newsession = array(
 306              "uid" => $user['uid'],
 307          );
 308  
 309          $db->update_query("sessions", $newsession, "sid = '{$session->sid}'");
 310          $db->update_query("users", array("loginattempts" => 1), "uid = '{$user['uid']}'");
 311  
 312          $remember = null;
 313          if(!isset($mybb->input['remember']) || $mybb->input['remember'] != "yes")
 314          {
 315              $remember = -1;
 316          }
 317  
 318          my_setcookie("mybbuser", $user['uid']."_".$user['loginkey'], $remember, true, "lax");
 319  
 320          if($this->captcha !== false)
 321          {
 322              $this->captcha->invalidate_captcha();
 323          }
 324  
 325          $plugins->run_hooks('datahandler_login_complete_end', $this);
 326  
 327          return true;
 328      }
 329  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref