X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=inline;f=inc%2Fmodules%2Fguest%2Fwhat-login.php;h=bcea77ddb74a573b2211d33112a8967fad3c92f7;hb=ee0625c4882bb462985c504abf65a3ef0e7bf1eb;hp=93fc1bd2cf185c7a94977abc8d3a2c4e84b92b2f;hpb=b5912168d72ae511eb623c3d92540c82d31b93c5;p=mailer.git diff --git a/inc/modules/guest/what-login.php b/inc/modules/guest/what-login.php index 93fc1bd2cf..bcea77ddb7 100644 --- a/inc/modules/guest/what-login.php +++ b/inc/modules/guest/what-login.php @@ -11,7 +11,12 @@ * Kurzbeschreibung : Loginbereich (leitet an das richtige Lgin-Modul * * weiter) * * -------------------------------------------------------------------- * - * * + * $Revision:: $ * + * $Date:: $ * + * $Tag:: 0.2.1-FINAL $ * + * $Author:: $ * + * Needs to be in all Files and every File needs "svn propset * + * svn:keywords Date Revision" (autoprobset!) at least!!!!!! * * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2008 by Roland Haeder * * For more information visit: http://www.mxchange.org * @@ -33,377 +38,143 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) -{ +if (!defined('__SECURITY')) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); +} elseif ((!EXT_IS_ACTIVE("user")) && (!IS_ADMIN())) { + addFatalMessage(__FILE__, __LINE__, getMessage('EXTENSION_PROBLEM_EXT_INACTIVE'), "user"); + return; } // Add description as navigation point -ADD_DESCR("guest", basename(__FILE__)); - -OPEN_TABLE("100%", "guest_content_align", ""); -global $DATA, $FATAL; - -// Initialize data -$probe_nickname = false; $UID = false; $hash = ""; -unset($login); unset($online); - -if ((!empty($GLOBALS['userid'])) && (!empty($_SESSION['u_hash']))) -{ - // Already logged in? - $UID = $GLOBALS['userid']; -} - elseif ((!empty($_POST['id'])) && (!empty($_POST['password'])) && (isset($_POST['ok']))) -{ +ADD_DESCR("guest", __FILE__); + +global $DATA; + +// Initialize variables +$errorCode = 0; +$probe_nickname = false; +$uid = false; +$hash = ""; +$URL = ""; +$add = ""; + +// Already logged in? +if ((isUserIdSet()) && (isSessionVariableSet('u_hash'))) { + // Maybe, then continue with it + $uid = getUserId(); +} elseif ((REQUEST_ISSET_POST(('id'))) && (REQUEST_ISSET_POST(('password'))) && (IS_FORM_SENT())) { // Set userid and crypt password when login data was submitted - $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['id'])."") != $_POST['id'])); - if ($probe_nickname) - { + if ((EXT_IS_ACTIVE("nickname")) && (NICKNAME_PROBE_ON_USERID(REQUEST_POST('id')))) { // Nickname entered - $UID = SQL_ESCAPE($_POST['id']); - } - else - { + $uid = SQL_ESCAPE(REQUEST_POST('id')); + } else { // Direct userid entered - $UID = bigintval($_POST['id']); + $uid = bigintval(REQUEST_POST('id')); } -} - elseif (!empty($_POST['new_pass'])) -{ +} elseif (REQUEST_ISSET_POST(('new_pass'))) { // New password requested - $UID = "0"; - if (!empty($_POST['id'])) $UID = $_POST['id']; -} - else -{ + $uid = 0; + if (REQUEST_ISSET_POST(('id'))) $uid = REQUEST_POST('id'); +} else { // Not logged in - $UID = "0"; $hash = ""; + $uid = 0; $hash = ""; } -$URL = ""; $ADD = ""; // Set unset variables -if (empty($_POST['new_pass'])) $_POST['new_pass'] = ""; -if (empty($_GET['login'])) $_GET['login'] = ""; +if (!REQUEST_ISSET_POST(('new_pass'))) REQUEST_SET_POST('new_pass', ""); +if (!REQUEST_ISSET_GET(('login'))) REQUEST_SET_GET('login' , ""); -if (IS_LOGGED_IN()) -{ +if (IS_MEMBER()) { // Login immidiately... - $URL = URL."/modules.php?module=login"; -} - elseif (isset($_POST['ok'])) -{ - // Add last_login if available - $LAST = ""; - if (GET_EXT_VERSION("sql_patches") >= "0.2.8") - { - $LAST = ", last_login"; - } - - // Check login data - $password = ""; - if ($probe_nickname) - { - // Nickname entered - $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' AND status='CONFIRMED' LIMIT 1", - array($UID), __FILE__, __LINE__); - list($UID2, $password, $online, $login) = SQL_FETCHROW($result); - if (!empty($UID2)) $UID = $UID2; - } - else - { - // Direct userid entered - $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1", - array(bigintval($UID), $hash), __FILE__, __LINE__); - list($dmy, $password, $online, $login) = SQL_FETCHROW($result); - } - if (SQL_NUMROWS($result) == 1) - { - // Valid data found so let's load the last login data - if (isset($_POST['ok'])) - { - // By default the hash is empty - $hash = ""; - - // Check for old MD5 passwords - if ((strlen($password) == 32) && (md5($_POST['password']) == $password)) - { - // Just set the hash to the password from DB... :) - $hash = $password; - } - else - { - // Encrypt hash for comparsion - $hash = generateHash($_POST['password'], substr($password, 0, -40)); - } - - if ($hash == $password) - { - // New hashed password found so let's generate a new one - $hash = generateHash($_POST['password']); - - // ... and update database - $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%d AND status='CONFIRMED' LIMIT 1", - array($hash, $UID), __FILE__, __LINE__); - - // No login bonus by default - $BONUS = false; - - // Probe for last online timemark - $probe = time() - $online; - if (!empty($login)) $probe = time() - $login; - if ((GET_EXT_VERSION("bonus") >= "0.2.2") && ($probe >= $_CONFIG['login_timeout'])) - { - // Add login bonus to user's account - $ADD = ", login_bonus=login_bonus+'".$_CONFIG['login_bonus']."'"; - $BONUS = true; - - // Subtract login bonus from userid's account or jackpot - if ((GET_EXT_VERSION("bonus") >= "0.3.5") && ($_CONFIG['bonus_mode'] != "ADD")) BONUS_POINTS_HANDLER('login_bonus'); - } - - - // Secure lifetime from input form - $l = bigintval($_POST['lifetime']); - $life = "-1"; - if ($l > 0) - { - // Calculate lifetime of cookies - $life = time() + $l; - - // Calculate new hash with the secret key and master salt together - $hash = generatePassString($hash); - - // Update cookies - $login = (set_session("userid" , $UID , $life, COOKIE_PATH) - && set_session("u_hash" , $hash, $life, COOKIE_PATH) - && set_session("lifetime", $l , $life, COOKIE_PATH)); - - // Update global array - $GLOBALS['userid'] = $UID; - $_SESSION['u_hash'] = $hash; - $_SESSION['lifetime'] = $l; - } - else - { - // Check for login data - $login = IS_LOGGED_IN(); - } - - if ($login) - { - // Update database records - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET total_logins=total_logins+1".$ADD." WHERE userid=%d LIMIT 1", - array(bigintval($UID)), __FILE__, __LINE__); - if (SQL_AFFECTEDROWS($link) == 1) - { - // Procedure to checking for login data - if (($BONUS) && (EXT_IS_ACTIVE("bonus"))) - { - // Bonus added (just displaying!) - $URL = URL."/modules.php?module=chk_login&mode=bonus"; - } - else - { - // Bonus not added - $URL = URL."/modules.php?module=chk_login&mode=login"; - } - } - else - { - // Cannot update counter! - $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".CODE_CNTR_FAILED; - } - } - else - { - // Cookies not setable! - $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".CODE_NO_COOKIES; - } - } - else - { - // Wrong password! - $ERROR = CODE_WRONG_PASS; - } - } - else - { - // Fatal error! - $ERROR = CODE_LOGIN_FAILED; - } - } - else - { - // Other account status? - $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", - array(bigintval($UID)), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { - // Load status - list($status) = SQL_FETCHROW($result); - switch ($status) - { - case "LOCKED": - $ERROR = CODE_ID_LOCKED; - break; - - case "UNCONFIRMED": - $ERROR = CODE_ID_UNCONFIRMED; - break; - - default: - $ERROR = CODE_UNKNOWN_STATUS; - break; - } - } - else - { - // ID not found! - $ERROR = CODE_WRONG_ID; - } - - // Construct URL - $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".$ERROR; - } + $URL = "modules.php?module=login"; +} elseif ((IS_FORM_SENT()) && ("".$uid."" != "".REQUEST_POST('id')."")) { + // Invalid input (no nickname extension installed but nickname entered) + $errorCode = getCode('EXTENSION_PROBLEM'); +} elseif (IS_FORM_SENT()) { + // Try the login (see inc/libs/user_functions.php) + $URL = USER_DO_LOGIN(REQUEST_POST('id'), REQUEST_POST('password')); +} elseif ((REQUEST_ISSET_POST(('new_pass'))) && (isset($uid))) { + // Try the userid/email lookup (see inc/libs/user_functions.php) + $errorCode = USER_DO_NEW_PASSWORD(REQUEST_POST('email'), $uid); } - elseif ((!empty($_POST['new_pass'])) && (isset($UID))) -{ - // Compile email when found in address (only secure chars!) - if (!empty($_POST['email'])) $_POST['email'] = str_replace("{DOT}", '.', $_POST['email']); - - // Set ID number when left empty - if (empty($_POST['id'])) $_POST['id'] = "0"; - - // Probe userid/nickname - $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['id'])."") != $_POST['id'])); - if ($probe_nickname) - { - // Nickname entered - $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' OR email='%s' LIMIT 1", - array(addslashes($UID), $_POST['email']), __FILE__, __LINE__); - } - else - { - // Direct userid entered - $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d OR email='%s' LIMIT 1", - array(bigintval($UID), $_POST['email']), __FILE__, __LINE__); - } - if (SQL_NUMROWS($result) == 1) - { - // This data is valid, so we create a new pass... :-) - list($UID, $status) = SQL_FETCHROW($result); - - if ($status == "CONFIRMED") - { - // Ooppps, this was missing! ;-) We should update the database... - $NEW_PASS = GEN_PASS(); - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%d LIMIT 1", - array(generateHash($NEW_PASS), bigintval($UID)), __FILE__, __LINE__); - - // Prepare data and message for email - $DATA = array($NEW_PASS, getenv('REMOTE_ADDR')); - $msg = LOAD_EMAIL_TEMPLATE("new-pass", "", bigintval($UID)); - - // ... and send it away - SEND_EMAIL(bigintval($UID), GUEST_NEW_PASSWORD, $msg); - // Output note to user - LOAD_TEMPLATE("admin_settings_saved", false, GUEST_NEW_PASSWORD_SEND); - } - else - { - // Account is locked or unconfirmed - switch ($status) - { - case "LOCKED" : $MSG = CODE_ID_LOCKED; break; - case "UNCONFIRMED": $MSG = CODE_ID_UNCONFIRMED; break; - } +// Login problems? +if (REQUEST_ISSET_GET(('login'))) { + // Use code from URL + $errorCode = REQUEST_GET(('login')); +} // END - if + +// Login problems? +if (!empty($errorCode)) { + // Ok, which one now? + $message = " +   + + "; + + switch ($errorCode) { + case getCode('WRONG_PASS'): + $message .= getMessage('LOGIN_WRONG_PASS'); + break; - // Load URL - LOAD_URL("modules.php?module=".$GLOBALS['module']."&what=login&login=".$MSG); - } - } - else - { - // ID or email is wrong - LOAD_TEMPLATE("admin_settings_saved", false, "".GUEST_WRONG_ID_EMAIL.""); - } -} - else -{ - // Login problems? - if (!empty($_GET['login'])) - { - // Ok, which one now? - $MSG = " -   - - "; - switch ($_GET['login']) - { - case CODE_WRONG_PASS: - $MSG .= LOGIN_WRONG_PASS; + case getCode('WRONG_ID'): + $message .= getMessage('LOGIN_WRONG_ID'); break; - case CODE_WRONG_ID: - $MSG .= LOGIN_WRONG_ID; + case getCode('ID_LOCKED'): + $message .= getMessage('LOGIN_ID_LOCKED'); break; - case CODE_ID_LOCKED: - $MSG .= LOGIN_ID_LOCKED; + case getCode('ID_UNCONFIRMED'): + $message .= getMessage('LOGIN_ID_UNCONFIRMED'); break; - case CODE_ID_UNCONFIRMED: - $MSG .= LOGIN_ID_UNCONFIRMED; + case getCode('NO_COOKIES'): + $message .= getMessage('LOGIN_NO_COOKIES'); break; - case CODE_NO_COOKIES: - $MSG .= LOGIN_NO_COOKIES; + case getCode('EXTENSION_PROBLEM'): + if (IS_ADMIN()) { + $message .= sprintf(getMessage('EXTENSION_PROBLEM_NOT_INSTALLED'), "nickname"); + } else { + $message .= getMessage('LOGIN_WRONG_ID'); + } break; default: - $MSG .= LOGIN_WRONG_ID; + DEBUG_LOG(__FILE__, __LINE__, sprintf("Unhandled error code %s detected.", $errorCode)); + $message .= getMessage('LOGIN_WRONG_ID'); break; } - $MSG .= " - -   -\n"; - define ('LOGIN_FAILURE_MSG', $MSG); - } - else - { - // No problems, no output - define ('LOGIN_FAILURE_MSG', ""); - } - // Display login form with resend-password form - if (EXT_IS_ACTIVE("nickname")) - { - LOAD_TEMPLATE("guest_nickname_login"); - } - else - { - LOAD_TEMPLATE("guest_login"); - } + $message .= " + +   +\n"; + define('LOGIN_FAILURE_MSG', $message); +} else { + // No problems, no output + define('LOGIN_FAILURE_MSG', ""); +} + +// Display login form with resend-password form +if (EXT_IS_ACTIVE("nickname")) { + LOAD_TEMPLATE("guest_nickname_login"); +} else { + LOAD_TEMPLATE("guest_login"); } // Was an URL constructed? -if (!empty($URL)) -{ +if (!empty($URL)) { // URL was constructed - if (!empty($FATAL[0])) - { + if (getTotalFatalErrors()) { // Fatal errors! - require_once(PATH."inc/fatal_errors.php"); - } - else - { + LOAD_INC_ONCE("inc/fatal_errors.php"); + } else { // Load URL LOAD_URL($URL); } -} +} // END - if -CLOSE_TABLE(); // ?>