From 41e2891fb998d13b22b8d7984358f258cc85267d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Mon, 15 Sep 2008 02:48:10 +0000 Subject: [PATCH] - Login failtures now counted and displayed after login in admin/member area - Caches got reloaded after they are created (fixed a lot errors in missing array elements) - Unneccessary
removed from many places - Functions GET_ADMIN_LOGIN/ID() now more stricter binded to cache extension - Several misc fixes and improvements --- inc/databases.php | 2 +- inc/extensions.php | 11 +- inc/extensions/ext-bonus.php | 2 +- inc/extensions/ext-doubler.php | 2 +- inc/extensions/ext-mediadata.php | 2 +- inc/functions.php | 90 +++++-- inc/gen_sql_patches.php | 2 +- inc/language/sponsor_de.php | 2 +- inc/loader/load_cache-admin.php | 6 + inc/loader/load_cache-config.php | 3 + inc/loader/load_cache-modreg.php | 3 + inc/loader/load_cache-refdepths.php | 47 +--- inc/loader/load_cache-refsystem.php | 3 + inc/modules/admin.php | 3 +- inc/modules/admin/action-logout.php | 1 - inc/modules/admin/admin-inc.php | 75 ++++-- inc/modules/admin/what-config_points.php | 6 +- inc/modules/admin/what-extensions.php | 2 +- inc/modules/admin/what-holiday_list.php | 1 - inc/modules/admin/what-holiday_remove.php | 1 - inc/modules/admin/what-list_sponsor_pay.php | 4 +- inc/modules/admin/what-unlock_sponsor.php | 2 +- inc/modules/admin/what-user_online.php | 1 - inc/modules/chk_login.php | 4 +- inc/modules/guest/what-login.php | 261 ++++++++++---------- inc/modules/guest/what-sponsor_login.php | 6 +- inc/modules/guest/what-sponsor_reg.php | 6 +- inc/modules/member/what-beg2.php | 1 - inc/modules/member/what-bonus.php | 1 - inc/modules/member/what-welcome.php | 1 - inc/mysql-manager.php | 146 +++++------ theme/business/css/general.css | 9 + theme/default/css/general.css | 15 +- theme/desert/css/general.css | 9 + 34 files changed, 399 insertions(+), 331 deletions(-) diff --git a/inc/databases.php b/inc/databases.php index d35cb48bd6..8a746edb98 100644 --- a/inc/databases.php +++ b/inc/databases.php @@ -114,7 +114,7 @@ define('USAGE_BASE', "usage"); define('SERVER_URL', "http://www.mxchange.org"); // This current patch level -define('CURR_SVN_REVISION', "330"); +define('CURR_SVN_REVISION', "331"); // Take a prime number which is long (if you know a longer one please try it out!) define('_PRIME', 591623); diff --git a/inc/extensions.php b/inc/extensions.php index 1250799913..c7d794ada4 100644 --- a/inc/extensions.php +++ b/inc/extensions.php @@ -191,7 +191,7 @@ function EXTENSION_REGISTER ($ext_name, $id, $dry_run=false) foreach ($INC_POOL as $inc) { require_once($inc); } // END - foreach - } + } // END - if // Register extension $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_extensions (ext_name, ext_lang_file, ext_active, ext_version) VALUES ('%s', '%s', '%s', '%s')", @@ -201,7 +201,10 @@ function EXTENSION_REGISTER ($ext_name, $id, $dry_run=false) ADMIN_SOLVE_TASK($id); // In normal mode return a true on success - $ret = true; unset($SQLs); + $ret = true; + + // Remove SQLs + unset($SQLs); } else { // Rewrite SQL command to keep { and } inside foreach ($SQLs as $key => $sql) { @@ -328,13 +331,13 @@ function EXT_IS_ACTIVE ($ext_name, $ignore_admin = false, $ignore_cache = false) // Check cache if ((!empty($cacheArray['extensions']['ext_active'][$ext_name])) && (!$ignore_cache)) { // Load from cache - //* DEBUG: */ echo "CACHE!
\n"; + //* DEBUG: */ echo "CACHE! ext_name={$ext_name}
\n"; $active = $cacheArray['extensions']['ext_active'][$ext_name]; // Count cache hits if (isset($_CONFIG['cache_hits'])) $_CONFIG['cache_hits']++; } elseif (($ext_name == "cache") || (GET_EXT_VERSION("cache") == "")) { - //* DEBUG: */ echo "DB!
\n"; + //* DEBUG: */ echo "DB! ext_name={$ext_name}
\n"; // Load from database $result = SQL_QUERY_ESC("SELECT ext_active FROM "._MYSQL_PREFIX."_extensions WHERE ext_name='%s' LIMIT 1", array($ext_name), __FILE__, __LINE__); diff --git a/inc/extensions/ext-bonus.php b/inc/extensions/ext-bonus.php index 7adaf2f7d5..c7985b1a27 100644 --- a/inc/extensions/ext-bonus.php +++ b/inc/extensions/ext-bonus.php @@ -296,7 +296,7 @@ KEY userid (userid) $SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_user_stats ADD is_stats ENUM('Y', 'N') NOT NULL DEFAULT 'N'"; // Update notes (these will be set as task text!) - $UPDATE_NOTES = "Bonus-{!POINTS!} für: Mailbestellung, Referral-Werbung (bei Best. der EMail-Adresse) und wenn 100% Klickrate jeder Mailbuchung erreicht wurde.
Template admin_config_bonus_pro.tpl ist überflüssig geworden. Bitte löschen Sie dies!
Eingestellte Bonus-{!POINTS!} für Rank 2 war um eins verschoben."; + $UPDATE_NOTES = "Bonus-{!POINTS!} für: Mailbestellung, Referral-Werbung (bei Best. der EMail-Adresse) und wenn 100% Klickrate jeder Mailbuchung erreicht wurde.
Template admin_config_bonus_pro.tpl ist überflüssig geworden. Bitte löschen Sie dies!
Eingestellte Bonus-{!POINTS!} für Rank 2 war um eins verschoben."; break; case "0.4.5": // SQL queries for v0.4.5 diff --git a/inc/extensions/ext-doubler.php b/inc/extensions/ext-doubler.php index 2a4f2614cb..7839778c9b 100644 --- a/inc/extensions/ext-doubler.php +++ b/inc/extensions/ext-doubler.php @@ -178,7 +178,7 @@ case "update": // Update an extension $SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_config ADD doubler_sent_all ENUM('Y', 'N') NOT NULL DEFAULT 'Y'"; // Update notes (these will be set as task text!) - $UPDATE_NOTES = "Gebührenabzug wird beim Einzahlen abgezogen (wurde von Auszahlung abgezogen) und maximal bei Auszahlung zu kontrollierende Accounts einstellbar.
Template admin_config_doubler_pro.tpl ist überflüssig geworden. Bitte löschen Sie dies!"; + $UPDATE_NOTES = "Gebührenabzug wird beim Einzahlen abgezogen (wurde von Auszahlung abgezogen) und maximal bei Auszahlung zu kontrollierende Accounts einstellbar.
Template admin_config_doubler_pro.tpl ist überflüssig geworden. Bitte löschen Sie dies!"; break; case "0.0.7": // SQL queries for v0.0.7 diff --git a/inc/extensions/ext-mediadata.php b/inc/extensions/ext-mediadata.php index d28a087742..ab2cc1c989 100644 --- a/inc/extensions/ext-mediadata.php +++ b/inc/extensions/ext-mediadata.php @@ -117,7 +117,7 @@ PRIMARY KEY(media_key) $SQLs[] = "INSERT INTO "._MYSQL_PREFIX."_admin_menu (action, what, title, descr, sort) VALUES('setup', 'config_mediadata', 'Mediendaten', 'Stellen Sie allgemeine Einstellungen zu den Mediendaten ein.', 10)"; // Update notes (these will be set as task text!) - $UPDATE_NOTES = "Start des ".MT_WORD2." und Anzahl Anmeldungen aufgenommen. (Task #13)
+ $UPDATE_NOTES = "Start des ".MT_WORD2." und Anzahl Anmeldungen aufgenommen. (Task #13)
Bitte stellen Sie diesen derzeit manuell unter Einstellungen-Medidata selber einstellen."; break; diff --git a/inc/functions.php b/inc/functions.php index 6f5abbff72..4733b66422 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -899,7 +899,7 @@ function LOAD_URL($URL, $addUrlData=true) { print("
");
 		debug_print_backtrace();
 		die("
URL={$URL}"); - */ + /**/ @header ("Location: ".str_replace("&", "&", $URL)); } else { // Output error message @@ -1940,11 +1940,11 @@ function generateHash ($plainText, $salt = "") { // Generate SHA1 sum from modula of number and the prime number $sha1 = sha1(($a % _PRIME).$server.":".$keys.":".$data.":".date("d-m-Y (l-F-T)", time()).":".$a); - //* DEBUG: */ echo "SHA1=".$sha1." (".strlen($sha1).")
"; + //* DEBUG: */ echo "SHA1=".$sha1." (".strlen($sha1).")
"; $sha1 = scrambleString($sha1); - //* DEBUG: */ echo "Scrambled=".$sha1." (".strlen($sha1).")
"; + //* DEBUG: */ echo "Scrambled=".$sha1." (".strlen($sha1).")
"; //* DEBUG: */ $sha1b = descrambleString($sha1); - //* DEBUG: */ echo "Descrambled=".$sha1b." (".strlen($sha1b).")
"; + //* DEBUG: */ echo "Descrambled=".$sha1b." (".strlen($sha1b).")
"; // Generate the password salt string $salt = substr($sha1, 0, $_CONFIG['salt_length']); @@ -2097,12 +2097,12 @@ function generatePassString($passHash) { } $mod = substr(round($mod), 0, 4); $mod = str_repeat('0', 4-strlen($mod)).$mod; - //* DEBUG: */ echo "*".$start."=".$mod."*
"; + //* DEBUG: */ echo "*".$start."=".$mod."*
"; $start += 4; $newHash .= $mod; } // END - for - //* DEBUG: */ print($passHash."
".$newHash." (".strlen($newHash).")"); + //* DEBUG: */ print($passHash."
".$newHash." (".strlen($newHash).")"); $ret = generateHash($newHash, $_CONFIG['master_salt']); //* DEBUG: */ print($ret."
\n"); } else { @@ -2196,28 +2196,43 @@ function set_session ($var, $value) { return session_register($var); } elseif (!empty($value)) { // Update session + //* DEBUG: */ echo "UPDATE:".$var."=".$value."
\n"; $_SESSION[$var] = $value; - } else { - // Something bad happens! - return false; // Hope this doesn't make so much trouble??? + return true; } - // Return always true if the session variable is already set. - // Keept me busy for a longer while... + // Ignored (but valid) //* DEBUG: */ echo "IGNORED:".$var."=".$value."
\n"; return true; } // Check wether a boolean constant is set // Taken from user comments in PHP documentation for function constant() -function isBooleanConstantAndTrue($constname) { // : Boolean +function isBooleanConstantAndTrue($constName) { // : Boolean + global $constCache; + + // Failed by default $res = false; - if (defined($constname)) $res = (constant($constname) === true); - return($res); + + // In cache? + if (isset($constCache[$constName])) { + // Use cache + $res = $constCache[$constName]; + } else { + // Check constant + if (defined($constName)) $res = (constant($constName) === true); + + // Set cache + $constCache[$constName] = $res; + } + + // Return value + return $res; } // Check wether a session variable is set function isSessionVariableSet($var) { + //* DEBUG: */ echo __FUNCTION__.":var={$var}
\n"; return (isset($_SESSION[$var])); } // Returns wether the value of the session variable or NULL if not set @@ -2446,6 +2461,53 @@ function REVERT_COMMA ($str) { // Return float return $float; } +// Handle menu-depending failed logins and return the rendered content +function HANDLE_LOGIN_FAILTURES ($accessLevel) { + // Default output is empty ;-) + $OUT = ""; + + // Is the session data set? + if ((isSessionVariableSet('mxchange_'.$accessLevel.'_failtures')) && (isSessionVariableSet('mxchange_'.$accessLevel.'_last_fail'))) { + // Ignore zero values + if (get_session('mxchange_'.$accessLevel.'_failtures') > 0) { + // Non-guest has login failtures found, get both data and prepare it for template + //* DEBUG: */ echo __FUNCTION__.":accessLevel={$accessLevel}
\n"; + $content = array( + 'login_failtures' => get_session('mxchange_'.$accessLevel.'_failtures'), + 'last_failture' => MAKE_DATETIME(get_session('mxchange_'.$accessLevel.'_last_fail'), "2") + ); + + // Load template + $OUT = LOAD_TEMPLATE("login_failtures", true, $content); + } // END - if + + // Reset session data + set_session('mxchange_'.$accessLevel.'_failtures', ""); + set_session('mxchange_'.$accessLevel.'_last_fail', ""); + } // END - if + + // Return rendered content + return $OUT; +} +// Rebuild cache +function REBUILD_CACHE ($cache, $inc="") { + global $cacheInstance; + + // Shall I remove the cache file? + if ((EXT_IS_ACTIVE("cache")) && (is_object($cacheInstance))) { + // Rebuild cache + if ($cacheInstance->cache_file("admins", true)) { + // Destroy it + $cacheInstance->cache_destroy(); + + // Include file given? + if (!empty($inc)) { + // And rebuild it from scratch + require_once(PATH."inc/loader/load_cache-".$inc.".php"); + } // END - if + } // END - if + } // END - if +} // ////////////////////////////////////////////////// // // diff --git a/inc/gen_sql_patches.php b/inc/gen_sql_patches.php index 2abce585f8..45e7a626c3 100644 --- a/inc/gen_sql_patches.php +++ b/inc/gen_sql_patches.php @@ -91,7 +91,7 @@ if (empty($_CONFIG['file_hash'])) { //* DEBUG: */ unlink($file); //* DEBUG: */ $test = hexdec(get_session('u_hash')) / hexdec($secretKey); //* DEBUG: */ $test = generateHash(str_replace('.', "", $test)); - //* DEBUG: */ die("Secret-Key: ".$secretKey."
Cookie: ".get_session('u_hash')."
Test: ".$test); + //* DEBUG: */ die("Secret-Key: ".$secretKey."
Cookie: ".get_session('u_hash')."
Test: ".$test); // Write $file_hash to database UPDATE_CONFIG("file_hash", $file_hash); diff --git a/inc/language/sponsor_de.php b/inc/language/sponsor_de.php index e944f4fc85..b9b7c195c2 100644 --- a/inc/language/sponsor_de.php +++ b/inc/language/sponsor_de.php @@ -254,7 +254,7 @@ define('SPONSOR_ALREADY_FOUND_2', " bei uns angemeldet!"); define('SPONSOR_REGISTRATION_FAILED', "Anmeldung ist fehlgeschlagen!"); define('SPONSOR_REGISTRATION_COMPLETED', "Anmeldung war erfolgreich! Es ist eine Mail zu Ihnen unterwegs, die weitere Anweisungen enthält, um die Anmeldung abzuschliessen."); define('SPONSOR_UNKOWN_STATUS_1', "Bei der Anmeldung wurde ein unbekannter Rückgabewert "); -define('SPONSOR_UNKOWN_STATUS_2', " erkannt. Bitte melden Sie dies dem Betreiber dieses ".MT_WORD2."!
Vielen Dank."); +define('SPONSOR_UNKOWN_STATUS_2', " erkannt. Bitte melden Sie dies dem Betreiber dieses ".MT_WORD2."!
Vielen Dank."); define('SPONSOR_EMAIL_404_1', "Bei der Anmeldung ist uns ein Fehler unterlaufen: Ihr Sponsor-Account mit der EMail-Adresse "); define('SPONSOR_EMAIL_404_2', " wurde nicht gefunden!"); define('SPONSOR_ACCOUNT_404', "Sponsorenaccount nicht gefunden oder Link ist ungütig. Oder haben Sie bereits den Bestätigungslink angeklickt?"); diff --git a/inc/loader/load_cache-admin.php b/inc/loader/load_cache-admin.php index 234e51ed3f..06689b6b81 100644 --- a/inc/loader/load_cache-admin.php +++ b/inc/loader/load_cache-admin.php @@ -122,6 +122,9 @@ ORDER BY login", __FILE__, __LINE__); // Free memory SQL_FREERESULT($result_admins); + + // Reload the cache + require(__FILE__); } // Close file @@ -165,6 +168,9 @@ if (GET_EXT_VERSION("admins") >= "0.3") { // Free memory SQL_FREERESULT($result); + + // Reload the cache + require(__FILE__); } // Close file diff --git a/inc/loader/load_cache-config.php b/inc/loader/load_cache-config.php index 94d88621e0..d4f1f91f14 100644 --- a/inc/loader/load_cache-config.php +++ b/inc/loader/load_cache-config.php @@ -78,6 +78,9 @@ if ($cacheInstance->cache_file("config", true) == true) { // Free memory SQL_FREERESULT($result); + + // Reload the cache + require(__FILE__); } // Close file diff --git a/inc/loader/load_cache-modreg.php b/inc/loader/load_cache-modreg.php index d835fc6668..8e42ddae46 100644 --- a/inc/loader/load_cache-modreg.php +++ b/inc/loader/load_cache-modreg.php @@ -101,6 +101,9 @@ FROM "._MYSQL_PREFIX."_mod_reg ORDER BY id", __FILE__, __LINE__); // Free memory SQL_FREERESULT($result); + + // Reload the cache + require(__FILE__); } // Close file diff --git a/inc/loader/load_cache-refdepths.php b/inc/loader/load_cache-refdepths.php index fc84d19627..28da4a7d4a 100644 --- a/inc/loader/load_cache-refdepths.php +++ b/inc/loader/load_cache-refdepths.php @@ -71,54 +71,13 @@ if ($cacheInstance->cache_file("refdepths", true) == true) { // Free memory SQL_FREERESULT($result); + + // Reload the cache + require(__FILE__); } // Close file $cacheInstance->cache_close(); -// Next cached table is the referral system (admins_acls)... -if (GET_EXT_VERSION("admins") >= "0.3") { - // Check for cache file - if ($cacheInstance->cache_file("admins_acls", true) == true) { - // Load referral system from cache - global $cacheArray; - $cacheArray['admin_acls'] = $cacheInstance->cache_load(); - - // Valid cache file - $CNT = 0; - foreach ($cacheArray['admin_acls'] as $k => $array) { - $CNT += count($array); - } - - // When there is a period (.) in the result this test will fail and so the cache file is - // damaged/corrupted - if (count($cacheArray['admin_acls']) > 0) { - $TEST = "failed"; - if (count($cacheArray['admin_acls']) > 0 ) $TEST = ($CNT / (count($cacheArray['admin_acls']))); - if ($TEST != bigintval($TEST)) { - // Cache file is corrupted! - $cacheInstance->cache_destroy(); - unset($cacheArray['admin_acls']); - } - } - } elseif (($_CONFIG['cache_acls'] == "Y") && ($CSS != "1") && ($CSS != "-1")) { - // Create cache file here - $cacheInstance->cache_init("ADMINS_ACLS"); - - // Load all modules and their data - $result = SQL_QUERY("SELECT id, admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls ORDER BY admin_id, action_menu, what_menu", __FILE__, __LINE__); - while ($DATA = SQL_FETCHARRAY($result)) { - // Add row to cache file - $cacheInstance->add_row($DATA); - } - - // Free memory - SQL_FREERESULT($result); - } - - // Close file - $cacheInstance->cache_close(); -} - // ?> diff --git a/inc/loader/load_cache-refsystem.php b/inc/loader/load_cache-refsystem.php index 4fd07642cc..bb903d18f3 100644 --- a/inc/loader/load_cache-refsystem.php +++ b/inc/loader/load_cache-refsystem.php @@ -63,6 +63,9 @@ if ($cacheInstance->cache_file("refsystem", true) == true) { // Free memory SQL_FREERESULT($result); + + // Reload the cache + require(__FILE__); } // Close file diff --git a/inc/modules/admin.php b/inc/modules/admin.php index 285e82eabb..7e809cf2e1 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -395,8 +395,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) { } } -if (isBooleanConstantAndTrue('admin_registered')) -{ +if (isBooleanConstantAndTrue('admin_registered')) { // Check config.php and inc directory for right access rights if (is_INCWritable("config")) ADD_FATAL(FATAL_CONFIG_WRITABLE); if (is_INCWritable("dummy")) ADD_FATAL(FATAL_INC_WRITABLE); diff --git a/inc/modules/admin/action-logout.php b/inc/modules/admin/action-logout.php index 56272aba32..387820995f 100644 --- a/inc/modules/admin/action-logout.php +++ b/inc/modules/admin/action-logout.php @@ -40,7 +40,6 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) // Add description as navigation point ADD_DESCR("admin", basename(__FILE__)); -OUTPUT_HTML("

"); if (!empty($_POST['no'])) { // Do not logout now diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index 3c063aaff7..822836ff9b 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -62,13 +62,25 @@ function REGISTER_ADMIN ($user, $md5, $email=WEBMASTER) function CHECK_ADMIN_LOGIN ($admin_login, $password) { global $cacheArray, $_CONFIG, $cacheInstance; - $ret = "404"; $pass = ""; + + // Init variables + $ret = "404"; + $data = array(); + + // Is the cache valid? if (!empty($cacheArray['admins']['aid'][$admin_login])) { // Get password from cache - $pass = $cacheArray['admins']['password'][$admin_login]; + $data['password'] = $cacheArray['admins']['password'][$admin_login]; $ret = "pass"; $_CONFIG['cache_hits']++; - } else { + + // Include more admins data? + if (GET_EXT_VERSION("admins") >= "0.7.0") { + // Load them here + $data['login_failtures'] = $cacheArray['admins']['login_failtures'][$admin_login]; + $data['last_failture'] = $cacheArray['admins']['last_failture'][$admin_login]; + } // END - if + } elseif (GET_EXT_VERSION("cache") == "") { $ADD = ""; if (GET_EXT_VERSION("admins") >= "0.7.0") { // Load them here @@ -91,7 +103,7 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) } //* DEBUG: */ echo "*".$data['password']."/".md5($password)."/".$ret."
"; - if ((strlen($data['password']) == 32) && ($data['password'] == md5($password))) { + if ((isset($data['password'])) && (strlen($data['password']) == 32) && ($data['password'] == md5($password))) { // Generate new hash $data['password'] = generateHash($password); @@ -100,6 +112,9 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) } elseif ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == "")) { // Old hashing way return $ret; + } elseif (!isset($data['password'])) { + // Password not found, so no valid login! + return $ret; } // Generate salt of password @@ -108,26 +123,24 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) // Check if password is same //* DEBUG: */ echo "*".$ret.",".$data['password'].",".$password.",".$salt."*
\n"; - if (($ret == "pass") && ($data['password'] == generateHash($password, $salt)) && (!empty($salt))) { - // Change the passord hash here + if (($ret == "pass") && ($data['password'] == generateHash($password, $salt)) && (!empty($salt))) { + // Re-hash the plain passord with new random salt $data['password'] = generateHash($password); // Do we have 0.7.0 of admins or later? // Remmeber login failtures if available if (GET_EXT_VERSION("admins") >= "0.7.0") { // Store it in session - set_session("mxchange_admin_failtures", $data['login_failtures']); - ses_session("mxchange_admin_last_fail", $data['last_failture']); + set_session('mxchange_admin_failtures', $data['login_failtures']); + set_session('mxchange_admin_last_fail', $data['last_failture']); } // END - if // Update password - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s',login_failtures=0,last_failture='0000-00-00 00:00:00' WHERE login='%s' LIMIT 1", array($data['password'], $admin_login), __FILE__, __LINE__); - // Shall I remove the cache file? - if ((EXT_IS_ACTIVE("cache")) && ($cacheInstance != false)) { - if ($cacheInstance->cache_file("admins", true)) $cacheInstance->cache_destroy(); - } // END - if + // Rebuild cache + REBUILD_CACHE("admins", "admin"); // Login has failed by default... ;-) $ret = "failed"; @@ -145,9 +158,19 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) if (!LOGIN_ADMIN($admin_login, $data['password'])) { // Something went wrong $ret = "failed"; - } + } // END - if } + // Count login failture if admins extension version is 0.7.0+ + if (($ret == "pass") && (GET_EXT_VERSION("admins") >= "0.7.0")) { + // Update counter + SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET login_failtures=login_failtures+1,last_failture=NOW() WHERE login='%s' LIMIT 1", + array($admin_login), __FILE__, __LINE__); + + // Rebuild cache + REBUILD_CACHE("admins", "admin"); + } // END - if + // Return the result //* DEBUG: */ die("RETURN=".$ret); return $ret; @@ -155,6 +178,18 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) // Try to login the admin by setting some session/cookie variables function LOGIN_ADMIN ($adminLogin, $passHash) { + global $cacheInstance; + + // Reset failture counter on matching admins version + if ((GET_EXT_VERSION("admins") >= "0.7.0") && ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == ""))) { + // Reset counter on out-dated sql_patches version + SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET login_failtures=0,last_failture='0000-00-00 00:00:00' WHERE login='%s' LIMIT 1", + array($adminLogin), __FILE__, __LINE__); + + // Rebuild cache + REBUILD_CACHE("admins", "admin"); + } // END - if + // Now set all session variables and return the result return ( ( @@ -164,7 +199,7 @@ function LOGIN_ADMIN ($adminLogin, $passHash) { ) && ( set_session("admin_last", time()) ) && ( - set_session("admin_to", $_POST['timeout']) + set_session("admin_to", bigintval($_POST['timeout'])) ) ); } @@ -178,7 +213,7 @@ function CHECK_ADMIN_COOKIES ($admin_login, $password) { $pass = $cacheArray['admins']['password'][$admin_login]; $ret = "pass"; $_CONFIG['cache_hits']++; - } else { + } elseif (GET_EXT_VERSION("cache") == "") { // Get password from DB $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", array($admin_login), __FILE__, __LINE__); @@ -651,12 +686,8 @@ function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="con // Simply run generated SQL string $result = SQL_QUERY($SQL, __FILE__, __LINE__); - // Is the config table updated and the cache extension installed? - if ((GET_EXT_VERSION("cache") >= "0.1.2") && ($tableName == "_config")) { - // Remove it here... - if ($cacheInstance->cache_file("config", true)) $cacheInstance->cache_destroy(); - unset($cacheArray); - } // END - if + // Rebuild cache + REBUILD_CACHE("config", "config"); // Settings saved LOAD_TEMPLATE("admin_settings_saved", false, "".SETTINGS_SAVED.""); diff --git a/inc/modules/admin/what-config_points.php b/inc/modules/admin/what-config_points.php index 1d9ee21ade..74fffe655d 100644 --- a/inc/modules/admin/what-config_points.php +++ b/inc/modules/admin/what-config_points.php @@ -159,11 +159,7 @@ WHERE mails_confirmed < %s", $REF, $REF); $content = "".SETTINGS_SAVED.""; // Destroy config cache file here... - if (GET_EXT_VERSION("cache") >= "0.1.2") - { - if ($cacheInstance->cache_file("config", true)) $cacheInstance->cache_destroy(); - unset($cacheArray); - } + REBUILD_CACHE("config", "config"); } else { diff --git a/inc/modules/admin/what-extensions.php b/inc/modules/admin/what-extensions.php index ce0379f0c2..7e54be815e 100644 --- a/inc/modules/admin/what-extensions.php +++ b/inc/modules/admin/what-extensions.php @@ -314,7 +314,7 @@ case "register": // Register new extension if ($cacheInstance->cache_file("config" , true)) $cacheInstance->cache_destroy(); if ($cacheInstance->cache_file("extensions", true)) $cacheInstance->cache_destroy(); if ($cacheInstance->cache_file("mod_reg" , true)) $cacheInstance->cache_destroy(); - } + } // END - if } elseif (GET_EXT_VERSION($ext_name) != "") { // Motify the admin that we have a problem here... LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_REG_FAILED_ALREADY); diff --git a/inc/modules/admin/what-holiday_list.php b/inc/modules/admin/what-holiday_list.php index 5d22e1054b..56eda7d5e3 100644 --- a/inc/modules/admin/what-holiday_list.php +++ b/inc/modules/admin/what-holiday_list.php @@ -39,7 +39,6 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin())) } // Add description as navigation point ADD_DESCR("admin", basename(__FILE__)); -OUTPUT_HTML("

"); // ?> diff --git a/inc/modules/admin/what-holiday_remove.php b/inc/modules/admin/what-holiday_remove.php index e90501e69d..cb8a7a43a3 100644 --- a/inc/modules/admin/what-holiday_remove.php +++ b/inc/modules/admin/what-holiday_remove.php @@ -39,7 +39,6 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin())) } // Add description as navigation point ADD_DESCR("admin", basename(__FILE__)); -OUTPUT_HTML("

"); // ?> diff --git a/inc/modules/admin/what-list_sponsor_pay.php b/inc/modules/admin/what-list_sponsor_pay.php index daa2da6000..e6c83b7045 100644 --- a/inc/modules/admin/what-list_sponsor_pay.php +++ b/inc/modules/admin/what-list_sponsor_pay.php @@ -85,7 +85,7 @@ SET pay_name='%s', pay_rate='%s', pay_min_count='%s', pay_currency='%s' WHERE id if (!empty($MSG)) { // Output message LOAD_TEMPLATE("admin_settings_saved", false, $MSG); - OUTPUT_HTML("
"); + OUTPUT_HTML("
"); } } @@ -112,7 +112,7 @@ if (isset($_POST['add'])) { // Output message LOAD_TEMPLATE("admin_settings_saved", false, $MSG); - OUTPUT_HTML("
"); + OUTPUT_HTML("
"); } elseif ((isset($_POST['edit'])) || (isset($_POST['del']))) { // Load all data $OUT = ""; $SW = 2; diff --git a/inc/modules/admin/what-unlock_sponsor.php b/inc/modules/admin/what-unlock_sponsor.php index a66577b270..6d75d912f9 100644 --- a/inc/modules/admin/what-unlock_sponsor.php +++ b/inc/modules/admin/what-unlock_sponsor.php @@ -155,7 +155,7 @@ WHERE id='%s' LIMIT 1", } // Add seperator - OUTPUT_HTML("
"); + OUTPUT_HTML("
"); } // Begin listing of all pending sponsor accounts diff --git a/inc/modules/admin/what-user_online.php b/inc/modules/admin/what-user_online.php index 59096e79ed..9d8546575f 100644 --- a/inc/modules/admin/what-user_online.php +++ b/inc/modules/admin/what-user_online.php @@ -40,7 +40,6 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) // Add description as navigation point ADD_DESCR("admin", basename(__FILE__)); -OUTPUT_HTML("

"); // Count guests, members and admins $result_guests = SQL_QUERY("SELECT id FROM "._MYSQL_PREFIX."_online WHERE is_admin='N' AND is_member='N'", __FILE__, __LINE__); diff --git a/inc/modules/chk_login.php b/inc/modules/chk_login.php index 93d3173ffa..88bc2e0bb6 100644 --- a/inc/modules/chk_login.php +++ b/inc/modules/chk_login.php @@ -66,8 +66,8 @@ if (!empty($GLOBALS['userid']) && (isSessionVariableSet('u_hash')) && (isSession // Remmeber login failtures if available if (GET_EXT_VERSION("sql_patches") >= "0.4.7") { // Store it in session - set_session("mxchange_member_failtures", $data['login_failtures']); - ses_session("mxchange_member_last_fail", $data['last_failture']); + set_session('mxchange_member_failtures', $data['login_failtures']); + set_session('mxchange_member_last_fail', $data['last_failture']); } // END - if // Bonus is not given by default ;-) diff --git a/inc/modules/guest/what-login.php b/inc/modules/guest/what-login.php index de77d7fe80..34c9180f27 100644 --- a/inc/modules/guest/what-login.php +++ b/inc/modules/guest/what-login.php @@ -47,15 +47,13 @@ global $DATA, $FATAL; $probe_nickname = false; $uid = false; $hash = ""; unset($login); unset($online); -if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash'))) -{ +if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash'))) { // Already logged in? $uid = $GLOBALS['userid']; } elseif ((!empty($_POST['id'])) && (!empty($_POST['password'])) && (isset($_POST['ok']))) { // Set userid and crypt password when login data was submitted - $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['id'])."") != $_POST['id'])); - if ($probe_nickname) - { + $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".bigintval($_POST['id'])."") != $_POST['id'])); + if ($probe_nickname === true) { // Nickname entered $uid = SQL_ESCAPE($_POST['id']); } else { @@ -79,6 +77,9 @@ if (empty($_GET['login'])) $_GET['login'] = ""; if (IS_MEMBER()) { // Login immidiately... $URL = URL."/modules.php?module=login"; +} elseif ((isset($_POST['ok'])) && ("".$uid."" != "".$_POST['id']."")) { + // Invalid input (no nickname extension installed but nickname entered) + $ERROR = CODE_EXTENSION_PROBLEM; } elseif (isset($_POST['ok'])) { // Add last_login if available $LAST = ""; @@ -88,112 +89,112 @@ if (IS_MEMBER()) { // Check login data $password = ""; - if ($probe_nickname) { + if ($probe_nickname === true) { // Nickname entered $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' AND status='CONFIRMED' LIMIT 1", array($uid), __FILE__, __LINE__); list($uid2, $password, $online, $login) = SQL_FETCHROW($result); - if (!empty($uid2)) $uid = $uid2; + if (!empty($uid2)) $uid = bigintval($uid2); } else { // Direct userid entered $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1", - array(bigintval($uid), $hash), __FILE__, __LINE__); + array($uid, $hash), __FILE__, __LINE__); list($dmy, $password, $online, $login) = SQL_FETCHROW($result); } + + // Is there an entry? if (SQL_NUMROWS($result) == 1) { - // Valid data found so let's load the last login data - if (isset($_POST['ok'])) { - // By default the hash is empty - $hash = ""; - - // Check for old MD5 passwords - if ((strlen($password) == 32) && (md5($_POST['password']) == $password)) { - // Just set the hash to the password from DB... :) - $hash = $password; - } else { - // Encrypt hash for comparsion - $hash = generateHash($_POST['password'], substr($password, 0, -40)); - } + // By default the hash is empty + $hash = ""; - if ($hash == $password) { - // New hashed password found so let's generate a new one - $hash = generateHash($_POST['password']); + // Check for old MD5 passwords + if ((strlen($password) == 32) && (md5($_POST['password']) == $password)) { + // Just set the hash to the password from DB... :) + $hash = $password; + } else { + // Encrypt hash for comparsion + $hash = generateHash($_POST['password'], substr($password, 0, -40)); + } - // ... and update database - $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%s AND status='CONFIRMED' LIMIT 1", - array($hash, $uid), __FILE__, __LINE__); + if ($hash == $password) { + // New hashed password found so let's generate a new one + $hash = generateHash($_POST['password']); - // No login bonus by default - $BONUS = false; + // ... and update database + $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%s AND status='CONFIRMED' LIMIT 1", + array($hash, $uid), __FILE__, __LINE__); - // Probe for last online timemark - $probe = time() - $online; - if (!empty($login)) $probe = time() - $login; - if ((GET_EXT_VERSION("bonus") >= "0.2.2") && ($probe >= $_CONFIG['login_timeout'])) { - // Add login bonus to user's account - $ADD = ", login_bonus=login_bonus+'".$_CONFIG['login_bonus']."'"; - $BONUS = true; + // No login bonus by default + $BONUS = false; - // Subtract login bonus from userid's account or jackpot - if ((GET_EXT_VERSION("bonus") >= "0.3.5") && ($_CONFIG['bonus_mode'] != "ADD")) BONUS_POINTS_HANDLER('login_bonus'); - } + // Probe for last online timemark + $probe = time() - $online; + if (!empty($login)) $probe = time() - $login; + if ((GET_EXT_VERSION("bonus") >= "0.2.2") && ($probe >= $_CONFIG['login_timeout'])) { + // Add login bonus to user's account + $ADD = ", login_bonus=login_bonus+'".$_CONFIG['login_bonus']."'"; + $BONUS = true; + // Subtract login bonus from userid's account or jackpot + if ((GET_EXT_VERSION("bonus") >= "0.3.5") && ($_CONFIG['bonus_mode'] != "ADD")) BONUS_POINTS_HANDLER('login_bonus'); + } // END - if - // Secure lifetime from input form - $l = bigintval($_POST['lifetime']); - $life = "-1"; - if ($l > 0) { - // Calculate lifetime of cookies - $life = time() + $l; - // Calculate new hash with the secret key and master salt together - $hash = generatePassString($hash); + // Secure lifetime from input form + $l = bigintval($_POST['lifetime']); + $life = "-1"; + if ($l > 0) { + // Calculate lifetime of cookies + $life = time() + $l; - // Update cookies - $login = (set_session("userid" , $uid , $life, COOKIE_PATH) - && set_session("u_hash" , $hash, $life, COOKIE_PATH) - && set_session("lifetime", $l , $life, COOKIE_PATH)); + // Calculate new hash with the secret key and master salt together + $hash = generatePassString($hash); - // Update global array - $GLOBALS['userid'] = bigintval($uid); - } else { - // Check for login data - $login = IS_MEMBER(); - } + // Update cookies + $login = (set_session("userid" , $uid , $life, COOKIE_PATH) + && set_session("u_hash" , $hash, $life, COOKIE_PATH) + && set_session("lifetime", $l , $life, COOKIE_PATH)); + + // Update global array + $GLOBALS['userid'] = $uid; + } else { + // Check for login data + $login = IS_MEMBER(); + } - if ($login) { - // Update database records - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET total_logins=total_logins+1".$ADD." WHERE userid=%s LIMIT 1", - array(bigintval($uid)), __FILE__, __LINE__); - if (SQL_AFFECTEDROWS() == 1) { - // Procedure to checking for login data - if (($BONUS) && (EXT_IS_ACTIVE("bonus"))) { - // Bonus added (just displaying!) - $URL = URL."/modules.php?module=chk_login&mode=bonus"; - } else { - // Bonus not added - $URL = URL."/modules.php?module=chk_login&mode=login"; - } + if ($login) { + // Update database records + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET total_logins=total_logins+1".$ADD." WHERE userid=%s LIMIT 1", + array($uid), __FILE__, __LINE__); + if (SQL_AFFECTEDROWS() == 1) { + // Procedure to checking for login data + if (($BONUS) && (EXT_IS_ACTIVE("bonus"))) { + // Bonus added (just displaying!) + $URL = URL."/modules.php?module=chk_login&mode=bonus"; } else { - // Cannot update counter! - $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".CODE_CNTR_FAILED; + // Bonus not added + $URL = URL."/modules.php?module=chk_login&mode=login"; } } else { - // Cookies not setable! - $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".CODE_NO_COOKIES; + // Cannot update counter! + $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".CODE_CNTR_FAILED; } } else { - // Wrong password! - $ERROR = CODE_WRONG_PASS; + // Cookies not setable! + $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".CODE_NO_COOKIES; } } else { - // Fatal error! - $ERROR = CODE_LOGIN_FAILED; + // Update failture counter + SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET login_failtures=login_failtures+1,last_failture=NOW() WHERE userid=%s LIMIT 1", + array($uid), __FILE__, __LINE__); + + // Wrong password! + $ERROR = CODE_WRONG_PASS; } } else { // Other account status? $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", - array(bigintval($uid)), __FILE__, __LINE__); + array($uid), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Load status @@ -212,9 +213,7 @@ if (IS_MEMBER()) { $ERROR = CODE_UNKNOWN_STATUS; break; } - } - else - { + } else { // ID not found! $ERROR = CODE_WRONG_ID; } @@ -222,9 +221,7 @@ if (IS_MEMBER()) { // Construct URL $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".$ERROR; } -} - elseif ((!empty($_POST['new_pass'])) && (isset($uid))) -{ +} elseif ((!empty($_POST['new_pass'])) && (isset($uid))) { // Compile email when found in address (only secure chars!) if (!empty($_POST['email'])) $_POST['email'] = str_replace("{DOT}", '.', $_POST['email']); @@ -233,44 +230,38 @@ if (IS_MEMBER()) { // Probe userid/nickname $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['id'])."") != $_POST['id'])); - if ($probe_nickname) - { + if ($probe_nickname) { // Nickname entered $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' OR email='%s' LIMIT 1", array(addslashes($uid), $_POST['email']), __FILE__, __LINE__); - } - else - { + } else { // Direct userid entered $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s OR email='%s' LIMIT 1", - array(bigintval($uid), $_POST['email']), __FILE__, __LINE__); + array($uid, $_POST['email']), __FILE__, __LINE__); } - if (SQL_NUMROWS($result) == 1) - { + + // Any entry found? + if (SQL_NUMROWS($result) == 1) { // This data is valid, so we create a new pass... :-) list($uid, $status) = SQL_FETCHROW($result); - if ($status == "CONFIRMED") - { + if ($status == "CONFIRMED") { // Ooppps, this was missing! ;-) We should update the database... $NEW_PASS = GEN_PASS(); $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%s LIMIT 1", - array(generateHash($NEW_PASS), bigintval($uid)), __FILE__, __LINE__); + array(generateHash($NEW_PASS), $uid), __FILE__, __LINE__); // Prepare data and message for email - $msg = LOAD_EMAIL_TEMPLATE("new-pass", array('new_pass' => $NEW_PASS), bigintval($uid)); + $msg = LOAD_EMAIL_TEMPLATE("new-pass", array('new_pass' => $NEW_PASS), $uid); // ... and send it away - SEND_EMAIL(bigintval($uid), GUEST_NEW_PASSWORD, $msg); + SEND_EMAIL($uid, GUEST_NEW_PASSWORD, $msg); // Output note to user LOAD_TEMPLATE("admin_settings_saved", false, GUEST_NEW_PASSWORD_SEND); - } - else - { + } else { // Account is locked or unconfirmed - switch ($status) - { + switch ($status) { case "LOCKED" : $MSG = CODE_ID_LOCKED; break; case "UNCONFIRMED": $MSG = CODE_ID_UNCONFIRMED; break; } @@ -278,25 +269,27 @@ if (IS_MEMBER()) { // Load URL LOAD_URL("modules.php?module=".$GLOBALS['module']."&what=login&login=".$MSG); } - } - else - { + } else { // ID or email is wrong LOAD_TEMPLATE("admin_settings_saved", false, "".GUEST_WRONG_ID_EMAIL.""); } } - else -{ - // Login problems? - if (!empty($_GET['login'])) - { - // Ok, which one now? - $MSG = " + +// Login problems? +if (!empty($_GET['login'])) { + // Use code from URL + $ERROR = SQL_ESCAPE($_GET['login']); +} // END - if + +// Login problems? +if (!empty($ERROR)) { + // Ok, which one now? + $MSG = "   "; - switch ($_GET['login']) - { + + switch ($ERROR) { case CODE_WRONG_PASS: $MSG .= LOGIN_WRONG_PASS; break; @@ -317,6 +310,14 @@ if (IS_MEMBER()) { $MSG .= LOGIN_NO_COOKIES; break; + case CODE_EXTENSION_PROBLEM: + if (IS_ADMIN()) { + $MSG .= sprintf(EXTENSION_PROBLEM_NOT_INSTALLED, "nickname"); + } else { + $MSG .= LOGIN_WRONG_ID; + } + break; + default: $MSG .= LOGIN_WRONG_ID; break; @@ -326,35 +327,29 @@ if (IS_MEMBER()) {   \n"; define('LOGIN_FAILURE_MSG', $MSG); - } - else - { - // No problems, no output - define('LOGIN_FAILURE_MSG', ""); - } - // Display login form with resend-password form - if (EXT_IS_ACTIVE("nickname")) - { - LOAD_TEMPLATE("guest_nickname_login"); - } - else - { - LOAD_TEMPLATE("guest_login"); - } +} else { + // No problems, no output + define('LOGIN_FAILURE_MSG', ""); +} + +// Display login form with resend-password form +if (EXT_IS_ACTIVE("nickname")) { + LOAD_TEMPLATE("guest_nickname_login"); +} else { + LOAD_TEMPLATE("guest_login"); } // Was an URL constructed? if (!empty($URL)) { // URL was constructed - if (!empty($FATAL[0])) - { + if (!empty($FATAL[0])) { // Fatal errors! require_once(PATH."inc/fatal_errors.php"); } else { // Load URL LOAD_URL($URL); } -} +} // END - if // ?> diff --git a/inc/modules/guest/what-sponsor_login.php b/inc/modules/guest/what-sponsor_login.php index b70f75f38b..0a8b505de5 100644 --- a/inc/modules/guest/what-sponsor_login.php +++ b/inc/modules/guest/what-sponsor_login.php @@ -273,7 +273,7 @@ WHERE id='%s' AND password='%s' LIMIT 1", { // Cookie setup failed! LOAD_TEMPLATE("admin_settings_saved", false, SPONSPOR_COOKIE_SETUP_FAILED); - OUTPUT_HTML("
"); + OUTPUT_HTML("
"); // Login formular and other links LOAD_TEMPLATE("guest_sponsor_login"); @@ -285,7 +285,7 @@ WHERE id='%s' AND password='%s' LIMIT 1", $eval = "\$content = SPONSOR_LOGIN_FAILED_".strtoupper($status).";"; eval($eval); LOAD_TEMPLATE("admin_settings_saved", false, $content); - OUTPUT_HTML("
"); + OUTPUT_HTML("
"); // Login formular and other links LOAD_TEMPLATE("guest_sponsor_login"); @@ -295,7 +295,7 @@ WHERE id='%s' AND password='%s' LIMIT 1", { // Account missing or wrong pass! We shall not find this out for the "hacker folks"... LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOGIN_FAILED_404_WRONG_PASS); - OUTPUT_HTML("
"); + OUTPUT_HTML("
"); // Login formular and other links LOAD_TEMPLATE("guest_sponsor_login"); diff --git a/inc/modules/guest/what-sponsor_reg.php b/inc/modules/guest/what-sponsor_reg.php index e013faa9de..bed8a6149f 100644 --- a/inc/modules/guest/what-sponsor_reg.php +++ b/inc/modules/guest/what-sponsor_reg.php @@ -310,7 +310,7 @@ ORDER BY pay_name", __FILE__, __LINE__); { $OUT .= " -  ".$name."
+  ".$name."
(".$min." ".$curr." = ".TRANSLATE_COMMA($rate * $min)." ".POINTS.")
\n"; @@ -378,14 +378,14 @@ ORDER BY pay_name", __FILE__, __LINE__); // Errors found $OUT = "

- ".SPONSOR_REGISTER_SOMETHING_MISSING.":
+ ".SPONSOR_REGISTER_SOMETHING_MISSING.":

    \n"; foreach ($FORM_ERRORS as $error) { $OUT .= "
  1. ".$error."
  2. \n"; } - $OUT .= "

\n"; + $OUT .= "
\n"; define('__SPONSOR_FORM_ERRORS', $OUT); define('__SPONSOR_REFID', $_POST['refid']); } diff --git a/inc/modules/member/what-beg2.php b/inc/modules/member/what-beg2.php index 3c61941be4..d2eca69e26 100644 --- a/inc/modules/member/what-beg2.php +++ b/inc/modules/member/what-beg2.php @@ -49,7 +49,6 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) // Add description as navigation point ADD_DESCR("member", basename(__FILE__)); -OUTPUT_HTML("
"); // Autopurge installed? $LAST = "%s"; $ONLINE = ""; diff --git a/inc/modules/member/what-bonus.php b/inc/modules/member/what-bonus.php index 67ffb33bce..f34c4ab80b 100644 --- a/inc/modules/member/what-bonus.php +++ b/inc/modules/member/what-bonus.php @@ -49,7 +49,6 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) // Add description as navigation point ADD_DESCR("member", basename(__FILE__)); -OUTPUT_HTML("
"); if (GET_EXT_VERSION("bonus") >= "0.6.9") { diff --git a/inc/modules/member/what-welcome.php b/inc/modules/member/what-welcome.php index 8ce43420ff..c5d75511dd 100644 --- a/inc/modules/member/what-welcome.php +++ b/inc/modules/member/what-welcome.php @@ -44,7 +44,6 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) // Add description as navigation point ADD_DESCR ("member", basename(__FILE__)); -OUTPUT_HTML("
"); // Export data for template define('_LAST_ONLINE_VALUE', MAKE_DATETIME($LAST['online'])); diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index a5b364cf65..ad02fe75d7 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -171,10 +171,7 @@ function CHECK_MODULE($mod) { } // END - if // Destroy cache here - if (GET_EXT_VERSION("cache") >= "0.1.2") { - if ($cacheInstance->cache_file("mod_reg", true)) $cacheInstance->cache_destroy(); - unset($cacheArray['modules']); - } // END - if + REBUILD_CACHE("mod_reg", "modreg"); // And reload data $ret = CHECK_MODULE($mod_chk); @@ -254,10 +251,13 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) { $prefix .= " -> "; - if (ereg(".php", $search)) { - $search = substr($search, 0, strpos($search, ".php")); - } + // We need to remove .php and the end + if (substr($search, -4, 4) == ".php") { + // Remove the .php + $search = substr($search, 0, -4); + } // END - i + // Get the title from menu $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_%s_menu WHERE %s='%s' ".$AND." LIMIT 1", array($ACC_LVL, $type, $search), __FILE__, __LINE__); @@ -273,16 +273,20 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) { } elseif (((GET_EXT_VERSION("sql_patches") >= "0.2.3") && ($_CONFIG['youre_here'] == "Y")) || ((IS_ADMIN()) && ($MOD_CHECK == "admin"))) { // Output HTML code $OUT = $prefix."".$ret."\n"; + + // Can we close the you-are-here navigation? //* DEBUG: */ echo __LINE__."*".$type."/".$GLOBALS['what']."*
\n"; - if (($type == "what") || (($type == "action") && (!isset($_GET['what'])) && ($GLOBALS['what'] != "welcome"))) { + //* DEBUG: */ die("
".print_r($_CONFIG, true)."
"); + if (($type == "what") || (($type == "action") && ((!isset($GLOBALS['what'])) || ($GLOBALS['what'] == "overview") || (($GLOBALS['what'] == $_CONFIG['index_home']) && ($ACC_LVL == "guest"))))) { //* DEBUG: */ echo __LINE__."+".$type."+
\n"; $OUT .= "
\n"; $DEPTH="0"; // Handle failed logins here if not in guest - if (($type != "guest") && (GET_EXT_VERSION("sql_patches") >= "0.4.7")) { + //* DEBUG: */ echo __FUNCTION__.":type={$type},action={$GLOBALS['action']},what={$GLOBALS['what']},lvl={$ACC_LVL}
\n"; + if ((($type == "what") || ($type == "action") && ((!isset($GLOBALS['what'])) || ($GLOBALS['what'] == "overview") || ($GLOBALS['what'] == $_CONFIG['index_home']))) && ($ACC_LVL != "guest") && ((GET_EXT_VERSION("sql_patches") >= "0.4.7") || (GET_EXT_VERSION("admins") >= "0.7.0"))) { // Handle failture - $OUT .= HANDLE_LOGIN_FAILTURES($type); + $OUT .= HANDLE_LOGIN_FAILTURES($ACC_LVL); } // END - if } // END - if } @@ -465,7 +469,7 @@ function IS_ADMIN($admin="") } // Return result of comparision - //* DEBUG: */ if (!$ret) echo __LINE__."OK!
"; + //* DEBUG: */ if (!$ret) echo __LINE__."OK!
"; return $ret; } // @@ -592,13 +596,13 @@ function IS_MEMBER() if ((!empty($mod)) && (empty($LAST['module']))) { $LAST['module'] = $mod; $LAST['online'] = $onl; } // So did we now have valid data and an unlocked user? - //* DEBUG: */ echo $valPass."
".get_session('u_hash')."
"; + //* DEBUG: */ echo $valPass."
".get_session('u_hash')."
"; if (($status == "CONFIRMED") && ($valPass == get_session('u_hash'))) { // Account is confirmed and all cookie data is valid so he is definely logged in! :-) $ret = true; } else { // Maybe got locked etc. - //* DEBUG: */ echo __LINE__."!!!
"; + //* DEBUG: */ echo __LINE__."!!!
"; destroy_user_session(); // Remove array elements to prevent errors @@ -606,7 +610,7 @@ function IS_MEMBER() } } else { // Cookie data is invalid! - //* DEBUG: */ echo __LINE__."***
"; + //* DEBUG: */ echo __LINE__."***
"; // Remove array elements to prevent errors unset($GLOBALS['userid']); @@ -618,7 +622,7 @@ function IS_MEMBER() else { // Cookie data is invalid! - //* DEBUG: */ echo __LINE__."///
"; + //* DEBUG: */ echo __LINE__."///
"; destroy_user_session(); // Remove array elements to prevent errors @@ -628,7 +632,7 @@ function IS_MEMBER() } // function UPDATE_LOGIN_DATA ($UPDATE=true) { - global $LAST; + global $LAST, $_CONFIG; if (!is_array($LAST)) $LAST = array(); // Are the required cookies set? @@ -660,10 +664,14 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) { // This will be displayed on welcome page! :-) if (empty($LAST['module'])) { $LAST['module'] = $mod; $LAST['online'] = $onl; - } + } // END - if + + // "what" not set? if (empty($GLOBALS['what'])) { + // Fix it to default $GLOBALS['what'] = "welcome"; - } + if (!empty($_CONFIG['index_home'])) $GLOBALS['what'] = $_CONFIG['index_home']; + } // END - if // Update last module / online time $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_module='%s', last_online=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1", @@ -724,16 +732,29 @@ function VALIDATE_MENU_ACTION ($MODE, $act, $wht, $UPDATE=false) return $ret; } // -function GET_MOD_DESCR($MODE, $wht) +function GET_MOD_DESCR($MODE, $wht, $column="what") { - if (empty($wht)) $wht = "welcome"; + // Fix empty "what" + if (empty($wht)) { + $wht = "welcome"; + if (!empty($_CONFIG['index_home'])) $wht = $_CONFIG['index_home']; + } // END - if + + // Default is not found $ret = "??? (".$wht.")"; - $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_%s_menu WHERE what='%s' LIMIT 1", array($MODE, $wht), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + + // Look for title + $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_%s_menu WHERE %s='%s' LIMIT 1", + array($MODE, $column, $wht), __FILE__, __LINE__); + + // Is there an entry? + if (SQL_NUMROWS($result) == 1) { + // Fetch the title list($ret) = SQL_FETCHROW($result); - SQL_FREERESULT($result); - } + } // END - if + + // Free result + SQL_FREERESULT($result); return $ret; } // @@ -871,34 +892,29 @@ function COUNT_MODULE($mod) // Get action value from mode (admin/guest/member) and what-value function GET_ACTION ($MODE, &$wht) { - global $ret; $ret = ""; - //* DEBUG: */ echo __LINE__."=".$MODE."/".$wht."/".$GLOBALS['action']."=
"; - if ((empty($wht)) && ($MODE != "admin")) - { + global $ret, $_CONFIG; + // DEPRECATED: Init status + $ret = ""; + + //* DEBUG: */ echo __LINE__."=".$MODE."/".$wht."/".$GLOBALS['action']."=
"; + if ((empty($wht)) && ($MODE != "admin")) { $wht = "welcome"; - } - if ($MODE == "admin") - { + if (!empty($_CONFIG['index_home'])) $wht = $_CONFIG['index_home']; + } // END - if + + if ($MODE == "admin") { // Action value for admin area - if (!empty($GLOBALS['action'])) - { + if (!empty($GLOBALS['action'])) { // Get it directly from URL return $GLOBALS['action']; - } - elseif (($wht == "overview") || (empty($GLOBALS['what']))) - { + } elseif (($wht == "overview") || (empty($GLOBALS['what']))) { // Default value for admin area $ret = "login"; } - } - elseif (!empty($GLOBALS['action'])) - { - // Fix welcome value - if (empty($wht)) $wht = "welcome"; + } elseif (!empty($GLOBALS['action'])) { + // Get it directly from URL return $GLOBALS['action']; - } - else - { + } else { // Everything else will be touched after checking the module has a menu assigned } //* DEBUG: */ echo __LINE__."*".$ret."*
\n"; @@ -919,8 +935,7 @@ function GET_ACTION ($MODE, &$wht) // Load from database $result = SQL_QUERY_ESC("SELECT action FROM "._MYSQL_PREFIX."_%s_menu WHERE what='%s' LIMIT 1", array($MODE, $wht), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + if (SQL_NUMROWS($result) == 1) { // Load action value and pray that this one is the right you want... ;-) list($ret) = SQL_FETCHROW($result); } @@ -1597,6 +1612,8 @@ function LOAD_CONFIG($no="0") { } // Gets the matching what name from module function GET_WHAT($MOD_CHECK) { + global $_CONFIG; + $wht = ""; //* DEBUG: */ echo __LINE__."!".$MOD_CHECK."!
\n"; switch ($MOD_CHECK) @@ -1608,6 +1625,7 @@ function GET_WHAT($MOD_CHECK) { case "login": case "index": $wht = "welcome"; + if (($MOD_CHECK == "index") && (!empty($_CONFIG['index_home']))) $wht = $_CONFIG['index_home']; break; default: @@ -1714,14 +1732,8 @@ function UPDATE_CONFIG ($entries, $values, $updateMode="") { $affectedRows = SQL_AFFECTEDROWS(); //* DEBUG: */ echo __FUNCTION__.":entries={$entries},affectedRows={$affectedRows}
\n"; - // Destroy cache? - if ((GET_EXT_VERSION("cache") >= "0.1.2") && ($affectedRows == 1)) { - global $cacheInstance, $_CONFIG, $CSS; - if ($cacheInstance->cache_file("config", true)) $cacheInstance->cache_destroy(); - - // Rebuid the cache - require(PATH."inc/loader/load_cache-config.php"); - } // END - if + // Rebuild cache + REBUILD_CACHE("config", "config"); } // Creates a new task for updated extension function CREATE_EXTENSION_UPDATE_TASK ($admin_id, $subject, $notes) { @@ -1773,30 +1785,6 @@ VALUES (%s, 0, 'NEW', 'EXTENSION', '%s', '%s', UNIX_TIMESTAMP())", // Free memory SQL_FREERESULT($result); } -// Handle menu-depending failed logins and return the rendered content -function HANDLE_LOGIN_FAILTURES ($menuType) { - // Default output is empty ;-) - $OUT = ""; - - // Guest menus doesn't have login failtures so is the session data set? - if (($menuType != "guest") && (isSessionVariableSet('mxchange_'.$menuType.'_failtures')) && (isSessionVariableSet('mxchange_'.$menuType.'_last_fail'))) { - // Non-guest has login failtures found, get both data and prepare it for template - $content = array( - 'login_failtures' => get_session('mxchange_'.$menuType.'_failtures'), - 'last_failture' => MAKE_DATETIME(get_session('mxchange_'.$menuType.'_last_fail'), "2") - ); - - // Load template - $OUT = LOAD_TEMPLATE("login_failture", true, $content); - - // Reset session data - set_session('mxchange_'.$menuType.'_failtures', ""); - set_session('mxchange_'.$menuType.'_last_fail', ""); - } // END - if - - // Return rendered content - return $OUT; -} // ?> diff --git a/theme/business/css/general.css b/theme/business/css/general.css index ad02efdb54..4508eeac9a 100644 --- a/theme/business/css/general.css +++ b/theme/business/css/general.css @@ -662,3 +662,12 @@ DIV.admin_note { .show_timings_data { font-weight : bold; } + +.login_failture_header { + background-color : #EEEEFF; + font-weight : bold; +} + +.login_failtures { + width : 400px; +} diff --git a/theme/default/css/general.css b/theme/default/css/general.css index d01a2a3b5c..4825c7642f 100644 --- a/theme/default/css/general.css +++ b/theme/default/css/general.css @@ -676,15 +676,24 @@ DIV.admin_note { .show_timings_column { z-index : 10; top : 3px; - background-color : #EEFFEE; + background-color : #EEFFEE; position : relative; margin : 0px; width : 150px; display : block; - border : solid 1px; - border-color : #009900; + border : solid 1px; + border-color : #009900; } .show_timings_data { font-weight : bold; } + +.login_failture_header { + background-color : #ddeedd; + font-weight : bold; +} + +.login_failtures { + width : 400px; +} diff --git a/theme/desert/css/general.css b/theme/desert/css/general.css index 0bb4fc7809..0386b4d64c 100644 --- a/theme/desert/css/general.css +++ b/theme/desert/css/general.css @@ -658,3 +658,12 @@ DIV.admin_note { .show_timings_data { font-weight : bold; } + +.login_failture_header { + background-color : #DDDDAA; + font-weight : bold; +} + +.login_failtures { + width : 400px; +} -- 2.39.5