X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fguest%2Fwhat-login.php;h=56085111a2a3fd4bf7a5a0c912fb73d014a5e131;hp=4029789a492509942da8e0bfc7e83195bc3a2159;hb=f928ad2bed60fa256d0641eaf6d2c027a2944688;hpb=ae80e170b5d25a4782af90a7c3d81fbb176fa293 diff --git a/inc/modules/guest/what-login.php b/inc/modules/guest/what-login.php index 4029789a49..56085111a2 100644 --- a/inc/modules/guest/what-login.php +++ b/inc/modules/guest/what-login.php @@ -11,7 +11,12 @@ * Kurzbeschreibung : Loginbereich (leitet an das richtige Lgin-Modul * * weiter) * * -------------------------------------------------------------------- * - * * + * $Revision:: $ * + * $Date:: $ * + * $Tag:: 0.2.1-FINAL $ * + * $Author:: $ * + * Needs to be in all Files and every File needs "svn propset * + * svn:keywords Date Revision" (autoprobset!) at least!!!!!! * * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2008 by Roland Haeder * * For more information visit: http://www.mxchange.org * @@ -33,335 +38,142 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) -{ - $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; +if (!defined('__SECURITY')) { + $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), '/inc') + 4) . '/security.php'; require($INC); +} elseif ((!EXT_IS_ACTIVE('user')) && (!IS_ADMIN())) { + addFatalMessage(__FILE__, __LINE__, generateExtensionInactiveNotInstalledMessage('user')); + return; } // Add description as navigation point -ADD_DESCR("guest", basename(__FILE__)); - -OPEN_TABLE("100%", "guest_content_align", ""); -global $DATA, $FATAL; - -// Initialize data -$probe_nickname = false; $UID = false; $hash = ""; -unset($login); unset($online); - -if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash'))) -{ - // Already logged in? - $UID = $GLOBALS['userid']; -} elseif ((!empty($_POST['id'])) && (!empty($_POST['password'])) && (isset($_POST['ok']))) { +ADD_DESCR('guest', __FILE__); + +global $DATA; + +// Initialize variables +$errorCode = 0; +$uid = false; +$hash = ''; +$URL = ''; +$add = ''; + +// Already logged in? +if ((isUserIdSet()) && (isSessionVariableSet('u_hash'))) { + // Maybe, then continue with it + $uid = getUserId(); +} elseif ((REQUEST_ISSET_POST('id')) && (REQUEST_ISSET_POST('password')) && (isFormSent())) { // Set userid and crypt password when login data was submitted - $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['id'])."") != $_POST['id'])); - if ($probe_nickname) - { + if ((EXT_IS_ACTIVE('nickname')) && (NICKNAME_IS_ACTIVE(REQUEST_POST('id')))) { // Nickname entered - $UID = SQL_ESCAPE($_POST['id']); + $uid = SQL_ESCAPE(REQUEST_POST('id')); } else { // Direct userid entered - $UID = bigintval($_POST['id']); + $uid = bigintval(REQUEST_POST('id')); } -} elseif (!empty($_POST['new_pass'])) { +} elseif (REQUEST_ISSET_POST('new_pass')) { // New password requested - $UID = "0"; - if (!empty($_POST['id'])) $UID = $_POST['id']; + $uid = 0; + if (REQUEST_ISSET_POST('id')) $uid = REQUEST_POST('id'); } else { // Not logged in - $UID = "0"; $hash = ""; + $uid = 0; $hash = ''; } -$URL = ""; $ADD = ""; // Set unset variables -if (empty($_POST['new_pass'])) $_POST['new_pass'] = ""; -if (empty($_GET['login'])) $_GET['login'] = ""; +if (!REQUEST_ISSET_POST('new_pass')) REQUEST_SET_POST('new_pass', ''); +if (!REQUEST_ISSET_GET('login')) REQUEST_SET_GET('login' , ''); if (IS_MEMBER()) { // Login immidiately... - $URL = URL."/modules.php?module=login"; -} elseif (isset($_POST['ok'])) { - // Add last_login if available - $LAST = ""; - if (GET_EXT_VERSION("sql_patches") >= "0.2.8") { - $LAST = ", last_login"; - } - - // Check login data - $password = ""; - if ($probe_nickname) { - // Nickname entered - $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' AND status='CONFIRMED' LIMIT 1", - array($UID), __FILE__, __LINE__); - list($UID2, $password, $online, $login) = SQL_FETCHROW($result); - if (!empty($UID2)) $UID = $UID2; - } else { - // Direct userid entered - $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1", - array(bigintval($UID), $hash), __FILE__, __LINE__); - list($dmy, $password, $online, $login) = SQL_FETCHROW($result); - } - if (SQL_NUMROWS($result) == 1) { - // Valid data found so let's load the last login data - if (isset($_POST['ok'])) { - // By default the hash is empty - $hash = ""; - - // Check for old MD5 passwords - if ((strlen($password) == 32) && (md5($_POST['password']) == $password)) { - // Just set the hash to the password from DB... :) - $hash = $password; - } else { - // Encrypt hash for comparsion - $hash = generateHash($_POST['password'], substr($password, 0, -40)); - } - - if ($hash == $password) { - // New hashed password found so let's generate a new one - $hash = generateHash($_POST['password']); - - // ... and update database - $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%s AND status='CONFIRMED' LIMIT 1", - array($hash, $UID), __FILE__, __LINE__); - - // No login bonus by default - $BONUS = false; - - // Probe for last online timemark - $probe = time() - $online; - if (!empty($login)) $probe = time() - $login; - if ((GET_EXT_VERSION("bonus") >= "0.2.2") && ($probe >= $_CONFIG['login_timeout'])) { - // Add login bonus to user's account - $ADD = ", login_bonus=login_bonus+'".$_CONFIG['login_bonus']."'"; - $BONUS = true; - - // Subtract login bonus from userid's account or jackpot - if ((GET_EXT_VERSION("bonus") >= "0.3.5") && ($_CONFIG['bonus_mode'] != "ADD")) BONUS_POINTS_HANDLER('login_bonus'); - } - - - // Secure lifetime from input form - $l = bigintval($_POST['lifetime']); - $life = "-1"; - if ($l > 0) { - // Calculate lifetime of cookies - $life = time() + $l; - - // Calculate new hash with the secret key and master salt together - $hash = generatePassString($hash); - - // Update cookies - $login = (set_session("userid" , $UID , $life, COOKIE_PATH) - && set_session("u_hash" , $hash, $life, COOKIE_PATH) - && set_session("lifetime", $l , $life, COOKIE_PATH)); - - // Update global array - $GLOBALS['userid'] = bigintval($UID); - } else { - // Check for login data - $login = IS_MEMBER(); - } - - if ($login) { - // Update database records - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET total_logins=total_logins+1".$ADD." WHERE userid=%s LIMIT 1", - array(bigintval($UID)), __FILE__, __LINE__); - if (SQL_AFFECTEDROWS($link) == 1) { - // Procedure to checking for login data - if (($BONUS) && (EXT_IS_ACTIVE("bonus"))) { - // Bonus added (just displaying!) - $URL = URL."/modules.php?module=chk_login&mode=bonus"; - } else { - // Bonus not added - $URL = URL."/modules.php?module=chk_login&mode=login"; - } - } else { - // Cannot update counter! - $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".CODE_CNTR_FAILED; - } - } else { - // Cookies not setable! - $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".CODE_NO_COOKIES; - } - } else { - // Wrong password! - $ERROR = CODE_WRONG_PASS; - } - } else { - // Fatal error! - $ERROR = CODE_LOGIN_FAILED; - } - } else { - // Other account status? - $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", - array(bigintval($UID)), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { - // Load status - list($status) = SQL_FETCHROW($result); - switch ($status) - { - case "LOCKED": - $ERROR = CODE_ID_LOCKED; - break; - - case "UNCONFIRMED": - $ERROR = CODE_ID_UNCONFIRMED; - break; - - default: - $ERROR = CODE_UNKNOWN_STATUS; - break; - } - } - else - { - // ID not found! - $ERROR = CODE_WRONG_ID; - } - - // Construct URL - $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".$ERROR; - } + $URL = 'modules.php?module=login'; +} elseif ((isFormSent()) && (''.$uid.'' != ''.REQUEST_POST('id') . '')) { + // Invalid input (no nickname extension installed but nickname entered) + $errorCode = getCode('EXTENSION_PROBLEM'); +} elseif (isFormSent()) { + // Try the login (see inc/libs/user_functions.php) + $URL = USER_DO_LOGIN(REQUEST_POST('id'), REQUEST_POST('password')); +} elseif ((REQUEST_ISSET_POST('new_pass')) && (isset($uid))) { + // Try the userid/email lookup (see inc/libs/user_functions.php) + $errorCode = USER_DO_NEW_PASSWORD(REQUEST_POST('email'), $uid); } - elseif ((!empty($_POST['new_pass'])) && (isset($UID))) -{ - // Compile email when found in address (only secure chars!) - if (!empty($_POST['email'])) $_POST['email'] = str_replace("{DOT}", '.', $_POST['email']); - - // Set ID number when left empty - if (empty($_POST['id'])) $_POST['id'] = "0"; - // Probe userid/nickname - $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['id'])."") != $_POST['id'])); - if ($probe_nickname) - { - // Nickname entered - $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' OR email='%s' LIMIT 1", - array(addslashes($UID), $_POST['email']), __FILE__, __LINE__); - } - else - { - // Direct userid entered - $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s OR email='%s' LIMIT 1", - array(bigintval($UID), $_POST['email']), __FILE__, __LINE__); - } - if (SQL_NUMROWS($result) == 1) - { - // This data is valid, so we create a new pass... :-) - list($UID, $status) = SQL_FETCHROW($result); - - if ($status == "CONFIRMED") - { - // Ooppps, this was missing! ;-) We should update the database... - $NEW_PASS = GEN_PASS(); - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%s LIMIT 1", - array(generateHash($NEW_PASS), bigintval($UID)), __FILE__, __LINE__); - - // Prepare data and message for email - $DATA = array($NEW_PASS, getenv('REMOTE_ADDR')); - $msg = LOAD_EMAIL_TEMPLATE("new-pass", "", bigintval($UID)); - - // ... and send it away - SEND_EMAIL(bigintval($UID), GUEST_NEW_PASSWORD, $msg); - - // Output note to user - LOAD_TEMPLATE("admin_settings_saved", false, GUEST_NEW_PASSWORD_SEND); - } - else - { - // Account is locked or unconfirmed - switch ($status) - { - case "LOCKED" : $MSG = CODE_ID_LOCKED; break; - case "UNCONFIRMED": $MSG = CODE_ID_UNCONFIRMED; break; - } +// Login problems? +if (REQUEST_ISSET_GET('login')) { + // Use code from URL + $errorCode = REQUEST_GET('login'); +} // END - if + +// Login problems? +if (!empty($errorCode)) { + // Ok, which one now? + $message = " +   + + "; + + switch ($errorCode) { + case getCode('WRONG_PASS'): + $message .= getMessage('LOGIN_WRONG_PASS'); + break; - // Load URL - LOAD_URL("modules.php?module=".$GLOBALS['module']."&what=login&login=".$MSG); - } - } - else - { - // ID or email is wrong - LOAD_TEMPLATE("admin_settings_saved", false, "".GUEST_WRONG_ID_EMAIL.""); - } -} - else -{ - // Login problems? - if (!empty($_GET['login'])) - { - // Ok, which one now? - $MSG = " -   - - "; - switch ($_GET['login']) - { - case CODE_WRONG_PASS: - $MSG .= LOGIN_WRONG_PASS; + case getCode('WRONG_ID'): + $message .= getMessage('LOGIN_WRONG_ID'); break; - case CODE_WRONG_ID: - $MSG .= LOGIN_WRONG_ID; + case getCode('ID_LOCKED'): + $message .= getMessage('LOGIN_ID_LOCKED'); break; - case CODE_ID_LOCKED: - $MSG .= LOGIN_ID_LOCKED; + case getCode('ID_UNCONFIRMED'): + $message .= getMessage('LOGIN_ID_UNCONFIRMED'); break; - case CODE_ID_UNCONFIRMED: - $MSG .= LOGIN_ID_UNCONFIRMED; + case getCode('NO_COOKIES'): + $message .= getMessage('LOGIN_NO_COOKIES'); break; - case CODE_NO_COOKIES: - $MSG .= LOGIN_NO_COOKIES; + case getCode('EXTENSION_PROBLEM'): + if (IS_ADMIN()) { + $message .= sprintf(getMessage('EXTENSION_PROBLEM_NOT_INSTALLED'), 'nickname'); + } else { + $message .= getMessage('LOGIN_WRONG_ID'); + } break; default: - $MSG .= LOGIN_WRONG_ID; + DEBUG_LOG(__FILE__, __LINE__, sprintf("Unhandled error code %s detected.", $errorCode)); + $message .= getMessage('LOGIN_WRONG_ID'); break; - } - $MSG .= " - -   -\n"; - define('LOGIN_FAILURE_MSG', $MSG); - } - else - { - // No problems, no output - define('LOGIN_FAILURE_MSG', ""); - } - // Display login form with resend-password form - if (EXT_IS_ACTIVE("nickname")) - { - LOAD_TEMPLATE("guest_nickname_login"); - } - else - { - LOAD_TEMPLATE("guest_login"); } + $message .= " + +   +\n"; + define('LOGIN_FAILURE_MSG', $message); +} else { + // No problems, no output + define('LOGIN_FAILURE_MSG', ''); +} + +// Display login form with resend-password form +if (EXT_IS_ACTIVE('nickname')) { + LOAD_TEMPLATE('guest_nickname_login'); +} else { + LOAD_TEMPLATE('guest_login'); } // Was an URL constructed? -if (!empty($URL)) -{ +if (!empty($URL)) { // URL was constructed - if (!empty($FATAL[0])) - { + if (getTotalFatalErrors()) { // Fatal errors! - require_once(PATH."inc/fatal_errors.php"); - } - else - { + loadIncludeOnce('inc/fatal_errors.php'); + } else { // Load URL - LOAD_URL($URL); + redirectToUrl($URL); } -} +} // END - if -CLOSE_TABLE(); // ?>