X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fguest%2Fwhat-login.php;h=b3693ca25742f5027ab636df43917ed3937a2c9b;hp=62450c81b6b2a728bc45617ef4ca97928feb88fa;hb=49ffe0a4fb551d0965e97db1ad4ff12f13f4b9ad;hpb=1bf45cc4694aedce0b2fed54090c3f74cc93fe26 diff --git a/inc/modules/guest/what-login.php b/inc/modules/guest/what-login.php index 62450c81b6..b3693ca257 100644 --- a/inc/modules/guest/what-login.php +++ b/inc/modules/guest/what-login.php @@ -33,273 +33,82 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) -{ +if (!defined('__SECURITY')) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); +} elseif ((!EXT_IS_ACTIVE("user")) && (!IS_ADMIN())) { + addFatalMessage(EXTENSION_PROBLEM_EXT_INACTIVE, "user"); + return; } // Add description as navigation point -ADD_DESCR("guest", basename(__FILE__)); - -OPEN_TABLE("100%", "guest_content_align", ""); -global $DATA, $FATAL; - -// Initialize data -$probe_nickname = false; $UID = false; $hash = ""; -unset($login); unset($online); - -if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash'))) -{ - // Already logged in? - $UID = $GLOBALS['userid']; +ADD_DESCR("guest", __FILE__); + +global $DATA, $ERROR; + +// Initialize variables +$ERROR = 0; +$probe_nickname = false; +$uid = false; +$hash = ""; +$URL = ""; +$ADD = ""; + +// Already logged in? +if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash'))) { + // Maybe, then continue with it + $uid = $GLOBALS['userid']; } elseif ((!empty($_POST['id'])) && (!empty($_POST['password'])) && (isset($_POST['ok']))) { // Set userid and crypt password when login data was submitted - $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['id'])."") != $_POST['id'])); - if ($probe_nickname) - { + if ((EXT_IS_ACTIVE("nickname")) && (NICKNAME_PROBE_ON_USERID($_POST['id']))) { // Nickname entered - $UID = SQL_ESCAPE($_POST['id']); + $uid = SQL_ESCAPE($_POST['id']); } else { // Direct userid entered - $UID = bigintval($_POST['id']); + $uid = bigintval($_POST['id']); } } elseif (!empty($_POST['new_pass'])) { // New password requested - $UID = "0"; - if (!empty($_POST['id'])) $UID = $_POST['id']; + $uid = 0; + if (!empty($_POST['id'])) $uid = $_POST['id']; } else { // Not logged in - $UID = "0"; $hash = ""; + $uid = 0; $hash = ""; } -$URL = ""; $ADD = ""; // Set unset variables if (empty($_POST['new_pass'])) $_POST['new_pass'] = ""; if (empty($_GET['login'])) $_GET['login'] = ""; -if (IS_LOGGED_IN()) { +if (IS_MEMBER()) { // Login immidiately... - $URL = URL."/modules.php?module=login"; + $URL = "modules.php?module=login"; +} elseif ((isset($_POST['ok'])) && ("".$uid."" != "".$_POST['id']."")) { + // Invalid input (no nickname extension installed but nickname entered) + $ERROR = CODE_EXTENSION_PROBLEM; } elseif (isset($_POST['ok'])) { - // Add last_login if available - $LAST = ""; - if (GET_EXT_VERSION("sql_patches") >= "0.2.8") { - $LAST = ", last_login"; - } - - // Check login data - $password = ""; - if ($probe_nickname) { - // Nickname entered - $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' AND status='CONFIRMED' LIMIT 1", - array($UID), __FILE__, __LINE__); - list($UID2, $password, $online, $login) = SQL_FETCHROW($result); - if (!empty($UID2)) $UID = $UID2; - } else { - // Direct userid entered - $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1", - array(bigintval($UID), $hash), __FILE__, __LINE__); - list($dmy, $password, $online, $login) = SQL_FETCHROW($result); - } - if (SQL_NUMROWS($result) == 1) { - // Valid data found so let's load the last login data - if (isset($_POST['ok'])) { - // By default the hash is empty - $hash = ""; - - // Check for old MD5 passwords - if ((strlen($password) == 32) && (md5($_POST['password']) == $password)) { - // Just set the hash to the password from DB... :) - $hash = $password; - } else { - // Encrypt hash for comparsion - $hash = generateHash($_POST['password'], substr($password, 0, -40)); - } - - if ($hash == $password) { - // New hashed password found so let's generate a new one - $hash = generateHash($_POST['password']); - - // ... and update database - $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%d AND status='CONFIRMED' LIMIT 1", - array($hash, $UID), __FILE__, __LINE__); - - // No login bonus by default - $BONUS = false; - - // Probe for last online timemark - $probe = time() - $online; - if (!empty($login)) $probe = time() - $login; - if ((GET_EXT_VERSION("bonus") >= "0.2.2") && ($probe >= $_CONFIG['login_timeout'])) { - // Add login bonus to user's account - $ADD = ", login_bonus=login_bonus+'".$_CONFIG['login_bonus']."'"; - $BONUS = true; - - // Subtract login bonus from userid's account or jackpot - if ((GET_EXT_VERSION("bonus") >= "0.3.5") && ($_CONFIG['bonus_mode'] != "ADD")) BONUS_POINTS_HANDLER('login_bonus'); - } - - - // Secure lifetime from input form - $l = bigintval($_POST['lifetime']); - $life = "-1"; - if ($l > 0) { - // Calculate lifetime of cookies - $life = time() + $l; - - // Calculate new hash with the secret key and master salt together - $hash = generatePassString($hash); - - // Update cookies - $login = (set_session("userid" , $UID , $life, COOKIE_PATH) - && set_session("u_hash" , $hash, $life, COOKIE_PATH) - && set_session("lifetime", $l , $life, COOKIE_PATH)); - - // Update global array - $GLOBALS['userid'] = $UID; - } else { - // Check for login data - $login = IS_LOGGED_IN(); - } - - if ($login) { - // Update database records - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET total_logins=total_logins+1".$ADD." WHERE userid=%d LIMIT 1", - array(bigintval($UID)), __FILE__, __LINE__); - if (SQL_AFFECTEDROWS($link) == 1) { - // Procedure to checking for login data - if (($BONUS) && (EXT_IS_ACTIVE("bonus"))) { - // Bonus added (just displaying!) - $URL = URL."/modules.php?module=chk_login&mode=bonus"; - } else { - // Bonus not added - $URL = URL."/modules.php?module=chk_login&mode=login"; - } - } else { - // Cannot update counter! - $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".CODE_CNTR_FAILED; - } - } else { - // Cookies not setable! - $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".CODE_NO_COOKIES; - } - } else { - // Wrong password! - $ERROR = CODE_WRONG_PASS; - } - } else { - // Fatal error! - $ERROR = CODE_LOGIN_FAILED; - } - } else { - // Other account status? - $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", - array(bigintval($UID)), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { - // Load status - list($status) = SQL_FETCHROW($result); - switch ($status) - { - case "LOCKED": - $ERROR = CODE_ID_LOCKED; - break; - - case "UNCONFIRMED": - $ERROR = CODE_ID_UNCONFIRMED; - break; - - default: - $ERROR = CODE_UNKNOWN_STATUS; - break; - } - } - else - { - // ID not found! - $ERROR = CODE_WRONG_ID; - } - - // Construct URL - $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".$ERROR; - } + // Try the login (see inc/libs/user_functions.php) + $URL = USER_DO_LOGIN($_POST['id'], $_POST['password']); +} elseif ((!empty($_POST['new_pass'])) && (isset($uid))) { + // Try the userid/email lookup (see inc/libs/user_functions.php) + $ERROR = USER_DO_NEW_PASSWORD($_POST['email'], $uid); } - elseif ((!empty($_POST['new_pass'])) && (isset($UID))) -{ - // Compile email when found in address (only secure chars!) - if (!empty($_POST['email'])) $_POST['email'] = str_replace("{DOT}", '.', $_POST['email']); - - // Set ID number when left empty - if (empty($_POST['id'])) $_POST['id'] = "0"; - - // Probe userid/nickname - $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['id'])."") != $_POST['id'])); - if ($probe_nickname) - { - // Nickname entered - $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' OR email='%s' LIMIT 1", - array(addslashes($UID), $_POST['email']), __FILE__, __LINE__); - } - else - { - // Direct userid entered - $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d OR email='%s' LIMIT 1", - array(bigintval($UID), $_POST['email']), __FILE__, __LINE__); - } - if (SQL_NUMROWS($result) == 1) - { - // This data is valid, so we create a new pass... :-) - list($UID, $status) = SQL_FETCHROW($result); - - if ($status == "CONFIRMED") - { - // Ooppps, this was missing! ;-) We should update the database... - $NEW_PASS = GEN_PASS(); - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%d LIMIT 1", - array(generateHash($NEW_PASS), bigintval($UID)), __FILE__, __LINE__); - // Prepare data and message for email - $DATA = array($NEW_PASS, getenv('REMOTE_ADDR')); - $msg = LOAD_EMAIL_TEMPLATE("new-pass", "", bigintval($UID)); - - // ... and send it away - SEND_EMAIL(bigintval($UID), GUEST_NEW_PASSWORD, $msg); - - // Output note to user - LOAD_TEMPLATE("admin_settings_saved", false, GUEST_NEW_PASSWORD_SEND); - } - else - { - // Account is locked or unconfirmed - switch ($status) - { - case "LOCKED" : $MSG = CODE_ID_LOCKED; break; - case "UNCONFIRMED": $MSG = CODE_ID_UNCONFIRMED; break; - } - - // Load URL - LOAD_URL("modules.php?module=".$GLOBALS['module']."&what=login&login=".$MSG); - } - } - else - { - // ID or email is wrong - LOAD_TEMPLATE("admin_settings_saved", false, "".GUEST_WRONG_ID_EMAIL.""); - } -} - else -{ - // Login problems? - if (!empty($_GET['login'])) - { - // Ok, which one now? - $MSG = " -   - - "; - switch ($_GET['login']) - { +// Login problems? +if (!empty($_GET['login'])) { + // Use code from URL + $ERROR = SQL_ESCAPE($_GET['login']); +} // END - if + +// Login problems? +if (!empty($ERROR)) { + // Ok, which one now? + $MSG = " +   + + "; + + switch ($ERROR) { case CODE_WRONG_PASS: $MSG .= LOGIN_WRONG_PASS; break; @@ -320,48 +129,47 @@ if (IS_LOGGED_IN()) { $MSG .= LOGIN_NO_COOKIES; break; + case CODE_EXTENSION_PROBLEM: + if (IS_ADMIN()) { + $MSG .= sprintf(EXTENSION_PROBLEM_NOT_INSTALLED, "nickname"); + } else { + $MSG .= LOGIN_WRONG_ID; + } + break; + default: + DEBUG_LOG(__FILE__, __LINE__, sprintf("Unhandled error code %s detected.", $ERROR)); $MSG .= LOGIN_WRONG_ID; break; } - $MSG .= " - -   -\n"; + $MSG .= " + +   +\n"; define('LOGIN_FAILURE_MSG', $MSG); - } - else - { - // No problems, no output - define('LOGIN_FAILURE_MSG', ""); - } - // Display login form with resend-password form - if (EXT_IS_ACTIVE("nickname")) - { - LOAD_TEMPLATE("guest_nickname_login"); - } - else - { - LOAD_TEMPLATE("guest_login"); - } +} else { + // No problems, no output + define('LOGIN_FAILURE_MSG', ""); +} + +// Display login form with resend-password form +if (EXT_IS_ACTIVE("nickname")) { + LOAD_TEMPLATE("guest_nickname_login"); +} else { + LOAD_TEMPLATE("guest_login"); } // Was an URL constructed? -if (!empty($URL)) -{ +if (!empty($URL)) { // URL was constructed - if (!empty($FATAL[0])) - { + if (getTotalFatalErrors()) { // Fatal errors! require_once(PATH."inc/fatal_errors.php"); - } - else - { + } else { // Load URL LOAD_URL($URL); } -} +} // END - if -CLOSE_TABLE(); // ?>