X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fguest%2Fwhat-login.php;h=bcea77ddb74a573b2211d33112a8967fad3c92f7;hp=94a981ce74da2faf4cdd1cd45251bd013aa750e6;hb=ee0625c4882bb462985c504abf65a3ef0e7bf1eb;hpb=598ecc2011b09b2c8ae4ee32ed5c31dde3939c94 diff --git a/inc/modules/guest/what-login.php b/inc/modules/guest/what-login.php index 94a981ce74..bcea77ddb7 100644 --- a/inc/modules/guest/what-login.php +++ b/inc/modules/guest/what-login.php @@ -11,7 +11,12 @@ * Kurzbeschreibung : Loginbereich (leitet an das richtige Lgin-Modul * * weiter) * * -------------------------------------------------------------------- * - * * + * $Revision:: $ * + * $Date:: $ * + * $Tag:: 0.2.1-FINAL $ * + * $Author:: $ * + * Needs to be in all Files and every File needs "svn propset * + * svn:keywords Date Revision" (autoprobset!) at least!!!!!! * * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2008 by Roland Haeder * * For more information visit: http://www.mxchange.org * @@ -36,311 +41,117 @@ if (!defined('__SECURITY')) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); +} elseif ((!EXT_IS_ACTIVE("user")) && (!IS_ADMIN())) { + addFatalMessage(__FILE__, __LINE__, getMessage('EXTENSION_PROBLEM_EXT_INACTIVE'), "user"); + return; } // Add description as navigation point ADD_DESCR("guest", __FILE__); -global $DATA, $FATAL; - -// Initialize data -$probe_nickname = false; $uid = false; $hash = ""; -unset($login); unset($online); - -if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash'))) { - // Already logged in? - $uid = $GLOBALS['userid']; -} elseif ((!empty($_POST['id'])) && (!empty($_POST['password'])) && (isset($_POST['ok']))) { +global $DATA; + +// Initialize variables +$errorCode = 0; +$probe_nickname = false; +$uid = false; +$hash = ""; +$URL = ""; +$add = ""; + +// Already logged in? +if ((isUserIdSet()) && (isSessionVariableSet('u_hash'))) { + // Maybe, then continue with it + $uid = getUserId(); +} elseif ((REQUEST_ISSET_POST(('id'))) && (REQUEST_ISSET_POST(('password'))) && (IS_FORM_SENT())) { // Set userid and crypt password when login data was submitted - $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".($_POST['id'] + 0)."") != $_POST['id'])); - if ($probe_nickname === true) { + if ((EXT_IS_ACTIVE("nickname")) && (NICKNAME_PROBE_ON_USERID(REQUEST_POST('id')))) { // Nickname entered - $uid = SQL_ESCAPE($_POST['id']); + $uid = SQL_ESCAPE(REQUEST_POST('id')); } else { // Direct userid entered - $uid = bigintval($_POST['id']); + $uid = bigintval(REQUEST_POST('id')); } -} elseif (!empty($_POST['new_pass'])) { +} elseif (REQUEST_ISSET_POST(('new_pass'))) { // New password requested $uid = 0; - if (!empty($_POST['id'])) $uid = $_POST['id']; + if (REQUEST_ISSET_POST(('id'))) $uid = REQUEST_POST('id'); } else { // Not logged in $uid = 0; $hash = ""; } -$URL = ""; $ADD = ""; // Set unset variables -if (empty($_POST['new_pass'])) $_POST['new_pass'] = ""; -if (empty($_GET['login'])) $_GET['login'] = ""; +if (!REQUEST_ISSET_POST(('new_pass'))) REQUEST_SET_POST('new_pass', ""); +if (!REQUEST_ISSET_GET(('login'))) REQUEST_SET_GET('login' , ""); if (IS_MEMBER()) { // Login immidiately... - $URL = URL."/modules.php?module=login"; -} elseif ((isset($_POST['ok'])) && ("".$uid."" != "".$_POST['id']."")) { + $URL = "modules.php?module=login"; +} elseif ((IS_FORM_SENT()) && ("".$uid."" != "".REQUEST_POST('id')."")) { // Invalid input (no nickname extension installed but nickname entered) - $ERROR = CODE_EXTENSION_PROBLEM; -} elseif (isset($_POST['ok'])) { - // Add last_login if available - $LAST = ""; - if (GET_EXT_VERSION("sql_patches") >= "0.2.8") { - $LAST = ", last_login"; - } // END - if - - // Check login data - $password = ""; $uid2 = ""; $dmy = ""; - if ($probe_nickname === true) { - // Nickname entered - $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' AND status='CONFIRMED' LIMIT 1", - array($uid), __FILE__, __LINE__); - list($uid2, $password, $online, $login) = SQL_FETCHROW($result); - if (!empty($uid2)) $uid = bigintval($uid2); - } else { - // Direct userid entered - $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1", - array($uid, $hash), __FILE__, __LINE__); - list($uid2, $password, $online, $login) = SQL_FETCHROW($result); - } - - // Is there an entry? - if ((SQL_NUMROWS($result) == 1) && ((($probe_nickname) && (!empty($uid2))) || ($uid2 == $uid))) { - // Free result - SQL_FREERESULT($result); - - // By default the hash is empty - $hash = ""; - - // Check for old MD5 passwords - if ((strlen($password) == 32) && (md5($_POST['password']) == $password)) { - // Just set the hash to the password from DB... :) - $hash = $password; - } else { - // Hash password with improved way for comparsion - $hash = generateHash($_POST['password'], substr($password, 0, -40)); - } - - if ($hash == $password) { - // New hashed password found so let's generate a new one - $hash = generateHash($_POST['password']); - - // ... and update database - SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%s AND status='CONFIRMED' LIMIT 1", - array($hash, $uid), __FILE__, __LINE__); - - // No login bonus by default - $BONUS = false; - - // Probe for last online timemark - $probe = time() - $online; - if (!empty($login)) $probe = time() - $login; - if ((GET_EXT_VERSION("bonus") >= "0.2.2") && ($probe >= $_CONFIG['login_timeout'])) { - // Add login bonus to user's account - $ADD = sprintf(", login_bonus=login_bonus+%s", - (float)$_CONFIG['login_bonus'] - ); - $BONUS = true; - - // Subtract login bonus from userid's account or jackpot - if ((GET_EXT_VERSION("bonus") >= "0.3.5") && ($_CONFIG['bonus_mode'] != "ADD")) BONUS_POINTS_HANDLER('login_bonus'); - } // END - if - - // Init variables - $life = "-1"; $login = false; - - // Secure lifetime from input form - $l = bigintval($_POST['lifetime']); - - // Is the lifetime set? - if ($l > 0) { - // Calculate lifetime of cookies - $life = time() + $l; - - // Calculate new hash with the secret key and master salt together - $hash = generatePassString($hash); - - // Update cookies - $login = (set_session("userid" , $uid , $life, COOKIE_PATH) - && set_session("u_hash" , $hash, $life, COOKIE_PATH) - && set_session("lifetime", $l , $life, COOKIE_PATH) - ); - - // Update global array - $GLOBALS['userid'] = $uid; - } else { - // Check for login data - $login = IS_MEMBER(); - } - - if ($login) { - // Update database records - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET total_logins=total_logins+1".$ADD." WHERE userid=%s LIMIT 1", - array($uid), __FILE__, __LINE__); - if (SQL_AFFECTEDROWS() == 1) { - // Procedure to checking for login data - if (($BONUS) && (EXT_IS_ACTIVE("bonus"))) { - // Bonus added (just displaying!) - $URL = URL."/modules.php?module=chk_login&mode=bonus"; - } else { - // Bonus not added - $URL = URL."/modules.php?module=chk_login&mode=login"; - } - } else { - // Cannot update counter! - $URL = URL."/modules.php?module=index&what=login&login=".CODE_CNTR_FAILED; - } - } else { - // Cookies not setable! - $URL = URL."/modules.php?module=index&what=login&login=".CODE_NO_COOKIES; - } - } elseif (GET_EXT_VERSION("sql_patches") >= "0.4.7") { - // Update failture counter - SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET login_failtures=login_failtures+1,last_failture=NOW() WHERE userid=%s LIMIT 1", - array($uid), __FILE__, __LINE__); - - // Wrong password! - $ERROR = CODE_WRONG_PASS; - } - } elseif ((($probe_nickname) && (!empty($uid2))) || ($uid2 == $uid)) { - // Other account status? - $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", - array($uid), __FILE__, __LINE__); - - // Entry found? - if (SQL_NUMROWS($result) == 1) { - // Load status - list($status) = SQL_FETCHROW($result); - switch ($status) { - case "LOCKED": - $ERROR = CODE_ID_LOCKED; - break; - - case "UNCONFIRMED": - $ERROR = CODE_ID_UNCONFIRMED; - break; - - default: - DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown error status %s detected.", $status)); - $ERROR = CODE_UNKNOWN_STATUS; - break; - } - } else { - // ID not found! - $ERROR = CODE_WRONG_ID; - } - - // Construct URL - $URL = URL."/modules.php?module=index&what=login&login=".$ERROR; - } else { - // ID not found! - $ERROR = CODE_WRONG_ID; - } -} elseif ((!empty($_POST['new_pass'])) && (isset($uid))) { - // Compile email when found in address (only secure chars!) - if (!empty($_POST['email'])) $_POST['email'] = str_replace("{DOT}", '.', $_POST['email']); - - // Set ID number when left empty - if (empty($_POST['id'])) $_POST['id'] = 0; - - // Probe userid/nickname - $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['id'])."") != $_POST['id'])); - if ($probe_nickname) { - // Nickname entered - $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' OR email='%s' LIMIT 1", - array($uid, $_POST['email']), __FILE__, __LINE__); - } else { - // Direct userid entered - $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s OR email='%s' LIMIT 1", - array(bigintval($uid), $_POST['email']), __FILE__, __LINE__); - } - - // Any entry found? - if (SQL_NUMROWS($result) == 1) { - // This data is valid, so we create a new pass... :-) - list($uid, $status) = SQL_FETCHROW($result); - - if ($status == "CONFIRMED") { - // Ooppps, this was missing! ;-) We should update the database... - $NEW_PASS = GEN_PASS(); - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%s LIMIT 1", - array(generateHash($NEW_PASS), $uid), __FILE__, __LINE__); - - // Prepare data and message for email - $msg = LOAD_EMAIL_TEMPLATE("new-pass", array('new_pass' => $NEW_PASS), $uid); - - // ... and send it away - SEND_EMAIL($uid, GUEST_NEW_PASSWORD, $msg); - - // Output note to user - LOAD_TEMPLATE("admin_settings_saved", false, GUEST_NEW_PASSWORD_SEND); - } else { - // Account is locked or unconfirmed - switch ($status) { - case "LOCKED" : $MSG = CODE_ID_LOCKED; break; - case "UNCONFIRMED": $MSG = CODE_ID_UNCONFIRMED; break; - } - - // Load URL - LOAD_URL("modules.php?module=index&what=login&login=".$MSG); - } - } else { - // ID or email is wrong - LOAD_TEMPLATE("admin_settings_saved", false, "".GUEST_WRONG_ID_EMAIL.""); - } + $errorCode = getCode('EXTENSION_PROBLEM'); +} elseif (IS_FORM_SENT()) { + // Try the login (see inc/libs/user_functions.php) + $URL = USER_DO_LOGIN(REQUEST_POST('id'), REQUEST_POST('password')); +} elseif ((REQUEST_ISSET_POST(('new_pass'))) && (isset($uid))) { + // Try the userid/email lookup (see inc/libs/user_functions.php) + $errorCode = USER_DO_NEW_PASSWORD(REQUEST_POST('email'), $uid); } // Login problems? -if (!empty($_GET['login'])) { +if (REQUEST_ISSET_GET(('login'))) { // Use code from URL - $ERROR = SQL_ESCAPE($_GET['login']); + $errorCode = REQUEST_GET(('login')); } // END - if // Login problems? -if (!empty($ERROR)) { +if (!empty($errorCode)) { // Ok, which one now? - $MSG = " -   - - "; - - switch ($ERROR) { - case CODE_WRONG_PASS: - $MSG .= LOGIN_WRONG_PASS; + $message = " +   + + "; + + switch ($errorCode) { + case getCode('WRONG_PASS'): + $message .= getMessage('LOGIN_WRONG_PASS'); break; - case CODE_WRONG_ID: - $MSG .= LOGIN_WRONG_ID; + case getCode('WRONG_ID'): + $message .= getMessage('LOGIN_WRONG_ID'); break; - case CODE_ID_LOCKED: - $MSG .= LOGIN_ID_LOCKED; + case getCode('ID_LOCKED'): + $message .= getMessage('LOGIN_ID_LOCKED'); break; - case CODE_ID_UNCONFIRMED: - $MSG .= LOGIN_ID_UNCONFIRMED; + case getCode('ID_UNCONFIRMED'): + $message .= getMessage('LOGIN_ID_UNCONFIRMED'); break; - case CODE_NO_COOKIES: - $MSG .= LOGIN_NO_COOKIES; + case getCode('NO_COOKIES'): + $message .= getMessage('LOGIN_NO_COOKIES'); break; - case CODE_EXTENSION_PROBLEM: + case getCode('EXTENSION_PROBLEM'): if (IS_ADMIN()) { - $MSG .= sprintf(EXTENSION_PROBLEM_NOT_INSTALLED, "nickname"); + $message .= sprintf(getMessage('EXTENSION_PROBLEM_NOT_INSTALLED'), "nickname"); } else { - $MSG .= LOGIN_WRONG_ID; + $message .= getMessage('LOGIN_WRONG_ID'); } break; default: - DEBUG_LOG(__FILE__, __LINE__, sprintf("Unhandled error code %s detected.", $ERROR)); - $MSG .= LOGIN_WRONG_ID; + DEBUG_LOG(__FILE__, __LINE__, sprintf("Unhandled error code %s detected.", $errorCode)); + $message .= getMessage('LOGIN_WRONG_ID'); break; } - $MSG .= " - -   -\n"; - define('LOGIN_FAILURE_MSG', $MSG); + $message .= " + +   +\n"; + define('LOGIN_FAILURE_MSG', $message); } else { // No problems, no output define('LOGIN_FAILURE_MSG', ""); @@ -356,9 +167,9 @@ if (EXT_IS_ACTIVE("nickname")) { // Was an URL constructed? if (!empty($URL)) { // URL was constructed - if (!empty($FATAL[0])) { + if (getTotalFatalErrors()) { // Fatal errors! - require_once(PATH."inc/fatal_errors.php"); + LOAD_INC_ONCE("inc/fatal_errors.php"); } else { // Load URL LOAD_URL($URL);