function account() { $fields = array('name' => ['Username', false], 'pass1' => ['Enter Password', true], 'pass2' => ['Confirm Password', true]); if (CLISetup::readInput($fields)) { CLISetup::log(); if (!User::isValidName($fields['name'], $e)) { CLISetup::log(Lang::account($e == 1 ? 'errNameLength' : 'errNameChars'), CLISetup::LOG_ERROR); } else { if (!User::isValidPass($fields['pass1'], $e)) { CLISetup::log(Lang::account($e == 1 ? 'errPassLength' : 'errPassChars'), CLISetup::LOG_ERROR); } else { if ($fields['pass1'] != $fields['pass2']) { CLISetup::log(Lang::account('passMismatch'), CLISetup::LOG_ERROR); } else { if ($_ = DB::Aowow()->SelectCell('SELECT 1 FROM ?_account WHERE user = ? AND (status <> ?d OR (status = ?d AND statusTimer > UNIX_TIMESTAMP()))', $fields['name'], ACC_STATUS_NEW, ACC_STATUS_NEW)) { CLISetup::log(Lang::account('nameInUse'), CLISetup::LOG_ERROR); } else { // write to db $ok = DB::Aowow()->query('REPLACE INTO ?_account (user, passHash, displayName, joindate, email, allowExpire, userGroups, userPerms) VALUES (?, ?, ?, UNIX_TIMESTAMP(), ?, 0, ?d, 1)', $fields['name'], User::hashCrypt($fields['pass1']), Util::ucFirst($fields['name']), CFG_CONTACT_EMAIL, U_GROUP_ADMIN); if ($ok) { $newId = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE user = ?', $fields['name']); Util::gainSiteReputation($newId, SITEREP_ACTION_REGISTER); CLISetup::log("account " . $fields['name'] . " created successfully", CLISetup::LOG_OK); } else { // something went wrong CLISetup::log(Lang::main('intError'), CLISetup::LOG_ERROR); } } } } } } else { CLISetup::log(); CLISetup::log("account creation aborted", CLISetup::LOG_WARN); } }
if (!get_class($GLOBALS['pie']['session'])) { $GLOBALS['pie']['session'] = new Session(); } $GLOBALS['pie']['session']->start(); if ($_SESSION['user']) { // A session is being provided. if (!$GLOBALS['pie']['session']->verify()) { include $GLOBALS['pie']['custom_path'] . '/frame/private_login.php'; exit; } } elseif ($_REQUEST['action'] == 'login') { // An authentication attempt. include_once $GLOBALS['pie']['library_path'] . '/class/user.php'; include_once $GLOBALS['pie']['library_path'] . '/share/log.php'; $user = new User(); if (!$user->isValidName($_REQUEST['username'])) { pieLog('error'); include $GLOBALS['pie']['custom_path'] . '/frame/private_login.php'; exit; } if (!$user->exists($_REQUEST['username'])) { pieLog('error'); include $GLOBALS['pie']['custom_path'] . '/frame/private_login.php'; exit; } $pw = $user->read($_REQUEST['username']); if ($pw != $user->encrypt($_REQUEST['password'])) { // The entered password differs from the registered password. // Try the crypt() command to handle old style passwords. $salt = substr($pw, 0, 2); if ($pw != crypt($_REQUEST['password'], $salt)) {
protected function checkUser($val) { $n = Util::lower(trim(urldecode($val))); if (User::isValidName($n)) { return $n; } return null; }
private function doSignUp() { // check username if (!User::isValidName($this->_post['username'], $e)) { return Lang::account($e == 1 ? 'errNameLength' : 'errNameChars'); } // check password if (!User::isValidPass($this->_post['password'], $e)) { return Lang::account($e == 1 ? 'errPassLength' : 'errPassChars'); } if ($this->_post['password'] != $this->_post['c_password']) { return Lang::account('passMismatch'); } // check email if (!Util::isValidEmail($this->_post['email'])) { return Lang::account('emailInvalid'); } // check ip if (!User::$ip) { return Lang::main('intError'); } // limit account creation $ip = DB::Aowow()->selectRow('SELECT ip, count, unbanDate FROM ?_account_bannedips WHERE type = 1 AND ip = ?', User::$ip); if ($ip && $ip['count'] >= CFG_ACC_FAILED_AUTH_COUNT && $ip['unbanDate'] >= time()) { DB::Aowow()->query('UPDATE ?_account_bannedips SET count = count + 1, unbanDate = UNIX_TIMESTAMP() + ?d WHERE ip = ? AND type = 1', CFG_ACC_FAILED_AUTH_BLOCK, User::$ip); return sprintf(Lang::account('signupExceeded'), Util::formatTime(CFG_ACC_FAILED_AUTH_BLOCK * 1000)); } // username taken if ($_ = DB::Aowow()->SelectCell('SELECT user FROM ?_account WHERE (user = ? OR email = ?) AND (status <> ?d OR (status = ?d AND statusTimer > UNIX_TIMESTAMP()))', $this->_post['username'], $email, ACC_STATUS_NEW, ACC_STATUS_NEW)) { return $_ == $this->_post['username'] ? Lang::account('nameInUse') : Lang::account('mailInUse'); } // create.. $token = Util::createHash(); $ok = DB::Aowow()->query('REPLACE INTO ?_account (user, passHash, displayName, email, joindate, curIP, allowExpire, locale, userGroups, status, statusTimer, token) VALUES (?, ?, ?, ?, UNIX_TIMESTAMP(), ?, ?d, ?d, ?d, ?d, UNIX_TIMESTAMP() + ?d, ?)', $this->_post['username'], User::hashCrypt($this->_post['password']), Util::ucFirst($this->_post['username']), $this->_post['email'], User::$ip, $this->_post['remember_me'] != 'yes', User::$localeId, U_GROUP_PENDING, ACC_STATUS_NEW, CFG_ACC_CREATE_SAVE_DECAY, $token); if (!$ok) { return Lang::main('intError'); } else { if ($_ = $this->sendMail(Lang::mail('accConfirm', 0), sprintf(Lang::mail('accConfirm', 1), $token), CFG_ACC_CREATE_SAVE_DECAY)) { if ($id = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE token = ?', $token)) { Util::gainSiteReputation($id, SITEREP_ACTION_REGISTER); } // success:: update ip-bans if (!$ip || $ip['unbanDate'] < time()) { DB::Aowow()->query('REPLACE INTO ?_account_bannedips (ip, type, count, unbanDate) VALUES (?, 1, 1, UNIX_TIMESTAMP() + ?d)', User::$ip, CFG_ACC_FAILED_AUTH_BLOCK); } else { DB::Aowow()->query('UPDATE ?_account_bannedips SET count = count + 1, unbanDate = UNIX_TIMESTAMP() + ?d WHERE ip = ? AND type = 1', CFG_ACC_FAILED_AUTH_BLOCK, User::$ip); } return $_; } } }