public static function LoadSession() { global $user, $bd_users; $user = false; $check_ip = GetRealIp(); $check = true; $session = Filter::input('session_id', 'get'); if (!class_exists('User', false)) { exit('include user class first'); } if (!session_id() and !empty($session) and preg_match('/^[a-zA-Z0-9]{26,40}$/', $session)) { session_id($session); } if (!isset($_SESSION)) { session_start(); } if (isset($_SESSION['user_name'])) { $user = new User($_SESSION['user_name'], $bd_users['login']); } if (isset($_COOKIE['PRTCookie1']) and empty($user)) { $user = new User($_COOKIE['PRTCookie1'], $bd_users['tmp']); if ($user->id()) { $_SESSION['user_name'] = $user->name(); $_SESSION['ip'] = $check_ip; } } if (!empty($user)) { if (!$user->id() or $user->lvl() <= 0 or $check and $check_ip != $user->ip()) { if ($user->id()) { $user->logout(); } setcookie("PRTCookie1", "", time(), '/'); $user = false; } } }
$info = ''; $server_info = ''; $user_id = Filter::input('user_id', 'post', 'int', true); $ban_user = false; if ($user_id === false) { $user_id = Filter::input('user_id', 'get', 'int', true); } if ($user_id) { $ban_user = new User($user_id); } if ($ban_user and $ban_user->id()) { $user_name = $ban_user->name(); $user_gen = $ban_user->isFemale(); $user_mail = $ban_user->email(); $user_ip = $ban_user->ip(); $user_lvl = $ban_user->lvl(); } else { $ban_user = false; } if ($do == 'gettheme') { $id = Filter::input('sid', 'get', 'string', true); } else { $id = Filter::input('sid', 'get', 'int', true); } function RatioList($selectid = 1) { $html_ratio = '<option value="1" ' . (1 == $selectid ? 'selected' : '') . '>64x32 | 22x17</option>'; for ($i = 2; $i <= 32; $i = $i + 2) { $html_ratio .= '<option value="' . $i . '" ' . ($i == $selectid ? 'selected' : '') . '>' . 64 * $i . 'x' . 32 * $i . ' | ' . 22 * $i . 'x' . 17 * $i . '</option>'; } return $html_ratio;
} else { logExit("Bad request method. POST/json required", "Bad request method. POST/json required"); } if (empty($json->username) or empty($json->password) or empty($json->clientToken)) { logExit("[auth16x.php] login process [Empty input] [ " . (empty($json->username) ? 'LOGIN ' : '') . (empty($json->password) ? 'PASSWORD ' : '') . (empty($json->clientToken) ? 'clientToken ' : '') . "]"); } loadTool('user.class.php'); DBinit('auth'); $login = $json->username; $password = $json->password; $clientToken = $json->clientToken; if (!preg_match("/^[a-zA-Z0-9_-]+\$/", $password) or !preg_match("/^[a-f0-9-]+\$/", $clientToken)) { logExit("[auth16x.php] login process [Bad symbols] User [{$login}] Password [{$password}] clientToken [{$clientToken}]"); } $BD_Field = strpos($login, '@') === false ? $bd_users['login'] : $bd_users['email']; $auth_user = new User($login, $BD_Field); if (!$auth_user->id()) { logExit("[auth16.php] login process [Unknown user] User [{$login}] Password [{$password}]"); } if ($auth_user->lvl() <= 1) { exit("Bad login"); } if (!$auth_user->authenticate($password)) { logExit("[auth16.php] login process [Wrong password] User [{$login}] Password [{$password}]"); } $sessid = generateSessionId(); getDB()->ask("UPDATE `{$bd_names['users']}` SET " . "`{$bd_users['session']}`=:session , " . "`{$bd_users['clientToken']}`=:token " . "WHERE `{$BD_Field}`=:login", array('session' => $sessid, 'login' => $login, 'token' => $clientToken)); vtxtlog("[auth16.php] login process [Success] User [{$login}] Session [{$sessid}] clientToken[{$clientToken}]"); $profile = array('id' => $auth_user->id(), 'name' => $auth_user->name()); $responce = array('clientToken' => $clientToken, 'accessToken' => $sessid, 'availableProfiles' => array(0 => $profile), 'selectedProfile' => $profile); exit(json_encode($responce));
public static function userInit() { global $user, $config; MCRAuth::LoadSession(); if ($config['p_sync']) { self::start(); $id = self::userLoad(); if ($id) { $user = new User($id); if ($user->lvl() <= 0) { $user = false; } else { $user->login(randString(15), GetRealIp()); } } elseif (!empty($user)) { $user->logout(); $user = false; } } }
exit; } loadTool('ajax.php'); loadTool('user.class.php'); DBinit('login'); if ($out) { header("Location: " . BASE_URL); MCRAuth::userLoad(); if (!empty($user)) { $user->logout(); } } elseif ($login) { $pass = Filter::input('pass'); $tmp_user = new User($login, strpos($login, '@') === false ? $bd_users['login'] : $bd_users['email']); $ajax_message['auth_fail_num'] = (int) $tmp_user->auth_fail_num(); if (!$tmp_user->id()) { aExit(4, lng('AUTH_NOT_EXIST')); } if ($tmp_user->auth_fail_num() >= 5) { CaptchaCheck(6); } if (!$tmp_user->authenticate($pass)) { $ajax_message['auth_fail_num'] = (int) $tmp_user->auth_fail_num(); aExit(1, lng('AUTH_FAIL') . '.<br /> <a href="#" style="color: #656565;" onclick="RestoreStart(); return false;">' . lng('AUTH_RESTORE') . ' ?</a>'); } if ($tmp_user->lvl() <= 0) { aExit(4, lng('USER_BANNED')); } $tmp_user->login(randString(15), GetRealIp(), Filter::input('save', 'post', 'bool')); aExit(0, 'success'); }