function handle_facebook_connection_login($current_logged_in_member)
{
if (!class_exists('ocp_tempcode')) {
return NULL;
}
if (is_guest($current_logged_in_member)) {
$current_logged_in_member = NULL;
// We are not a normal cookie login so ocPortal has loaded up a Guest session already in the expectation of keeping it. Unsetting it will force a rebind (existing session may be reused though)
require_code('users_inactive_occasionals');
set_session_id(-1);
}
// If already session-logged-in onto a Facebook account, don't bother doing anything
if (!is_null($current_logged_in_member) && $GLOBALS['FORUM_DRIVER']->get_member_row_field($current_logged_in_member, 'm_password_compat_scheme') == 'facebook') {
return $current_logged_in_member;
}
// Who is this user, from Facebook's point of view?
global $FACEBOOK_CONNECT;
$facebook_uid = $FACEBOOK_CONNECT->getUser();
if (is_null($facebook_uid)) {
return $current_logged_in_member;
}
try {
$details = $FACEBOOK_CONNECT->api('/me');
} catch (Exception $e) {
return $current_logged_in_member;
}
$details2 = $FACEBOOK_CONNECT->api('/me', array('fields' => 'picture', 'type' => 'normal'));
if (!is_array($details) || !is_array($details2)) {
return $current_logged_in_member;
}
$details = array_merge($details, $details2);
if (!isset($details['name'])) {
return $current_logged_in_member;
}
$username = $details['name'];
$photo_url = array_key_exists('picture', $details) ? $details['picture'] : '';
if (is_array($photo_url)) {
$photo_url = $photo_url['data']['url'];
}
if ($photo_url != '') {
$photo_url = 'http://graph.facebook.com/' . strval($facebook_uid) . '/picture?type=large';
// In case URL changes
}
$avatar_url = $photo_url == '' ? mixed() : $photo_url;
$photo_thumb_url = '';
if ($photo_url != '') {
$photo_thumb_url = $photo_url;
}
$email_address = array_key_exists('email', $details) ? $details['email'] : '';
$timezone = mixed();
if (isset($details['timezone'])) {
require_code('temporal');
$timezone = convert_timezone_offset_to_formal_timezone($details['timezone']);
}
$language = mixed();
if (isset($details['locale'])) {
$language = strtoupper($details['locale']);
}
if ($language !== NULL) {
if (!file_exists(get_custom_file_base() . '/lang_custom/' . $language)) {
$language = preg_replace('#\\_.*$#', '', $language);
if (!file_exists(get_custom_file_base() . '/lang_custom/' . $language)) {
$language = '';
}
}
}
$dob = array_key_exists('birthday', $details) ? $details['birthday'] : '';
$dob_day = mixed();
$dob_month = mixed();
$dob_year = mixed();
if ($dob != '') {
$_dob = explode('/', $dob);
$dob_day = intval($_dob[1]);
$dob_month = intval($_dob[0]);
$dob_year = intval($_dob[2]);
}
// See if they have logged in before - i.e. have a synched account
$member_row = $GLOBALS['FORUM_DB']->query_select('f_members', array('*'), array('m_password_compat_scheme' => 'facebook', 'm_pass_hash_salted' => $facebook_uid), 'ORDER BY id DESC', 1);
$member = array_key_exists(0, $member_row) ? $member_row[0]['id'] : NULL;
if (is_guest($member)) {
$member = NULL;
}
/*if (!is_null($member)) // Useful for debugging
{
require_code('ocf_members_action2');
ocf_delete_member($member);
$member=NULL;
}*/
// If logged in before using Facebook, see if they've changed their name or email or timezone on Facebook -- if so, try and update locally to match
if (!is_null($member)) {
if (!is_null($current_logged_in_member) && $current_logged_in_member !== NULL && !is_guest($current_logged_in_member) && $current_logged_in_member != $member) {
return $current_logged_in_member;
}
// User has an active login, and the Facebook account is bound to a DIFFERENT login. Take precedence to the other login that is active on top of this
$last_visit_time = $member[0]['m_last_visit_time'];
if ($timezone !== NULL) {
if (tz_time(time(), $timezone) == tz_time(time(), $member[0]['m_timezone_offset'])) {
$timezone = $member[0]['m_timezone_offset'];
}
// If equivalent, don't change
}
$test = $GLOBALS['FORUM_DB']->query_value_null_ok('f_members', 'id', array('m_username' => $username));
if (!is_null($test)) {
$update_map = array('m_username' => $username, 'm_dob_day' => $dob_day, 'm_dob_month' => $dob_month, 'm_dob_year' => $dob_year);
if ($email_address != '') {
$update_map['m_email_address'] = $email_address;
}
if ($avatar_url !== NULL && ($test == '' || strpos($test, 'facebook') !== false || strpos($test, 'fbcdn') !== false)) {
if ($timezone !== NULL) {
$update_map['m_timezone_offset'] = $timezone;
}
$update_map['m_avatar_url'] = $avatar_url;
$update_map['m_photo_url'] = $photo_url;
$update_map['m_photo_thumb_url'] = $photo_thumb_url;
}
$GLOBALS['FORUM_DB']->query_update('f_members', $update_map, array('m_password_compat_scheme' => 'facebook', 'm_pass_hash_salted' => strval($facebook_uid)), '', 1);
if ($username != $member[0]['m_username']) {
// Fix cacheing for usernames
$to_fix = array('f_forums/f_cache_last_username', 'f_posts/p_poster_name_if_guest', 'f_topics/t_cache_first_username', 'f_topics/t_cache_last_username');
foreach ($to_fix as $fix) {
list($table, $field) = explode('/', $fix);
$GLOBALS['FORUM_DB']->query_update($table, array($field => $username), array($field => $member[0]['m_username']));
}
}
}
}
// Not logged in before using Facebook, so we need to create an account, or bind to the active ocPortal login if there is one
$in_a_sane_place = get_page_name() != 'login' && (running_script('index') || running_script('execute_temp'));
// If we're in some weird script, or the login module UI, it's not a sane place, don't be doing account creation yet
if (is_null($member) && $in_a_sane_place) {
// Bind to existing ocPortal login?
if (!is_null($current_logged_in_member)) {
/*if (post_param_integer('associated_confirm',0)==0) Won't work because Facebook is currently done in JS and cookies force this. If user wishes to cancel they must go to http://www.facebook.com/settings?tab=applications and remove the app, then run a lost password reset.
{
$title=get_page_title('LOGIN_FACEBOOK_HEADER');
$message=do_lang_tempcode('LOGGED_IN_SURE_FACEBOOK',escape_html($GLOBALS['FORUM_DRIVER']->get_username($current_logged_in_member)));
$middle=do_template('YESNO_SCREEN',array('TITLE'=>$title,'TEXT'=>$message,'HIDDEN'=>form_input_hidden('associated_confirm','1'),'URL'=>get_self_url_easy()));
$tpl=globalise($middle,NULL,'',true);
$tpl->evaluate_echo();
exit();
}*/
$GLOBALS['FORUM_DB']->query_update('f_members', array('m_password_compat_scheme' => 'facebook', 'm_pass_hash_salted' => $facebook_uid), array('id' => $current_logged_in_member), '', 1);
require_code('site');
require_lang('facebook');
attach_message(do_lang_tempcode('FACEBOOK_ACCOUNT_CONNECTED', escape_html(get_site_name()), escape_html($GLOBALS['FORUM_DRIVER']->get_username($current_logged_in_member)), array(escape_html($username))), 'inform');
return $current_logged_in_member;
}
// If we're still here, we have to create a new account...
// -------------------------------------------------------
$completion_form_submitted = post_param('email_address', '') != '';
// If there's a conflicting username, we may need to change it (suffix a number)
require_code('ocf_members_action2');
$username = get_username_from_human_name($username);
// Ask ocP to finish off the profile from the information presented in the POST environment (a standard mechanism in ocPortal, for third party logins of various kinds)
require_lang('ocf');
require_code('ocf_members');
require_code('ocf_groups');
require_code('ocf_members2');
require_code('ocf_members_action');
$_custom_fields = ocf_get_all_custom_fields_match(ocf_get_all_default_groups(true), NULL, NULL, NULL, 1);
if (!$completion_form_submitted && count($_custom_fields) != 0 && get_value('no_finish_profile') !== '1') {
$GLOBALS['FACEBOOK_FINISHING_PROFILE'] = true;
$middle = ocf_member_external_linker_ask($username, 'facebook', $email_address, $dob_day, $dob_month, $dob_year);
$tpl = globalise($middle, NULL, '', true);
$tpl->evaluate_echo();
exit;
} else {
$username = post_param('username', $username);
if (count($_custom_fields) != 0 && get_value('no_finish_profile') !== '1') {
// Was not auto-generated, so needs to be checked
ocf_check_name_valid($username, NULL, NULL);
}
$member = ocf_member_external_linker($username, $facebook_uid, 'facebook', false, $email_address, $dob_day, $dob_month, $dob_year, $timezone, $language, $avatar_url, $photo_url, $photo_thumb_url);
}
}
if (!is_null($member)) {
require_code('users_inactive_occasionals');
create_session($member, 1, isset($_COOKIE[get_member_cookie() . '_invisible']) && $_COOKIE[get_member_cookie() . '_invisible'] == '1');
// This will mark it as confirmed
}
return $member;
}
/**
* Find if the given member id and password is valid. If username is NULL, then the member id is used instead.
* All authorisation, cookies, and form-logins, are passed through this function.
* Some forums do cookie logins differently, so a Boolean is passed in to indicate whether it is a cookie login.
*
* @param ?SHORT_TEXT The member username (NULL: don't use this in the authentication - but look it up using the ID if needed)
* @param MEMBER The member id
* @param MD5 The md5-hashed password
* @param string The raw password
* @param boolean Whether this is a cookie login
* @return array A map of 'id' and 'error'. If 'id' is NULL, an error occurred and 'error' is set
*/
function forum_authorise_login($username, $userid, $password_hashed, $password_raw, $cookie_login = false)
{
unset($cookie_login);
$out = array();
$out['id'] = NULL;
if (is_null($userid)) {
$rows = $this->connection->query_select('members', array('*'), array('name' => $this->ipb_escape($username)), '', 1);
if (array_key_exists(0, $rows)) {
$this->MEMBER_ROWS_CACHED[$rows[0]['id']] = $rows[0];
}
} else {
$rows[0] = $this->get_member_row($userid);
}
if (!array_key_exists(0, $rows)) {
$out['error'] = do_lang_tempcode('_USER_NO_EXIST', $username);
return $out;
}
$row = $rows[0];
if ($this->is_banned($row['id'])) {
$out['error'] = do_lang_tempcode('USER_BANNED');
return $out;
}
if ($row['password'] != $password_hashed) {
$out['error'] = do_lang_tempcode('USER_BAD_PASSWORD');
return $out;
}
$pos = strpos(get_member_cookie(), 'member_id');
ocp_eatcookie(substr(get_member_cookie(), 0, $pos) . 'session_id');
$out['id'] = $row['id'];
return $out;
}
/**
* The actualiser for toggling invisible mode.
*
* @return tempcode The UI.
*/
function invisible()
{
if (get_option('is_on_invisibility') == '1') {
$visible = array_key_exists(get_session_id(), $GLOBALS['SESSION_CACHE']) && $GLOBALS['SESSION_CACHE'][get_session_id()]['session_invisible'] == 0;
} else {
$visible = false;
// Small fudge: always say thay are not visible now, so this will make them visible -- because they don't have permission to be invisible
}
$title = get_page_title($visible ? 'INVISIBLE' : 'BE_VISIBLE');
$GLOBALS['SITE_DB']->query_update('sessions', array('session_invisible' => $visible ? 1 : 0), array('the_user' => get_member(), 'the_session' => get_session_id()), '', 1);
global $SESSION_CACHE;
if ($SESSION_CACHE[get_session_id()]['the_user'] == get_member()) {
$SESSION_CACHE[get_session_id()]['session_invisible'] = $visible ? 1 : 0;
if (get_value('session_prudence') !== '1') {
persistant_cache_set('SESSION_CACHE', $SESSION_CACHE);
}
}
decache('side_users_online');
// Store in cookie, if we have login cookies around
if (array_key_exists(get_member_cookie(), $_COOKIE)) {
require_code('users_active_actions');
ocp_setcookie(get_member_cookie() . '_invisible', strval($visible ? 1 : 0));
$_COOKIE[get_member_cookie() . '_invisible'] = strval($visible ? 1 : 0);
}
$url = get_param('redirect', NULL);
if (is_null($url)) {
$_url = build_url(array('page' => ''), '');
$url = $_url->evaluate();
}
return redirect_screen($title, $url, do_lang_tempcode('SUCCESS'));
}
/**
* Find if the given member id and password is valid. If username is NULL, then the member id is used instead.
* All authorisation, cookies, and form-logins, are passed through this function.
* Some forums do cookie logins differently, so a Boolean is passed in to indicate whether it is a cookie login.
*
* @param ?SHORT_TEXT The member username (NULL: don't use this in the authentication - but look it up using the ID if needed)
* @param MEMBER The member id
* @param MD5 The md5-hashed password
* @param string The raw password
* @param boolean Whether this is a cookie login
* @return array A map of 'id' and 'error'. If 'id' is NULL, an error occurred and 'error' is set
*/
function forum_authorise_login($username, $userid, $password_hashed, $password_raw, $cookie_login = false)
{
$out = array();
$out['id'] = NULL;
if (is_null($userid)) {
$rows = $this->connection->query_select('users', array('*'), array('username_clean' => strtolower($username)), '', 1);
if (array_key_exists(0, $rows)) {
$this->MEMBER_ROWS_CACHED[$rows[0]['user_id']] = $rows[0];
}
} else {
$rows[0] = $this->get_member_row($userid);
}
if (!array_key_exists(0, $rows)) {
$out['error'] = do_lang_tempcode('_USER_NO_EXIST', $username);
return $out;
}
$row = $rows[0];
if ($this->is_banned($row['user_id'])) {
$out['error'] = do_lang_tempcode('USER_BANNED');
return $out;
}
if ($cookie_login) {
$lookup = $this->connection->query_value_null_ok('sessions_keys', 'user_id', array('key_id' => md5($password_raw)));
if ($row['user_id'] !== $lookup) {
$out['error'] = do_lang_tempcode('USER_BAD_PASSWORD');
return $out;
}
} else {
if ($row['user_password'] != $password_hashed) {
$out['error'] = do_lang_tempcode('USER_BAD_PASSWORD');
return $out;
}
}
$pos = strpos(get_member_cookie(), '_data:userid');
if ($pos !== false) {
ocp_eatcookie(substr(get_member_cookie(), 0, $pos) . '_sid');
}
$out['id'] = $row['user_id'];
return $out;
}
/**
* Get the ID of the currently active member.
* It see's if the session exists / cookie is valid -- and gets the member id accordingly
*
* @param boolean Whether to just do a quick check, don't establish new sessions
* @return MEMBER The member requesting this web page (possibly the guest member - which strictly speaking, is not a member)
*/
function get_member($quick_only = false)
{
global $SESSION_CACHE, $MEMBER_CACHED, $GETTING_MEMBER, $SITE_INFO;
if ($MEMBER_CACHED !== NULL) {
$GETTING_MEMBER = false;
return $MEMBER_CACHED;
}
// If lots of aging sessions, clean out
reset($SESSION_CACHE);
if (count($SESSION_CACHE) > 50 && $SESSION_CACHE[key($SESSION_CACHE)]['last_activity'] < time() - 60 * 60 * max(1, intval(get_option('session_expiry_time')))) {
delete_expired_sessions_or_recover();
}
// Try via backdoor that someone with full server access can place
$backdoor_ip_address = mixed();
// Enable to a real IP address to force login from FTP access (if lost admin password)
if (array_key_exists('backdoor_ip', $SITE_INFO)) {
$backdoor_ip_address = $SITE_INFO['backdoor_ip'];
}
if (is_string($backdoor_ip_address) && get_ip_address() == $backdoor_ip_address) {
require_code('users_active_actions');
$MEMBER_CACHED = restricted_manually_enabled_backdoor();
// Will have created a session in here already
return $MEMBER_CACHED;
}
if ($GETTING_MEMBER) {
if (!isset($GLOBALS['FORUM_DRIVER'])) {
return db_get_first_id();
}
// :S
return $GLOBALS['FORUM_DRIVER']->get_guest_id();
}
$GETTING_MEMBER = true;
global $FORCE_INVISIBLE_GUEST;
if ($FORCE_INVISIBLE_GUEST) {
$GETTING_MEMBER = false;
if (!isset($GLOBALS['FORUM_DRIVER'])) {
fatal_exit(do_lang_tempcode('INTERNAL_ERROR'));
}
$MEMBER_CACHED = $GLOBALS['FORUM_DRIVER']->get_guest_id();
return $MEMBER_CACHED;
}
$member = NULL;
$cookie_bits = explode(':', str_replace('|', ':', get_member_cookie()));
$base = $cookie_bits[0];
// Try by session
$session = get_session_id();
if ($session != -1 && get_param_integer('keep_force_htaccess', 0) == 0) {
$ip = get_ip_address(3);
// I hope AOL can cope with this
$allow_unbound_guest = true;
// Note: Guest sessions are not IP bound
$member_row = NULL;
if ($SESSION_CACHE !== NULL && array_key_exists($session, $SESSION_CACHE) && $SESSION_CACHE[$session] !== NULL && array_key_exists('the_user', $SESSION_CACHE[$session]) && (get_option('ip_strict_for_sessions') == '0' || $SESSION_CACHE[$session]['ip'] == $ip || is_guest($SESSION_CACHE[$session]['the_user']) && $allow_unbound_guest || $SESSION_CACHE[$session]['session_confirmed'] == 0 && !is_guest($SESSION_CACHE[$session]['the_user'])) && $SESSION_CACHE[$session]['last_activity'] > time() - 60 * 60 * max(1, intval(get_option('session_expiry_time')))) {
$member_row = $SESSION_CACHE[$session];
}
if ($member_row !== NULL && (!array_key_exists($base, $_COOKIE) || !is_guest($member_row['the_user']))) {
$member = $member_row['the_user'];
if ($member !== NULL && time() - $member_row['last_activity'] > 10) {
//$GLOBALS['SITE_DB']->query_update('sessions',array('last_activity'=>time(),'the_zone'=>get_zone_name(),'the_page'=>get_page_name()),array('the_session'=>$session),'',1); Done in get_page_title now
$SESSION_CACHE[$session]['last_activity'] = time();
if (get_value('session_prudence') !== '1') {
persistant_cache_set('SESSION_CACHE', $SESSION_CACHE);
}
}
global $SESSION_CONFIRMED;
$SESSION_CONFIRMED = $member_row['session_confirmed'];
if (get_forum_type() == 'ocf') {
$GLOBALS['FORUM_DRIVER']->ocf_flood_control($member);
}
if (!is_guest($member) && $GLOBALS['FORUM_DRIVER']->is_banned($member)) {
warn_exit(do_lang_tempcode('USER_BANNED'));
}
// Test this member still exists
if ($GLOBALS['FORUM_DRIVER']->get_username($member) === NULL) {
$member = $GLOBALS['FORUM_DRIVER']->get_guest_id();
}
if (array_key_exists($base, $_COOKIE)) {
global $IS_A_COOKIE_LOGIN;
$IS_A_COOKIE_LOGIN = true;
}
} else {
require_code('users_inactive_occasionals');
set_session_id(-1);
}
}
if ($member === NULL && get_session_id() == -1 && get_param_integer('keep_force_htaccess', 0) == 0) {
// Try by cookie (will defer to forum driver to authorise against detected cookie)
require_code('users_inactive_occasionals');
$member = try_cookie_login();
// Can forum driver help more directly?
if (method_exists($GLOBALS['FORUM_DRIVER'], 'get_member')) {
$member = $GLOBALS['FORUM_DRIVER']->get_member();
}
}
// Try via additional login providers. They can choose whether to respect existing $member of get_session_id() settings. Some may do an account linkage, so we need to let them decide what to do.
$hooks = find_all_hooks('systems', 'login_providers');
foreach (array_keys($hooks) as $hook) {
require_code('hooks/systems/login_providers/' . $hook);
$ob = object_factory('Hook_login_provider_' . $hook);
$member = $ob->try_login($member);
}
// Guest or banned
if ($member === NULL) {
$member = $GLOBALS['FORUM_DRIVER']->get_guest_id();
$is_guest = true;
} else {
$is_guest = is_guest($member);
}
// If we are doing a very quick init, bomb out now - no need to establish session etc
global $SITE_INFO;
if ($quick_only) {
$GETTING_MEMBER = false;
return $member;
}
// If one of the try_* functions hasn't actually created the session, call it here
$session = get_session_id();
if ($session == -1) {
require_code('users_inactive_occasionals');
create_session($member);
}
// If we are logged in, maybe do some further processing
if (!$is_guest) {
// Is there a su operation?
$ks = get_param('keep_su', '');
if ($ks != '') {
require_code('users_inactive_occasionals');
$member = try_su_login($member);
}
// Run hooks, if any exist
$hooks = find_all_hooks('systems', 'upon_login');
foreach (array_keys($hooks) as $hook) {
require_code('hooks/systems/upon_login/' . filter_naughty($hook));
$ob = object_factory('upon_login' . filter_naughty($hook), true);
if ($ob === NULL) {
continue;
}
$ob->run(false, NULL, $member);
// false means "not a new login attempt"
}
}
// Ok we have our answer
$MEMBER_CACHED = $member;
$GETTING_MEMBER = false;
// We call this to ensure any HTTP-auth specific code has a chance to run
is_httpauth_login();
return $member;
}
/**
* Find if the given member id and password is valid. If username is NULL, then the member id is used instead.
* All authorisation, cookies, and form-logins, are passed through this function.
* Some forums do cookie logins differently, so a Boolean is passed in to indicate whether it is a cookie login.
*
* @param ?SHORT_TEXT The member username (NULL: don't use this in the authentication - but look it up using the ID if needed)
* @param MEMBER The member id
* @param MD5 The md5-hashed password
* @param string The raw password
* @param boolean Whether this is a cookie login
* @return array A map of 'id' and 'error'. If 'id' is NULL, an error occurred and 'error' is set
*/
function forum_authorise_login($username, $userid, $password_hashed, $password_raw, $cookie_login = false)
{
$out = array();
$out['id'] = NULL;
if (is_null($userid)) {
$rows = $this->connection->query_select('members', array('*'), array('name' => $this->ipb_escape($username)), '', 1);
if (array_key_exists(0, $rows)) {
$this->MEMBER_ROWS_CACHED[$rows[0]['member_id']] = $rows[0];
} else {
$rows = $this->connection->query_select('members', array('*'), array('members_display_name' => $this->ipb_escape($username)), '', 1);
if (array_key_exists(0, $rows)) {
$this->MEMBER_ROWS_CACHED[$rows[0]['member_id']] = $rows[0];
}
}
} else {
$rows[0] = $this->get_member_row($userid);
}
if (!array_key_exists(0, $rows)) {
$out['error'] = do_lang_tempcode('_USER_NO_EXIST', $username);
return $out;
}
$row = $rows[0];
if ($row['member_banned'] == 1) {
$out['error'] = do_lang_tempcode('USER_BANNED');
return $out;
}
if ($cookie_login) {
if ($password_hashed != $row['member_login_key']) {
$out['error'] = do_lang_tempcode('USER_BAD_PASSWORD');
return $out;
}
// Check stronghold
global $SITE_INFO;
if (array_key_exists('stronghold_cookies', $SITE_INFO) && $SITE_INFO['stronghold_cookies'] == 1) {
$ip_octets = explode('.', ocp_srv('REMOTE_ADDR'));
$crypt_salt = md5(get_db_forums_password() . get_db_forums_user());
$a = get_member_cookie();
$b = get_pass_cookie();
for ($i = 0; $i < strlen($a) && $i < strlen($b); $i++) {
if ($a[$i] != $b[$i]) {
break;
}
}
$cookie_prefix = substr($a, 0, $i);
$cookie = ocp_admirecookie($cookie_prefix . 'ipb_stronghold');
$stronghold = md5(md5(strval($row['member_id']) . '-' . $ip_octets[0] . '-' . $ip_octets[1] . '-' . $row['member_login_key']) . $crypt_salt);
if ($cookie != $stronghold) {
$out['error'] = do_lang_tempcode('USER_BAD_STRONGHOLD');
return $out;
}
}
} else {
if (!$this->_auth_hashed($row['member_id'], $password_hashed)) {
$out['error'] = do_lang_tempcode('USER_BAD_PASSWORD');
return $out;
}
}
$pos = strpos(get_member_cookie(), 'member_id');
ocp_eatcookie(substr(get_member_cookie(), 0, $pos) . 'session_id');
$out['id'] = $row['member_id'];
return $out;
}
/**
* Create a member login cookie.
*
* @param MEMBER The member id
* @param ?SHORT_TEXT The username (NULL: lookup)
* @param string The password
*/
function forum_create_cookie($id, $name, $password)
{
unset($name);
unset($password);
// User
ocp_setcookie(get_member_cookie(), strval($id));
$_COOKIE[get_member_cookie()] = strval($id);
// Password
$password_hashed = $this->get_member_row_field($id, 'password');
global $SITE_INFO;
$_password = md5($password_hashed . $SITE_INFO['vb_unique_id']);
ocp_setcookie(get_pass_cookie(), $_password);
$_COOKIE[get_pass_cookie()] = $_password;
}
/**
* Create a member login cookie.
*
* @param MEMBER The member id
* @param ?SHORT_TEXT The username (NULL: lookup)
* @param string The password
*/
function forum_create_cookie($id, $name, $password)
{
unset($name);
unset($password);
// User
ocp_setcookie(get_member_cookie(), strval($id));
$_COOKIE[get_member_cookie()] = strval($id);
// Password
$password_hashed_salted = $this->get_member_row_field($id, 'm_pass_hash_salted');
$password_compat_scheme = $this->get_member_row_field($id, 'm_password_compat_scheme');
if ($password_compat_scheme == 'plain') {
$password_hashed_salted = md5($password_hashed_salted);
}
// can't do direct representation for this, would be a plain text cookie; so in forum_authorise_login we expect it to be md5'd and compare thusly (as per non-cookie call to that function)
ocp_setcookie(get_pass_cookie(), $password_hashed_salted);
$_COOKIE[get_pass_cookie()] = $password_hashed_salted;
}
/**
* Do a cookie login.
*
* @return MEMBER Logged in member (NULL: no login happened)
*/
function try_cookie_login()
{
$member = NULL;
// Preprocess if this is a serialized cookie
$member_cookie_name = get_member_cookie();
$bar_pos = strpos($member_cookie_name, '|');
$colon_pos = strpos($member_cookie_name, ':');
if ($colon_pos !== false) {
$base = substr($member_cookie_name, 0, $colon_pos);
if (array_key_exists($base, $_COOKIE) && $_COOKIE[$base] != '') {
$real_member_cookie = substr($member_cookie_name, $colon_pos + 1);
$real_pass_cookie = substr(get_pass_cookie(), $colon_pos + 1);
$the_cookie = $_COOKIE[$base];
if (get_magic_quotes_gpc()) {
$the_cookie = stripslashes($_COOKIE[$base]);
}
secure_serialized_data($the_cookie, array());
$unserialize = @unserialize($the_cookie);
if (is_array($unserialize)) {
if (array_key_exists($real_member_cookie, $unserialize)) {
$the_member = $unserialize[$real_member_cookie];
if (get_magic_quotes_gpc()) {
$the_member = addslashes(@strval($the_member));
}
$_COOKIE[get_member_cookie()] = $the_member;
}
if (array_key_exists($real_pass_cookie, $unserialize)) {
$the_pass = $unserialize[$real_pass_cookie];
if (get_magic_quotes_gpc()) {
$the_pass = addslashes($the_pass);
}
$_COOKIE[get_pass_cookie()] = $the_pass;
}
}
}
} elseif ($bar_pos !== false) {
$base = substr($member_cookie_name, 0, $bar_pos);
if (array_key_exists($base, $_COOKIE) && $_COOKIE[$base] != '') {
$real_member_cookie = substr($member_cookie_name, $bar_pos + 1);
$real_pass_cookie = substr(get_pass_cookie(), $bar_pos + 1);
$the_cookie = $_COOKIE[$base];
if (get_magic_quotes_gpc()) {
$the_cookie = stripslashes($_COOKIE[$base]);
}
$cookie_contents = explode('||', $the_cookie);
$the_member = $cookie_contents[intval($real_member_cookie)];
if (get_magic_quotes_gpc()) {
$the_member = addslashes($the_member);
}
$_COOKIE[get_member_cookie()] = $the_member;
$the_pass = $cookie_contents[intval($real_pass_cookie)];
if (get_magic_quotes_gpc()) {
$the_pass = addslashes($the_pass);
}
$_COOKIE[get_pass_cookie()] = $the_pass;
}
}
if (array_key_exists(get_member_cookie(), $_COOKIE) && array_key_exists(get_pass_cookie(), $_COOKIE)) {
$store = $_COOKIE[get_member_cookie()];
$pass = $_COOKIE[get_pass_cookie()];
if (get_magic_quotes_gpc()) {
$store = stripslashes($store);
$pass = stripslashes($pass);
}
if ($GLOBALS['FORUM_DRIVER']->is_cookie_login_name()) {
$username = $store;
$store = strval($GLOBALS['FORUM_DRIVER']->get_member_from_username($store));
} else {
$username = $GLOBALS['FORUM_DRIVER']->get_username(intval($store));
}
$member = intval($store);
if (!is_guest($member)) {
if ($GLOBALS['FORUM_DRIVER']->is_hashed()) {
// Test password hash
$login_array = $GLOBALS['FORUM_DRIVER']->forum_authorise_login(NULL, $member, $pass, $pass, true);
$member = $login_array['id'];
} else {
// Test password plain
$login_array = $GLOBALS['FORUM_DRIVER']->forum_authorise_login(NULL, $member, apply_forum_driver_md5_variant($pass, $username), $pass, true);
$member = $login_array['id'];
}
if (!is_null($member)) {
global $IS_A_COOKIE_LOGIN;
$IS_A_COOKIE_LOGIN = true;
create_session($member, 0, isset($_COOKIE[get_member_cookie() . '_invisible']) && $_COOKIE[get_member_cookie() . '_invisible'] == '1');
}
}
}
return $member;
}
/**
* Standard login provider hook.
*
* @param ?MEMBER Member ID already detected as logged in (NULL: none). May be a guest ID.
* @return ?MEMBER Member ID now detected as logged in (NULL: none). May be a guest ID.
*/
function try_login($member)
{
// Some kind of OpenID provider
try {
require_code('openid');
require_code('developer_tools');
if (!isset($_REQUEST['openid_mode'])) {
if (array_key_exists('openid_identifier', $_POST)) {
destrictify();
$openid = new LightOpenID();
$openid->identity = $_POST['openid_identifier'];
$openid->required = array('namePerson/friendly', 'namePerson', 'contact/email', 'birthDate', 'pref/language', 'media/image/default');
header('Location: ' . $openid->authUrl());
exit;
}
} elseif ($_GET['openid_mode'] == 'cancel') {
destrictify();
require_code('site');
require_code('site2');
attach_message('You cancelled your OpenID login, so you are not logged into the site.', 'inform');
} else {
destrictify();
$openid = new LightOpenID();
if ($openid->validate()) {
$attributes = $openid->getAttributes();
// If member already existed, no action needed - just create a session to existing record
$member = $GLOBALS['FORUM_DB']->query_value_null_ok('f_members', 'id', array('m_password_compat_scheme' => 'openid', 'm_pass_hash_salted' => $openid->identity));
if (!is_null($member)) {
require_code('users_inactive_occasionals');
create_session($member, 1, isset($_COOKIE[get_member_cookie() . '_invisible']) && $_COOKIE[get_member_cookie() . '_invisible'] == '1');
// This will mark it as confirmed
return $member;
}
require_code('ocf_members');
require_code('ocf_groups');
require_lang('ocf');
if (running_script('index') || running_script('execute_temp')) {
require_code('ocf_members_action');
require_code('ocf_members_action2');
$email = '';
if (array_key_exists('contact/email', $attributes)) {
$email = $attributes['contact/email'];
}
$username = $openid->identity;
// Yuck, we'll try and build on this
if (array_key_exists('namePerson/friendly', $attributes)) {
$username = $attributes['namePerson/friendly'];
} elseif (array_key_exists('namePerson', $attributes)) {
$username = $attributes['namePerson'];
} elseif ($email != '') {
$username = substr($email, 0, strpos($email, '@'));
}
if ($username != '') {
$_username = $username;
$i = 1;
do {
$test = $GLOBALS['FORUM_DB']->query_value_null_ok('f_members', 'id', array('m_username' => $_username));
if (!is_null($test)) {
$i++;
$_username = $username . ' (' . strval($i) . ')';
}
} while (!is_null($test));
$username = $_username;
}
$dob = '';
if (array_key_exists('birthDate', $attributes)) {
$dob = $attributes['birthDate'];
}
$dob_day = mixed();
$dob_month = mixed();
$dob_year = mixed();
if ($dob != '') {
$dob_bits = explode('-', $dob);
$dob_day = intval($dob_bits[2]);
$dob_month = intval($dob_bits[1]);
$dob_year = intval($dob_bits[0]);
}
$language = mixed();
if (array_key_exists('pref/language', $attributes)) {
if (file_exists(get_file_base() . '/lang_custom/' . $attributes['pref/language'])) {
$language = $attributes['pref/language'];
}
}
require_code('config2');
set_option('maximum_password_length', '1000');
$member = ocf_member_external_linker($username, $openid->identity, 'openid', false, $email, $dob_day, $dob_month, $dob_year, NULL, $language);
$avatar = '';
if (array_key_exists('media/image/default', $attributes)) {
$avatar = $attributes['media/image/default'];
}
ocf_member_choose_avatar($avatar, $member);
}
if (!is_null($member)) {
require_code('users_inactive_occasionals');
create_session($member, 1, isset($_COOKIE[get_member_cookie() . '_invisible']) && $_COOKIE[get_member_cookie() . '_invisible'] == '1');
// This will mark it as confirmed
}
} else {
require_code('site');
require_code('site2');
attach_message('An unknown error occurred during OpenID login.', 'warn');
}
}
} catch (ErrorException $e) {
require_code('site');
require_code('site2');
attach_message($e->getMessage(), 'warn');
}
return $member;
}
/**
* Create a member login cookie.
*
* @param MEMBER The member id
* @param ?SHORT_TEXT The username (NULL: lookup)
* @param string The password
*/
function forum_create_cookie($id, $name, $password)
{
unset($name);
unset($password);
list($stub, ) = explode(':', get_member_cookie());
if (!$GLOBALS['SMF_NEW'] || !function_exists('sha1')) {
$row = $this->get_member_row($id);
$_password = $this->forum_md5($row['passwd'], 'ys');
$bits = explode('::', $_password);
$_password = $bits[0];
} elseif (function_exists('sha1')) {
$row = $this->get_member_row($id);
$_password = sha1($row['passwd'] . $row['passwordSalt']);
}
$data = array($id, $_password, time() + get_cookie_days() * 24 * 60 * 60, 3);
ocp_setcookie($stub, serialize($data));
$_COOKIE[$stub] = strval($id);
}
/**
* Process a logout.
*/
function handle_active_logout()
{
// Kill cookie
// $expire=time()-300;
$member_cookie_name = get_member_cookie();
$colon_pos = strpos($member_cookie_name, ':');
if ($colon_pos !== false) {
$base = substr($member_cookie_name, 0, $colon_pos);
} else {
$real_member_cookie = get_member_cookie();
$base = $real_member_cookie;
}
ocp_eatcookie($base);
unset($_COOKIE[$base]);
// Kill session
$session = get_session_id();
if ($session != -1) {
delete_session($session);
}
}
/**
* Custom get member function
*
* @return mixed The member or the default guest id (0)
*/
function get_member()
{
//get cookie information if available
$cookie_raw_info = array_key_exists(get_member_cookie(), $_COOKIE) ? $_COOKIE[get_member_cookie()] : '';
$cookie_info = array();
$cookie_info = explode('_', $cookie_raw_info);
$cookie_member = array_key_exists(0, $cookie_info) ? $cookie_info[0] : '';
$cookie_loginkey = array_key_exists(1, $cookie_info) ? $cookie_info[1] : '';
if ($cookie_member != '') {
$row = $this->get_member_row(intval($cookie_member));
//is the cookie info correct
if ($cookie_loginkey == $row['loginkey']) {
//if it is correct then return the cookie member
return $cookie_member;
} else {
//return the default guest id, because the login key is not correct
return $this->get_guest_id();
}
} else {
//return the default guest id, because there is no member cookie information
return $this->get_guest_id();
}
//return the default guest id
return $this->get_guest_id();
}