function login_check_is_captcha_valid()
{
require 'recaptcha.php';
$resp = recaptcha_check_answer(RECAPTCHA_PRIVATE, $_SERVER["REMOTE_ADDR"], $_REQUEST["recaptcha_challenge_field"], $_REQUEST["recaptcha_response_field"]);
if (!$resp->is_valid) {
login_redirect($GLOBALS['url'], 'invalidcaptcha');
}
}
function signup()
{
// Logged In or Disabled
if ($this->social_auth->logged_in()) {
redirect(login_redirect());
}
if (config_item('users_signup') == 'FALSE') {
redirect(base_url());
}
// Display The Create User Form
$this->data['name'] = "";
$this->data['email'] = "";
$this->data['password'] = "";
$this->data['password_confirm'] = "";
$this->data['page_title'] = "Signup";
$this->render('wide');
}
function index()
{
if ($this->session->userdata('user_level_id') > config_item('home_view_permission')) {
redirect(login_redirect());
}
// Load Things
$this->load->library('activity_igniter');
$this->data['page_title'] = 'Home';
$this->data['apps'] = '';
foreach ($this->modules_scan as $app) {
$app_path = APPPATH . 'modules/' . $app . '/app.json';
if (file_exists($app_path)) {
$this->data['apps'][] = json_decode(file_get_contents($app_path));
}
}
$this->data['activity'] = $this->social_igniter->get_activity_view('site_id', 1, 100);
$this->render('dashboard_wide');
}
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/cms.incs/basics.php';
//require_once SCRIPTBASE.'cms.incs/common.php';
require_once SCRIPTBASE . 'cms.incs/recaptcha.php';
require_once SCRIPTBASE . 'cms.incs/login-libs.php';
$captcha = recaptcha_get_html(RECAPTCHA_PUBLIC);
if (isset($_SESSION['userdata'])) {
login_redirect("/cms.user/index.php");
}
?>
<html>
<head>
<title>Login</title>
<link rel="stylesheet" type="text/css" href="/cms.admin/login/login.css"/>
<link rel="stylesheet" type="text/css" href="/common/css/jqueryui/1.8.0/jquery-ui.css"/>
<script type="text/javascript" src="/common/js/1.4.2/jquery.min.js"></script>
<script type="text/javascript" src="/common/js/jqueryui/1.8.0/jquery-ui.min.js"></script>
<script type="text/javascript" src="/cms.admin/login/login.js"></script>
<!-- <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.0/jquery-ui.min.js"></script>
<link rel="stylesheet" type="text/css" href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.0/themes/south-street/jquery-ui.css" />
<script src="/cms.admin/login/login.js"></script>
<link rel="stylesheet" type="text/css" href="/cms.admin/login/login.css" />-->
<style>
body{
background-image: url('/common/images/background.jpg');
}
</style>
if (!isset($_REQUEST['password']) || $_REQUEST['password'] == '') {
login_redirect($GLOBALS['url'], 'nopassword');
}
login_check_is_captcha_provided();
login_check_is_captcha_valid();
// check that the email and password provided exists in the database..
$password = md5($_REQUEST['email'] . '|' . $_REQUEST['password']);
//var_dump($_REQUEST['email']);
//die();
//echo $_REQUEST['email'].'<br/>';
//echo $_REQUEST['password'].'<br/>';
//echo $password;
//die();
//$password = md5('jaishankarh@gmail.com|123456789');
//$check_query = 'SELECT * FROM user_accounts WHERE email="'.$_REQUEST['email'].'" AND password="******" AND active=1';
$check_query = 'SELECT * FROM ' . $tp . 'login WHERE email="' . $_REQUEST['email'] . '" AND password="******" AND active=1';
$r = dbRow($check_query);
if ($r == false) {
login_redirect($GLOBALS['url'], 'loginfailed');
}
//success set the session variable, then redirect
$_SESSION['userdata'] = $r;
$groups = json_decode($r['groups']);
$_SESSION['userdata']['groups'] = array();
foreach ($groups as $g) {
$_SESSION['userdata']['groups'][$g] = true;
}
$query = 'UPDATE ' . $tp . 'login SET logged_in=1 WHERE uid=' . $r['uid'];
dbQuery($query);
login_redirect($GLOBALS['url']);
/**
* Start session (restore existent session or create new)
*
* @param array $cfg
*
* @return array|bool
*/
function session_start($cfg = array())
{
global $ft_cfg;
$update_sessions_table = false;
$this->cfg = array_merge($this->cfg, $cfg);
$session_id = $this->sessiondata['sid'];
// Does a session exist?
if ($session_id || !$this->sessiondata['uk']) {
$SQL = DB()->get_empty_sql_array();
$SQL['SELECT'][] = "u.*, s.*";
$SQL['FROM'][] = SESSIONS_TABLE . " s";
$SQL['INNER JOIN'][] = USERS_TABLE . " u ON(u.user_id = s.session_user_id)";
if ($session_id) {
$SQL['WHERE'][] = "s.session_id = '{$session_id}'";
$userdata_cache_id = $session_id;
} else {
$SQL['WHERE'][] = "s.session_ip = '" . USER_IP . "'";
$SQL['WHERE'][] = "s.session_user_id = " . GUEST_UID;
$userdata_cache_id = USER_IP;
}
if (!($this->data = cache_get_userdata($userdata_cache_id))) {
$this->data = DB()->fetch_row($SQL);
if ($this->data && TIMENOW - $this->data['session_time'] > $ft_cfg['session_update_intrv']) {
$this->data['session_time'] = TIMENOW;
$update_sessions_table = true;
}
cache_set_userdata($this->data);
}
}
// Did the session exist in the DB?
if ($this->data) {
// Do not check IP assuming equivalence, if IPv4 we'll check only first 24
// bits ... I've been told (by vHiker) this should alleviate problems with
// load balanced et al proxies while retaining some reliance on IP security.
$ip_check_s = substr($this->data['session_ip'], 0, 6);
$ip_check_u = substr(USER_IP, 0, 6);
if ($ip_check_s == $ip_check_u) {
if ($this->data['user_id'] != GUEST_UID && defined('IN_ADMIN')) {
define('SID_GET', "sid={$this->data['session_id']}");
}
$session_id = $this->sessiondata['sid'] = $this->data['session_id'];
// Only update session a minute or so after last update
if ($update_sessions_table) {
DB()->query("\n\t\t\t\t\t\tUPDATE " . SESSIONS_TABLE . " SET\n\t\t\t\t\t\t\tsession_time = " . TIMENOW . "\n\t\t\t\t\t\tWHERE session_id = '{$session_id}'\n\t\t\t\t\t\tLIMIT 1\n\t\t\t\t\t");
}
$this->set_session_cookies($this->data['user_id']);
} else {
$this->data = array();
}
}
// If we reach here then no (valid) session exists. So we'll create a new one,
// using the cookie user_id if available to pull basic user prefs.
if (!$this->data) {
$login = false;
$user_id = $ft_cfg['allow_autologin'] && $this->sessiondata['uk'] && $this->sessiondata['uid'] ? $this->sessiondata['uid'] : GUEST_UID;
if ($userdata = get_userdata(intval($user_id), false, true)) {
if ($userdata['user_id'] != GUEST_UID && $userdata['user_active']) {
if (verify_id($this->sessiondata['uk'], LOGIN_KEY_LENGTH) && $this->verify_autologin_id($userdata, true, false)) {
$login = $userdata['autologin_id'] && $this->sessiondata['uk'] === $userdata['autologin_id'];
}
}
}
if (!$userdata || $userdata['user_id'] != GUEST_UID && !$login) {
$userdata = get_userdata(GUEST_UID, false, true);
}
$this->session_create($userdata, true);
}
define('IS_GUEST', !$this->data['session_logged_in']);
define('IS_ADMIN', !IS_GUEST && $this->data['user_level'] == ADMIN);
define('IS_MOD', !IS_GUEST && $this->data['user_level'] == MOD);
define('IS_USER', !IS_GUEST && $this->data['user_level'] == USER);
define('IS_SUPER_ADMIN', IS_ADMIN && isset($ft_cfg['super_admins'][$this->data['user_id']]));
define('IS_AM', IS_ADMIN || IS_MOD);
$this->set_shortcuts();
// Redirect guests to login page
if (IS_GUEST && $this->cfg['req_login']) {
login_redirect();
}
$this->init_userprefs();
return $this->data;
}
}
}
}
// field => can_edit
$profile_fields = array('username' => true, 'user_password' => true, 'user_email' => true, 'user_timezone' => true, 'user_lang' => true, 'user_opt' => true);
$pr_data = array('user_id' => GUEST_UID, 'username' => '', 'user_password' => '', 'user_email' => '', 'user_timezone' => $bb_cfg['board_timezone'], 'user_lang' => $bb_cfg['default_lang'], 'user_opt' => 0, 'avatar_ext_id' => 0);
break;
/**
* Редактирование профиля
*/
/**
* Редактирование профиля
*/
case 'editprofile':
if (IS_GUEST) {
login_redirect();
}
// field => can_edit
$profile_fields = array('user_active' => IS_ADMIN, 'username' => IS_ADMIN || $bb_cfg['allow_namechange'], 'user_password' => true, 'user_email' => true, 'user_lang' => true, 'user_gender' => true, 'user_birthday' => true, 'user_timezone' => true, 'user_opt' => true, 'avatar_ext_id' => true, 'user_icq' => true, 'user_skype' => true, 'user_twitter' => true, 'user_website' => true, 'user_from' => true, 'user_sig' => true, 'user_occ' => true, 'user_interests' => true, 'tpl_name' => true);
// Выбор профиля: для юзера свой, для админа любой
if (IS_ADMIN && !empty($_REQUEST['u'])) {
$pr_user_id = (int) $_REQUEST['u'];
$adm_edit = $pr_user_id != $userdata['user_id'];
} else {
$pr_user_id = $userdata['user_id'];
}
$profile_fields_sql = join(', ', array_keys($profile_fields));
$sql = "\n\t\t\tSELECT\n\t\t\t\tuser_id,\n\t\t\t\tuser_rank,\n\t\t\t\tuser_level,\n\t\t\t\t{$profile_fields_sql}\n\t\t\tFROM " . BB_USERS . "\n\t\t\tWHERE user_id = {$pr_user_id}\n\t\t\tLIMIT 1\n\t\t";
if (!($pr_data = DB()->fetch_row($sql))) {
bb_die($lang['PROFILE_NOT_FOUND']);
}
<?php
require 'login-libs.php';
login_check_is_email_provided();
login_check_is_captcha_provided();
login_check_is_captcha_valid();
// check that the email matches a row in the user table
$r = dbRow('select email from user_accounts where
email="' . addslashes($_REQUEST['email']) . '"');
if ($r == false) {
login_redirect($url, 'nosuchemail');
}
// success! generate a validation email, then redirect
$validation_code = md5(time() . '|' . $r['email']);
$email_domain = preg_replace('/^www\\./', '', $_SERVER['HTTP_HOST']);
dbQuery('update user_accounts set activation_key="' . $validation_code . '"
where email="' . addslashes($r['email']) . '"');
$validation_url = 'http://' . $_SERVER['HTTP_HOST'] . '/ww.incs/forgotten-password-verification.php?verification_code=' . $validation_code . '&email=' . $r['email'] . '&redirect_url=' . $url;
mail($r['email'], "[{$email_domain}] forgotten password", "Hello!\n\nThe forgotten password form at http://" . $_SERVER['HTTP_HOST'] . "/ was submitted. If you did not do this, you can safely discard this email.\n\nTo log into your account, please use the link below, and then reset your password.\n\n{$validation_url}", "From: no-reply@{$email_domain}\nReply-to: no-reply@{$email_domain}");
login_redirect($url, 'validationsent');
function index()
{
if ($this->session->userdata('user_level_id') > config_item('home_view_permission')) {
redirect(login_redirect());
}
$timeline = NULL;
$timeline_view = NULL;
// Load
$this->data['home_greeting'] = random_element($this->lang->line('home_greeting'));
$this->data['social_post'] = $this->social_igniter->get_social_post($this->session->userdata('user_id'), 'social_post_horizontal');
$this->data['groups'] = $this->social_tools->make_group_dropdown($this->session->userdata('user_id'), $this->session->userdata('user_level_id'), '+ Add Group');
$this->data['group_id'] = '';
// Pick Type of Feed
if ($this->uri->total_segments() == 1) {
$this->data['page_title'] = 'Home';
$timeline = $this->social_igniter->get_timeline(NULL, 10);
} elseif ($this->uri->segment(2) == 'friends') {
$this->data['page_title'] = 'Friends';
if ($friends = $this->social_tools->get_relationships_owner($this->session->userdata('user_id'), 'user', 'follow')) {
$timeline = $this->social_igniter->get_timeline_friends($friends, 10);
}
} elseif ($this->uri->segment(2) == 'likes') {
$this->data['page_title'] = 'Likes';
$likes = $this->social_tools->get_ratings_likes_user($this->session->userdata('user_id'));
$timeline = $this->social_igniter->get_timeline_likes($likes, 10);
} elseif ($this->uri->segment(2) == 'group') {
$group = $this->social_tools->get_category($this->uri->segment(3));
$this->data['page_title'] = $group->category;
$this->data['group_id'] = $this->uri->segment(3);
$timeline = $this->social_igniter->get_timeline_group($group->category_id, 10);
} else {
$this->data['page_title'] = display_nice_file_name($this->uri->segment(2));
$this->data['sub_title'] = 'Recent';
$timeline = $this->social_igniter->get_timeline($this->uri->segment(2), 10);
}
// Build Feed
if (!empty($timeline)) {
foreach ($timeline as $activity) {
// Item
$this->data['item_id'] = $activity->activity_id;
$this->data['item_type'] = item_type_class($activity->type);
// Contributor
$this->data['item_user_id'] = $activity->user_id;
$this->data['item_avatar'] = $this->social_igniter->profile_image($activity->user_id, $activity->image, $activity->gravatar);
$this->data['item_contributor'] = $activity->name;
$this->data['item_profile'] = base_url() . 'profile/' . $activity->username;
// Activity
$this->data['item_content'] = $this->social_igniter->render_item($activity);
$this->data['item_content_id'] = $activity->content_id;
$this->data['item_date'] = format_datetime(config_item('home_date_style'), $activity->created_at);
$this->data['item_source'] = '';
if ($activity->site_id != config_item('site_id')) {
$this->data['item_source'] = ' via <a href="' . prep_url(property_exists($activity, 'canonical') && $activity->canonical ? $activity->canonical : $activity->url) . '" target="_blank">' . $activity->title . '</a>';
}
// Actions
$this->data['item_comment'] = base_url() . 'comment/item/' . $activity->activity_id;
$this->data['item_comment_avatar'] = $this->data['logged_image'];
$this->data['item_can_modify'] = $this->social_auth->has_access_to_modify('activity', $activity, $this->session->userdata('user_id'), $this->session->userdata('user_level_id'));
$this->data['item_edit'] = base_url() . 'home/' . $activity->module . '/manage/' . $activity->content_id;
$this->data['item_delete'] = base_url() . 'api/activity/destroy/id/' . $activity->activity_id;
// View
$timeline_view .= $this->load->view(config_item('dashboard_theme') . '/partials/item_timeline.php', $this->data, true);
}
} else {
$timeline_view = '<li><p>Nothing to show from anyone!</p></li>';
}
// Final Output
$this->data['timeline_view'] = $timeline_view;
$this->render();
}
<?php
require_once 'login-libs.php';
$tp = $DBVARS['tp'];
login_check_is_captcha_provided();
login_check_is_captcha_valid();
if (!isset($_POST['username'])) {
login_redirect($GLOBALS['url'], 'nousername');
}
login_check_is_email_provided();
if (!isset($_POST['password']) || $_POST['password'] == '') {
login_redirect($GLOBALS['url'], 'nopassword');
}
if ($_POST['password'] != $_POST['password2']) {
login_redirect($GLOBALS['url'], 'passwordmismatch');
} else {
$password = md5($_POST['email'] . '|' . $_POST['password']);
$sql = 'set uname="' . $_POST['username'] . '", email="' . $_POST['email'] . '", password="******", active=1, groups=\'["_users"]\'';
dbQuery('insert into ' . $tp . 'login ' . $sql);
login_redirect($GLOBALS['url'], 'regisersuccess');
}
<?php
require_once 'login-libs.php';
$tp = $DBVARS['tp'];
login_check_is_email_provided();
if (!isset($_REQUEST['verification_code']) || $_REQUEST['verification_code'] == '') {
login_redirect($url, 'validationfailed');
}
$r = dbRow('SELECT email FROM ' . $tp . 'login WHERE email="' . $_REQUEST['email'] . '" AND activation_key="' . $_REQUEST['verification_code'] . '" AND active;');
if ($r == FALSE) {
login_redirect($url, 'validationfailed');
}
dbQuery('UPDATE ' . $tp . 'login SET activation_key="" WHERE email="' . $_REQUEST['email'] . '"');
login_redirect($url, 'verified');
function myredirect()
{
login_redirect('index.php');
}
<?php
require_once 'login-libs.php';
$tp = $DBVARS['tp'];
login_check_is_email_provided();
login_check_is_captcha_provided();
login_check_is_captcha_valid();
$r = dbRow('SELECT email FROM ' . $tp . 'login WHERE email="' . $_REQUEST['email'] . '" AND active;');
if ($r == FALSE) {
login_redirect($url, 'nosuchemail');
}
$validation_code = md5(time() . '|' . $r['email']);
$email_domain = preg_replace('/^www\\./', '', $_SERVER['HTTP_HOST']);
dbQuery('UPDATE ' . $tp . 'login SET activation_key="' . $validation_code . '" WHERE email="' . $r['email'] . '"');
$validation_url = 'http://' . $_SERVER['HTTP_HOST'] . '/cms.incs/forgotten-password-validate.php?' . htmlspecialchars(http_build_query(array("verification_code" => $validation_code, 'email' => $r['email'], 'redirect' => $url)));
$mailsent = mail($r['email'], $email_domain . 'Forgotten Password', "Hello!\n\nThe forgotten password form at http://" . $_SERVER['HTTP_HOST'] . "/ was submitted. If you did not do this, you can safely discard this email.\n\n\n To log into your account, please use the link below, and then reset your password.\n\n{$validation_url}", "From: jaishankar@{$email_domain}\nReply-to: jaishankarh@gmail.com");
if ($mailsent) {
login_redirect($url, "validationsent");
}
login_redirect($url, "novalidation");
<?php
require 'login-libs.php';
login_check_is_email_provided();
// check that the password is provided
if (!isset($_REQUEST['password']) || $_REQUEST['password'] == '') {
login_redirect($url, 'nopassword');
}
login_check_is_captcha_provided();
login_check_is_captcha_valid();
// check that the email/password combination matches a row in the user table
$password = md5($_REQUEST['email'] . '|' . $_REQUEST['password']);
$r = dbRow('select * from user_accounts where
email="' . addslashes($_REQUEST['email']) . '" and
password="******" and active');
if ($r == false) {
login_redirect($url, 'loginfailed');
}
// success! set the session variable, then redirect
$_SESSION['userdata'] = $r;
$groups = json_decode($r['groups']);
$_SESSION['userdata']['groups'] = array();
foreach ($groups as $g) {
$_SESSION['userdata']['groups'][$g] = true;
}
if ($r['extras'] == '') {
$r['extras'] = '[]';
}
$_SESSION['userdata']['extras'] = json_decode($r['extras']);
login_redirect($url);