private function _authenticate($inputUserName, $inputPassword, $remember)
{
global $locale, $settings;
$inputUserName = preg_replace(array("/\\=/", "/\\#/", "/\\sOR\\s/"), "", stripinput($inputUserName));
$result = dbquery("SELECT * FROM " . DB_USERS . " WHERE user_name='" . $inputUserName . "' LIMIT 1");
if (dbrows($result) == 1) {
$user = dbarray($result);
require_once CLASSES . "PasswordAuth.class.php";
// Initialize password auth
$passAuth = new PasswordAuth();
$passAuth->currentAlgo = $user["user_algo"];
$passAuth->currentSalt = $user["user_salt"];
$passAuth->currentPasswordHash = $user["user_password"];
$passAuth->inputPassword = $inputPassword;
// Check if input password is valid
if ($passAuth->isValidCurrentPassword(true)) {
if ($settings['multiple_logins'] != 1) {
$user['user_algo'] = $passAuth->getNewAlgo();
$user['user_salt'] = $passAuth->getNewSalt();
$user['user_password'] = $passAuth->getNewHash();
$result = dbquery("UPDATE " . DB_USERS . "\n\t\t\t\t\t\tSET user_algo='" . $user['user_algo'] . "', user_salt='" . $user['user_salt'] . "', user_password='******'user_password'] . "'\n\t\t\t\t\t\tWHERE user_id='" . $user['user_id'] . "'");
}
if ($user['user_status'] == 0 && $user['user_actiontime'] == 0) {
Authenticate::setUserCookie($user['user_id'], $user['user_salt'], $user['user_algo'], $remember, true);
Authenticate::_setUserTheme($user);
$this->_userData = $user;
} else {
require_once INCLUDES . "suspend_include.php";
require_once INCLUDES . "sendmail_include.php";
if ($user['user_status'] == 3 && $user['user_actiontime'] < time() || $user['user_status'] == 7) {
$result = dbquery("UPDATE " . DB_USERS . " SET user_status='0', user_actiontime='0' WHERE user_id='" . $user['user_id'] . "'");
if ($user['user_status'] == 3) {
$subject = $locale['global_453'];
$message = $locale['global_455'];
unsuspend_log($user['user_id'], 3, $locale['global_450'], true);
} else {
$subject = $locale['global_454'];
$message = $locale['global_452'];
}
$message = str_replace("USER_NAME", $user['user_name'], $message);
sendemail($user['user_name'], $user['user_email'], $settings['siteusername'], $settings['siteemail'], $subject, $message);
} else {
redirect(Authenticate::getRedirectUrl(4, $user['user_status'], $user['user_id']));
}
}
} else {
redirect(Authenticate::getRedirectUrl(1));
}
} else {
redirect(Authenticate::getRedirectUrl(1));
}
}
require_once "maincore.php";
require_once THEMES . "templates/header.php";
require_once INCLUDES . "suspend_include.php";
include LOCALE . LOCALESET . "reactivate.php";
if (iMEMBER) {
redirect("index.php");
}
if (isset($_GET['user_id']) && isnum($_GET['user_id']) && isset($_GET['code']) && preg_check("/^[0-9a-z]{32}\$/", $_GET['code'])) {
$result = dbquery("SELECT user_name, user_email, user_actiontime, user_password FROM " . DB_USERS . " WHERE user_id='" . $_GET['user_id'] . "' AND user_actiontime>'0' AND user_status='7'");
if (dbrows($result)) {
$data = dbarray($result);
$code = md5($data['user_actiontime'] . $data['user_password']);
if ($_GET['code'] == $code) {
if ($data['user_actiontime'] > time()) {
$result = dbquery("UPDATE " . DB_USERS . " SET user_status='0', user_actiontime='0', user_lastvisit='" . time() . "' WHERE user_id='" . $_GET['user_id'] . "'");
unsuspend_log($_GET['user_id'], 7, $locale['506'], true);
$message = str_replace("[USER_NAME]", $data['user_name'], $locale['505']);
require_once INCLUDES . "sendmail_include.php";
sendemail($data['user_name'], $data['user_email'], $settings['siteusername'], $settings['siteemail'], $locale['504'], $message);
redirect(BASEDIR . "login.php");
} else {
redirect(FUSION_SELF . "?error=1");
}
} else {
redirect(FUSION_SELF . "?error=2&user_id=" . $data['user_id'] . "&code=" . $_GET['code']);
}
} else {
redirect(FUSION_SELF . "?error=3");
}
} elseif (isset($_GET['error']) && isnum($_GET['error'])) {
opentable($locale['500']);
} else {
$result = dbquery("UPDATE " . DB_USERS . " SET user_status='6', user_actiontime='0' WHERE user_id='" . $user_id . "'");
suspend_log($user_id, 6);
}
redirect(USER_MANAGEMENT_SELF);
} else {
redirect(USER_MANAGEMENT_SELF);
}
// Deactivate User
} elseif (isset($_GET['action']) && $_GET['action'] == 7 && $user_id && (!$isAdmin || iSUPERADMIN)) {
$result = dbquery("SELECT user_status FROM " . DB_USERS . " WHERE user_id='" . $user_id . "' AND user_level<'103'");
if (dbrows($result)) {
$udata = dbarray($result);
if ($udata['user_status'] == 7) {
$result = dbquery("UPDATE " . DB_USERS . " SET user_status='0', user_actiontime='0' WHERE user_id='" . $user_id . "'");
unsuspend_log($user_id, 7);
} else {
require_once LOCALE . LOCALESET . "admin/members_email.php";
require_once INCLUDES . "sendmail_include.php";
$code = md5($response_required . $data['user_password']);
$message = str_replace("[CODE]", $code, $locale['email_deactivate_message']);
$message = str_replace("[USER_NAME]", $data['user_name'], $message);
$message = str_replace("[USER_ID]", $data['user_id'], $message);
if (sendemail($data['user_name'], $data['user_email'], $settings['siteusername'], $settings['siteemail'], $locale['email_deactivate_subject'], $message)) {
$result = dbquery("UPDATE " . DB_USERS . " SET user_status='7', user_actiontime='" . $response_required . "' WHERE user_id='" . $user_id . "'");
suspend_log($user_id, 7);
}
}
redirect(USER_MANAGEMENT_SELF);
} else {
redirect(USER_MANAGEMENT_SELF);
$session_value = $data['user_id'] . "." . $user_pass;
if ($data['user_status'] == 0 && $data['user_actiontime'] == 0) {
$_SESSION[COOKIE_PREFIX . 'user_id'] = $data['user_id'];
$_SESSION[COOKIE_PREFIX . 'user_pass'] = $user_pass;
redirect(BASEDIR . "setuser.php?user="******"setuser.php?error=1&id=" . $data['user_id'], true);
} elseif ($data['user_status'] == 2) {
redirect(BASEDIR . "setuser.php?error=2", true);
} elseif ($data['user_status'] == 3) {
if ($data['user_actiontime'] < time()) {
$_SESSION[COOKIE_PREFIX . 'user_id'] = $data['user_id'];
$_SESSION[COOKIE_PREFIX . 'user_pass'] = $user_pass;
$result = dbquery("UPDATE " . DB_USERS . " SET user_status='0', user_actiontime='0' WHERE user_id='" . $data['user_id'] . "'");
require_once INCLUDES . "suspend_include.php";
unsuspend_log($data['user_id'], 3, $locale['global_450'], true);
// Send mail
require_once INCLUDES . "sendmail_include.php";
$subject = $locale['global_453'];
$message = str_replace("USER_NAME", $data['user_name'], $locale['global_452']);
sendemail($data['user_name'], $data['user_email'], $settings['siteusername'], $settings['siteemail'], $subject, $message);
// Send mail
redirect(BASEDIR . "setuser.php?user="******"setuser.php?error=3&id=" . $data['user_id'], true);
}
} elseif ($data['user_status'] == 4) {
redirect(BASEDIR . "setuser.php?error=4&id=" . $data['user_id'], true);
} elseif ($data['user_status'] == 5) {
redirect(BASEDIR . "setuser.php?error=5", true);
} elseif ($data['user_status'] == 6) {
require_once "maincore.php";
require_once THEMES . "templates/header.php";
require_once INCLUDES . "suspend_include.php";
include LOCALE . LOCALESET . "reactivate.php";
if (iMEMBER) {
redirect("index.php");
}
if (isset($_GET['user_id']) && isnum($_GET['user_id']) && isset($_GET['code']) && preg_check("/^[0-9a-z]{32}\$/", $_GET['code'])) {
$result = dbquery("SELECT user_name, user_email, user_actiontime, user_password FROM " . DB_USERS . " WHERE user_id='" . $_GET['user_id'] . "' AND user_actiontime>'0' AND user_status='7'");
if (dbrows($result)) {
$data = dbarray($result);
$code = md5($data['user_actiontime'] . $data['user_password']);
if ($_GET['code'] == $code) {
if ($data['user_actiontime'] > time()) {
$result = dbquery("UPDATE " . DB_USERS . " SET user_status='0', user_actiontime='0', user_lastvisit=NOW() WHERE user_id='" . $_GET['user_id'] . "'");
unsuspend_log($_GET['user_id'], 7, $locale['506'], TRUE);
$message = str_replace("[USER_NAME]", $data['user_name'], $locale['505']);
require_once INCLUDES . "sendmail_include.php";
sendemail($data['user_name'], $data['user_email'], $settings['siteusername'], $settings['siteemail'], $locale['504'], $message);
redirect(BASEDIR . "login.php");
} else {
redirect(FUSION_SELF . "?error=1");
}
} else {
redirect(FUSION_SELF . "?error=2&user_id=" . $data['user_id'] . "&code=" . $_GET['code']);
}
} else {
redirect(FUSION_SELF . "?error=3");
}
} elseif (isset($_GET['error']) && isnum($_GET['error'])) {
opentable($locale['500']);
private function _authenticate($inputUserName, $inputPassword, $remember)
{
global $locale, $settings;
$inputUserName = preg_replace(array("/\\=/", "/\\#/", "/\\sOR\\s/"), "", stripinput($inputUserName));
$where = "user_name";
switch ($settings['login_method']) {
case 1:
$where = "user_email";
break;
case 2:
$where = preg_match("/^[-0-9A-Z_\\.]{1,50}@([-0-9A-Z_\\.]+\\.){1,50}([0-9A-Z]){2,4}\$/i", $inputUserName) ? "user_email" : "user_name";
break;
}
$result = dbquery("SELECT * FROM " . DB_USERS . " WHERE " . $where . "='" . $inputUserName . "' LIMIT 1");
if (dbrows($result) == 1) {
$user = dbarray($result);
// Initialize password auth
$passAuth = new PasswordAuth();
$passAuth->currentAlgo = $user["user_algo"];
$passAuth->currentSalt = $user["user_salt"];
$passAuth->currentPasswordHash = $user["user_password"];
$passAuth->inputPassword = $inputPassword;
// Check if input password is valid
if ($passAuth->isValidCurrentPassword(TRUE)) {
if ($settings['multiple_logins'] != 1) {
$user['user_algo'] = $passAuth->getNewAlgo();
$user['user_salt'] = $passAuth->getNewSalt();
$user['user_password'] = $passAuth->getNewHash();
$result = dbquery("UPDATE " . DB_USERS . "\n\t\t\t\t\t\tSET user_algo='" . $user['user_algo'] . "', user_salt='" . $user['user_salt'] . "', user_password='******'user_password'] . "'\n\t\t\t\t\t\tWHERE user_id='" . $user['user_id'] . "'");
}
if ($user['user_status'] == 0 && $user['user_actiontime'] == 0) {
Authenticate::setUserCookie($user['user_id'], $user['user_salt'], $user['user_algo'], $remember, TRUE);
Authenticate::_setUserTheme($user);
$this->_userData = $user;
} else {
require_once INCLUDES . "suspend_include.php";
require_once INCLUDES . "sendmail_include.php";
if ($user['user_status'] == 3 && $user['user_actiontime'] < time() || $user['user_status'] == 7) {
$result = dbquery("UPDATE " . DB_USERS . " SET user_status='0', user_actiontime='0' WHERE user_id='" . $user['user_id'] . "'");
if ($user['user_status'] == 3) {
$subject = str_replace("[SITENAME]", $settings['sitename'], $locale['global_451']);
$message = str_replace("[SITEURL]", $settings['siteurl'], $locale['global_455']);
$message = str_replace("[SITEUSERNAME]", $settings['siteusername'], $message);
unsuspend_log($user['user_id'], 3, $locale['global_450'], TRUE);
} else {
$subject = $locale['global_454'];
$message = str_replace("[SITEURL]", $settings['siteurl'], $locale['global_452']);
$message = str_replace("[SITEUSERNAME]", $settings['siteusername'], $message);
}
$message = str_replace("USER_NAME", $user['user_name'], $message);
sendemail($user['user_name'], $user['user_email'], $settings['siteusername'], $settings['siteemail'], $subject, $message);
} else {
redirect(Authenticate::getRedirectUrl(4, $user['user_status'], $user['user_id']));
}
}
} else {
redirect(Authenticate::getRedirectUrl(1));
}
} else {
redirect(Authenticate::getRedirectUrl(1));
}
}
