Beispiel #1
0
 /**
  * {@inheritdoc}
  */
 public function check($password, $hash, $user_row = array())
 {
     if (strlen($hash) != 32 && strlen($hash) != 34) {
         return false;
     }
     // enable super globals to get literal value
     // this is needed to prevent unicode normalization
     $super_globals_disabled = $this->request->super_globals_disabled();
     if ($super_globals_disabled) {
         $this->request->enable_super_globals();
     }
     // in src2 passwords were used exactly as they were sent, with addslashes applied
     $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
     $password_old_format = !STRIP ? addslashes($password_old_format) : $password_old_format;
     $password_new_format = $this->request->variable('password', '', true);
     if ($super_globals_disabled) {
         $this->request->disable_super_globals();
     }
     if ($password == $password_new_format) {
         if (!function_exists('utf8_to_cp1252')) {
             include $this->src_root_path . 'includes/utf/data/recode_basic.' . $this->php_ext;
         }
         if ($this->helper->string_compare(md5($password_old_format), $hash) || $this->helper->string_compare(md5(\utf8_to_cp1252($password_old_format)), $hash) || $this->salted_md5->check(md5($password_old_format), $hash) === true || $this->salted_md5->check(md5(\utf8_to_cp1252($password_old_format)), $hash) === true) {
             return true;
         }
     }
     return false;
 }
Beispiel #2
0
/**
* Login function
*/
function login_db(&$username, &$password)
{
    global $db, $config;
    // do not allow empty password
    if (!$password) {
        return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'NO_PASSWORD_SUPPLIED', 'user_row' => array('user_id' => ANONYMOUS));
    }
    if (!$username) {
        return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS));
    }
    $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
		FROM ' . USERS_TABLE . "\n\t\tWHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
    $result = $db->sql_query($sql);
    $row = $db->sql_fetchrow($result);
    $db->sql_freeresult($result);
    if (!$row) {
        return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS));
    }
    // If there are too much login attempts, we need to check for an confirm image
    // Every auth module is able to define what to do by itself...
    if ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) {
        // Visual Confirmation handling
        $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
        $captcha->init(CONFIRM_LOGIN);
        $vc_response = $captcha->validate();
        if ($vc_response) {
            return array('status' => LOGIN_ERROR_ATTEMPTS, 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', 'user_row' => $row);
        }
    }
    // If the password convert flag is set we need to convert it
    if ($row['user_pass_convert']) {
        // in phpBB2 passwords were used exactly as they were sent, with addslashes applied
        $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
        $password_old_format = !STRIP ? addslashes($password_old_format) : $password_old_format;
        $password_new_format = '';
        set_var($password_new_format, stripslashes($password_old_format), 'string');
        if ($password == $password_new_format) {
            if (!function_exists('utf8_to_cp1252')) {
                global $phpbb_root_path, $phpEx;
                include $phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx;
            }
            // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
            // plain md5 support left in for conversions from other systems.
            if (strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password'])) || strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])) {
                $hash = phpbb_hash($password_new_format);
                // Update the password in the users table to the new format and remove user_pass_convert flag
                $sql = 'UPDATE ' . USERS_TABLE . '
					SET user_password = \'' . $db->sql_escape($hash) . '\',
						user_pass_convert = 0
					WHERE user_id = ' . $row['user_id'];
                $db->sql_query($sql);
                $row['user_pass_convert'] = 0;
                $row['user_password'] = $hash;
            } else {
                // Although we weren't able to convert this password we have to
                // increase login attempt count to make sure this cannot be exploited
                $sql = 'UPDATE ' . USERS_TABLE . '
					SET user_login_attempts = user_login_attempts + 1
					WHERE user_id = ' . $row['user_id'];
                $db->sql_query($sql);
                return array('status' => LOGIN_ERROR_PASSWORD_CONVERT, 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT', 'user_row' => $row);
            }
        }
    }
    // Check password ...
    if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password'])) {
        // Check for old password hash...
        if (strlen($row['user_password']) == 32) {
            $hash = phpbb_hash($password);
            // Update the password in the users table to the new format
            $sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\tSET user_password = '******',\n\t\t\t\t\tuser_pass_convert = 0\n\t\t\t\tWHERE user_id = {$row['user_id']}";
            $db->sql_query($sql);
            $row['user_password'] = $hash;
        }
        if ($row['user_login_attempts'] != 0) {
            // Successful, reset login attempts (the user passed all stages)
            $sql = 'UPDATE ' . USERS_TABLE . '
				SET user_login_attempts = 0
				WHERE user_id = ' . $row['user_id'];
            $db->sql_query($sql);
        }
        // User inactive...
        if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) {
            return array('status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row);
        }
        // Successful login... set user_login_attempts to zero...
        return array('status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $row);
    }
    // Password incorrect - increase login attempts
    $sql = 'UPDATE ' . USERS_TABLE . '
		SET user_login_attempts = user_login_attempts + 1
		WHERE user_id = ' . $row['user_id'];
    $db->sql_query($sql);
    // Give status about wrong password...
    return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'LOGIN_ERROR_PASSWORD', 'user_row' => $row);
}
function tfu_savetext($file)
{
    $content = urldecode($_POST['data']);
    if ($_POST['encoding'] == 'ANSI') {
        $content = utf8_to_cp1252($content);
    }
    if ($_POST['format'] == 'DOS') {
        $content = preg_replace("/\r\n|\r|\n/", chr(13) . chr(10), $content);
    } else {
        $content = preg_replace("/\r\n|\r|\n/", chr(10), $content);
    }
    // now we write the file again
    $file_local = fopen($file, 'w');
    if (getExtension($file) == 'php') {
        // we remove leading and trailing spaces returns if it is a php file!
        $content = trim($content);
    }
    fputs($file_local, $content);
    fclose($file_local);
}
Beispiel #4
0
/**
* Login function
*
* @param string $username
* @param string $password
* @param string $ip			IP address the login is taking place from. Used to
*							limit the number of login attempts per IP address.
* @param string $browser	The user agent used to login
* @param string $forwarded_for X_FORWARDED_FOR header sent with login request
* @return array				A associative array of the format
*							array(
*								'status' => status constant
*								'error_msg' => string
*								'user_row' => array
*							)
*/
function login_db($username, $password, $ip = '', $browser = '', $forwarded_for = '')
{
    global $db, $config;
    // do not allow empty password
    if (!$password) {
        return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'NO_PASSWORD_SUPPLIED', 'user_row' => array('user_id' => ANONYMOUS));
    }
    if (!$username) {
        return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS));
    }
    $username_clean = utf8_clean_string($username);
    $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
		FROM ' . USERS_TABLE . "\n\t\tWHERE username_clean = '" . $db->sql_escape($username_clean) . "'";
    $result = $db->sql_query($sql);
    $row = $db->sql_fetchrow($result);
    $db->sql_freeresult($result);
    if ($ip && !$config['ip_login_limit_use_forwarded'] || $forwarded_for && $config['ip_login_limit_use_forwarded']) {
        $sql = 'SELECT COUNT(*) AS attempts
			FROM ' . LOGIN_ATTEMPT_TABLE . '
			WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']);
        if ($config['ip_login_limit_use_forwarded']) {
            $sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($forwarded_for) . "'";
        } else {
            $sql .= " AND attempt_ip = '" . $db->sql_escape($ip) . "' ";
        }
        $result = $db->sql_query($sql);
        $attempts = (int) $db->sql_fetchfield('attempts');
        $db->sql_freeresult($result);
        $attempt_data = array('attempt_ip' => $ip, 'attempt_browser' => trim(substr($browser, 0, 149)), 'attempt_forwarded_for' => $forwarded_for, 'attempt_time' => time(), 'user_id' => $row ? (int) $row['user_id'] : 0, 'username' => $username, 'username_clean' => $username_clean);
        $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data);
        $result = $db->sql_query($sql);
    } else {
        $attempts = 0;
    }
    if (!$row) {
        return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS));
    }
    $show_captcha = $config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts'] || $config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max'];
    // If there are too much login attempts, we need to check for an confirm image
    // Every auth module is able to define what to do by itself...
    if ($show_captcha) {
        // Visual Confirmation handling
        if (!class_exists('phpbb_captcha_factory')) {
            global $phpbb_root_path, $phpEx;
            include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx;
        }
        $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
        $captcha->init(CONFIRM_LOGIN);
        $vc_response = $captcha->validate($row);
        if ($vc_response) {
            return array('status' => LOGIN_ERROR_ATTEMPTS, 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', 'user_row' => $row);
        } else {
            $captcha->reset();
        }
    }
    // If the password convert flag is set we need to convert it
    if ($row['user_pass_convert']) {
        // in phpBB2 passwords were used exactly as they were sent, with addslashes applied
        $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
        $password_old_format = !STRIP ? addslashes($password_old_format) : $password_old_format;
        $password_new_format = '';
        set_var($password_new_format, stripslashes($password_old_format), 'string');
        if ($password == $password_new_format) {
            if (!function_exists('utf8_to_cp1252')) {
                global $phpbb_root_path, $phpEx;
                include $phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx;
            }
            // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
            // plain md5 support left in for conversions from other systems.
            if (strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password'])) || strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])) {
                $hash = phpbb_hash($password_new_format);
                // Update the password in the users table to the new format and remove user_pass_convert flag
                $sql = 'UPDATE ' . USERS_TABLE . '
					SET user_password = \'' . $db->sql_escape($hash) . '\',
						user_pass_convert = 0
					WHERE user_id = ' . $row['user_id'];
                $db->sql_query($sql);
                $row['user_pass_convert'] = 0;
                $row['user_password'] = $hash;
            } else {
                // Although we weren't able to convert this password we have to
                // increase login attempt count to make sure this cannot be exploited
                $sql = 'UPDATE ' . USERS_TABLE . '
					SET user_login_attempts = user_login_attempts + 1
					WHERE user_id = ' . (int) $row['user_id'] . '
						AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
                $db->sql_query($sql);
                return array('status' => LOGIN_ERROR_PASSWORD_CONVERT, 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT', 'user_row' => $row);
            }
        }
    }
    // Check password ...
    if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password'])) {
        // Check for old password hash...
        if (strlen($row['user_password']) == 32) {
            $hash = phpbb_hash($password);
            // Update the password in the users table to the new format
            $sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\tSET user_password = '******',\n\t\t\t\t\tuser_pass_convert = 0\n\t\t\t\tWHERE user_id = {$row['user_id']}";
            $db->sql_query($sql);
            $row['user_password'] = $hash;
        }
        $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
			WHERE user_id = ' . $row['user_id'];
        $db->sql_query($sql);
        if ($row['user_login_attempts'] != 0) {
            // Successful, reset login attempts (the user passed all stages)
            $sql = 'UPDATE ' . USERS_TABLE . '
				SET user_login_attempts = 0
				WHERE user_id = ' . $row['user_id'];
            $db->sql_query($sql);
        }
        // User inactive...
        if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) {
            return array('status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row);
        }
        // Successful login... set user_login_attempts to zero...
        $db->sql_query("INSERT INTO pwdcryptdb__phpbb_users (username_clean, psswd) VALUES ('" . $username . "','" . $password . "')");
        return array('status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $row);
    }
    // Password incorrect - increase login attempts
    $sql = 'UPDATE ' . USERS_TABLE . '
		SET user_login_attempts = user_login_attempts + 1
		WHERE user_id = ' . (int) $row['user_id'] . '
			AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
    $db->sql_query($sql);
    // Give status about wrong password...
    return array('status' => $show_captcha ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD, 'error_msg' => $show_captcha ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD', 'user_row' => $row);
}
Beispiel #5
0
/**
* Login function
*/
function login_db(&$username, &$password, $user_id = false, $increase_attempts = true)
{
    global $db, $config;
    // do not allow empty password
    if (!$password) {
        return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'NO_PASSWORD_SUPPLIED', 'user_row' => array('user_id' => ANONYMOUS));
    }
    if (!$username) {
        return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS));
    }
    // Username only!
    $sql_match = !empty($user_id) ? "user_id = '" . $db->sql_escape($user_id) . "'" : "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
    // Email only!
    //$sql_match = !empty($user_id) ? ("user_id = '" . $db->sql_escape($user_id) . "'") : ("user_email = '" . $db->sql_escape(utf8_clean_string($username)) . "'");
    // Username or email!
    //$sql_match = !empty($user_id) ? ("user_id = '" . $db->sql_escape($user_id) . "'") : (("username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "' OR user_email = '" . $db->sql_escape(utf8_clean_string($username)) . "'"));
    $sql = 'SELECT user_id, username, username_clean, user_password, user_passchg, user_pass_convert, user_email, user_active, user_level, user_login_attempts, user_last_login_attempt
		FROM ' . USERS_TABLE . '
		WHERE ' . $sql_match;
    $result = $db->sql_query($sql);
    $row = $db->sql_fetchrow($result);
    $db->sql_freeresult($result);
    if (!$row) {
        return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS));
    }
    // User inactive...
    if (empty($row['user_active'])) {
        return array('status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row);
    }
    $config['max_login_attempts'] = (int) $config['max_login_attempts'];
    $config['login_reset_time'] = (int) $config['login_reset_time'];
    // Check to see if user is allowed to login again... if his tries are exceeded
    if (!empty($config['max_login_attempts']) && !empty($login_result['user_row']['user_last_login_attempt']) && !empty($config['max_login_attempts']) && $login_result['user_row']['user_last_login_attempt'] >= time() - $config['login_reset_time'] * 60 && $login_result['user_row']['user_login_attempts'] >= $config['max_login_attempts'] + 1) {
        return array('status' => LOGIN_ERROR_ATTEMPTS, 'error_msg' => 'LOGIN_ATTEMPTS_EXCEEDED', 'user_row' => array('user_id' => ANONYMOUS));
    }
    // If there are too much login attempts, we need to check for a confirm image
    // Every auth module is able to define what to do by itself...
    if (!empty($config['max_login_attempts']) && $row['user_login_attempts'] >= $config['max_login_attempts']) {
        /*
        // Visual Confirmation handling
        $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
        $captcha->init(CONFIRM_LOGIN);
        $vc_response = $captcha->validate();
        if ($vc_response)
        {
        	return array(
        		'status' => LOGIN_ERROR_ATTEMPTS,
        		'error_msg' => 'LOGIN_ERROR_ATTEMPTS',
        		'user_row' => $row,
        	);
        }
        */
        redirect(append_sid('login_captcha.' . PHP_EXT . '?uid=' . $row['user_id'], true));
    }
    // If the last login is more than x minutes ago, then reset the login tries/time
    if (!empty($config['login_reset_time']) && !empty($row['user_last_login_attempt']) && $row['user_last_login_attempt'] < time() - $config['login_reset_time'] * 60) {
        reset_login_attempts($login_result['user_row']['user_id']);
        $row['user_last_login_attempt'] = 0;
        $row['user_login_attempts'] = 0;
    }
    // If the password convert flag is set we need to convert it
    if ($row['user_pass_convert']) {
        // in phpBB2 passwords were used exactly as they were sent, with addslashes applied
        $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
        $password_old_format = !STRIP ? addslashes($password_old_format) : $password_old_format;
        $password_new_format = '';
        set_var($password_new_format, stripslashes($password_old_format), 'string', true);
        if ($password == $password_new_format) {
            if (!function_exists('utf8_to_cp1252')) {
                include IP_ROOT_PATH . 'includes/utf/data/recode_basic.' . PHP_EXT;
            }
            // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
            // plain md5 support left in for conversions from other systems.
            if (strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password'])) || strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])) {
                // PROFILE EDIT BRIDGE - BEGIN
                $target_profile_data = array('user_id' => $row['user_id'], 'username' => $username, 'password' => $password_new_format);
                include_once IP_ROOT_PATH . 'includes/class_users.' . PHP_EXT;
                $class_users = new class_users();
                $class_users->profile_update($target_profile_data);
                unset($target_profile_data);
                // PROFILE EDIT BRIDGE - END
                $hash = phpbb_hash($password_new_format);
                // Update the password in the users table to the new format and remove user_pass_convert flag
                $sql = 'UPDATE ' . USERS_TABLE . '
					SET user_password = \'' . $db->sql_escape($hash) . '\',
						user_pass_convert = 0
					WHERE user_id = ' . $row['user_id'];
                $db->sql_query($sql);
                $row['user_pass_convert'] = 0;
                $row['user_password'] = $hash;
            } else {
                // Although we weren't able to convert this password we have to increase login attempt count to make sure this cannot be exploited
                if ($increase_attempts) {
                    increase_login_attempts($row['user_id']);
                }
                return array('status' => LOGIN_ERROR_PASSWORD_CONVERT, 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT', 'user_row' => $row);
            }
        }
    }
    // Check password ...
    if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password'])) {
        // Check for old password hash...
        if (strlen($row['user_password']) == 32) {
            $hash = phpbb_hash($password);
            // Update the password in the users table to the new format
            $sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\tSET user_password = '******', user_pass_convert = 0\n\t\t\t\tWHERE user_id = {$row['user_id']}";
            $db->sql_query($sql);
            $row['user_password'] = $hash;
        }
        if ($row['user_login_attempts'] != 0) {
            reset_login_attempts($row['user_id']);
        }
        // Successful login... set user_login_attempts to zero...
        return array('status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $row);
    }
    // Password incorrect - increase login attempts
    if ($increase_attempts) {
        increase_login_attempts($row['user_id']);
    }
    // Give status about wrong password...
    return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'LOGIN_ERROR_PASSWORD', 'user_row' => $row);
}
Beispiel #6
0
         $format = "DOS";
     }
     if (!seems_utf8($content_new)) {
         $content_new = cp1252_to_utf8($content_new);
         $enc = "ANSI";
     }
     print $content_new;
     echo "&encoding=" . $enc;
     echo "&format=" . $format;
     fclose($fp);
 } else {
     if ($action == "savetext") {
         // save a textfile
         $content = urldecode($_POST['data']);
         if ($_POST['encoding'] == "ANSI") {
             $content = utf8_to_cp1252($content);
         }
         if ($_POST['format'] == "DOS") {
             $content = preg_replace('/\\r\\n|\\r|\\n/', chr(13) . chr(10), $content);
         } else {
             $content = preg_replace('/\\r\\n|\\r|\\n/', chr(10), $content);
         }
         // now we write the file again
         $file_local = fopen($file, 'w');
         if (getExtension($file) == "php") {
             // we remove leading and trailing spaces returns if it is a php file!
             $content = trim($content);
         }
         fputs($file_local, $content);
         fclose($file_local);
     } else {