private function _autologin($member_id)
 {
     // Load Auth Library
     $this->EE->load->library('auth');
     // First get the member based on the member_id
     $this->EE->db->where('member_id', $member_id);
     $query = $this->EE->db->get('members');
     // We know its valid because we just created the member in
     // either the checkout or the registration form
     if (!($result = $query->row())) {
         // We'll return if there is no user though for safe keeping.
         // The user wouldn't be logged in but the parnet checkout / registration
         // could continue without error
         return;
     }
     // Log them in
     $session = new Auth_result($result);
     $session->remember_me(60 * 60 * 24);
     $session->start_session();
 }
 /**
  * Do Multi-site authentication
  *
  * @param 	array 	array of sites
  * @return 	object 	member auth object
  */
 function _do_multi_auth($sites, $session_id)
 {
     if (!$sites or $this->EE->config->item('allow_multi_logins') == 'n') {
         return array('login' => lang('not_authorized'));
     }
     // Kill old sessions first
     $this->EE->session->gc_probability = 100;
     $this->EE->session->delete_old_sessions();
     // Grab session
     $sess_q = $this->EE->db->get_where('sessions', array('session_id' => $session_id));
     if (!$sess_q->num_rows()) {
         return FALSE;
     }
     // Grab member
     $mem_q = $this->EE->db->get_where('members', array('member_id' => $sess_q->row('member_id')));
     if (!$mem_q->num_rows()) {
         return FALSE;
     }
     $incoming = new Auth_result($mem_q->row());
     // this is silly - only works for the first site
     if (isset($_POST['auto_login'])) {
         $incoming->remember_me(60 * 60 * 24 * 365);
     }
     // hook onto an existing session
     $incoming->use_session_id($session_id);
     $incoming->start_session();
     $new_row = $sess_q->row_array();
     $some_row['site_id'] = $this->EE->config->item('site_id');
     return $incoming;
 }
 /**
  * Register Member
  */
 public function register_member()
 {
     // Do we allow new member registrations?
     if (ee()->config->item('allow_member_registration') == 'n') {
         return FALSE;
     }
     // Is user banned?
     if (ee()->session->userdata('is_banned') === TRUE) {
         return ee()->output->show_user_error('general', array(lang('not_authorized')));
     }
     // Blacklist/Whitelist Check
     if (ee()->blacklist->blacklisted == 'y' && ee()->blacklist->whitelisted == 'n') {
         return ee()->output->show_user_error('general', array(lang('not_authorized')));
     }
     ee()->load->helper('url');
     // -------------------------------------------
     // 'member_member_register_start' hook.
     //  - Take control of member registration routine
     //  - Added EE 1.4.2
     //
     ee()->extensions->call('member_member_register_start');
     if (ee()->extensions->end_script === TRUE) {
         return;
     }
     //
     // -------------------------------------------
     // Set the default globals
     $default = array('username', 'password', 'password_confirm', 'email', 'screen_name', 'url', 'location');
     foreach ($default as $val) {
         if (!isset($_POST[$val])) {
             $_POST[$val] = '';
         }
     }
     if ($_POST['screen_name'] == '') {
         $_POST['screen_name'] = $_POST['username'];
     }
     // Instantiate validation class
     if (!class_exists('EE_Validate')) {
         require APPPATH . 'libraries/Validate.php';
     }
     $VAL = new EE_Validate(array('member_id' => '', 'val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => trim_nbs($_POST['username']), 'cur_username' => '', 'screen_name' => trim_nbs($_POST['screen_name']), 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => trim($_POST['email']), 'cur_email' => ''));
     $VAL->validate_username();
     $VAL->validate_screen_name();
     $VAL->validate_password();
     $VAL->validate_email();
     // Do we have any custom fields?
     $query = ee()->db->select('m_field_id, m_field_name, m_field_label, m_field_type, m_field_list_items, m_field_required')->where('m_field_reg', 'y')->get('member_fields');
     $cust_errors = array();
     $cust_fields = array();
     if ($query->num_rows() > 0) {
         foreach ($query->result_array() as $row) {
             $field_name = 'm_field_id_' . $row['m_field_id'];
             // Assume we're going to save this data, unless it's empty to begin with
             $valid = isset($_POST[$field_name]) && $_POST[$field_name] != '';
             // Basic validations
             if ($row['m_field_required'] == 'y' && !$valid) {
                 $cust_errors[] = lang('mbr_field_required') . ' ' . $row['m_field_label'];
             } elseif ($row['m_field_type'] == 'select' && $valid) {
                 // Ensure their selection is actually a valid choice
                 $options = explode("\n", $row['m_field_list_items']);
                 if (!in_array(htmlentities($_POST[$field_name]), $options)) {
                     $valid = FALSE;
                     $cust_errors[] = lang('mbr_field_invalid') . ' ' . $row['m_field_label'];
                 }
             }
             if ($valid) {
                 $cust_fields[$field_name] = ee()->security->xss_clean($_POST[$field_name]);
             }
         }
     }
     if (isset($_POST['email_confirm']) && $_POST['email'] != $_POST['email_confirm']) {
         $cust_errors[] = lang('mbr_emails_not_match');
     }
     if (ee()->config->item('use_membership_captcha') == 'y') {
         if (!isset($_POST['captcha']) or $_POST['captcha'] == '') {
             $cust_errors[] = lang('captcha_required');
         }
     }
     if (ee()->config->item('require_terms_of_service') == 'y') {
         if (!isset($_POST['accept_terms'])) {
             $cust_errors[] = lang('mbr_terms_of_service_required');
         }
     }
     // -------------------------------------------
     // 'member_member_register_errors' hook.
     //  - Additional error checking prior to submission
     //  - Added EE 2.5.0
     //
     ee()->extensions->call('member_member_register_errors', $this);
     if (ee()->extensions->end_script === TRUE) {
         return;
     }
     //
     // -------------------------------------------
     $errors = array_merge($VAL->errors, $cust_errors, $this->errors);
     // Display error is there are any
     if (count($errors) > 0) {
         return ee()->output->show_user_error('submission', $errors);
     }
     // Do we require captcha?
     if (ee()->config->item('use_membership_captcha') == 'y') {
         $query = ee()->db->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='" . ee()->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . ee()->input->ip_address() . "' AND date > UNIX_TIMESTAMP()-7200");
         if ($query->row('count') == 0) {
             return ee()->output->show_user_error('submission', array(lang('captcha_incorrect')));
         }
         ee()->db->query("DELETE FROM exp_captcha WHERE (word='" . ee()->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . ee()->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200");
     }
     ee()->load->helper('security');
     // Assign the base query data
     $data = array('username' => trim_nbs(ee()->input->post('username')), 'password' => sha1($_POST['password']), 'ip_address' => ee()->input->ip_address(), 'unique_id' => ee()->functions->random('encrypt'), 'join_date' => ee()->localize->now, 'email' => trim_nbs(ee()->input->post('email')), 'screen_name' => trim_nbs(ee()->input->post('screen_name')), 'url' => prep_url(ee()->input->post('url')), 'location' => ee()->input->post('location'), 'language' => ee()->config->item('deft_lang') ? ee()->config->item('deft_lang') : 'english', 'date_format' => ee()->config->item('date_format') ? ee()->config->item('date_format') : '%n/%j/%y', 'time_format' => ee()->config->item('time_format') ? ee()->config->item('time_format') : '12', 'include_seconds' => ee()->config->item('include_seconds') ? ee()->config->item('include_seconds') : 'n', 'timezone' => ee()->config->item('default_site_timezone'));
     // Set member group
     if (ee()->config->item('req_mbr_activation') == 'manual' or ee()->config->item('req_mbr_activation') == 'email') {
         $data['group_id'] = 4;
         // Pending
     } else {
         if (ee()->config->item('default_member_group') == '') {
             $data['group_id'] = 4;
             // Pending
         } else {
             $data['group_id'] = ee()->config->item('default_member_group');
         }
     }
     // Optional Fields
     $optional = array('bio' => 'bio', 'language' => 'deft_lang', 'timezone' => 'server_timezone', 'date_format' => 'date_format', 'time_format' => 'time_format', 'include_seconds' => 'include_seconds');
     foreach ($optional as $key => $value) {
         if (isset($_POST[$value])) {
             $data[$key] = $_POST[$value];
         }
     }
     // We generate an authorization code if the member needs to self-activate
     if (ee()->config->item('req_mbr_activation') == 'email') {
         $data['authcode'] = ee()->functions->random('alnum', 10);
     }
     // Insert basic member data
     ee()->db->query(ee()->db->insert_string('exp_members', $data));
     $member_id = ee()->db->insert_id();
     // Insert custom fields
     $cust_fields['member_id'] = $member_id;
     ee()->db->query(ee()->db->insert_string('exp_member_data', $cust_fields));
     // Create a record in the member homepage table
     // This is only necessary if the user gains CP access,
     // but we'll add the record anyway.
     ee()->db->query(ee()->db->insert_string('exp_member_homepage', array('member_id' => $member_id)));
     // Mailinglist Subscribe
     $mailinglist_subscribe = FALSE;
     if (isset($_POST['mailinglist_subscribe']) && is_numeric($_POST['mailinglist_subscribe'])) {
         // Kill duplicate emails from authorizatin queue.
         ee()->db->where('email', $_POST['email'])->delete('mailing_list_queue');
         // Validate Mailing List ID
         $query = ee()->db->select('COUNT(*) as count')->where('list_id', $_POST['mailinglist_subscribe'])->get('mailing_lists');
         // Email Not Already in Mailing List
         $results = ee()->db->select('COUNT(*) as count')->where('email', $_POST['email'])->where('list_id', $_POST['mailinglist_subscribe'])->get('mailing_list');
         // INSERT Email
         if ($query->row('count') > 0 && $results->row('count') == 0) {
             $mailinglist_subscribe = TRUE;
             $code = ee()->functions->random('alnum', 10);
             if (ee()->config->item('req_mbr_activation') == 'email') {
                 // Activated When Membership Activated
                 ee()->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\r\n\t\t\t\t\t\t\t\tVALUES ('" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')");
             } elseif (ee()->config->item('req_mbr_activation') == 'manual') {
                 // Mailing List Subscribe Email
                 ee()->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\r\n\t\t\t\t\t\t\t\tVALUES ('" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')");
                 ee()->lang->loadfile('mailinglist');
                 $action_id = ee()->functions->fetch_action_id('Mailinglist', 'authorize_email');
                 $swap = array('activation_url' => ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $code, 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url'));
                 $template = ee()->functions->fetch_email_template('mailinglist_activation_instructions');
                 $email_tit = ee()->functions->var_swap($template['title'], $swap);
                 $email_msg = ee()->functions->var_swap($template['data'], $swap);
                 // Send email
                 ee()->load->library('email');
                 ee()->email->wordwrap = true;
                 ee()->email->mailtype = 'plain';
                 ee()->email->priority = '3';
                 ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name'));
                 ee()->email->to($_POST['email']);
                 ee()->email->subject($email_tit);
                 ee()->email->message($email_msg);
                 ee()->email->send();
             } else {
                 // Automatically Accepted
                 ee()->db->query("INSERT INTO exp_mailing_list (list_id, authcode, email, ip_address)\r\n\t\t\t\t\t\t\t\t\t\t  VALUES ('" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str(ee()->input->ip_address()) . "')");
             }
         }
     }
     // Update
     if (ee()->config->item('req_mbr_activation') == 'none') {
         ee()->stats->update_member_stats();
     }
     // Send admin notifications
     if (ee()->config->item('new_member_notification') == 'y' && ee()->config->item('mbr_notification_emails') != '') {
         $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username'];
         $swap = array('name' => $name, 'site_name' => stripslashes(ee()->config->item('site_name')), 'control_panel_url' => ee()->config->item('cp_url'), 'username' => $data['username'], 'email' => $data['email']);
         $template = ee()->functions->fetch_email_template('admin_notify_reg');
         $email_tit = $this->_var_swap($template['title'], $swap);
         $email_msg = $this->_var_swap($template['data'], $swap);
         // Remove multiple commas
         $notify_address = reduce_multiples(ee()->config->item('mbr_notification_emails'), ',', TRUE);
         // Send email
         ee()->load->helper('text');
         ee()->load->library('email');
         ee()->email->wordwrap = true;
         ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name'));
         ee()->email->to($notify_address);
         ee()->email->subject($email_tit);
         ee()->email->message(entities_to_ascii($email_msg));
         ee()->email->Send();
     }
     // -------------------------------------------
     // 'member_member_register' hook.
     //  - Additional processing when a member is created through the User Side
     //  - $member_id added in 2.0.1
     //
     ee()->extensions->call('member_member_register', $data, $member_id);
     if (ee()->extensions->end_script === TRUE) {
         return;
     }
     //
     // -------------------------------------------
     // Send user notifications
     if (ee()->config->item('req_mbr_activation') == 'email') {
         $action_id = ee()->functions->fetch_action_id('Member', 'activate_member');
         $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username'];
         $board_id = ee()->input->get_post('board_id') !== FALSE && is_numeric(ee()->input->get_post('board_id')) ? ee()->input->get_post('board_id') : 1;
         $forum_id = ee()->input->get_post('FROM') == 'forum' ? '&r=f&board_id=' . $board_id : '';
         $add = $mailinglist_subscribe !== TRUE ? '' : '&mailinglist=' . $_POST['mailinglist_subscribe'];
         $swap = array('name' => $name, 'activation_url' => ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $data['authcode'] . $forum_id . $add, 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url'), 'username' => $data['username'], 'email' => $data['email']);
         $template = ee()->functions->fetch_email_template('mbr_activation_instructions');
         $email_tit = $this->_var_swap($template['title'], $swap);
         $email_msg = $this->_var_swap($template['data'], $swap);
         // Send email
         ee()->load->helper('text');
         ee()->load->library('email');
         ee()->email->wordwrap = true;
         ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name'));
         ee()->email->to($data['email']);
         ee()->email->subject($email_tit);
         ee()->email->message(entities_to_ascii($email_msg));
         ee()->email->Send();
         $message = lang('mbr_membership_instructions_email');
     } elseif (ee()->config->item('req_mbr_activation') == 'manual') {
         $message = lang('mbr_admin_will_activate');
     } else {
         // Log user in (the extra query is a little annoying)
         ee()->load->library('auth');
         $member_data_q = ee()->db->get_where('members', array('member_id' => $member_id));
         $incoming = new Auth_result($member_data_q->row());
         $incoming->remember_me();
         $incoming->start_session();
         $message = lang('mbr_your_are_logged_in');
     }
     // Build the message
     if (ee()->input->get_post('FROM') == 'forum') {
         $query = $this->_do_form_query();
         $site_name = $query->row('board_label');
         $return = $query->row('board_forum_url');
     } else {
         $site_name = ee()->config->item('site_name') == '' ? lang('back') : stripslashes(ee()->config->item('site_name'));
         $return = ee()->config->item('site_url');
     }
     $data = array('title' => lang('mbr_registration_complete'), 'heading' => lang('thank_you'), 'content' => lang('mbr_registration_completed') . "\n\n" . $message, 'redirect' => '', 'link' => array($return, $site_name));
     ee()->output->show_message($data);
 }
 /**
  *	Remote Login
  *
  *	Allows One to Login Someone During a Form Submission
  *	- In EE 2.4, they abstracted the login methods a bit.  We will not modify this method
  *	too much until any problems are known as it is not widely used.
  *
  *	@access		public
  *	@return		string
  */
 public function _remote_login()
 {
     /** ----------------------------------------
     		/**  Is user already logged in?
     		/** ----------------------------------------*/
     if (ee()->session->userdata['member_id'] != 0) {
         return;
     }
     /** ----------------------------------------
     		/**  Is user banned?
     		/** ----------------------------------------*/
     if (ee()->session->userdata['is_banned'] == TRUE) {
         return $this->_output_error('general', array(ee()->lang->line('not_authorized')));
     }
     ee()->lang->loadfile('login');
     /** ----------------------------------------
     		/**  Error trapping
     		/** ----------------------------------------*/
     $errors = array();
     /** ----------------------------------------
     		/**  No username/password?  Bounce them...
     		/** ----------------------------------------*/
     if (!ee()->input->get('multi') and (!ee()->input->post('username') or !ee()->input->post('password'))) {
         return $this->_output_error('submission', array(ee()->lang->line('mbr_form_empty')));
     }
     //--------------------------------------------
     //	2.2.x+ needs auth lib
     //--------------------------------------------
     if (APP_VER >= '2.2.0') {
         ee()->load->library('auth');
     }
     /** ----------------------------------------
     		/**  Is IP and User Agent required for login?
     		/** ----------------------------------------*/
     if (ee()->config->item('require_ip_for_login') == 'y') {
         if (ee()->session->userdata['ip_address'] == '' or ee()->session->userdata['user_agent'] == '') {
             return $this->_output_error('general', array(ee()->lang->line('unauthorized_request')));
         }
     }
     /** ----------------------------------------
     		/**  Check password lockout status
     		/** ----------------------------------------*/
     if (ee()->session->check_password_lockout() === TRUE) {
         $line = ee()->lang->line('password_lockout_in_effect');
         $line = str_replace("%x", ee()->config->item('password_lockout_interval'), $line);
         return $this->_output_error('general', array($line));
     }
     /** ----------------------------------------
     		/**  Fetch member data
     		/** ----------------------------------------*/
     if (ee()->input->get('multi') === FALSE) {
         $sql = "SELECT \texp_members.*\n\t\t\t\t\tFROM   \texp_members, exp_member_groups\n\t\t\t\t\tWHERE  \tusername = '******'username')) . "'\n\t\t\t\t\tAND    \texp_members.group_id = exp_member_groups.group_id";
         if (ee()->config->item('site_id') !== FALSE) {
             $sql .= " AND exp_member_groups.site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "'";
         }
         $query = ee()->db->query($sql);
     } else {
         if (ee()->config->item('allow_multi_logins') == 'n' or !ee()->config->item('multi_login_sites') or ee()->config->item('multi_login_sites') == '') {
             return $this->_output_error('general', array(ee()->lang->line('not_authorized')));
         }
         // Current site in list.  Original login site.
         if (ee()->input->get('cur') === FALSE or ee()->input->get('orig') === FALSE) {
             return $this->_output_error('general', array(ee()->lang->line('not_authorized')));
         }
         // Kill old sessions first
         ee()->session->gc_probability = 100;
         ee()->session->delete_old_sessions();
         // Set cookie expiration to one year if the "remember me" button is clicked
         $expire = !isset($_POST['auto_login']) ? '0' : 60 * 60 * 24 * 365;
         // Check Session ID
         $sql = "SELECT \texp_members.*\n\t\t\t\t\tFROM   \texp_sessions, \n\t\t\t\t\t\t\texp_members \n\t\t\t\t\tWHERE  \texp_sessions.session_id  = '" . ee()->db->escape_str(ee()->input->get('multi')) . "'\n\t\t\t\t\tAND\t\texp_sessions.member_id = exp_members.member_id\n\t\t\t\t\tAND    \texp_sessions.last_activity > {$expire}";
         if (ee()->config->item('site_id') !== FALSE) {
             $sql .= " AND exp_member_groups.site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "'";
         }
         $query = ee()->db->query($sql);
         if ($query->num_rows() == 0) {
             return;
         }
         // Set Various Cookies
         // new auth lib in 2.2.x+ does this itself
         if (APP_VER < '2.2.0') {
             ee()->functions->set_cookie(ee()->session->c_password, $query->row('password'), $expire);
             ee()->functions->set_cookie(ee()->session->c_anon);
             ee()->functions->set_cookie(ee()->session->c_expire, time() + $expire, $expire);
             ee()->functions->set_cookie(ee()->session->c_uniqueid, $query->row('unique_id'), $expire);
             if (ee()->config->item('user_session_type') == 'cs' or ee()->config->item('user_session_type') == 's') {
                 ee()->functions->set_cookie(ee()->session->c_session, ee()->input->get('multi'), ee()->session->session_length);
             }
         }
         // -------------------------------------------
         // 'member_member_login_multi' hook.
         //  - Additional processing when a member is logging into multiple sites
         //
         if (ee()->extensions->active_hook('member_member_login_multi') === TRUE) {
             $edata = ee()->extensions->universal_call('member_member_login_multi', $query->row);
             if (ee()->extensions->end_script === TRUE) {
                 return;
             }
         }
         //
         // -------------------------------------------
         // Check if there are any more sites to log into
         $sites = explode('|', ee()->config->item('multi_login_sites'));
         $next = ee()->input->get('cur') + 1 != ee()->input->get('orig') ? ee()->input->get('cur') + 1 : ee()->input->get('cur') + 2;
         if (!isset($sites[$next])) {
             // We're done.
             $data = array('title' => ee()->lang->line('mbr_login'), 'heading' => ee()->lang->line('thank_you'), 'content' => ee()->lang->line('mbr_you_are_logged_in'), 'redirect' => $sites[ee()->input->get('orig')], 'link' => array($sites[ee()->input->get('orig')], ee()->lang->line('back')));
             ee()->output->show_message($data);
         } else {
             // Next Site
             $next_url = $sites[$next] . '?ACT=' . ee()->functions->fetch_action_id('Member', 'member_login') . '&multi=' . ee()->input->get('multi') . '&cur=' . $next . '&orig=' . ee()->input->get_post('orig');
             return ee()->functions->redirect($next_url);
         }
     }
     /** ----------------------------------------
     		/**  Invalid Username
     		/** ----------------------------------------*/
     if ($query->num_rows() == 0) {
         ee()->session->save_password_lockout();
         return $this->_output_error('submission', array(ee()->lang->line('no_username')));
     }
     /** ----------------------------------------
     		/**  Is the member account pending?
     		/** ----------------------------------------*/
     if ($query->row('group_id') == 4) {
         return $this->_output_error('general', array(ee()->lang->line('mbr_account_not_active')));
     }
     // ----------------------------------------
     //  Check password
     // ----------------------------------------
     if (APP_VER < '2.2.0') {
         $password = ee()->functions->hash(stripslashes(ee()->input->post('password')));
         if ($query->row('password') != $password) {
             // To enable backward compatibility with pMachine we'll test to see
             // if the password was encrypted with MD5.  If so, we will encrypt the
             // password using SHA1 and update the member's info.
             $orig_enc_type = ee()->config->item('encryption_type');
             ee()->config->set_item('encryption_type', ee()->config->item('encryption_type') == 'md5' ? 'sha1' : 'md5');
             $password = ee()->functions->hash(stripslashes(ee()->input->post('password')));
             ee()->config->set_item('encryption_type', $orig_enc_type);
             if ($query->row('password') == $password) {
                 $password = ee()->functions->hash(stripslashes(ee()->input->post('password')));
                 $sql = "UPDATE exp_members \n\t\t\t\t\t\t\tSET    password = '******' \n\t\t\t\t\t\t\tWHERE  member_id = '" . $query->row('member_id') . "' ";
                 ee()->db->query($sql);
             } else {
                 /** ----------------------------------------
                 				/**  Invalid password
                 				/** ----------------------------------------*/
                 ee()->session->save_password_lockout();
                 $errors[] = ee()->lang->line('no_password');
             }
         }
     } else {
         $passwd = ee()->auth->hash_password(stripslashes(ee()->input->post('password')), $query->row('salt'));
         if (!isset($passwd['salt']) or $passwd['password'] != $query->row('password')) {
             ee()->session->save_password_lockout();
             $errors[] = ee()->lang->line('no_password');
         }
     }
     /** --------------------------------------------------
     		/**  Do we allow multiple logins on the same account?
     		/** --------------------------------------------------*/
     if (ee()->config->item('allow_multi_logins') == 'n') {
         // Kill old sessions first
         ee()->session->gc_probability = 100;
         ee()->session->delete_old_sessions();
         $expire = time() - ee()->session->session_length;
         // See if there is a current session
         $sql = "SELECT ip_address, user_agent FROM exp_sessions \n\t\t\t\t\tWHERE  member_id  = '" . $query->row('member_id') . "'\n\t\t\t\t\tAND    last_activity > {$expire}";
         if (ee()->config->item('site_id') !== FALSE) {
             $sql .= " AND site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "'";
         }
         $result = ee()->db->query($sql);
         // If a session exists, trigger the error message
         if ($result->num_rows() == 1) {
             if (ee()->session->userdata['ip_address'] != $result->row('ip_address') or ee()->session->userdata['user_agent'] != $result->row('user_agent')) {
                 $errors[] = ee()->lang->line('multi_login_warning');
             }
         }
     }
     /** ----------------------------------------
     		/**  Are there errors to display?
     		/** ----------------------------------------*/
     if (count($errors) > 0) {
         return $this->_output_error('submission', $errors);
     }
     /** ----------------------------------------
     		/**  Set cookies
     		/** ----------------------------------------*/
     // Set cookie expiration to one year if the "remember me" button is clicked
     $expire = !isset($_POST['auto_login']) ? '0' : 60 * 60 * 24 * 365;
     ee()->functions->set_cookie(ee()->session->c_expire, time() + $expire, $expire);
     ee()->functions->set_cookie(ee()->session->c_uniqueid, $query->row('unique_id'), $expire);
     if (APP_VER < '2.2.0') {
         ee()->functions->set_cookie(ee()->session->c_password, $password, $expire);
     } else {
         $member = ee()->db->get_where('members', array('member_id' => $query->row('member_id')));
         $session = new Auth_result($member->row());
         if (APP_VER >= '2.4.0') {
             $session->remember_me(60 * 60 * 24 * 182);
         }
         $session->start_session();
         // Update system stats
         ee()->load->library('stats');
         if (!$this->check_no(ee()->config->item('enable_online_user_tracking'))) {
             ee()->stats->update_stats();
         }
     }
     // Does the user want to remain anonymous?
     $anon = $this->EE->input->post('anon') == 1 ? '' : 'y';
     if ($anon == 'y') {
         ee()->functions->set_cookie(ee()->session->c_anon, 1, $expire);
     } else {
         ee()->functions->set_cookie(ee()->session->c_anon);
     }
     /** ----------------------------------------
     		/**  Create a new session
     		/** ----------------------------------------*/
     ee()->session->create_new_session($query->row('member_id'));
     /** ----------------------------------------
     		/**  Populate session
     		/** ----------------------------------------*/
     ee()->session->userdata['username'] = $query->row('username');
     ee()->session->userdata['screen_name'] = $query->row('screen_name');
     ee()->session->userdata['email'] = $query->row('email');
     ee()->session->userdata['url'] = $query->row('url');
     ee()->session->userdata['location'] = $query->row('location');
     /** ----------------------------------------
     		/**  Update stats
     		/** ----------------------------------------*/
     $cutoff = ee()->localize->now - 15 * 60;
     $sql = "DELETE FROM \texp_online_users \n\t\t\t\t\t   WHERE \t\t(ip_address = 'ee()->input->ip_address()' \n\t\t\t\t\t\t\t\t\tAND\tmember_id = '0') \n\t\t\t\t\t   OR \t\t\tdate < {$cutoff}";
     if (ee()->config->item('site_id') !== FALSE) {
         $sql .= " AND site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "'";
     }
     ee()->db->query($sql);
     $data = array('member_id' => ee()->session->userdata('member_id'), 'name' => ee()->session->userdata['screen_name'] == '' ? ee()->session->userdata['username'] : ee()->session->userdata['screen_name'], 'ip_address' => ee()->input->ip_address(), 'date' => ee()->localize->now, 'anon' => $anon);
     if (ee()->config->item('site_id') !== FALSE) {
         $data['site_id'] = ee()->config->item('site_id');
     }
     if (APP_VER < '2.2.0') {
         if ($this->EE->config->item('enable_online_user_tracking') == 'n' or $this->EE->config->item('disable_all_tracking') == 'y') {
             // No!
         } else {
             ee()->db->query(ee()->db->update_string('exp_online_users', $data, array("ip_address" => ee()->input->ip_address(), "member_id" => $data['member_id'])));
         }
     }
     /** ----------------------------------------
     		/**  Delete old password lockouts
     		/** ----------------------------------------*/
     ee()->session->delete_password_lockout();
 }
 /**
  * EE login
  *
  * This method takes an EE member id and logs that person in.
  *
  * @access	public
  * @return	boolean
  */
 public function ee_login($member_id = '')
 {
     // --------------------------------------------
     //	Run security tests
     // --------------------------------------------
     if ($this->_security() === FALSE) {
         return FALSE;
     }
     //--------------------------------------------
     //	2.2.0 Auth lib
     //--------------------------------------------
     ee()->load->library('auth');
     // This should go in the auth lib.
     if (!ee()->auth->check_require_ip()) {
         $this->error[] = lang('not_authorized');
         return FALSE;
     }
     // --------------------------------------------
     //	'fbc_member_login_start' hook.
     // --------------------------------------------
     if (ee()->extensions->active_hook('fbc_member_login_start') === TRUE) {
         $edata = ee()->extensions->universal_call('fbc_member_login_start');
         if (ee()->extensions->end_script === TRUE) {
             return FALSE;
         }
     }
     // --------------------------------------------
     //	Kill old sessions first
     // --------------------------------------------
     ee()->session->gc_probability = 100;
     ee()->session->delete_old_sessions();
     // --------------------------------------------
     //	Use Facebook's session expiration as our own, or set to one day if there's any trouble.
     // --------------------------------------------
     $this->api();
     $this->api->connect_to_api();
     $expire = (isset($this->api->user['expires']) === TRUE and is_numeric($this->api->user['expires']) === TRUE) ? 86400 : $this->api->user['expires'] - time();
     $expire = 86400;
     // Let's do this for a while. Facebook can continually refresh the session it keeps for a user, but we are not going to try to continually update ours. Let's just give the user some breathing room.
     // --------------------------------------------
     //	Get member data
     // --------------------------------------------
     if (($member_data = $this->data->get_member_data_from_member_id($member_id)) === FALSE) {
         return FALSE;
     }
     // --------------------------------------------
     //  Is the member account pending?
     // --------------------------------------------
     if ($member_data['group_id'] == 4) {
         $this->show_error(array(lang('mbr_account_not_active')));
     }
     // --------------------------------------------
     //  Do we allow multiple logins on the same account?
     // --------------------------------------------
     if (ee()->config->item('allow_multi_logins') == 'n') {
         $expire = time() - ee()->session->session_length;
         // See if there is a current session
         $result = ee()->db->query("SELECT ip_address, user_agent\n\t\t\t\t\t\t\t\t  FROM   exp_sessions\n\t\t\t\t\t\t\t\t  WHERE  member_id  = '" . $member_data['member_id'] . "'\n\t\t\t\t\t\t\t\t  AND    last_activity > " . ee()->db->escape_str($expire) . "");
         // If a session exists, trigger the error message
         if ($result->num_rows() == 1) {
             $row = $result->row_array();
             if (ee()->session->userdata('ip_address') != $row['ip_address'] or ee()->session->userdata('user_agent') != $row['user_agent']) {
                 $errors[] = lang('multi_login_warning');
             }
         }
     }
     // --------------------------------------------
     //  New auth method in EE 2.2.0
     // --------------------------------------------
     $member = ee()->db->get_where('members', array('member_id' => $member_data['member_id']));
     $session = new Auth_result($member->row());
     if (is_callable(array($session, 'remember_me'))) {
         $session->remember_me(60 * 60 * 24 * 182);
     }
     $session->start_session();
     // Update system stats
     ee()->load->library('stats');
     if (!$this->check_no(ee()->config->item('enable_online_user_tracking'))) {
         ee()->stats->update_stats();
     }
     // --------------------------------------------
     //	Log this
     // --------------------------------------------
     $this->log_to_cp('Logged in', $member_data);
     // --------------------------------------------
     //	'fbc_member_login_single' hook.
     // --------------------------------------------
     if (ee()->extensions->active_hook('fbc_member_login_single') === TRUE) {
         $edata = ee()->extensions->universal_call('fbc_member_login_single', $member_data);
         if (ee()->extensions->end_script === TRUE) {
             return FALSE;
         }
     }
     // --------------------------------------------
     //	Return success
     // --------------------------------------------
     return TRUE;
 }
Beispiel #6
0
 /**
  * Do Multi-site authentication
  *
  * @param array $sites Array of site URLs to login to
  * @param string $login_state The hash identifying the member
  * @return 	object 	member auth object
  */
 private function _do_multi_auth($sites, $login_state)
 {
     if (!$sites or ee()->config->item('allow_multi_logins') == 'n' or empty($login_state)) {
         return ee()->output->show_user_error('general', lang('not_authorized'));
     }
     // Kill old sessions first
     ee()->session->gc_probability = 100;
     ee()->session->delete_old_sessions();
     // Grab session
     $sess_q = ee()->db->get_where('sessions', array('user_agent' => substr(ee()->input->user_agent(), 0, 120), 'login_state' => $login_state));
     if (!$sess_q->num_rows()) {
         return ee()->output->show_user_error('general', lang('not_authorized'));
     }
     // Grab member
     $mem_q = ee()->db->get_where('members', array('member_id' => $sess_q->row('member_id')));
     if (!$mem_q->num_rows()) {
         return FALSE;
     }
     $incoming = new Auth_result($mem_q->row());
     $csrf_token = ee()->csrf->refresh_token();
     // this is silly - only works for the first site
     if (isset($_POST['auto_login'])) {
         $incoming->remember_me();
     }
     // hook onto an existing session
     $incoming->use_session_id($sess_q->row('session_id'));
     $incoming->start_session();
     $new_row = $sess_q->row_array();
     $some_row['site_id'] = ee()->config->item('site_id');
     return $incoming;
 }
 private function autologin($data, $member_id)
 {
     // Log user in (the extra query is a little annoying)
     $this->EE->load->library('auth');
     $member_data_q = $this->EE->db->get_where('members', array('member_id' => $member_id));
     $incoming = new Auth_result($member_data_q->row());
     $incoming->remember_me(60 * 60 * 24 * 182);
     $incoming->start_session();
     $message = lang('mbr_your_are_logged_in');
 }