/**
* Find if the given member id and password is valid. If username is NULL, then the member id is used instead.
* All authorisation, cookies, and form-logins, are passed through this function.
* Some forums do cookie logins differently, so a Boolean is passed in to indicate whether it is a cookie login.
*
* @param ?SHORT_TEXT The member username (NULL: don't use this in the authentication - but look it up using the ID if needed)
* @param MEMBER The member id
* @param MD5 The md5-hashed password
* @param string The raw password
* @param boolean Whether this is a cookie login
* @return array A map of 'id' and 'error'. If 'id' is NULL, an error occurred and 'error' is set
*/
function forum_authorise_login($username, $userid, $password_hashed, $password_raw, $cookie_login = false)
{
$out = array();
$out['id'] = NULL;
if (is_null($userid)) {
$rows = $this->connection->query_select('members', array('*'), array('name' => $this->ipb_escape($username)), '', 1);
if (array_key_exists(0, $rows)) {
$this->MEMBER_ROWS_CACHED[$rows[0]['member_id']] = $rows[0];
} else {
$rows = $this->connection->query_select('members', array('*'), array('members_display_name' => $this->ipb_escape($username)), '', 1);
if (array_key_exists(0, $rows)) {
$this->MEMBER_ROWS_CACHED[$rows[0]['member_id']] = $rows[0];
}
}
} else {
$rows[0] = $this->get_member_row($userid);
}
if (!array_key_exists(0, $rows)) {
$out['error'] = do_lang_tempcode('_USER_NO_EXIST', $username);
return $out;
}
$row = $rows[0];
if ($row['member_banned'] == 1) {
$out['error'] = do_lang_tempcode('USER_BANNED');
return $out;
}
if ($cookie_login) {
if ($password_hashed != $row['member_login_key']) {
$out['error'] = do_lang_tempcode('USER_BAD_PASSWORD');
return $out;
}
// Check stronghold
global $SITE_INFO;
if (array_key_exists('stronghold_cookies', $SITE_INFO) && $SITE_INFO['stronghold_cookies'] == 1) {
$ip_octets = explode('.', ocp_srv('REMOTE_ADDR'));
$crypt_salt = md5(get_db_forums_password() . get_db_forums_user());
$a = get_member_cookie();
$b = get_pass_cookie();
for ($i = 0; $i < strlen($a) && $i < strlen($b); $i++) {
if ($a[$i] != $b[$i]) {
break;
}
}
$cookie_prefix = substr($a, 0, $i);
$cookie = ocp_admirecookie($cookie_prefix . 'ipb_stronghold');
$stronghold = md5(md5(strval($row['member_id']) . '-' . $ip_octets[0] . '-' . $ip_octets[1] . '-' . $row['member_login_key']) . $crypt_salt);
if ($cookie != $stronghold) {
$out['error'] = do_lang_tempcode('USER_BAD_STRONGHOLD');
return $out;
}
}
} else {
if (!$this->_auth_hashed($row['member_id'], $password_hashed)) {
$out['error'] = do_lang_tempcode('USER_BAD_PASSWORD');
return $out;
}
}
$pos = strpos(get_member_cookie(), 'member_id');
ocp_eatcookie(substr(get_member_cookie(), 0, $pos) . 'session_id');
$out['id'] = $row['member_id'];
return $out;
}
/**
* Parts common to any modular installation step.
*/
function big_installation_common()
{
if (function_exists('set_time_limit')) {
@set_time_limit(180);
}
if (count($_POST) == 0) {
exit(do_lang('INST_POST_ERROR'));
}
$info_file = (file_exists('use_comp_name') ? array_key_exists('COMPUTERNAME', $_ENV) ? $_ENV['COMPUTERNAME'] : $_SERVER['SERVER_NAME'] : 'info') . '.php';
require_once get_file_base() . '/' . $info_file;
require_code('database');
$forum_type = get_forum_type();
require_code('forum/' . $forum_type);
$GLOBALS['FORUM_DRIVER'] = object_factory('forum_driver_' . filter_naughty_harsh($forum_type));
if ($forum_type != 'none') {
$GLOBALS['FORUM_DRIVER']->connection = new database_driver(get_db_forums(), get_db_forums_host(), get_db_forums_user(), get_db_forums_password(), $GLOBALS['FORUM_DRIVER']->get_drivered_table_prefix());
}
$GLOBALS['FORUM_DRIVER']->MEMBER_ROWS_CACHED = array();
$GLOBALS['FORUM_DB'] =& $GLOBALS['FORUM_DRIVER']->connection;
if (method_exists($GLOBALS['FORUM_DRIVER'], 'check_db')) {
if (!$GLOBALS['FORUM_DRIVER']->check_db()) {
warn_exit(do_lang_tempcode('INVALID_FORUM_DATABASE'));
}
}
require_code('database_action');
require_code('menus2');
require_code('config');
require_code('zones2');
}
/**
* Load stuff that allows user code to work.
*/
function load_user_stuff()
{
if (!array_key_exists('FORUM_DRIVER', $GLOBALS) || $GLOBALS['FORUM_DRIVER'] === NULL) {
global $SITE_INFO;
require_code('forum_stub');
if (!array_key_exists('forum_type', $SITE_INFO)) {
$SITE_INFO['forum_type'] = 'ocf';
}
require_code('forum/' . $SITE_INFO['forum_type']);
// So we can at least get user details
$GLOBALS['FORUM_DRIVER'] = object_factory('forum_driver_' . filter_naughty_harsh($SITE_INFO['forum_type']));
if ($SITE_INFO['forum_type'] == 'ocf' && get_db_forums() == get_db_site() && $GLOBALS['FORUM_DRIVER']->get_drivered_table_prefix() == get_table_prefix() && !$GLOBALS['DEBUG_MODE']) {
$GLOBALS['FORUM_DRIVER']->connection = $GLOBALS['SITE_DB'];
} elseif ($SITE_INFO['forum_type'] != 'none') {
$GLOBALS['FORUM_DRIVER']->connection = new database_driver(get_db_forums(), get_db_forums_host(), get_db_forums_user(), get_db_forums_password(), $GLOBALS['FORUM_DRIVER']->get_drivered_table_prefix());
}
$GLOBALS['FORUM_DRIVER']->MEMBER_ROWS_CACHED = array();
$GLOBALS['FORUM_DB'] =& $GLOBALS['FORUM_DRIVER']->connection;
}
}
