Ejemplo n.º 1
0
            // Create an URI session id if cookies are not used..
            if(!$PHORUM["use_cookies"]) {
                $uri_session_id = md5($_POST['username'].microtime().$_POST['password']);
                $user = array(
                    'user_id'  => $PHORUM['user']['user_id'],
                    'sessid_st'=> $uri_session_id
                );
                phorum_user_save_simple($user);
                phorum_user_create_session(PHORUM_SESSION_LONG_TERM,true,$uri_session_id);
            // Create cookie session(s).
            } else {
                if (!$PHORUM["DATA"]["LOGGEDIN"]) {
                    phorum_user_create_session(PHORUM_SESSION_LONG_TERM, false);
                }
                if($PHORUM["tight_security"]){
                    phorum_user_create_session(PHORUM_SESSION_SHORT_TERM, true);
                }
            }

            // Determine the URL to redirect the user to.
            // If redir is a number, it is a URL constant.
            if(is_numeric($_POST["redir"])){
                $redir = phorum_get_url($_POST["redir"]);
            }

            // Redirecting to the registration or login page is a little weird,
            // so we just go to the list page if we came from one of those.
            elseif (isset($PHORUM['use_cookies']) && $PHORUM["use_cookies"] && !strstr($_POST["redir"], "register." . PHORUM_FILE_EXTENSION) && !strstr($_POST["redir"], "login." . PHORUM_FILE_EXTENSION)) {
                $redir = $_POST["redir"];

            // By default, we redirect to the list page.
Ejemplo n.º 2
0
function phorum_user_check_session( $cookie = PHORUM_SESSION_LONG_TERM )
{
    $PHORUM = $GLOBALS["PHORUM"];

    // If we do URI based authentication, we will only look at the
    // PHORUM_SESSION_LONG_TERM session (which is the session key that is
    // stored in the URI). Here we rewrite requests for
    // PHORUM_SESSION_SHORT_TERM so we will handle tighter security correctly.
    if ( isset($PHORUM["use_cookies"]) && ! $PHORUM["use_cookies"] &&
         $cookie == PHORUM_SESSION_SHORT_TERM) {
        $cookie = PHORUM_SESSION_LONG_TERM;
    }

    if ( ( $cookie != PHORUM_SESSION_LONG_TERM || ( isset( $PHORUM["use_cookies"] ) && $PHORUM["use_cookies"] ) ) && isset( $_COOKIE[$cookie] ) ) { // REAL cookies ;)
        $sessid = $_COOKIE[$cookie];
        $GLOBALS["PHORUM"]["use_cookies"]=true;
    } elseif ( isset( $PHORUM["args"][$cookie] ) ) { // in the p5-urls
        $sessid = $PHORUM["args"][$cookie];
        $GLOBALS["PHORUM"]["use_cookies"]=false;
    } elseif ( isset( $_POST[$cookie] ) ) { // from post-forms
        $sessid = $_POST[$cookie];
        $GLOBALS["PHORUM"]["use_cookies"]=false;
    } elseif ( isset( $_GET[$cookie] ) ) { // should rarely happen but helps in some cases
        $sessid = $_GET[$cookie];
        $GLOBALS["PHORUM"]["use_cookies"]=false;
    }

    $success = false;

    if ( !empty( $sessid ) && $GLOBALS["PHORUM"]["use_cookies"]) {
        // this part is for cookie-authentication where we have username and password
        list( $userid, $md5session ) = explode( ":", $sessid, 2 );

        if(!is_numeric($userid)) {
            phorum_user_clear_session( $cookie );
            return false;
        }

        $user=phorum_user_get($userid, true, true);
        if (empty($user)) {
            phorum_user_clear_session( $cookie );
            return false;
        }

        if ( ($cookie==PHORUM_SESSION_LONG_TERM && !empty($user['cookie_sessid_lt']) && $user['cookie_sessid_lt'] == $md5session) ||
             ($cookie==PHORUM_SESSION_SHORT_TERM && !empty($user['sessid_st']) && $user['sessid_st'] == $md5session) ||
             ($cookie==PHORUM_SESSION_ADMIN && !empty($user['cookie_sessid_lt']) && md5($user['cookie_sessid_lt'].$PHORUM["admin_session_salt"]) == $md5session) ) {
            if ( $user["active"] ) {
                // write access is false by default, need to check the st-cookie too
                $user['write_access']=false;

                $GLOBALS["PHORUM"]["user"] = $user;
                $success = true;

                phorum_user_create_session( $cookie );
            } else {
                phorum_user_clear_session( $cookie );
            }
        }
    } elseif( !empty( $sessid ) && !$GLOBALS["PHORUM"]["use_cookies"]) {
        // this part is for uri-authentication where we only have a session-id
        $uri_session_id = urldecode( $sessid );
        if ( $user_id = phorum_db_user_check_field('sessid_st',$uri_session_id,'=')) {
            $user = phorum_user_get( $user_id, true, true );
            if ( $user["active"] ) {

                // write access is enabled for uri-authentication as thats requiring login at every visit
                $user['write_access']=true;

                $GLOBALS["PHORUM"]["user"] = $user;
                $success = true;
                phorum_user_create_session( $cookie, false, $user['sessid_st'] );
            } else {
                phorum_user_clear_session( $cookie );
            }
        }
    }

    // track user activity
    if($success && $PHORUM["track_user_activity"] && $GLOBALS["PHORUM"]["user"]["date_last_active"] < time() - $PHORUM["track_user_activity"] ) {
        $tmp_user["user_id"] = $GLOBALS["PHORUM"]["user"]["user_id"];
        $tmp_user["date_last_active"] = time();
        if(isset($PHORUM['forum_id'])) {
            $tmp_user["last_active_forum"]= $PHORUM['forum_id'];
        } else {
            $tmp_user["last_active_forum"]= 0;
        }
        phorum_user_save_simple( $tmp_user);
    }

    return $success;
}
Ejemplo n.º 3
0
/**
 * A common function which is used to save the userdata from the post-data.
 * @param panel - The panel for which to save data.
 * @return array - An array containing $error and $okmsg.
 */
function phorum_controlcenter_user_save($panel)
{
    $PHORUM = $GLOBALS['PHORUM'];
    $error = "";
    $okmsg = "";

    // Setup the default userdata fields that may be changed
    // from the control panel interface.
    $userdata = array(
        'signature'       => NULL,
        'hide_email'      => NULL,
        'hide_activity'   => NULL,
        'password'        => NULL,
        'tz_offset'       => NULL,
        'is_dst'          => NULL,
        'user_language'   => NULL,
        'threaded_list'   => NULL,
        'threaded_read'   => NULL,
        'email_notify'    => NULL,
        'show_signature'  => NULL,
        'pm_email_notify' => NULL,
        'email'           => NULL,
        'email_temp'      => NULL,
        'user_template'   => NULL,
        'moderation_email'=> NULL,
    );
    // Add custom profile fields as acceptable fields.
    foreach ($PHORUM["PROFILE_FIELDS"] as $field) {
        $userdata[$field["name"]] = NULL;
    }
    // Update userdata with $_POST information.
    foreach ($_POST as $key => $val) {
       if (array_key_exists($key, $userdata)) {
           $userdata[$key] = $val;
       }
    }
    // Remove unused profile fields.
    foreach ($userdata as $key => $val) {
        if (is_null($val)) {
            unset($userdata[$key]);
        }
    }

    // Set static userdata.
    $userdata["user_id"] = $PHORUM["user"]["user_id"];
    $userdata["fk_campsite_user_id"] = $PHORUM["user"]["fk_campsite_user_id"];

    // Run a hook, so module writers can update and check the userdata.
    $userdata = phorum_hook("cc_save_user", $userdata);

    // Set $error, in case the before_register hook did set an error.
    if (isset($userdata['error'])) {
        $error=$userdata['error'];
        unset($userdata['error']);
    // Try to update the userdata in the database.
    } elseif (!phorum_user_save($userdata)) {
        // Updating the user failed.
        $error = $PHORUM["DATA"]["LANG"]["ErrUserAddUpdate"];
    } else {
	// Sync the campsite user
	require_once('../../admin-files/localizer/Localizer.php');
	require_once('../../classes/User.php');
	$campsiteUser = new User($userdata["fk_campsite_user_id"]);
	if ($campsiteUser->exists()) {
		if (array_key_exists('password', $userdata)) {
			$campsiteUser->setPassword($userdata["password"]);
		} elseif (array_key_exists('email', $userdata)) {
			$campsiteUser->setProperty('EMail', $userdata["email"]);
		}
	}

        // Updating the user was successful.
        $okmsg = $PHORUM["DATA"]["LANG"]["ProfileUpdatedOk"];

        // Let the userdata be reloaded.
        phorum_user_set_current_user($userdata["user_id"]);

        // If a new password was set, let's create a new session.
        if (isset($userdata["password"]) && !empty($userdata["password"])) {
            phorum_user_create_session();
        }

        // Copy data from the updated user back into the template data.
        // Leave PANEL and forum_id alone (these are injected into the
        // userdata in the template from this script).
        foreach ($GLOBALS["PHORUM"]["DATA"]["PROFILE"] as $key => $val) {
            if ($key == "PANEL" || $key == "forum_id") continue;
            if (isset($GLOBALS["PHORUM"]["user"][$key])) {
                $GLOBALS["PHORUM"]["DATA"]["PROFILE"][$key] = $GLOBALS["PHORUM"]["user"][$key];
            } else {
                $GLOBALS["PHORUM"]["DATA"]["PROFILE"][$key] = "";
            }
        }
    }

    return array($error, $okmsg);
}
Ejemplo n.º 4
0
//                                                                            //
//   This program is distributed in the hope that it will be useful,          //
//   but WITHOUT ANY WARRANTY, without even the implied warranty of           //
//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.                     //
//                                                                            //
//   You should have received a copy of the Phorum License                    //
//   along with this program.                                                 //
////////////////////////////////////////////////////////////////////////////////

    // don't allow this page to be loaded directly
    if(!defined("PHORUM_ADMIN")) exit();

    if(isset($_POST["username"]) && isset($_POST["password"])){
        if(phorum_user_check_login($_POST["username"], $_POST["password"])!=0){
            if($PHORUM["user"]["admin"]){
                phorum_user_create_session(PHORUM_SESSION_ADMIN);
                if(!empty($_POST["target"])){
                    phorum_redirect_by_url($_POST['target']);
                } else {
                    phorum_redirect_by_url($_SERVER['PHP_SELF']);
                }
                exit();
            }
        }
    }

    include_once "./include/admin/PhorumInputForm.php";

    $frm = new PhorumInputForm ("", "post");

    if(count($_REQUEST)){