function convert_data($data)
{
$insert_data = array();
// phpBB 2 values
$insert_data['usergroup'] = $this->board->get_group_id($data, array("not_multiple" => true));
$insert_data['additionalgroups'] = str_replace($insert_data['usergroup'], '', $this->board->get_group_id($data));
$insert_data['displaygroup'] = $this->board->get_group_id($data, array("not_multiple" => true));
$insert_data['import_usergroup'] = $this->board->get_group_id($data, array("not_multiple" => true, "original" => true));
$insert_data['import_additionalgroups'] = $this->board->get_group_id($data, array("original" => true));
$insert_data['import_displaygroup'] = $data['group_id'];
$insert_data['import_uid'] = $data['user_id'];
$insert_data['username'] = encode_to_utf8($data['username'], "users", "users");
$insert_data['email'] = $data['user_email'];
$insert_data['regdate'] = $data['user_regdate'];
$insert_data['lastactive'] = $data['user_lastvisit'];
$insert_data['lastvisit'] = $data['user_lastvisit'];
$insert_data['website'] = $data['user_website'];
$insert_data['avatar'] = $data['user_avatar'];
list($width, $height) = @getimagesize($data['user_avatar']);
$insert_data['avatardimensions'] = $width . '|' . $height;
if ($insert_data['avatar'] == '') {
$insert_data['avatartype'] = "";
} else {
$insert_data['avatartype'] = 'remote';
}
$last_post = $this->get_last_post($data['user_id']);
$insert_data['lastpost'] = intval($last_post['post_time']);
$insert_data['icq'] = $data['user_icq'];
$insert_data['aim'] = $data['user_aim'];
$insert_data['yahoo'] = $data['user_yim'];
$insert_data['msn'] = $data['user_msnm'];
$insert_data['hideemail'] = $data['hideEmail'];
$insert_data['invisible'] = int_to_01($data['user_allow_viewonline']);
$insert_datar['allownotices'] = $data['user_notify'];
if ($data['user_notify'] == 1) {
$subscription_method == 2;
} else {
$subscription_method = 0;
}
$insert_data['subscriptionmethod'] = $subscription_method;
$insert_data['receivepms'] = $data['user_allow_pm'];
$insert_data['pmnotice'] = $data['user_popup_pm'];
$insert_data['pmnotify'] = $data['pm_email_notify'];
$insert_data['showsigs'] = $data['user_attachsig'];
$insert_data['showavatars'] = $data['user_allowavatar'];
$insert_data['timeformat'] = $data['user_dateformat'];
$insert_data['timezone'] = $data['user_timezone'];
$insert_data['regip'] = $last_post['poster_ip'];
$insert_data['totalpms'] = $this->get_private_messages($data['user_id']);
$insert_data['unreadpms'] = $data['user_unread_privmsg'];
$insert_data['salt'] = generate_salt();
$insert_data['signature'] = encode_to_utf8(str_replace(':' . $data['user_sig_bbcode_uid'], '', utf8_unhtmlentities($data['user_sig'])), "users", "users");
$insert_data['password'] = salt_password($data['user_password'], $insert_data['salt']);
$insert_data['loginkey'] = generate_loginkey();
return $insert_data;
}
function loginconvert_convert(&$login)
{
global $mybb, $valid_login_types, $db, $settings;
$options = array("fields" => array('username', "password", "salt", 'loginkey', 'coppauser', 'usergroup', "passwordconvert", "passwordconverttype", "passwordconvertsalt"), "username_method" => (int) $settings['username_method']);
if ($login->username_method !== null) {
$options['username_method'] = (int) $login->username_method;
}
$user = get_user_by_username($login->data['username'], $options);
// There's nothing to check for, let MyBB do everything
// This fails also when no user was found above, so no need for an extra check
if (!isset($user['passwordconvert']) || $user['passwordconvert'] == '') {
return;
}
if (!array_key_exists($user['passwordconverttype'], $valid_login_types)) {
// TODO: Is there an easy way to make the error translatable without adding a new language file?
redirect($mybb->settings['bburl'] . "/member.php?action=lostpw", "We're sorry but we couldn't convert your old password. Please select a new one", "", true);
} else {
$function = "check_" . $valid_login_types[$user['passwordconverttype']];
$check = $function($login->data['password'], $user);
if (!$check) {
// Yeah, that function is called later too, but we need to know whether the captcha is right
// If we wouldn't call that function the error would always be shown
$login->verify_attempts($mybb->settings['captchaimage']);
$login->invalid_combination(true);
} else {
// The password was correct, so use MyBB's method the next time (even if the captcha was wrong we can update the password)
$salt = generate_salt();
$update = array("salt" => $salt, "password" => salt_password(md5($login->data['password']), $salt), "loginkey" => generate_loginkey(), "passwordconverttype" => "", "passwordconvert" => "", "passwordconvertsalt" => "");
$db->update_query("users", $update, "uid='{$user['uid']}'");
// Make sure the password isn't tested again
unset($login->data['password']);
// Also make sure all data is available when creating the session (otherwise SQL errors -.-)
$login->login_data = array_merge($user, $update);
}
}
}
/**
* Verifies if a new password is valid or not.
*
* @return boolean True when valid, false when invalid.
*/
function verify_password()
{
global $mybb;
$user =& $this->data;
// Always check for the length of the password.
if (my_strlen($user['password']) < $mybb->settings['minpasswordlength'] || my_strlen($user['password']) > $mybb->settings['maxpasswordlength']) {
$this->set_error('invalid_password_length', array($mybb->settings['minpasswordlength'], $mybb->settings['maxpasswordlength']));
return false;
}
// Has the user tried to use their email address or username as a password?
if ($user['email'] === $user['password'] || $user['username'] === $user['password']) {
$this->set_error('bad_password_security');
return false;
}
// See if the board has "require complex passwords" enabled.
if ($mybb->settings['requirecomplexpasswords'] == 1) {
// Complex passwords required, do some extra checks.
// First, see if there is one or more complex character(s) in the password.
if (!preg_match("/^.*(?=.{" . $mybb->settings['minpasswordlength'] . ",})(?=.*\\d)(?=.*[a-z])(?=.*[A-Z]).*\$/", $user['password'])) {
$this->set_error('no_complex_characters', array($mybb->settings['minpasswordlength']));
return false;
}
}
// If we have a "password2" check if they both match
if (isset($user['password2']) && $user['password'] !== $user['password2']) {
$this->set_error("passwords_dont_match");
return false;
}
// MD5 the password
$user['md5password'] = md5($user['password']);
// Generate our salt
$user['salt'] = generate_salt();
// Combine the password and salt
$user['saltedpw'] = salt_password($user['md5password'], $user['salt']);
// Generate the user login key
$user['loginkey'] = generate_loginkey();
return true;
}
/**
* Updates a user's password.
*
* @param int $uid The user's id.
* @param string $password The md5()'ed password.
* @param string $salt (Optional) The salt of the user.
* @return array The new password.
*/
function update_password($uid, $password, $salt = "")
{
global $db, $plugins;
$newpassword = array();
// If no salt was specified, check in database first, if still doesn't exist, create one
if (!$salt) {
$query = $db->simple_select("users", "salt", "uid='{$uid}'");
$user = $db->fetch_array($query);
if ($user['salt']) {
$salt = $user['salt'];
} else {
$salt = generate_salt();
}
$newpassword['salt'] = $salt;
}
// Create new password based on salt
$saltedpw = salt_password($password, $salt);
// Generate new login key
$loginkey = generate_loginkey();
// Update password and login key in database
$newpassword['password'] = $saltedpw;
$newpassword['loginkey'] = $loginkey;
$db->update_query("users", $newpassword, "uid='{$uid}'");
$plugins->run_hooks("password_changed");
return $newpassword;
}
/**
* Verifies if a new password is valid or not.
*
* @return boolean True when valid, false when invalid.
*/
function verify_password()
{
global $mybb;
$user =& $this->data;
// Always check for the length of the password.
if (my_strlen($user['password']) < $mybb->settings['minpasswordlength'] || my_strlen($user['password']) > $mybb->settings['maxpasswordlength']) {
$this->set_error('invalid_password_length', array($mybb->settings['minpasswordlength'], $mybb->settings['maxpasswordlength']));
return false;
}
// See if the board has "require complex passwords" enabled.
if ($mybb->settings['requirecomplexpasswords'] == 1) {
// Complex passwords required, do some extra checks.
// First, see if there is one or more complex character(s) in the password.
if (!preg_match('#[\\W]+#', $user['password'])) {
$this->set_error('no_complex_characters');
return false;
}
}
// If we have a "password2" check if they both match
if (isset($user['password2']) && $user['password'] != $user['password2']) {
$this->set_error("passwords_dont_match");
return false;
}
// MD5 the password
$user['md5password'] = md5($user['password']);
// Generate our salt
$user['salt'] = generate_salt();
// Combine the password and salt
$user['saltedpw'] = salt_password($user['md5password'], $user['salt']);
// Generate the user login key
$user['loginkey'] = generate_loginkey();
return true;
}
isset($_GET["act"]) ? $act = $_GET["act"] : ($act = "");
isset($_GET["confirm"]) ? $confirm = $_GET["confirm"] : ($confirm = "");
if ($act == "") {
die;
}
if ($act == "member_import" && $confirm == "yes") {
$query = "SELECT u.id, u.username, u.id_level, u.password, u.email, UNIX_TIMESTAMP(u.joined) joined, u.cip, ul.id as real_level FROM {$TABLE_PREFIX}users u LEFT JOIN {$TABLE_PREFIX}users_level ul on u.id_level=ul.id WHERE u.id >1 GROUP BY u.id ORDER BY u.id ASC";
$list = mysql_query($query);
$count = mysql_num_rows($list);
if ($count > 0) {
@mysql_query("TRUNCATE TABLE {$mybb_prefix}users");
while ($account = mysql_fetch_assoc($list)) {
$username = $account["username"];
$email = $account["email"];
$salt = random_str(8);
$pass = salt_password($account["password"], $salt);
$key = generate_loginkey();
$joined = time();
$id_level = mybb_level_check($account["real_level"]);
mysql_query("INSERT INTO {$mybb_prefix}users (`username`, `password`, `salt`,`loginkey`,`usergroup`,`email`, `regdate`,`regip`,`lastip`,`hideemail`,`receivepms`) VALUES ('{$username}', '{$pass}', '{$salt}','{$key}',{$id_level}, '{$email}',{$joined},'{$ip_address}','{$ip_address}',1,1)") or die(mysql_error());
$fid = mysql_insert_id();
mysql_query("UPDATE {$TABLE_PREFIX}users SET mybb_fid={$fid} where id=" . $account["id"]);
mysql_query("UPDATE `{$mybb_prefix}settings` SET `value`=1 where `sid`=61");
mysql_query("UPDATE `{$mybb_prefix}usergroups` SET `namestyle`='<span style=\"color: orangered;\"><strong>{username}</strong></span>' where `gid`=4");
mysql_query("UPDATE `{$mybb_prefix}usergroups` SET `namestyle`='<span style=\"color: green;\"><strong>{username}</strong></span>' where `gid`=6");
rebuild_stats();
//rebuild users stats in forum
$counter = $count;
header("location:" . $_SERVER["PHP_SELF"] . "?act=completed&counter={$counter}");
}
}
/**
* @param bool $strict
*
* @return bool
*/
function verify_password($strict = true)
{
global $db, $mybb, $plugins;
$this->get_login_data();
if (empty($this->login_data['username'])) {
// Username must be validated to apply a password to
$this->invalid_combination();
return false;
}
$args = array('this' => &$this, 'strict' => &$strict);
$plugins->run_hooks('datahandler_login_verify_password_start', $args);
$user =& $this->data;
$password = md5($user['password']);
if (!$this->login_data['uid'] || $this->login_data['uid'] && !$this->login_data['salt'] && $strict == false) {
$this->invalid_combination();
}
if ($strict == true) {
if (!$this->login_data['salt']) {
// Generate a salt for this user and assume the password stored in db is a plain md5 password
$this->login_data['salt'] = generate_salt();
$this->login_data['password'] = salt_password($this->login_data['password'], $this->login_data['salt']);
$sql_array = array("salt" => $this->login_data['salt'], "password" => $this->login_data['password']);
$db->update_query("users", $sql_array, "uid = '{$this->login_data['uid']}'");
}
if (!$this->login_data['loginkey']) {
$this->login_data['loginkey'] = generate_loginkey();
$sql_array = array("loginkey" => $this->login_data['loginkey']);
$db->update_query("users", $sql_array, "uid = '{$this->login_data['uid']}'");
}
}
$salted_password = md5(md5($this->login_data['salt']) . $password);
$plugins->run_hooks('datahandler_login_verify_password_end', $args);
if ($salted_password !== $this->login_data['password']) {
$this->invalid_combination(true);
return false;
}
return true;
}
function login($type, $uid, $password)
{
global $db;
$password = trim($password);
$return = false;
switch ($type) {
case 'vb3':
$return = $this->authenticate_vb3($password);
break;
case 'ipb2':
$return = $this->authenticate_ipb2($password);
break;
case 'smf11':
$return = $this->authenticate_smf11($password);
break;
case 'smf2':
$return = $this->authenticate_smf2($password);
break;
case 'smf':
$return = $this->authenticate_smf($password);
break;
case 'punbb':
$return = $this->authenticate_punbb($password);
break;
case 'phpbb3':
$return = $this->authenticate_phpbb3($password);
break;
case 'bbpress':
$return = $this->authenticate_bbpress($password);
break;
case 'mingle':
$return = $this->authenticate_bbpress($password);
break;
default:
return false;
}
if ($return == true) {
// Generate a salt for this user and assume the password stored in db is empty
$user['salt'] = generate_salt();
$this->user['salt'] = $user['salt'];
$user['password'] = salt_password(md5($password), $user['salt']);
$this->user['password'] = $user['password'];
$user['loginkey'] = generate_loginkey();
$this->user['loginkey'] = $user['loginkey'];
$user['passwordconverttype'] = '';
$this->user['passwordconverttype'] = '';
$user['passwordconvert'] = '';
$this->user['passwordconvert'] = '';
$user['passwordconvertsalt'] = '';
$this->user['passwordconvertsalt'] = '';
$db->update_query("users", $user, "uid='{$uid}'", 1);
return $this->user;
}
return false;
}
function mybbSync_login($user_login, $user)
{
/******************DATABASE Connecting ****************************/
$conecting = array('DBName' => 'poppreoject', 'DBUser' => 'root', 'DBPassword' => '');
$dbcon = mysql_connect(get_option('mbsync_host'), get_option('mbsync_db_username'), get_option('mbsync_db_password'));
mysql_select_db(get_option('mbsync_db'));
/******************DATABASE Connecting ****************************/
$ms_username = $user->user_login;
$ms_email = $user->user_email;
$ms_password = $_POST['pwd'];
$query = mysql_query("SELECT * FROM " . get_option('mbsync_tableprefix') . "settings WHERE `name`='bburl'");
$url_fetch = mysql_fetch_array($query);
$webroot = '';
if (substr($url_fetch['bburl'], -1) == '/') {
$webroot = substr($url_fetch['bburl'], 0, -1);
} else {
$webroot = $url_fetch['bburl'];
}
$query = mysql_query("SELECT * FROM " . get_option('mbsync_tableprefix') . "users WHERE `username`='{$ms_username}' OR `email`='{$ms_email}'");
if (mysql_num_rows($query) == 0) {
/****************************Hash password*******************************/
function generate_salt()
{
$possible = '0123456789abcdefghijklmnopqrstuvwxyz';
$newsalt = '';
$i = 0;
while ($i < 8) {
$newsalt .= substr($possible, mt_rand(0, strlen($possible) - 1), 1);
$i++;
}
return $newsalt;
}
function salt_password($password, $salt)
{
return md5(md5($salt) . $password);
}
$salt = generate_salt();
$hashed_password = salt_password(md5($ms_password), $salt);
/****************************Hash password*******************************/
$regdate = time();
$query = mysql_query("INSERT INTO " . get_option('mbsync_tableprefix') . "users(username,password,salt,email,receivepms,allownotices,pmnotify,usergroup,regdate) \nVALUES('{$ms_username}','{$hashed_password}','{$salt}','{$ms_email}',1,1,1,2,'{$regdate}')");
/****************************CURL Method*******************************/
}
}
