/** * check id pwd * @param String $id * @param String $pwd * @param String $md5 * @param String $ip * @return {v:true|false,pwd:} */ public function sys_checkpwd() { @($id = trim($this->params['url']['id'])); @($pwd = rawurldecode($this->params['url']['pwd'])); @($md5 = intval(trim($this->params['url']['md5']))); @($ip = trim($this->params['url']['ip'])); $md5 = $md5 == 1 ? true : false; $this->ByrSession->from = $ip == "" ? "0.0.0.0" : $ip; if ($md5) { if (Configure::read("cookie.encryption")) { $pwd = $this->ByrSession->decrypt($pwd); } $pwd = base64_decode($pwd); } $ret = array(); if (Forum::checkPwd($id, $pwd, $md5, true)) { $ret['v'] = true; $pwd = base64_encode(User::getInstance($id)->md5passwd); if (Configure::read("cookie.encryption")) { $pwd = $this->ByrSession->encrypt($pwd); } $ret['pwd'] = rawurlencode($pwd); } else { $ret['v'] = false; } echo BYRJSON::encode($ret); }
public static function getCurrentUser() { if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) { header('WWW-Authenticate: Basic realm="nForum API"'); header('HTTP/1.0 401 Unauthorized'); exit; } $id = trim($_SERVER['PHP_AUTH_USER']); $pwd = $_SERVER['PHP_AUTH_PW']; if (strtolower($id) === 'guest' || Forum::checkPwd($id, $pwd, false, true)) { return $id; } return false; }
public function ajax_passwd() { if (!$this->RequestHandler->isPost()) { $this->error(ECode::$SYS_REQUESTERROR); } $this->requestLogin(); $u = User::getInstance(); if (isset($this->params['form']['name'])) { $name = $this->params['form']['name']; $name = nforum_iconv('UTF-8', $this->encoding, $name); //0 means modify forever if ($u->setName($name)) { $ret['ajax_code'] = ECode::$USER_NAMEOK; $this->set('no_html_data', $ret); } else { $this->error(ECode::$USER_NAMEERROR); } } else { if (isset($this->params['form']['pold']) && isset($this->params['form']['pnew1']) && isset($this->params['form']['pnew2'])) { $old = $this->params['form']['pold']; $new1 = $this->params['form']['pnew1']; $new2 = $this->params['form']['pnew2']; if ($new1 !== $new2) { $this->error(ECode::$USER_PWDERROR); } if (!Forum::checkPwd($u->userid, $old, false, false)) { $this->error(ECode::$USER_OLDPWDERROR); } if (!$u->setPwd($new1)) { $this->error(ECode::$USER_PWDERROR); } $ret['ajax_code'] = ECode::$USER_PWDOK; $this->set('no_html_data', $ret); } } }
public function login($id, $pwd, $md5 = true, $cookieTime = null) { if ($this->isLogin || $this->isGuest) { Forum::kickUser(); } $ret = Forum::checkBanIP($id, $this->from); switch ($ret) { case 1: throw new LoginException(ECode::$LOGIN_IPBAN); break; case 2: throw new LoginException(ECode::$LOGIN_EPOS); break; case 3: throw new LoginException(ECode::$LOGIN_ERROR); break; } if ($id != 'guest' && !Forum::checkPwd($id, $pwd, $md5, true)) { throw new LoginException(ECode::$LOGIN_ERROR); } $ret = Forum::setUser(true); switch ($ret) { case -1: throw new LoginException(ECode::$LOGIN_MULLOGIN); case 1: throw new LoginException(ECode::$LOGIN_MAX); case 3: throw new LoginException(ECode::$LOGIN_IDBAN); case 4: throw new LoginException(ECode::$LOGIN_IPBAN); case 5: throw new LoginException(ECode::$LOGIN_FREQUENT); case 7: throw new LoginException(ECode::$LOGIN_NOPOS); } User::update(); $u = User::getInstance(); $utmpkey = $u->utmpkey; $pass = base64_encode($u->md5passwd); if (Configure::read("cookie.encryption")) { $utmpkey = $this->encrypt($utmpkey); $pass = $this->encrypt($pass); } $this->isLogin = true; $this->Cookie->write("UTMPUSERID", $u->userid, false, $cookieTime); $this->Cookie->write("UTMPKEY", $utmpkey, false); $this->Cookie->write("UTMPNUM", $u->index, false); $this->Cookie->write("PASSWORD", $pass, false, $cookieTime); }