function mob_update_password($rpcmsg)
{
global $txt, $modSettings;
global $cookiename, $context;
global $sourcedir, $scripturl, $db_prefix;
global $ID_MEMBER, $user_info;
global $newpassemail, $user_profile, $validationCode;
loadLanguage('Profile');
// Start with no updates and no errors.
$profile_vars = array();
$post_errors = array();
$good_password = false;
// reset directly with tapatalk id credential
if ($rpcmsg->getParam(2)) {
$_POST['passwrd1'] = $rpcmsg->getParam(0) ? $rpcmsg->getScalarValParam(0) : '';
$_POST['passwrd1'] = utf8ToAscii($_POST['passwrd1']);
$token = $rpcmsg->getParam(1) ? $rpcmsg->getScalarValParam(1) : '';
$code = $rpcmsg->getParam(2) ? $rpcmsg->getScalarValParam(2) : '';
// verify Tapatalk Authorization
if ($token && $code) {
$ttid = TapatalkSsoVerification($token, $code);
if ($ttid && $ttid->result) {
$tapatalk_id_email = $ttid->email;
if (empty($ID_MEMBER) && ($ID_MEMBER = emailExists($tapatalk_id_email))) {
loadMemberData($ID_MEMBER, false, 'profile');
$user_info = $user_profile[$ID_MEMBER];
$user_info['is_guest'] = false;
$user_info['is_admin'] = $user_info['id_group'] == 1 || in_array(1, explode(',', $user_info['additionalGroups']));
$user_info['id'] = $ID_MEMBER;
if (empty($user_info['additionalGroups'])) {
$user_info['groups'] = array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']);
} else {
$user_info['groups'] = array_merge(array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']), explode(',', $user_info['additionalGroups']));
}
$user_info['groups'] = array_unique(array_map('intval', $user_info['groups']));
loadPermissions();
}
if (strtolower($user_info['emailAddress']) == strtolower($tapatalk_id_email) && $user_info['ID_GROUP'] != 1) {
$good_password = true;
}
}
}
if (!$good_password) {
get_error('Failed to update password');
}
} else {
$_POST['oldpasswrd'] = $rpcmsg->getParam(0) ? $rpcmsg->getScalarValParam(0) : '';
$_POST['passwrd1'] = $rpcmsg->getParam(1) ? $rpcmsg->getScalarValParam(1) : '';
$_POST['passwrd1'] = utf8ToAscii($_POST['passwrd1']);
}
// Clean up the POST variables.
$_POST = htmltrim__recursive($_POST);
$_POST = stripslashes__recursive($_POST);
$_POST = htmlspecialchars__recursive($_POST);
$_POST = addslashes__recursive($_POST);
$memberResult = loadMemberData($ID_MEMBER, false, 'profile');
if (!is_array($memberResult)) {
fatal_lang_error(453, false);
}
$memID = $ID_MEMBER;
$context['user']['is_owner'] = true;
isAllowedTo(array('manage_membergroups', 'profile_identity_any', 'profile_identity_own'));
// You didn't even enter a password!
if (trim($_POST['oldpasswrd']) == '' && !$good_password) {
fatal_error($txt['profile_error_no_password']);
}
// Since the password got modified due to all the $_POST cleaning, lets undo it so we can get the correct password
$_POST['oldpasswrd'] = addslashes(un_htmlspecialchars(stripslashes($_POST['oldpasswrd'])));
// Does the integration want to check passwords?
if (isset($modSettings['integrate_verify_password']) && function_exists($modSettings['integrate_verify_password'])) {
if (call_user_func($modSettings['integrate_verify_password'], $user_profile[$memID]['memberName'], $_POST['oldpasswrd'], false) === true) {
$good_password = true;
}
}
// Bad password!!!
if (!$good_password && $user_info['passwd'] != sha1(strtolower($user_profile[$memID]['memberName']) . $_POST['oldpasswrd'])) {
fatal_error($txt['profile_error_bad_password']);
}
// Let's get the validation function into play...
require_once $sourcedir . '/Subs-Auth.php';
$passwordErrors = validatePassword($_POST['passwrd1'], $user_info['username'], array($user_info['name'], $user_info['email']));
// Were there errors?
if ($passwordErrors != null) {
fatal_error($txt['profile_error_password_' . $passwordErrors]);
}
// Set up the new password variable... ready for storage.
$profile_vars['passwd'] = '\'' . sha1(strtolower($user_profile[$memID]['memberName']) . un_htmlspecialchars(stripslashes($_POST['passwrd1']))) . '\'';
// If we've changed the password, notify any integration that may be listening in.
if (isset($modSettings['integrate_reset_pass']) && function_exists($modSettings['integrate_reset_pass'])) {
call_user_func($modSettings['integrate_reset_pass'], $user_profile[$memID]['memberName'], $user_profile[$memID]['memberName'], $_POST['passwrd1']);
}
updateMemberData($memID, $profile_vars);
require_once $sourcedir . '/Subs-Auth.php';
setLoginCookie(60 * $modSettings['cookieTime'], $memID, sha1(sha1(strtolower($user_profile[$memID]['memberName']) . un_htmlspecialchars(stripslashes($_POST['passwrd1']))) . $user_profile[$memID]['passwordSalt']));
$response = array('result' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval('', 'base64'));
return new xmlrpcresp(new xmlrpcval($response, 'struct'));
}
function method_sign_in()
{
global $db_prefix, $context, $user_profile, $modSettings, $register, $sourcedir, $user_info, $boardurl, $txt;
require_once $sourcedir . '/Register.php';
require_once $sourcedir . '/Subs-Members.php';
require_once $sourcedir . '/Subs-Auth.php';
$token = $context['mob_request']['params'][0][0];
$code = $context['mob_request']['params'][1][0];
$email = isset($context['mob_request']['params'][2][0]) ? base64_decode($context['mob_request']['params'][2][0]) : '';
$username = isset($context['mob_request']['params'][3][0]) ? base64_decode($context['mob_request']['params'][3][0]) : '';
$password = isset($context['mob_request']['params'][4][0]) ? base64_decode($context['mob_request']['params'][4][0]) : '';
// verify tapatalk token and code first
$ttid = TapatalkSsoVerification($token, $code);
if (empty($ttid)) {
get_error('Tapatalk authorization verify failed, please login with your username and password.');
}
$tapatalk_id_email = $ttid->email;
$result_status = true;
$register = false;
$result_text = '';
if (!$ttid->result || empty($tapatalk_id_email)) {
get_error($ttid->result_text ? $ttid->result_text : 'Tapatalk authorization verify failed, please login with your username and password');
}
// sign in with email or register an account
$login_id = emailExists($tapatalk_id_email);
if (empty($login_id)) {
if (empty($username)) {
get_error('Invalid Parameters', 2);
} else {
if (isReservedName($username, 0, true, false)) {
get_error($txt[473], 1);
} else {
if (empty($password)) {
$password = tt_generatePassword();
}
$_POST['user'] = $username;
$_POST['email'] = $tapatalk_id_email;
$_POST['passwrd1'] = $password;
$_POST['passwrd2'] = $password;
$_POST['regagree'] = 'on';
$_POST['regSubmit'] = 'Register';
$_POST['skip_coppa'] = 1;
$_SESSION['old_url'] = $boardurl;
$modSettings['disable_visual_verification'] = 1;
$modSettings['recaptcha_enabled'] = 0;
$modSettings['recaptcha_enable'] = 0;
$modSettings['captchaenable'] = 0;
// compatibility with old CAPTCHA Mod
$modSettings['anti_spam_ver_enable'] = false;
if ($modSettings['registration_method'] == 1) {
$modSettings['registration_method'] = 0;
}
$login_id = Register2();
$register = true;
$result_status = $modSettings['registration_method'] == 2 ? false : true;
$result_text = $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : '';
if (empty($login_id)) {
get_error('Register failed');
}
}
}
}
// do login
if ($login_id) {
$request = db_query("\n SELECT passwd, ID_MEMBER AS id_member, is_activated, ID_GROUP AS id_group, emailAddress AS email_address, additionalGroups AS additional_groups, memberName AS member_name,\n passwordSalt AS password_salt, ID_POST_GROUP\n FROM {$db_prefix}members\n WHERE ID_MEMBER = '{$login_id}'\n ", __FILE__, __LINE__);
$user = mysql_fetch_assoc($request);
if ($user['is_activated'] == 3 && !$register) {
fatal_lang_error('still_awaiting_approval');
}
// Set the login cookie
setLoginCookie(60 * $modSettings['cookieTime'], $login_id, sha1($user['passwd'] . $user['password_salt']));
loadMemberData($user['id_member'], false, 'profile');
$user_info = $user_profile[$user['id_member']];
$user_info['is_guest'] = false;
$user_info['is_admin'] = $user['id_group'] == 1 || in_array(1, explode(',', $user['additional_groups']));
$user_info['id'] = $user['id_member'];
if (empty($user_info['additionalGroups'])) {
$user_info['groups'] = array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']);
} else {
$user_info['groups'] = array_merge(array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']), explode(',', $user_info['additionalGroups']));
}
$user_info['groups'] = array_unique(array_map('intval', $user_info['groups']));
// Banned?
is_not_banned(true);
// Don't stick the language or theme after this point.
unset($_SESSION['language']);
unset($_SESSION['ID_THEME']);
// You've logged in, haven't you?
updateMemberData($user_info['id'], array('lastLogin' => time(), 'memberIP' => '\'' . $user_info['ip'] . '\'', 'memberIP2' => '\'' . $_SERVER['BAN_CHECK_IP'] . '\''));
// Get rid of the online entry for that old guest....
db_query("\n DELETE FROM {$db_prefix}log_online\n WHERE session = 'ip{$user_info['ip']}'\n LIMIT 1", __FILE__, __LINE__);
$_SESSION['log_time'] = 0;
loadPermissions();
update_push();
// We got this far? return a positive response....
outputRPCLogin($result_status, $result_text);
} else {
get_error('Sign In Failed');
}
}
