unset($_SESSION[$key]); } $sqlLogin = (get_config('case_insensitive_usernames')) ? "COLLATE utf8_general_ci = ?s" : "COLLATE utf8_bin = ?s"; $myrow = Database::get()->querySingle("SELECT * FROM user WHERE username $sqlLogin", $uname); if (get_config('login_fail_check')) { $r = Database::get()->querySingle("SELECT 1 FROM login_failure WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "' AND COUNT > " . intval(get_config('login_fail_threshold')) . " AND DATE_SUB(CURRENT_TIMESTAMP, interval " . intval(get_config('login_fail_deny_interval')) . " minute) < last_fail"); } if (get_config('login_fail_check') && $r) { $ok = 8; } else { if (in_array($myrow->password, $auth_ids)) { $ok = alt_login($myrow, $uname, $pass); } else { $ok = login($myrow, $uname, $pass); } } if (isset($_SESSION['uid']) && $ok === 1) { Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action) VALUES (?d, ?s, NOW(), 'LOGIN')", intval($_SESSION['uid']), $_SERVER['REMOTE_ADDR']); resetLoginFailure(); session_regenerate_id(); set_session_mvars(); echo session_id(); } else { if ($ok === 4) { increaseLoginFailure();
function process_login() { global $warning, $surname, $givenname, $email, $status, $is_admin, $language, $langInvalidId, $langAccountInactive1, $langAccountInactive2, $langNoCookies, $langEnterPlatform, $urlServer, $langHere, $auth_ids, $inactive_uid, $langTooManyFails; if (isset($_POST['uname'])) { $posted_uname = canonicalize_whitespace($_POST['uname']); } else { $posted_uname = ''; } $pass = isset($_POST['pass']) ? $_POST['pass'] : ''; $auth = get_auth_active_methods(); $is_eclass_unique = is_eclass_unique(); if (isset($_POST['submit'])) { unset($_SESSION['uid']); $auth_allow = 0; if (get_config('login_fail_check')) { $r = Database::get()->querySingle("SELECT 1 FROM login_failure WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "' \n AND COUNT > " . intval(get_config('login_fail_threshold')) . " \n AND DATE_SUB(CURRENT_TIMESTAMP, interval " . intval(get_config('login_fail_deny_interval')) . " minute) < last_fail"); } if (get_config('login_fail_check') && $r) { $auth_allow = 8; } else { $sqlLogin = "******"; if (get_config('case_insensitive_usernames')) { $sqlLogin = "******"; } else { $sqlLogin = "******"; } $myrow = Database::get()->querySingle("SELECT id, surname, givenname, password, username, status, email, lang, verified_mail\n FROM user WHERE username {$sqlLogin}", $posted_uname); //print_r($result); // cas might have alternative authentication defined $exists = 0; if (!isset($_COOKIE) or count($_COOKIE) == 0) { // Disallow login when cookies are disabled $auth_allow = 5; } elseif ($pass === '') { // Disallow login with empty password $auth_allow = 4; } else { if ($myrow) { $exists = 1; if (!empty($auth)) { if (in_array($myrow->password, $auth_ids)) { // alternate methods login $auth_allow = alt_login($myrow, $posted_uname, $pass); } else { // eclass login $auth_allow = login($myrow, $posted_uname, $pass); } } else { $tool_content .= "<br>{$langInvalidAuth}<br>"; } } } if (!$exists and !$auth_allow) { Log::record(0, 0, LOG_LOGIN_FAILURE, array('uname' => $posted_uname, 'pass' => $pass)); $auth_allow = 4; } } if (!isset($_SESSION['uid'])) { switch ($auth_allow) { case 1: $warning .= ""; session_regenerate_id(); break; case 2: $warning .= "<div class='alert alert-warning'>{$langInvalidId}</div>"; break; case 3: $warning .= "<div class='alert alert-warning'>{$langAccountInactive1} " . "<a href='modules/auth/contactadmin.php?userid={$inactive_uid}&h=" . token_generate("userid={$inactive_uid}") . "'>{$langAccountInactive2}</a></div>"; break; case 4: $warning .= "<div class='alert alert-warning'>{$langInvalidId}</div>"; increaseLoginFailure(); break; case 5: $warning .= "<div class='alert alert-warning'>{$langNoCookies}</div>"; break; case 6: $warning .= "<div class='alert alert-warning'>{$langEnterPlatform} <a href='{$urlServer}secure/index.php'>{$langHere}</a></div>"; break; case 7: $warning .= "<div class='alert alert-warning'>{$langEnterPlatform} <a href='{$urlServer}secure/cas.php'>{$langHere}</a></div>"; break; case 8: $warning .= "<div class='alert alert-warning'>{$langTooManyFails}</div>"; break; default: break; } } else { Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action) " . "VALUES ({$_SESSION['uid']}, '{$_SERVER['REMOTE_ADDR']}', NOW(), 'LOGIN')"); if (get_config('email_verification_required') and get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) { $_SESSION['mail_verification_required'] = 1; $next = "modules/auth/mail_verify_change.php"; } elseif (isset($_POST['next'])) { $next = $_POST['next']; } else { $next = ''; } resetLoginFailure(); redirect_to_home_page($next); } } // end of user authentication }
function process_login() { global $warning, $surname, $givenname, $email, $status, $is_admin, $language, $session, $langInvalidId, $langAccountInactive1, $langAccountInactive2, $langNoCookies, $langEnterPlatform, $urlServer, $langHere, $auth_ids, $inactive_uid, $langTooManyFails, $urlAppend; if (isset($_POST['uname'])) { $posted_uname = canonicalize_whitespace($_POST['uname']); } else { $posted_uname = ''; } $pass = isset($_POST['pass']) ? trim($_POST['pass']): ''; $auth = get_auth_active_methods(); if (isset($_POST['submit'])) { unset($_SESSION['uid']); $auth_allow = 0; if (get_config('login_fail_check')) { $r = Database::get()->querySingle("SELECT 1 FROM login_failure WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "' AND COUNT > " . intval(get_config('login_fail_threshold')) . " AND DATE_SUB(CURRENT_TIMESTAMP, interval " . intval(get_config('login_fail_deny_interval')) . " minute) < last_fail"); } if (get_config('login_fail_check') && $r) { $auth_allow = 8; } else { $sqlLogin = "******"; if (get_config('case_insensitive_usernames')) { $sqlLogin = "******"; } else { $sqlLogin = "******"; } $myrow = Database::get()->querySingle("SELECT id, surname, givenname, password, username, status, email, lang, verified_mail FROM user WHERE username $sqlLogin", $posted_uname); $guest_user = get_config('course_guest') != 'off' && $myrow && $myrow->status == USER_GUEST; // cas might have alternative authentication defined $exists = 0; if (!isset($_COOKIE) or count($_COOKIE) == 0) { // Disallow login when cookies are disabled $auth_allow = 5; } elseif ($pass === '' and !$guest_user) { // Disallow login with empty password except for course guest users $auth_allow = 4; } else { if ($myrow) { $exists = 1; if (!empty($auth)) { if (in_array($myrow->password, $auth_ids)) { // alternate methods login $auth_allow = alt_login($myrow, $posted_uname, $pass); } else { // eclass login $auth_allow = login($myrow, $posted_uname, $pass); } } else { $tool_content .= "<br>$langInvalidAuth<br>"; } } } if (!$exists and !$auth_allow) { Log::record(0, 0, LOG_LOGIN_FAILURE, array('uname' => $posted_uname)); $auth_allow = 4; } } $invalidIdMessage = sprintf($langInvalidId, $urlAppend . 'modules/auth/registration.php'); if (!isset($_SESSION['uid'])) { switch ($auth_allow) { case 1: session_regenerate_id(); break; case 2: if (isset($_GET['login_page'])) { Session::flash('login_error', $invalidIdMessage); redirect_to_home_page('main/login_form.php'); } else { $warning .= "<div class='alert alert-warning'>$invalidIdMessage</div>"; } break; case 3: $warning .= "<div class='alert alert-warning'>$langAccountInactive1 " . "<a href='modules/auth/contactadmin.php?userid=$inactive_uid&h=" . token_generate("userid=$inactive_uid") . "'>$langAccountInactive2</a></div>"; break; case 4: if (isset($_GET['login_page'])) { Session::flash('login_error', $invalidIdMessage); redirect_to_home_page('main/login_form.php'); } else { $warning .= "<div class='alert alert-warning'>$invalidIdMessage</div>"; increaseLoginFailure(); } break; case 5: $warning .= "<div class='alert alert-warning'>$langNoCookies</div>"; break; case 6: $warning .= "<div class='alert alert-warning'>$langEnterPlatform <a href='{$urlServer}secure/index.php'>$langHere</a></div>"; break; case 7: $warning .= "<div class='alert alert-warning'>$langEnterPlatform <a href='{$urlServer}modules/auth/cas.php'>$langHere</a></div>"; break; case 8: $warning .= "<div class='alert alert-warning'>$langTooManyFails</div>"; break; default: break; } } else { Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action) " . "VALUES ($_SESSION[uid], '$_SERVER[REMOTE_ADDR]', NOW(), 'LOGIN')"); $session->setLoginTimestamp(); if (get_config('email_verification_required') and get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) { $_SESSION['mail_verification_required'] = 1; $next = 'modules/auth/mail_verify_change.php'; } elseif (isset($_POST['next'])) { $next = $_POST['next']; } else { $next = ''; } resetLoginFailure(); redirect_to_home_page($next); } } // end of user authentication }