$sid = hash_hmac('sha256', $rmdpass . $sys['now'], $cfg['secret_key']); $update_sid = ", user_sid = " . $db->quote($sid) . ", user_sidtime = " . $sys['now']; } else { $update_sid = ''; } if ($validating) { $update_lostpass = '******' . $db->quote(md5(microtime())); } else { $update_lostpass = ''; } $db->query("UPDATE {$db_users} SET user_lastip='{$usr['ip']}', user_lastlog = {$sys['now']}, user_logcount = user_logcount + 1, user_token = '{$token}' {$update_lostpass} {$update_sid} WHERE user_id={$row['user_id']}"); // Hash the sid once more so it can't be faked even if you know user_sid $sid = hash_hmac('sha1', $sid, $cfg['secret_key']); $u = base64_encode($ruserid . ':' . $sid); if ($rremember) { cot_setcookie($sys['site_id'], $u, time() + $cfg['cookielifetime'], $cfg['cookiepath'], $cfg['cookiedomain'], $sys['secure'], true); unset($_SESSION[$sys['site_id']]); } else { $_SESSION[$sys['site_id']] = $u; } /* === Hook === */ foreach (cot_getextplugins('users.auth.check.done') as $pl) { include $pl; } /* ===== */ cot_uriredir_apply($cfg['redirbkonlogin']); cot_uriredir_redirect(empty($redirect) ? cot_url('index') : base64_decode($redirect)); } else { $env['status'] = '401 Unauthorized'; cot_shield_update(7, "Log in"); cot_log("Log in failed, user : " . $rusername, 'usr');
$i18n_locale = $usr['lang']; } if (file_exists($cfg['lang_dir'] . '/' . $i18n_locale)) { // Switch interface language for guests $i18n_fallback = $usr['lang']; if (!$cfg['forcedefaultlang']) { $usr['lang'] = $i18n_locale; $lang = $i18n_locale; } } else { $i18n_locale = $cfg['defaultlang']; } // The flag to omit language parameter $i18n_omit = $cfg['plugin']['i18n']['omitmain'] && $i18n_locale == $i18n_fallback; if (!$i18n_omit) { $cot_url_appendix['l'] = $i18n_locale; } $i18n_notmain = $i18n_locale != $cfg['defaultlang']; list($i18n_read, $i18n_write, $i18n_admin, $i18n_edit) = cot_auth('plug', 'i18n', 'RWA1'); // Remember in cookie if needed if ($cfg['plugin']['i18n']['cookie'] && $i18n_locale !== $_COOKIE['i18n_locale']) { if ($i18n_locale === $cfg['defaultlang'] && isset($_COOKIE['i18n_locale'])) { cot_setcookie('i18n_locale', null, -1); } elseif ($i18n_locale !== $cfg['defaultlang']) { cot_setcookie('i18n_locale', $i18n_locale); } } // SEO fix if ($usr['id'] == 0 && $i18n_notmain && $env['ext'] != 'index') { $sys['noindex'] = true; }
cot_error('aut_emailtooshort', 'ruseremail'); } if ($res > 0) { cot_error('aut_emailalreadyindb', 'ruseremail'); } if (!cot_error_found()) { if (!$cfg['users']['user_email_noprotection']) { $validationkey = md5(microtime()); $db->update($db_users, array('user_email' => $ruseremail, 'user_lostpass' => $validationkey, 'user_maingrp' => '-1', 'user_sid' => $urr['user_maingrp']), "user_id='" . $usr['id'] . "'"); $rsubject = $L['aut_mailnoticetitle']; $ractivate = $cfg['mainurl'] . '/' . cot_url('users', 'm=register&a=validate&v=' . $validationkey, '', true); $rbody = sprintf($L['aut_emailchange'], $usr['name'], $ractivate); $rbody .= "\n\n" . $L['aut_contactadmin']; cot_mail($ruseremail, $rsubject, $rbody); if (cot_import($sys['site_id'], 'COOKIE', 'ALP')) { cot_setcookie($sys['site_id'], '', time() - 63072000, $cfg['cookiepath'], $cfg['cookiedomain'], $sys['secure'], true); } if (!empty($_SESSION[$sys['site_id']])) { session_unset(); session_destroy(); } if (cot_plugin_active('whosonline')) { $db->delete($db_online, "online_ip='{$usr['ip']}'"); } cot_redirect(cot_url('message', 'msg=102', '', true)); } else { $db->update($db_users, array('user_email' => $ruseremail), "user_id='" . $usr['id'] . "'"); } } } if (!cot_error_found()) {
<?php /* ==================== [BEGIN_COT_EXT] Hooks=users.auth.check.done [END_COT_EXT] ==================== */ /** * @package Karma * @author Dr2005alex * @copyright Copyright (c) 2014 Dr2005alex http://mycotonti.ru * @license Distributed under BSD license. */ defined('COT_CODE') or die('Wrong URL.'); if ($cfg['plugin']['karma']['karma_auth'] > 0) { $lastlogtmp = $db->query("SELECT user_karma_auth FROM {$db_users} WHERE user_id= " . $row['user_id'] . " LIMIT 1")->fetch(); $klast = explode(":", $lastlogtmp['user_karma_auth']); $lastlog = $klast[0]; if (!$lastlog || $lastlog && $lastlog + 86400 < $sys['now']) { $karmasave = $sys['now'] . ":" . ($klast[1] + $cfg['plugin']['karma']['karma_auth']) . ":" . ($klast[2] + 1) . ":" . $klast[3]; //$klast[3] - сумма постов $db->query("UPDATE {$db_users} SET user_karma = user_karma + " . $cfg['plugin']['karma']['karma_auth'] . ", user_karma_auth = '" . $karmasave . "' WHERE user_id=" . $row['user_id'] . ""); cot_setcookie("lastauth_karma", $sys['now'], time() + $cfg['cookielifetime'], $cfg['cookiepath'], $cfg['cookiedomain'], $sys['secure'], true); } }