Example #1
0
function login_dologin($username, $password, $options = array())
{
    $ghost = isset($options['ghost']) && $options['ghost'] == true;
    if (strtolower($username) == 'borttagen') {
        header('Location: http://disneyworld.disney.go.com/wdw/index?bhcp=1');
        exit;
    }
    if ($ghost) {
        $query = 'SELECT id, lastaction, lastlogon, session_id FROM login WHERE username = "******" LIMIT 1';
        $loginquery = mysql_query($query) or report_sql_error($query);
    } elseif ($username && $password) {
        $password = utf8_decode($password);
        // Test for SHA1 with hash
        $query = 'SELECT id, lastaction, lastlogon, session_id FROM login WHERE username = "******" AND password_hash = "' . sha1($password . PASSWORD_SALT) . '" LIMIT 1';
        $loginquery = mysql_query($query) or report_sql_error($query);
        if (mysql_num_rows($loginquery) == 0) {
            // SHA1 not found, try the old MD5
            $md5_query = 'SELECT id FROM login WHERE username = "******" AND password = "******" LIMIT 1';
            $md5_result = mysql_query($md5_query) or report_sql_error($md5_query);
            if (mysql_num_rows($md5_result) == 1) {
                // MD5 found, update to SHA1
                $data = mysql_fetch_assoc($md5_result);
                $md5_to_sha1_query = 'UPDATE login SET password = "", password_hash = "' . sha1($password . PASSWORD_SALT) . '" WHERE id = "' . $data['id'] . '" LIMIT 1';
                mysql_query($md5_to_sha1_query);
                // Load data using the SHA1-hash
                $query = 'SELECT id, lastaction, lastlogon, session_id FROM login WHERE username = "******" AND password_hash = "' . sha1($password . PASSWORD_SALT) . '" LIMIT 1';
                $loginquery = mysql_query($query) or die('Query failed: ' . mysql_error());
            }
        }
    } else {
        return 2;
    }
    if (mysql_num_rows($loginquery) > 0) {
        $tempdata = mysql_fetch_assoc($loginquery);
        if ($tempdata['lastlogon'] < strtotime(date('Y-m-d'))) {
            event_log_log('user_unique_log_on');
        }
        if ($tempdata['lastaction'] > time() - 600 && false) {
            $old_session = session_load($tempdata['session_id']);
            session_destroy();
            session_id($tempdata['session_id']);
            session_start();
            $_SESSION = $old_session;
            if (isset($_SESSION['login']['id'])) {
                if ($ghost) {
                    $_SESSION['ghost'] = true;
                }
                return true;
            }
        }
        if ($ghost) {
            $_SESSION['ghost'] = true;
        }
        $uid = $tempdata['id'];
        $ip = $_SERVER['REMOTE_ADDR'];
        $_SESSION['cache']['lastupdate'] = 0;
        $_SESSION['userid'] = $uid;
        $_SESSION['login']['id'] = $uid;
        $guestbook_sql = 'SELECT COUNT(id) AS unread FROM traffa_guestbooks WHERE recipient = ' . $_SESSION['login']['id'] . ' AND `read` =  0 AND deleted = 0';
        $guestbook_result = mysql_query($guestbook_sql) or die('Ett fel inträffade!' . mysql_error() . $guestbook_sql);
        $guestbook_data = mysql_fetch_assoc($guestbook_result);
        $_SESSION['notices']['unread_gb_entries'] = $guestbook_data['unread'];
        require_once $hp_includepath . 'message-functions.php';
        $message_status = messages_count_unread($_SESSION['login']['id']);
        $_SESSION['notices']['unread_messages'] = $message_status;
        $fetch['login'] = array('id', 'lastlogon', 'username', 'password_hash', 'userlevel', 'regtimestamp', 'lastusernamechange', 'session_id', 'lastaction', 'lastip', 'regip', 'quality_level', 'quality_level_expire');
        $fetch['preferences'] = array('bubblemessage_visitors', 'allow_hotmessages', 'activate_current_action', 'enable_hetluft', 'randomizer', 'left_login_module', 'enable_shoutbox', 'module_states', 'module_order', 'forum_enable_smilies', 'forum_subscribe_on_create', 'forum_subscribe_on_post');
        $fetch['traffa'] = array('firstname', 'profile_modules');
        $fetch['userinfo'] = array('contact1', 'contact2', 'gender', 'birthday', 'image', 'image_ban_expire', 'forum_signature', 'zip_code', 'forum_quality_rank', 'parlino_activated', 'cell_phone', 'firstname', 'surname', 'email', 'streetaddress', 'msn', 'visible_level', 'phone_ov', 'user_status', 'gbrss');
        $userinfo = login_load_user_data($uid, $fetch, __FILE__, __LINE__);
        $_SESSION = array_merge($_SESSION, $userinfo);
        //				$_SESSION['preferences']['forum_favourite_categories'] = unserialize($_SESSION['preferences']['forum_favourite_categories']);
        $_SESSION['module_states'] = unserialize($_SESSION['preferences']['module_states']);
        $_SESSION['module_order'] = explode('|', $_SESSION['preferences']['module_order']);
        /* Notes in the note-module */
        $query = 'SELECT text FROM notes WHERE id = "' . $_SESSION['login']['id'] . '" LIMIT 1';
        $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
        $data = mysql_fetch_assoc($result);
        $_SESSION['note'] = $data['text'];
        /* groups-start-here */
        $group_data['groups_members'] = array('groupid');
        $groups = login_load_group_data($uid, $group_data);
        $_SESSION = array_merge($_SESSION, $groups);
        if (!$ghost) {
            $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
        }
        /* Friends start here */
        $options['user_id'] = $_SESSION['login']['id'];
        $_SESSION['friends'] = friends_fetch_online_smart($options);
        $query = 'SELECT DISTINCT(uel.remote_user_id) AS id, uel.timestamp, l.username ';
        $query .= 'FROM user_event_log AS uel, login AS l, userinfo AS u';
        $query .= ' WHERE uel.action = "profile_visit" AND uel.user = "******" AND l.id = uel.remote_user_id AND (u.image = 1 OR u.image = 2) AND u.userid = uel.remote_user_id';
        $query .= ' GROUP BY uel.remote_user_id ORDER BY timestamp DESC LIMIT 8';
        $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
        while ($data = mysql_fetch_assoc($result)) {
            $_SESSION['visitors_with_image'][] = $data;
        }
        /* Fetch the latest posts, the posts antiflood system will use this */
        $query = 'SELECT MD5(content), timestamp FROM posts WHERE author = "' . $_SESSION['login']['id'] . '" ORDER BY id DESC LIMIT 50';
        $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
        while ($data = mysql_fetch_assoc($result)) {
            $_SESSION['posts']['latest'][] = $data;
        }
        /* Fetch privilegies */
        $query = 'SELECT privilegie, value FROM privilegies WHERE user = "******"';
        $result = mysql_query($query);
        while ($data = mysql_fetch_assoc($result)) {
            $_SESSION['privilegies'][$data['privilegie']][is_numeric($data['value']) ? intval($data['value']) : $data['value']] = true;
        }
        /* Log the logon to database */
        $query = 'INSERT INTO login_log (user_id, logon_time, impressions, ip, ghost) VALUES(' . $_SESSION['login']['id'] . ', ' . time();
        $query .= ', 0, ' . ip2long($_SERVER['REMOTE_ADDR']) . ', "' . ($ghost ? 'YES' : 'NO') . '")';
        mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
        if (!$ghost) {
            $sql = 'UPDATE login SET lastlogon = ' . time() . ', lastip = "' . $ip . '", session_id = "' . session_id() . '" WHERE id = "' . $uid . '" LIMIT 1';
            mysql_query($sql) or die('Query failed: ' . mysql_error());
            $_SESSION['login']['lastlogon'] = time();
        }
        /* Cache some info about the users visits to categories. This is used to calculate new threads and category-subscriptions */
        $query = 'SELECT * FROM forum_category_visits WHERE user_id = "' . $_SESSION['login']['id'] . '"';
        $result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
        while ($data = mysql_fetch_assoc($result)) {
            $_SESSION['forum']['categories'][$data['category_id']] = $data;
        }
        return 1;
    } else {
        return 0;
    }
}
Example #2
0
function login_dologin($options)
{
    if (!isset($options['method'])) {
        throw new Exception('No login method specified.');
    }
    if (isset($options['username']) && strtolower($options['username']) == 'borttagen') {
        header('Location: http://disneyworld.disney.go.com/wdw/index?bhcp=1');
        throw new Exception('Username CANNOT be "borttagen"!');
    }
    $query = 'SELECT id FROM login WHERE is_removed = 0';
    switch ($options['method']) {
        case 'ghost':
            if (isset($options['username'])) {
                $query .= ' AND username = "******"';
            } else {
                throw new Exception('No username was set!');
            }
            break;
        case 'username_and_password':
            if (isset($options['username']) && isset($options['password'])) {
                $options['password'] = utf8_decode($options['password']);
                $query .= ' AND password_version = 4 AND username = "******" AND password = "******"';
            } else {
                throw new Exception('No username or password was set!');
            }
            break;
        default:
            throw new Exception('Invalid login method.');
    }
    $query .= ' LIMIT 1';
    $result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
    if (mysql_num_rows($result) > 0) {
        $data = mysql_fetch_assoc($result);
        $user_id = $data['id'];
        // * Fetch neccessary data from login, userinfo, preferences and traffa-tables and unserialize...
        $_SESSION = array_merge($_SESSION, login_load_user_data($user_id, array('login' => array('id', 'lastlogon', 'username', 'password', 'userlevel', 'regtimestamp', 'lastusernamechange', 'session_id', 'lastaction', 'lastip', 'regip', 'quality_level', 'quality_level_expire'), 'userinfo' => array('contact1', 'contact2', 'gender', 'birthday', 'image', 'image_ban_expire', 'forum_signature', 'zip_code', 'forum_quality_rank', 'parlino_activated', 'cell_phone', 'firstname', 'surname', 'email', 'streetaddress', 'msn', 'visible_level', 'phone_ov', 'user_status', 'gbrss'), 'preferences' => array('bubblemessage_visitors', 'allow_hotmessages', 'activate_current_action', 'enable_hetluft', 'randomizer', 'left_login_module', 'enable_shoutbox', 'module_states', 'module_order', 'forum_enable_smilies', 'forum_subscribe_on_create', 'forum_subscribe_on_post', 'gb_anti_p12'), 'traffa' => array('firstname', 'profile_modules')), __FILE__, __LINE__));
        $_SESSION['module_states'] = unserialize($_SESSION['preferences']['module_states']);
        $_SESSION['module_order'] = unserialize($_SESSION['preferences']['module_order']);
        //$_SESSION['preferences']['forum_favourite_categories'] = unserialize($_SESSION['preferences']['forum_favourite_categories']);
        // * Update fields in logon related to the login...
        if ($options['method'] != 'ghost') {
            $login_time = time();
            $query = 'UPDATE login SET lastlogon = ' . $login_time . ', lastip = "' . $_SERVER['REMOTE_ADDR'] . '", session_id = "' . session_id() . '" WHERE id = "' . $user_id . '" LIMIT 1';
            mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
            $_SESSION['login']['lastlogon'] = $login_time;
            $_SESSION['login']['lastip'] = $_SERVER['REMOTE_ADDR'];
            $_SESSION['login']['session_id'] = session_id();
            event_log_log('user_log_on');
            if ($_SESSION['login']['lastlogon'] < strtotime(date('Y-m-d'))) {
                event_log_log('user_unique_log_on');
            }
        }
        // * Set some special/initial parametrers...
        $_SESSION['cache']['lastupdate'] = 0;
        switch ($options['method']) {
            case 'ghost':
                $_SESSION['ghost'] = true;
                break;
            case 'username_and_password':
                $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
                $_SESSION['login']['lastlogon'] = time();
                break;
        }
        // * Fetch guestbook notices...
        $guestbook_query = 'SELECT COUNT(id) AS unread FROM traffa_guestbooks WHERE recipient = ' . $user_id . ' AND `read` =  0 AND deleted = 0';
        $guestbook_result = mysql_query($guestbook_query) or report_sql_error($guestbook_query, __FILE__, __LINE__);
        $guestbook_data = mysql_fetch_assoc($guestbook_result);
        $_SESSION['notices']['unread_gb_entries'] = $guestbook_data['unread'];
        // * Fetch group notices...
        $_SESSION = array_merge($_SESSION, login_load_group_data($user_id, array('groups_members' => array('groupid'))));
        // * Fetch friends notices...
        $_SESSION['friends'] = friends_fetch_online_smart(array('user_id' => $user_id));
        // * Fetch visitors from "my visitors"
        $query = 'SELECT DISTINCT(uel.remote_user_id) AS id, uel.timestamp, l.username';
        $query .= ' FROM user_event_log AS uel, login AS l, userinfo AS u';
        $query .= ' WHERE uel.action = "profile_visit" AND uel.user = "******" AND l.id = uel.remote_user_id AND (u.image = 1 OR u.image = 2) AND u.userid = uel.remote_user_id';
        $query .= ' GROUP BY uel.remote_user_id ORDER BY timestamp DESC LIMIT 8';
        $result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
        $_SESSION['visitors_with_image'] = array();
        while ($data = mysql_fetch_assoc($result)) {
            $_SESSION['visitors_with_image'][] = $data;
        }
        // * Fetch privilegies...
        $query = 'SELECT privilegie, value FROM privilegies WHERE user = "******"';
        $result = mysql_query($query);
        while ($data = mysql_fetch_assoc($result)) {
            $_SESSION['privilegies'][$data['privilegie']][is_numeric($data['value']) ? intval($data['value']) : $data['value']] = true;
        }
        // * Log the logon to the database...
        $query = 'INSERT INTO login_log (user_id, logon_time, impressions, ip, ghost)';
        $query .= ' VALUES(' . $user_id . ', ' . time() . ', 0, ' . ip2long($_SERVER['REMOTE_ADDR']) . ', "' . ($options['method'] == 'ghost' ? 'YES' : 'NO') . '")';
        mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
        // * Cache some info about the users visits to categories. This is used to calculate new threads and category-subscriptions
        $query = 'SELECT * FROM forum_category_visits WHERE user_id = "' . $user_id . '"';
        $result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
        while ($data = mysql_fetch_assoc($result)) {
            $_SESSION['forum']['categories'][$data['category_id']] = $data;
        }
    } else {
        if ($options['method'] == 'username_and_password') {
            $query = 'SELECT id FROM login WHERE password_version = 3 AND username = "******" AND password = "******" LIMIT 1';
            $result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
            if (mysql_num_rows($result) == 1) {
                throw new Exception('<h2>Du använder ett lösenord baserat på det gamla lösenordssystemet. Av säkerhetsskäl måste du byta, det gör du <a href="/installningar/renew_password.php" style="font-weight: bold">på den här sidan &raquo;</a></h2>');
            } else {
                throw new Exception('Det gick inte att logga in med de uppgifter du angav. Detta beror antingen på att du inte angivit korrekt användarnamn och lösenord, eller att användarnamnet inte finns.<br /><br />Har du glömt ditt lösenord? Då finns det inte mycket att göra :(');
            }
        } else {
            throw new Exception('Login failed: User not found or password incorrect.');
        }
    }
}
<?php

//require_once('../libraries/friends.lib.php');
if ($_SESSION['friends_lastupdate'] < time() - 60) {
    unset($_SESSION['friends']);
    $options['user_id'] = $_SESSION['login']['id'];
    $_SESSION['friends'] = friends_fetch_online_smart($options);
    $_SESSION['friends_lastupdate'] = time();
}
$friends = $_SESSION['friends'];
$options['output'] .= '					<ul>' . "\n";
foreach ($friends as $friend) {
    $friend_status = mb_strlen($friend['user_status'], 'UTF8') > 17 ? mb_substr($friend['user_status'], 0, 14, 'UTF8') . '...' : $friend['user_status'];
    $options['output'] .= '						<li><a class="ui_business_card" href="/traffa/profile.php?user_id=' . $friend['user_id'] . '"><img src="http://images.hamsterpaj.net/famfamfam_icons/status_online.png" /></a> <a href="/traffa/profile.php?user_id=' . $friend['user_id'] . '">' . $friend['username'] . '</a> - <span title="' . (strlen(trim($friend['user_status'])) > 0 ? $friend['user_status'] : 'Ingen status') . '">' . (strlen(trim($friend['user_status'])) > 0 ? $friend_status : 'Ingen status') . '</span></li>' . "\n";
}
$options['output'] .= '					</ul>' . "\n";
$options['output'] .= '					<p><a href="/traffa/friends.php">Visa alla vänner &raquo;</a></p>' . "\n";