function login_func($xmlrpc_params)
{
global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $mobiquo_config, $user, $register;
$lang->load("member");
$input = Tapatalk_Input::filterXmlInput(array('username' => Tapatalk_Input::STRING, 'password' => Tapatalk_Input::STRING, 'anonymous' => Tapatalk_Input::INT, 'push' => Tapatalk_Input::STRING), $xmlrpc_params);
$logins = login_attempt_check(1);
$login_text = '';
if (!username_exists($input['username'])) {
my_setcookie('loginattempts', $logins + 1);
$status = 2;
$response = new xmlrpcval(array('result' => new xmlrpcval(0, 'boolean'), 'result_text' => new xmlrpcval(strip_tags($lang->error_invalidpworusername), 'base64'), 'status' => new xmlrpcval($status, 'string')), 'struct');
return new xmlrpcresp($response);
}
$query = $db->simple_select("users", "loginattempts", "LOWER(username)='" . my_strtolower($input['username_esc']) . "'", array('limit' => 1));
$loginattempts = $db->fetch_field($query, "loginattempts");
$errors = array();
$user = validate_password_from_username($input['username'], $input['password']);
$correct = false;
if (!$user['uid']) {
if (validate_email_format($input['username'])) {
$mybb->settings['username_method'] = 1;
$user = validate_password_from_username($input['username'], $input['password']);
}
if (!$user['uid']) {
my_setcookie('loginattempts', $logins + 1);
$db->update_query("users", array('loginattempts' => 'loginattempts+1'), "LOWER(username) = '" . my_strtolower($input['username_esc']) . "'", 1, true);
if ($mybb->settings['failedlogincount'] != 0 && $mybb->settings['failedlogintext'] == 1) {
$login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);
}
$errors[] = $lang->error_invalidpworusername . $login_text;
} else {
$correct = true;
}
} else {
$correct = true;
}
if (!empty($errors)) {
return xmlrespfalse(implode(" :: ", $errors));
} else {
if ($correct) {
$register = 0;
return tt_login_success();
}
}
return xmlrespfalse("Invalid login details");
}
redirect("index.php", $lang->redirect_loggedin);
}
}
}
$plugins->run_hooks("member_do_login_end");
}
if ($mybb->input['action'] == "login") {
$plugins->run_hooks("member_login");
$member_loggedin_notice = "";
if ($mybb->user['uid'] != 0) {
$lang->already_logged_in = $lang->sprintf($lang->already_logged_in, build_profile_link($mybb->user['username'], $mybb->user['uid']));
eval("\$member_loggedin_notice = \"" . $templates->get("member_loggedin_notice") . "\";");
}
// Checks to make sure the user can login; they haven't had too many tries at logging in.
// Is a fatal call if user has had too many tries
login_attempt_check();
// Redirect to the page where the user came from, but not if that was the login page.
if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], "action=login") === false) {
$redirect_url = htmlentities($_SERVER['HTTP_REFERER']);
} else {
$redirect_url = '';
}
$captcha = '';
// Show captcha image for guests if enabled and only if we have to do
if ($mybb->settings['captchaimage'] && $do_captcha == true) {
require_once MYBB_ROOT . 'inc/class_captcha.php';
$login_captcha = new captcha(false, "post_captcha");
if ($login_captcha->type == 1) {
if (!$correct) {
$login_captcha->build_captcha();
} else {
$templatelist .= ",index_birthdays_birthday,index_birthdays,index_loginform,index_logoutlink,index_stats,forumbit_depth3,forumbit_depth3_statusicon,index_boardstats";
require_once "./global.php";
require_once MYBB_ROOT . "inc/functions_post.php";
require_once MYBB_ROOT . "inc/functions_forumlist.php";
require_once MYBB_ROOT . "inc/class_parser.php";
$parser = new postParser();
$plugins->run_hooks("index_start");
// Load global language phrases
$lang->load("index");
$logoutlink = $loginform = '';
if ($mybb->user['uid'] != 0) {
eval("\$logoutlink = \"" . $templates->get("index_logoutlink") . "\";");
} else {
//Checks to make sure the user can login; they haven't had too many tries at logging in.
//Function call is not fatal
if (login_attempt_check(false) !== false) {
switch ($mybb->settings['username_method']) {
case 0:
$login_username = $lang->login_username;
break;
case 1:
$login_username = $lang->login_username1;
break;
case 2:
$login_username = $lang->login_username2;
break;
default:
$login_username = $lang->login_username;
break;
}
eval("\$loginform = \"" . $templates->get("index_loginform") . "\";");
/**
* Login procedure for a user + password
* Possible ToDo: Return error messages / array / whatever
*
* @param string $username Username
* @param string $password Password of User
* @return boolean
*/
function login($username, $password, $captcha_hash = '', $captcha_string = '')
{
$this->lang->load('member');
/**
* If we are already logged in, we do not have to perform the login procedure
* However, we can make believe that the login did succeed
* It certainly did a while ago ;)
*/
if ($this->isLoggedIn()) {
return true;
}
// by default, login is good!
$bad_login = false;
/**
* Let's see how many logins we have already tried
*/
$logins = login_attempt_check(NON_FATAL);
// We need a few functions from the user function collection for the login procedur
require_once MYBB_ROOT . 'inc/functions_user.php';
// If the username does not exist, login fails
if (!username_exists($username)) {
my_setcookie('loginattempts', $logins + 1);
return false;
}
/**
* Let's get a database version of the login attempts
* Previous login attempt call relied on cookies
*/
$query = $this->db->simple_select("users", "loginattempts", "LOWER(username)='" . $this->db->escape_string(my_strtolower($username)) . "'", array('limit' => 1));
$loginattempts = $this->db->fetch_field($query, "loginattempts");
// Let's call the handy MyBB validation function and see if we find a user
$user = validate_password_from_username($username, $password);
if (!$user['uid']) {
my_setcookie('loginattempts', $logins + 1);
$this->db->write_query("UPDATE " . TABLE_PREFIX . "users SET `loginattempts` = `loginattempts` + 1 WHERE LOWER(`username`) = '" . $this->db->escape_string(my_strtolower($username)) . "'");
$bad_login = true;
}
/**
* Possible ToDo:
* If we have had more than 3 login attemps a captcha is shown in MyBB
* Maybe provide the same functionality in MyBBIntegrator ?
*/
if ($loginattempts > 3 || intval($mybb->cookies['loginattempts']) > 3) {
// Captcha input is given, let's validate the captcha and see if we can login
if (!empty($captcha_hash) && !empty($captcha_string)) {
if (!$this->validateCaptcha($captcha_hash, $captcha_string) || $bad_login === true) {
return $this->generateCaptcha();
}
} else {
// Show captcha image for guests if enabled
if ($this->mybb->settings['captchaimage'] == 1 && function_exists("imagepng") && !$this->mybb->user['uid']) {
return $this->generateCaptcha();
}
}
} else {
if ($bad_login === true) {
return false;
}
}
// COPPA users always fail :D
if ($user['coppauser']) {
return false;
}
// Reset both login attempts counter (cookie + database)
my_setcookie('loginattempts', 1);
$this->db->update_query("users", array("loginattempts" => 1), "uid='{$user['uid']}'");
// Delete old session entry
$this->db->delete_query("sessions", "ip='" . $this->db->escape_string($this->mybb->session->ipaddress) . "' AND sid != '" . $this->mybb->session->sid . "'");
// Create a new session and save it in the database
$newsession = array("uid" => $user['uid']);
$this->db->update_query("sessions", $newsession, "sid='" . $this->mybb->session->sid . "'");
// Temporarily set the cookie remember option for the login cookies
$this->mybb->user['remember'] = $user['remember'];
// Set essential login cookies
my_setcookie("mybbuser", $user['uid'] . "_" . $user['loginkey'], null, true);
my_setcookie("sid", $this->mybb->session->sid, -1, true);
// If there are hooks defined for the end of the login procedure, call them
$this->plugins->run_hooks("member_do_login_end");
return true;
}
/**
* @param bool $show_login_attempts
*/
function invalid_combination($show_login_attempts = false)
{
global $db, $lang, $mybb;
// Don't show an error when the captcha was wrong!
if (!$this->captcha_verified) {
return;
}
$login_text = '';
if ($show_login_attempts) {
if ($mybb->settings['failedlogincount'] != 0 && $mybb->settings['failedlogintext'] == 1) {
$logins = login_attempt_check(false) + 1;
$login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);
}
}
switch ($mybb->settings['username_method']) {
case 1:
$this->set_error('invalidpwordusernameemail', $login_text);
break;
case 2:
$this->set_error('invalidpwordusernamecombo', $login_text);
break;
default:
$this->set_error('invalidpwordusername', $login_text);
break;
}
}
function loginconvert_convert()
{
global $mybb, $db, $lang, $session, $plugins, $inline_errors, $errors;
if ($mybb->input['action'] != "do_login" || $mybb->request_method != "post") {
return;
}
// Checks to make sure the user can login; they haven't had too many tries at logging in.
// Is a fatal call if user has had too many tries
$logins = login_attempt_check();
$login_text = '';
// Did we come from the quick login form?
if ($mybb->input['quick_login'] == "1" && $mybb->input['quick_password'] && $mybb->input['quick_username']) {
$mybb->input['password'] = $mybb->input['quick_password'];
$mybb->input['username'] = $mybb->input['quick_username'];
}
if (!username_exists($mybb->input['username'])) {
my_setcookie('loginattempts', $logins + 1);
error($lang->error_invalidpworusername . $login_text);
}
$query = $db->simple_select("users", "loginattempts", "LOWER(username)='" . $db->escape_string(my_strtolower($mybb->input['username'])) . "'", array('limit' => 1));
$loginattempts = $db->fetch_field($query, "loginattempts");
$errors = array();
$user = loginconvert_validate_password_from_username($mybb->input['username'], $mybb->input['password']);
if (!$user['uid']) {
my_setcookie('loginattempts', $logins + 1);
$db->write_query("UPDATE " . TABLE_PREFIX . "users SET loginattempts=loginattempts+1 WHERE LOWER(username) = '" . $db->escape_string(my_strtolower($mybb->input['username'])) . "'");
$mybb->input['action'] = "login";
$mybb->input['request_method'] = "get";
if ($mybb->settings['failedlogintext'] == 1) {
$login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);
}
$errors[] = $lang->error_invalidpworusername . $login_text;
} else {
$correct = true;
}
if ($loginattempts > 3 || intval($mybb->cookies['loginattempts']) > 3) {
// Show captcha image for guests if enabled
if ($mybb->settings['captchaimage'] == 1 && function_exists("imagepng") && !$mybb->user['uid']) {
// If previewing a post - check their current captcha input - if correct, hide the captcha input area
if ($mybb->input['imagestring']) {
$imagehash = $db->escape_string($mybb->input['imagehash']);
$imagestring = $db->escape_string($mybb->input['imagestring']);
$query = $db->simple_select("captcha", "*", "imagehash='{$imagehash}' AND imagestring='{$imagestring}'");
$imgcheck = $db->fetch_array($query);
if ($imgcheck['dateline'] > 0) {
$correct = true;
} else {
$db->delete_query("captcha", "imagehash='{$imagehash}'");
$errors[] = $lang->error_regimageinvalid;
}
} else {
if ($mybb->input['quick_login'] == 1 && $mybb->input['quick_password'] && $mybb->input['quick_username']) {
$errors[] = $lang->error_regimagerequired;
} else {
$errors[] = $lang->error_regimagerequired;
}
}
}
$do_captcha = true;
}
if (!empty($errors)) {
$mybb->input['action'] = "login";
$mybb->input['request_method'] = "get";
$inline_errors = inline_error($errors);
} else {
if ($correct) {
if ($user['coppauser']) {
error($lang->error_awaitingcoppa);
}
my_setcookie('loginattempts', 1);
$db->delete_query("sessions", "ip='" . $db->escape_string($session->ipaddress) . "' AND sid != '" . $session->sid . "'");
$newsession = array("uid" => $user['uid']);
$db->update_query("sessions", $newsession, "sid='" . $session->sid . "'");
$db->update_query("users", array("loginattempts" => 1), "uid='{$user['uid']}'");
my_setcookie("mybbuser", $user['uid'] . "_" . $user['loginkey'], null, true);
my_setcookie("sid", $session->sid, -1, true);
$plugins->run_hooks("member_do_login_end");
if ($mybb->input['url'] != "" && my_strpos(basename($mybb->input['url']), 'member.php') === false) {
if ((my_strpos(basename($mybb->input['url']), 'newthread.php') !== false || my_strpos(basename($mybb->input['url']), 'newreply.php') !== false) && my_strpos($mybb->input['url'], '&processed=1') !== false) {
$mybb->input['url'] = str_replace('&processed=1', '', $mybb->input['url']);
}
$mybb->input['url'] = str_replace('&', '&', $mybb->input['url']);
// Redirect to the URL if it is not member.php
redirect(htmlentities($mybb->input['url']), $lang->redirect_loggedin);
} else {
redirect("index.php", $lang->redirect_loggedin);
}
} else {
$mybb->input['action'] = "login";
$mybb->input['request_method'] = "get";
}
}
}
/**
* Login procedure for a user + password
* Possible ToDo: Return error messages / array / whatever
*
* @param string $username Username
* @param string $password Password of User
* @return boolean
*/
public function login($username, $password)
{
$this->plugins->run_hooks("member_do_login_start");
/**
* If we are already logged in, we do not have to perform the login procedure
*/
if ($this->isLoggedIn()) {
return true;
}
// Is a fatal call if user has had too many tries
$errors = array();
$logins = login_attempt_check();
require_once MYBB_ROOT . "inc/datahandlers/login.php";
$loginhandler = new LoginDataHandler("get");
$user = array('username' => $username, 'password' => $password, 'remember' => "yes", 'imagestring' => $captcha_string);
$options = array('fields' => 'loginattempts', 'username_method' => (int) $this->mybb->settings['username_method']);
$user_loginattempts = get_user_by_username($user['username'], $options);
$user['loginattempts'] = (int) $user_loginattempts['loginattempts'];
$loginhandler->set_data($user);
$validated = $loginhandler->validate_login();
if (!$validated) {
$this->mybb->input['action'] = "login";
$this->mybb->request_method = "get";
my_setcookie('loginattempts', $logins + 1);
$this->db->update_query("users", array('loginattempts' => 'loginattempts+1'), "uid='" . (int) $loginhandler->login_data['uid'] . "'", 1, true);
$errors = $loginhandler->get_friendly_errors();
$user['loginattempts'] = (int) $loginhandler->login_data['loginattempts'];
// TODO: Force Captchas
return false;
} else {
if ($validated && $loginhandler->captcha_verified == true) {
// Successful login but requires captcha
if ($loginhandler->login_data['coppauser']) {
//error($this->lang->error_awaitingcoppa);
return false;
}
$loginhandler->complete_login();
$this->plugins->run_hooks("member_do_login_end");
$this->mybb->session->init();
// Saving login data in user, so isLoggedIn works without having to reload the page
//$this->mybb->user = $loginhandler->login_data;
//$this->mybb->user = get_user($loginhandler->login_data['uid']);
// Required to be able to logout immediately after logging in
// This line is located in class_session.php of mybb
//$this->mybb->user['logoutkey'] = md5($this->mybb->user['loginkey']);
}
}
$this->plugins->run_hooks("member_do_login_end");
return true;
}
