function login_func($xmlrpc_params) { global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $mobiquo_config, $user, $register; $lang->load("member"); $input = Tapatalk_Input::filterXmlInput(array('username' => Tapatalk_Input::STRING, 'password' => Tapatalk_Input::STRING, 'anonymous' => Tapatalk_Input::INT, 'push' => Tapatalk_Input::STRING), $xmlrpc_params); $logins = login_attempt_check(1); $login_text = ''; if (!username_exists($input['username'])) { my_setcookie('loginattempts', $logins + 1); $status = 2; $response = new xmlrpcval(array('result' => new xmlrpcval(0, 'boolean'), 'result_text' => new xmlrpcval(strip_tags($lang->error_invalidpworusername), 'base64'), 'status' => new xmlrpcval($status, 'string')), 'struct'); return new xmlrpcresp($response); } $query = $db->simple_select("users", "loginattempts", "LOWER(username)='" . my_strtolower($input['username_esc']) . "'", array('limit' => 1)); $loginattempts = $db->fetch_field($query, "loginattempts"); $errors = array(); $user = validate_password_from_username($input['username'], $input['password']); $correct = false; if (!$user['uid']) { if (validate_email_format($input['username'])) { $mybb->settings['username_method'] = 1; $user = validate_password_from_username($input['username'], $input['password']); } if (!$user['uid']) { my_setcookie('loginattempts', $logins + 1); $db->update_query("users", array('loginattempts' => 'loginattempts+1'), "LOWER(username) = '" . my_strtolower($input['username_esc']) . "'", 1, true); if ($mybb->settings['failedlogincount'] != 0 && $mybb->settings['failedlogintext'] == 1) { $login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins); } $errors[] = $lang->error_invalidpworusername . $login_text; } else { $correct = true; } } else { $correct = true; } if (!empty($errors)) { return xmlrespfalse(implode(" :: ", $errors)); } else { if ($correct) { $register = 0; return tt_login_success(); } } return xmlrespfalse("Invalid login details"); }
redirect("index.php", $lang->redirect_loggedin); } } } $plugins->run_hooks("member_do_login_end"); } if ($mybb->input['action'] == "login") { $plugins->run_hooks("member_login"); $member_loggedin_notice = ""; if ($mybb->user['uid'] != 0) { $lang->already_logged_in = $lang->sprintf($lang->already_logged_in, build_profile_link($mybb->user['username'], $mybb->user['uid'])); eval("\$member_loggedin_notice = \"" . $templates->get("member_loggedin_notice") . "\";"); } // Checks to make sure the user can login; they haven't had too many tries at logging in. // Is a fatal call if user has had too many tries login_attempt_check(); // Redirect to the page where the user came from, but not if that was the login page. if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], "action=login") === false) { $redirect_url = htmlentities($_SERVER['HTTP_REFERER']); } else { $redirect_url = ''; } $captcha = ''; // Show captcha image for guests if enabled and only if we have to do if ($mybb->settings['captchaimage'] && $do_captcha == true) { require_once MYBB_ROOT . 'inc/class_captcha.php'; $login_captcha = new captcha(false, "post_captcha"); if ($login_captcha->type == 1) { if (!$correct) { $login_captcha->build_captcha(); } else {
$templatelist .= ",index_birthdays_birthday,index_birthdays,index_loginform,index_logoutlink,index_stats,forumbit_depth3,forumbit_depth3_statusicon,index_boardstats"; require_once "./global.php"; require_once MYBB_ROOT . "inc/functions_post.php"; require_once MYBB_ROOT . "inc/functions_forumlist.php"; require_once MYBB_ROOT . "inc/class_parser.php"; $parser = new postParser(); $plugins->run_hooks("index_start"); // Load global language phrases $lang->load("index"); $logoutlink = $loginform = ''; if ($mybb->user['uid'] != 0) { eval("\$logoutlink = \"" . $templates->get("index_logoutlink") . "\";"); } else { //Checks to make sure the user can login; they haven't had too many tries at logging in. //Function call is not fatal if (login_attempt_check(false) !== false) { switch ($mybb->settings['username_method']) { case 0: $login_username = $lang->login_username; break; case 1: $login_username = $lang->login_username1; break; case 2: $login_username = $lang->login_username2; break; default: $login_username = $lang->login_username; break; } eval("\$loginform = \"" . $templates->get("index_loginform") . "\";");
/** * Login procedure for a user + password * Possible ToDo: Return error messages / array / whatever * * @param string $username Username * @param string $password Password of User * @return boolean */ function login($username, $password, $captcha_hash = '', $captcha_string = '') { $this->lang->load('member'); /** * If we are already logged in, we do not have to perform the login procedure * However, we can make believe that the login did succeed * It certainly did a while ago ;) */ if ($this->isLoggedIn()) { return true; } // by default, login is good! $bad_login = false; /** * Let's see how many logins we have already tried */ $logins = login_attempt_check(NON_FATAL); // We need a few functions from the user function collection for the login procedur require_once MYBB_ROOT . 'inc/functions_user.php'; // If the username does not exist, login fails if (!username_exists($username)) { my_setcookie('loginattempts', $logins + 1); return false; } /** * Let's get a database version of the login attempts * Previous login attempt call relied on cookies */ $query = $this->db->simple_select("users", "loginattempts", "LOWER(username)='" . $this->db->escape_string(my_strtolower($username)) . "'", array('limit' => 1)); $loginattempts = $this->db->fetch_field($query, "loginattempts"); // Let's call the handy MyBB validation function and see if we find a user $user = validate_password_from_username($username, $password); if (!$user['uid']) { my_setcookie('loginattempts', $logins + 1); $this->db->write_query("UPDATE " . TABLE_PREFIX . "users SET `loginattempts` = `loginattempts` + 1 WHERE LOWER(`username`) = '" . $this->db->escape_string(my_strtolower($username)) . "'"); $bad_login = true; } /** * Possible ToDo: * If we have had more than 3 login attemps a captcha is shown in MyBB * Maybe provide the same functionality in MyBBIntegrator ? */ if ($loginattempts > 3 || intval($mybb->cookies['loginattempts']) > 3) { // Captcha input is given, let's validate the captcha and see if we can login if (!empty($captcha_hash) && !empty($captcha_string)) { if (!$this->validateCaptcha($captcha_hash, $captcha_string) || $bad_login === true) { return $this->generateCaptcha(); } } else { // Show captcha image for guests if enabled if ($this->mybb->settings['captchaimage'] == 1 && function_exists("imagepng") && !$this->mybb->user['uid']) { return $this->generateCaptcha(); } } } else { if ($bad_login === true) { return false; } } // COPPA users always fail :D if ($user['coppauser']) { return false; } // Reset both login attempts counter (cookie + database) my_setcookie('loginattempts', 1); $this->db->update_query("users", array("loginattempts" => 1), "uid='{$user['uid']}'"); // Delete old session entry $this->db->delete_query("sessions", "ip='" . $this->db->escape_string($this->mybb->session->ipaddress) . "' AND sid != '" . $this->mybb->session->sid . "'"); // Create a new session and save it in the database $newsession = array("uid" => $user['uid']); $this->db->update_query("sessions", $newsession, "sid='" . $this->mybb->session->sid . "'"); // Temporarily set the cookie remember option for the login cookies $this->mybb->user['remember'] = $user['remember']; // Set essential login cookies my_setcookie("mybbuser", $user['uid'] . "_" . $user['loginkey'], null, true); my_setcookie("sid", $this->mybb->session->sid, -1, true); // If there are hooks defined for the end of the login procedure, call them $this->plugins->run_hooks("member_do_login_end"); return true; }
/** * @param bool $show_login_attempts */ function invalid_combination($show_login_attempts = false) { global $db, $lang, $mybb; // Don't show an error when the captcha was wrong! if (!$this->captcha_verified) { return; } $login_text = ''; if ($show_login_attempts) { if ($mybb->settings['failedlogincount'] != 0 && $mybb->settings['failedlogintext'] == 1) { $logins = login_attempt_check(false) + 1; $login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins); } } switch ($mybb->settings['username_method']) { case 1: $this->set_error('invalidpwordusernameemail', $login_text); break; case 2: $this->set_error('invalidpwordusernamecombo', $login_text); break; default: $this->set_error('invalidpwordusername', $login_text); break; } }
function loginconvert_convert() { global $mybb, $db, $lang, $session, $plugins, $inline_errors, $errors; if ($mybb->input['action'] != "do_login" || $mybb->request_method != "post") { return; } // Checks to make sure the user can login; they haven't had too many tries at logging in. // Is a fatal call if user has had too many tries $logins = login_attempt_check(); $login_text = ''; // Did we come from the quick login form? if ($mybb->input['quick_login'] == "1" && $mybb->input['quick_password'] && $mybb->input['quick_username']) { $mybb->input['password'] = $mybb->input['quick_password']; $mybb->input['username'] = $mybb->input['quick_username']; } if (!username_exists($mybb->input['username'])) { my_setcookie('loginattempts', $logins + 1); error($lang->error_invalidpworusername . $login_text); } $query = $db->simple_select("users", "loginattempts", "LOWER(username)='" . $db->escape_string(my_strtolower($mybb->input['username'])) . "'", array('limit' => 1)); $loginattempts = $db->fetch_field($query, "loginattempts"); $errors = array(); $user = loginconvert_validate_password_from_username($mybb->input['username'], $mybb->input['password']); if (!$user['uid']) { my_setcookie('loginattempts', $logins + 1); $db->write_query("UPDATE " . TABLE_PREFIX . "users SET loginattempts=loginattempts+1 WHERE LOWER(username) = '" . $db->escape_string(my_strtolower($mybb->input['username'])) . "'"); $mybb->input['action'] = "login"; $mybb->input['request_method'] = "get"; if ($mybb->settings['failedlogintext'] == 1) { $login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins); } $errors[] = $lang->error_invalidpworusername . $login_text; } else { $correct = true; } if ($loginattempts > 3 || intval($mybb->cookies['loginattempts']) > 3) { // Show captcha image for guests if enabled if ($mybb->settings['captchaimage'] == 1 && function_exists("imagepng") && !$mybb->user['uid']) { // If previewing a post - check their current captcha input - if correct, hide the captcha input area if ($mybb->input['imagestring']) { $imagehash = $db->escape_string($mybb->input['imagehash']); $imagestring = $db->escape_string($mybb->input['imagestring']); $query = $db->simple_select("captcha", "*", "imagehash='{$imagehash}' AND imagestring='{$imagestring}'"); $imgcheck = $db->fetch_array($query); if ($imgcheck['dateline'] > 0) { $correct = true; } else { $db->delete_query("captcha", "imagehash='{$imagehash}'"); $errors[] = $lang->error_regimageinvalid; } } else { if ($mybb->input['quick_login'] == 1 && $mybb->input['quick_password'] && $mybb->input['quick_username']) { $errors[] = $lang->error_regimagerequired; } else { $errors[] = $lang->error_regimagerequired; } } } $do_captcha = true; } if (!empty($errors)) { $mybb->input['action'] = "login"; $mybb->input['request_method'] = "get"; $inline_errors = inline_error($errors); } else { if ($correct) { if ($user['coppauser']) { error($lang->error_awaitingcoppa); } my_setcookie('loginattempts', 1); $db->delete_query("sessions", "ip='" . $db->escape_string($session->ipaddress) . "' AND sid != '" . $session->sid . "'"); $newsession = array("uid" => $user['uid']); $db->update_query("sessions", $newsession, "sid='" . $session->sid . "'"); $db->update_query("users", array("loginattempts" => 1), "uid='{$user['uid']}'"); my_setcookie("mybbuser", $user['uid'] . "_" . $user['loginkey'], null, true); my_setcookie("sid", $session->sid, -1, true); $plugins->run_hooks("member_do_login_end"); if ($mybb->input['url'] != "" && my_strpos(basename($mybb->input['url']), 'member.php') === false) { if ((my_strpos(basename($mybb->input['url']), 'newthread.php') !== false || my_strpos(basename($mybb->input['url']), 'newreply.php') !== false) && my_strpos($mybb->input['url'], '&processed=1') !== false) { $mybb->input['url'] = str_replace('&processed=1', '', $mybb->input['url']); } $mybb->input['url'] = str_replace('&', '&', $mybb->input['url']); // Redirect to the URL if it is not member.php redirect(htmlentities($mybb->input['url']), $lang->redirect_loggedin); } else { redirect("index.php", $lang->redirect_loggedin); } } else { $mybb->input['action'] = "login"; $mybb->input['request_method'] = "get"; } } }
/** * Login procedure for a user + password * Possible ToDo: Return error messages / array / whatever * * @param string $username Username * @param string $password Password of User * @return boolean */ public function login($username, $password) { $this->plugins->run_hooks("member_do_login_start"); /** * If we are already logged in, we do not have to perform the login procedure */ if ($this->isLoggedIn()) { return true; } // Is a fatal call if user has had too many tries $errors = array(); $logins = login_attempt_check(); require_once MYBB_ROOT . "inc/datahandlers/login.php"; $loginhandler = new LoginDataHandler("get"); $user = array('username' => $username, 'password' => $password, 'remember' => "yes", 'imagestring' => $captcha_string); $options = array('fields' => 'loginattempts', 'username_method' => (int) $this->mybb->settings['username_method']); $user_loginattempts = get_user_by_username($user['username'], $options); $user['loginattempts'] = (int) $user_loginattempts['loginattempts']; $loginhandler->set_data($user); $validated = $loginhandler->validate_login(); if (!$validated) { $this->mybb->input['action'] = "login"; $this->mybb->request_method = "get"; my_setcookie('loginattempts', $logins + 1); $this->db->update_query("users", array('loginattempts' => 'loginattempts+1'), "uid='" . (int) $loginhandler->login_data['uid'] . "'", 1, true); $errors = $loginhandler->get_friendly_errors(); $user['loginattempts'] = (int) $loginhandler->login_data['loginattempts']; // TODO: Force Captchas return false; } else { if ($validated && $loginhandler->captcha_verified == true) { // Successful login but requires captcha if ($loginhandler->login_data['coppauser']) { //error($this->lang->error_awaitingcoppa); return false; } $loginhandler->complete_login(); $this->plugins->run_hooks("member_do_login_end"); $this->mybb->session->init(); // Saving login data in user, so isLoggedIn works without having to reload the page //$this->mybb->user = $loginhandler->login_data; //$this->mybb->user = get_user($loginhandler->login_data['uid']); // Required to be able to logout immediately after logging in // This line is located in class_session.php of mybb //$this->mybb->user['logoutkey'] = md5($this->mybb->user['loginkey']); } } $this->plugins->run_hooks("member_do_login_end"); return true; }