/** * Standard modular run function for OcCLE hooks. * * @param array The options with which the command was called * @param array The parameters with which the command was called * @param array A reference to the OcCLE filesystem object * @return array Array of stdcommand, stdhtml, stdout, and stderr responses */ function run($options, $parameters, &$occle_fs) { if (array_key_exists('h', $options) || array_key_exists('help', $options)) { return array('', do_command_help('reset', array('h'), array()), '', ''); } else { ocp_eatcookie('occle_dir'); ocp_eatcookie('occle_state'); return array('', '', do_lang('SUCCESS'), ''); } }
/** * Find if the given member id and password is valid. If username is NULL, then the member id is used instead. * All authorisation, cookies, and form-logins, are passed through this function. * Some forums do cookie logins differently, so a Boolean is passed in to indicate whether it is a cookie login. * * @param ?SHORT_TEXT The member username (NULL: don't use this in the authentication - but look it up using the ID if needed) * @param MEMBER The member id * @param MD5 The md5-hashed password * @param string The raw password * @param boolean Whether this is a cookie login * @return array A map of 'id' and 'error'. If 'id' is NULL, an error occurred and 'error' is set */ function forum_authorise_login($username, $memberid, $password_hashed, $password_raw, $cookie_login = false) { unset($cookie_login); $out = array(); $out['id'] = NULL; if (is_null($memberid)) { $rows = $this->connection->query_select('users', array('*'), array('username' => $username), '', 1); if (array_key_exists(0, $rows)) { $this->MEMBER_ROWS_CACHED[$rows[0]['userid']] = $rows[0]; } } else { $rows[0] = $this->get_member_row($memberid); } if (!array_key_exists(0, $rows)) { $out['error'] = do_lang_tempcode('_USER_NO_EXIST', $username); return $out; } $row = $rows[0]; if ($this->is_banned($row['userid'])) { $out['error'] = do_lang_tempcode('USER_BANNED'); return $out; } if ($row['password'] != $password_hashed) { $out['error'] = do_lang_tempcode('USER_BAD_PASSWORD'); return $out; } ocp_eatcookie('cookiehash'); $out['id'] = $row['userid']; return $out; }
/** * Find if the given member id and password is valid. If username is NULL, then the member id is used instead. * All authorisation, cookies, and form-logins, are passed through this function. * Some forums do cookie logins differently, so a Boolean is passed in to indicate whether it is a cookie login. * * @param ?SHORT_TEXT The member username (NULL: don't use this in the authentication - but look it up using the ID if needed) * @param MEMBER The member id * @param MD5 The md5-hashed password * @param string The raw password * @param boolean Whether this is a cookie login * @return array A map of 'id' and 'error'. If 'id' is NULL, an error occurred and 'error' is set */ function forum_authorise_login($username, $userid, $password_hashed, $password_raw, $cookie_login = false) { $out = array(); $out['id'] = NULL; if (is_null($userid)) { $rows = $this->connection->query_select('users', array('*'), array('username_clean' => strtolower($username)), '', 1); if (array_key_exists(0, $rows)) { $this->MEMBER_ROWS_CACHED[$rows[0]['user_id']] = $rows[0]; } } else { $rows[0] = $this->get_member_row($userid); } if (!array_key_exists(0, $rows)) { $out['error'] = do_lang_tempcode('_USER_NO_EXIST', $username); return $out; } $row = $rows[0]; if ($this->is_banned($row['user_id'])) { $out['error'] = do_lang_tempcode('USER_BANNED'); return $out; } if ($cookie_login) { $lookup = $this->connection->query_value_null_ok('sessions_keys', 'user_id', array('key_id' => md5($password_raw))); if ($row['user_id'] !== $lookup) { $out['error'] = do_lang_tempcode('USER_BAD_PASSWORD'); return $out; } } else { if ($row['user_password'] != $password_hashed) { $out['error'] = do_lang_tempcode('USER_BAD_PASSWORD'); return $out; } } $pos = strpos(get_member_cookie(), '_data:userid'); if ($pos !== false) { ocp_eatcookie(substr(get_member_cookie(), 0, $pos) . '_sid'); } $out['id'] = $row['user_id']; return $out; }
/** * Find if the given member id and password is valid. If username is NULL, then the member id is used instead. * All authorisation, cookies, and form-logins, are passed through this function. * Some forums do cookie logins differently, so a Boolean is passed in to indicate whether it is a cookie login. * * @param ?SHORT_TEXT The member username (NULL: don't use this in the authentication - but look it up using the ID if needed) * @param MEMBER The member id * @param MD5 The md5-hashed password * @param string The raw password * @param boolean Whether this is a cookie login * @return array A map of 'id' and 'error'. If 'id' is NULL, an error occurred and 'error' is set */ function forum_authorise_login($username, $userid, $password_hashed, $password_raw, $cookie_login = false) { $out = array(); $out['id'] = NULL; if (is_null($userid)) { $rows = $this->connection->query_select('members', array('*'), array('name' => $this->ipb_escape($username)), '', 1); if (array_key_exists(0, $rows)) { $this->MEMBER_ROWS_CACHED[$rows[0]['member_id']] = $rows[0]; } else { $rows = $this->connection->query_select('members', array('*'), array('members_display_name' => $this->ipb_escape($username)), '', 1); if (array_key_exists(0, $rows)) { $this->MEMBER_ROWS_CACHED[$rows[0]['member_id']] = $rows[0]; } } } else { $rows[0] = $this->get_member_row($userid); } if (!array_key_exists(0, $rows)) { $out['error'] = do_lang_tempcode('_USER_NO_EXIST', $username); return $out; } $row = $rows[0]; if ($row['member_banned'] == 1) { $out['error'] = do_lang_tempcode('USER_BANNED'); return $out; } if ($cookie_login) { if ($password_hashed != $row['member_login_key']) { $out['error'] = do_lang_tempcode('USER_BAD_PASSWORD'); return $out; } // Check stronghold global $SITE_INFO; if (array_key_exists('stronghold_cookies', $SITE_INFO) && $SITE_INFO['stronghold_cookies'] == 1) { $ip_octets = explode('.', ocp_srv('REMOTE_ADDR')); $crypt_salt = md5(get_db_forums_password() . get_db_forums_user()); $a = get_member_cookie(); $b = get_pass_cookie(); for ($i = 0; $i < strlen($a) && $i < strlen($b); $i++) { if ($a[$i] != $b[$i]) { break; } } $cookie_prefix = substr($a, 0, $i); $cookie = ocp_admirecookie($cookie_prefix . 'ipb_stronghold'); $stronghold = md5(md5(strval($row['member_id']) . '-' . $ip_octets[0] . '-' . $ip_octets[1] . '-' . $row['member_login_key']) . $crypt_salt); if ($cookie != $stronghold) { $out['error'] = do_lang_tempcode('USER_BAD_STRONGHOLD'); return $out; } } } else { if (!$this->_auth_hashed($row['member_id'], $password_hashed)) { $out['error'] = do_lang_tempcode('USER_BAD_PASSWORD'); return $out; } } $pos = strpos(get_member_cookie(), 'member_id'); ocp_eatcookie(substr(get_member_cookie(), 0, $pos) . 'session_id'); $out['id'] = $row['member_id']; return $out; }
/** * Find if the given member id and password is valid. If username is NULL, then the member id is used instead. * All authorisation, cookies, and form-logins, are passed through this function. * Some forums do cookie logins differently, so a Boolean is passed in to indicate whether it is a cookie login. * * @param ?SHORT_TEXT The member username (NULL: don't use this in the authentication - but look it up using the ID if needed) * @param MEMBER The member id * @param MD5 The md5-hashed password * @param string The raw password * @param boolean Whether this is a cookie login * @return array A map of 'id' and 'error'. If 'id' is NULL, an error occurred and 'error' is set */ function forum_authorise_login($username, $userid, $password_hashed, $password_raw, $cookie_login = false) { $out = array(); $out['id'] = NULL; if (is_null($userid)) { $rows = $this->connection->query_select('user', array('*'), array('username' => $username), '', 1); if (array_key_exists(0, $rows)) { $this->MEMBER_ROWS_CACHED[$rows[0]['userid']] = $rows[0]; } } else { $rows[0] = $this->get_member_row($userid); } if (!array_key_exists(0, $rows)) { $out['error'] = do_lang_tempcode('_USER_NO_EXIST', $username); return $out; } $row = $rows[0]; if ($this->is_banned($row['userid'])) { $out['error'] = do_lang_tempcode('USER_BANNED'); return $out; } global $SITE_INFO; if (!(md5($row['password'] . $SITE_INFO['vb_unique_id']) == $password_hashed && $cookie_login || !$cookie_login && $row['password'] == md5($password_hashed . $row['salt']))) { $out['error'] = do_lang_tempcode('USER_BAD_PASSWORD'); return $out; } ocp_eatcookie('sessionhash'); $out['id'] = $row['userid']; return $out; }
/** * Find if the given member id and password is valid. If username is NULL, then the member id is used instead. * All authorisation, cookies, and form-logins, are passed through this function. * Some forums do cookie logins differently, so a Boolean is passed in to indicate whether it is a cookie login. * * @param ?SHORT_TEXT The member username (NULL: don't use this in the authentication - but look it up using the ID if needed) * @param MEMBER The member id * @param MD5 The md5-hashed password * @param string The raw password * @param boolean Whether this is a cookie login * @return array A map of 'id' and 'error'. If 'id' is NULL, an error occurred and 'error' is set */ function forum_authorise_login($username, $userid, $password_hashed, $password_raw, $from_cookie = false) { $out = array(); $out['id'] = NULL; if (is_null($userid)) { $rows = $this->connection->query_select('members', array('*'), array('memberName' => $username), '', 1); if (array_key_exists(0, $rows)) { $this->MEMBER_ROWS_CACHED[$rows[0]['ID_MEMBER']] = $rows[0]; } else { $rows = $this->connection->query_select('members', array('*'), array('realName' => $username), '', 1); if (array_key_exists(0, $rows)) { $this->MEMBER_ROWS_CACHED[$rows[0]['ID_MEMBER']] = $rows[0]; } } } else { $rows[0] = $this->get_member_row($userid); } if (!array_key_exists(0, $rows)) { $out['error'] = do_lang_tempcode('_USER_NO_EXIST', $username); return $out; } $row = $rows[0]; if ($this->is_banned($row['ID_MEMBER'])) { $out['error'] = do_lang_tempcode('USER_BANNED'); return $out; } $GLOBALS['SMF_NEW'] = array_key_exists('pm_ignore_list', $row) && function_exists('sha1'); // Main authentication $bits = explode('::', $password_hashed); if (!array_key_exists(1, $bits)) { $bits[1] = $bits[0]; } $test1 = (!$GLOBALS['SMF_NEW'] || !function_exists('sha1')) && ($from_cookie && $this->forum_md5($row['passwd'], 'ys', true) == $bits[0] || !$from_cookie && $row['passwd'] == $bits[0]); $test2 = $GLOBALS['SMF_NEW'] && function_exists('sha1') && ($from_cookie && sha1($row['passwd'] . $row['passwordSalt']) == $bits[1] || !$from_cookie && $row['passwd'] == $bits[1]); if (!$test1 && !$test2) { $out['error'] = do_lang_tempcode('USER_BAD_PASSWORD'); return $out; } ocp_eatcookie('PHPSESSID'); $out['id'] = $row['ID_MEMBER']; return $out; }
/** * Process a logout. */ function handle_active_logout() { // Kill cookie // $expire=time()-300; $member_cookie_name = get_member_cookie(); $colon_pos = strpos($member_cookie_name, ':'); if ($colon_pos !== false) { $base = substr($member_cookie_name, 0, $colon_pos); } else { $real_member_cookie = get_member_cookie(); $base = $real_member_cookie; } ocp_eatcookie($base); unset($_COOKIE[$base]); // Kill session $session = get_session_id(); if ($session != -1) { delete_session($session); } }