function get_template()
{
global $config, $user, $template, $phpEx, $phpbb_root_path;
if ($this->is_solved()) {
return false;
} else {
$link = append_sid($phpbb_root_path . 'ucp.' . $phpEx, 'mode=confirm&confirm_id=' . $this->confirm_id . '&type=' . $this->type);
$contact_link = phpbb_get_board_contact_link($config, $phpbb_root_path, $phpEx);
$explain = $user->lang($this->type != CONFIRM_POST ? 'CONFIRM_EXPLAIN' : 'POST_CONFIRM_EXPLAIN', '<a href="' . $contact_link . '">', '</a>');
$template->assign_vars(array('CONFIRM_IMAGE_LINK' => $link, 'CONFIRM_IMAGE' => '<img src="' . $link . '" />', 'CONFIRM_IMG' => '<img src="' . $link . '" />', 'CONFIRM_ID' => $this->confirm_id, 'S_CONFIRM_CODE' => true, 'S_TYPE' => $this->type, 'S_CONFIRM_REFRESH' => $config['enable_confirm'] && $config['confirm_refresh'] && $this->type == CONFIRM_REG ? true : false, 'L_CONFIRM_EXPLAIN' => $explain));
return 'captcha_default.html';
}
}
/**
* Check for banned user
*
* Checks whether the supplied user is banned by id, ip or email. If no parameters
* are passed to the method pre-existing session data is used.
*
* @param int|false $user_id The user id
* @param mixed $user_ips Can contain a string with one IP or an array of multiple IPs
* @param string|false $user_email The user email
* @param bool $return If $return is false this routine does not return on finding a banned user,
* it outputs a relevant message and stops execution.
*/
function check_ban($user_id = false, $user_ips = false, $user_email = false, $return = false)
{
global $config, $db, $phpbb_dispatcher;
if (defined('IN_CHECK_BAN') || defined('SKIP_CHECK_BAN')) {
return;
}
$banned = false;
$cache_ttl = 3600;
$where_sql = array();
$sql = 'SELECT ban_ip, ban_userid, ban_email, ban_exclude, ban_give_reason, ban_end
FROM ' . BANLIST_TABLE . '
WHERE ';
// Determine which entries to check, only return those
if ($user_email === false) {
$where_sql[] = "ban_email = ''";
}
if ($user_ips === false) {
$where_sql[] = "(ban_ip = '' OR ban_exclude = 1)";
}
if ($user_id === false) {
$where_sql[] = '(ban_userid = 0 OR ban_exclude = 1)';
} else {
$cache_ttl = $user_id == ANONYMOUS ? 3600 : 0;
$_sql = '(ban_userid = ' . $user_id;
if ($user_email !== false) {
$_sql .= " OR ban_email <> ''";
}
if ($user_ips !== false) {
$_sql .= " OR ban_ip <> ''";
}
$_sql .= ')';
$where_sql[] = $_sql;
}
$sql .= sizeof($where_sql) ? implode(' AND ', $where_sql) : '';
$result = $db->sql_query($sql, $cache_ttl);
$ban_triggered_by = 'user';
while ($row = $db->sql_fetchrow($result)) {
if ($row['ban_end'] && $row['ban_end'] < time()) {
continue;
}
$ip_banned = false;
if (!empty($row['ban_ip'])) {
if (!is_array($user_ips)) {
$ip_banned = preg_match('#^' . str_replace('\\*', '.*?', preg_quote($row['ban_ip'], '#')) . '$#i', $user_ips);
} else {
foreach ($user_ips as $user_ip) {
if (preg_match('#^' . str_replace('\\*', '.*?', preg_quote($row['ban_ip'], '#')) . '$#i', $user_ip)) {
$ip_banned = true;
break;
}
}
}
}
if (!empty($row['ban_userid']) && intval($row['ban_userid']) == $user_id || $ip_banned || !empty($row['ban_email']) && preg_match('#^' . str_replace('\\*', '.*?', preg_quote($row['ban_email'], '#')) . '$#i', $user_email)) {
if (!empty($row['ban_exclude'])) {
$banned = false;
break;
} else {
$banned = true;
$ban_row = $row;
if (!empty($row['ban_userid']) && intval($row['ban_userid']) == $user_id) {
$ban_triggered_by = 'user';
} else {
if ($ip_banned) {
$ban_triggered_by = 'ip';
} else {
$ban_triggered_by = 'email';
}
}
// Don't break. Check if there is an exclude rule for this user
}
}
}
$db->sql_freeresult($result);
/**
* Event to set custom ban type
*
* @event core.session_set_custom_ban
* @var bool return If $return is false this routine does not return on finding a banned user, it outputs a relevant message and stops execution
* @var bool banned Check if user already banned
* @var array|false ban_row Ban data
* @var string ban_triggered_by Method that caused ban, can be your custom method
* @since 3.1.3-RC1
*/
$ban_row = isset($ban_row) ? $ban_row : false;
$vars = array('return', 'banned', 'ban_row', 'ban_triggered_by');
extract($phpbb_dispatcher->trigger_event('core.session_set_custom_ban', compact($vars)));
if ($banned && !$return) {
global $template, $phpbb_root_path, $phpEx;
// If the session is empty we need to create a valid one...
if (empty($this->session_id)) {
// This seems to be no longer needed? - #14971
// $this->session_create(ANONYMOUS);
}
// Initiate environment ... since it won't be set at this stage
$this->setup();
// Logout the user, banned users are unable to use the normal 'logout' link
if ($this->data['user_id'] != ANONYMOUS) {
$this->session_kill();
}
// We show a login box here to allow founders accessing the board if banned by IP
if (defined('IN_LOGIN') && $this->data['user_id'] == ANONYMOUS) {
$this->setup('ucp');
$this->data['is_registered'] = $this->data['is_bot'] = false;
// Set as a precaution to allow login_box() handling this case correctly as well as this function not being executed again.
define('IN_CHECK_BAN', 1);
login_box("index.{$phpEx}");
// The false here is needed, else the user is able to circumvent the ban.
$this->session_kill(false);
}
// Ok, we catch the case of an empty session id for the anonymous user...
// This can happen if the user is logging in, banned by username and the login_box() being called "again".
if (empty($this->session_id) && defined('IN_CHECK_BAN')) {
$this->session_create(ANONYMOUS);
}
// Determine which message to output
$till_date = $ban_row['ban_end'] ? $this->format_date($ban_row['ban_end']) : '';
$message = $ban_row['ban_end'] ? 'BOARD_BAN_TIME' : 'BOARD_BAN_PERM';
$contact_link = phpbb_get_board_contact_link($config, $phpbb_root_path, $phpEx);
$message = sprintf($this->lang[$message], $till_date, '<a href="' . $contact_link . '">', '</a>');
$message .= $ban_row['ban_give_reason'] ? '<br /><br />' . sprintf($this->lang['BOARD_BAN_REASON'], $ban_row['ban_give_reason']) : '';
$message .= '<br /><br /><em>' . $this->lang['BAN_TRIGGERED_BY_' . strtoupper($ban_triggered_by)] . '</em>';
// To circumvent session_begin returning a valid value and the check_ban() not called on second page view, we kill the session again
$this->session_kill(false);
// A very special case... we are within the cron script which is not supposed to print out the ban message... show blank page
if (defined('IN_CRON')) {
garbage_collection();
exit_handler();
exit;
}
trigger_error($message);
}
return $banned && $ban_row['ban_give_reason'] ? $ban_row['ban_give_reason'] : $banned;
}
/**
* Generate login box or verify password
*/
function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true)
{
global $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config;
global $request, $phpbb_container, $phpbb_dispatcher;
$err = '';
// Make sure user->setup() has been called
if (empty($user->lang)) {
$user->setup();
}
/**
* This event allows an extension to modify the login process
*
* @event core.login_box_before
* @var string redirect Redirect string
* @var string l_explain Explain language string
* @var string l_success Success language string
* @var bool admin Is admin?
* @var bool s_display Display full login form?
* @var string err Error string
* @since 3.1.9-RC1
*/
$vars = array('redirect', 'l_explain', 'l_success', 'admin', 's_display', 'err');
extract($phpbb_dispatcher->trigger_event('core.login_box_before', compact($vars)));
// Print out error if user tries to authenticate as an administrator without having the privileges...
if ($admin && !$auth->acl_get('a_')) {
// Not authd
// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
if ($user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
trigger_error('NO_AUTH_ADMIN');
}
if (empty($err) && ($request->is_set_post('login') || $request->is_set('login') && $request->variable('login', '') == 'external')) {
// Get credential
if ($admin) {
$credential = request_var('credential', '');
if (strspn($credential, 'abcdef0123456789') !== strlen($credential) || strlen($credential) != 32) {
if ($user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
trigger_error('NO_AUTH_ADMIN');
}
$password = $request->untrimmed_variable('password_' . $credential, '', true);
} else {
$password = $request->untrimmed_variable('password', '', true);
}
$username = request_var('username', '', true);
$autologin = $request->is_set_post('autologin');
$viewonline = (int) (!$request->is_set_post('viewonline'));
$admin = $admin ? 1 : 0;
$viewonline = $admin ? $user->data['session_viewonline'] : $viewonline;
// Check if the supplied username is equal to the one stored within the database if re-authenticating
if ($admin && utf8_clean_string($username) != utf8_clean_string($user->data['username'])) {
// We log the attempt to use a different username...
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
}
// If authentication is successful we redirect user to previous page
$result = $auth->login($username, $password, $autologin, $viewonline, $admin);
// If admin authentication and login, we will log if it was a success or not...
// We also break the operation on the first non-success login - it could be argued that the user already knows
if ($admin) {
if ($result['status'] == LOGIN_SUCCESS) {
add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS');
} else {
// Only log the failed attempt if a real user tried to.
// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
if ($user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
}
}
// The result parameter is always an array, holding the relevant information...
if ($result['status'] == LOGIN_SUCCESS) {
$redirect = request_var('redirect', "{$phpbb_root_path}index.{$phpEx}");
/**
* This event allows an extension to modify the redirection when a user successfully logs in
*
* @event core.login_box_redirect
* @var string redirect Redirect string
* @var bool admin Is admin?
* @since 3.1.0-RC5
* @changed 3.1.9-RC1 Removed undefined return variable
*/
$vars = array('redirect', 'admin');
extract($phpbb_dispatcher->trigger_event('core.login_box_redirect', compact($vars)));
// append/replace SID (may change during the session for AOL users)
$redirect = reapply_sid($redirect);
// Special case... the user is effectively banned, but we allow founders to login
if (defined('IN_CHECK_BAN') && $result['user_row']['user_type'] != USER_FOUNDER) {
return;
}
redirect($redirect);
}
// Something failed, determine what...
if ($result['status'] == LOGIN_BREAK) {
trigger_error($result['error_msg']);
}
// Special cases... determine
switch ($result['status']) {
case LOGIN_ERROR_PASSWORD_CONVERT:
$err = sprintf($user->lang[$result['error_msg']], $config['email_enable'] ? '<a href="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') . '">' : '', $config['email_enable'] ? '</a>' : '', '<a href="' . phpbb_get_board_contact_link($config, $phpbb_root_path, $phpEx) . '">', '</a>');
break;
case LOGIN_ERROR_ATTEMPTS:
$captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']);
$captcha->init(CONFIRM_LOGIN);
// $captcha->reset();
$template->assign_vars(array('CAPTCHA_TEMPLATE' => $captcha->get_template()));
// no break;
// Username, password, etc...
// no break;
// Username, password, etc...
default:
$err = $user->lang[$result['error_msg']];
// Assign admin contact to some error messages
if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD') {
$err = sprintf($user->lang[$result['error_msg']], '<a href="' . append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=contactadmin') . '">', '</a>');
}
break;
}
/**
* This event allows an extension to process when a user fails a login attempt
*
* @event core.login_box_failed
* @var array result Login result data
* @var string username User name used to login
* @var string password Password used to login
* @var string err Error message
* @since 3.1.3-RC1
*/
$vars = array('result', 'username', 'password', 'err');
extract($phpbb_dispatcher->trigger_event('core.login_box_failed', compact($vars)));
}
// Assign credential for username/password pair
$credential = $admin ? md5(unique_id()) : false;
$s_hidden_fields = array('sid' => $user->session_id);
if ($redirect) {
$s_hidden_fields['redirect'] = $redirect;
}
if ($admin) {
$s_hidden_fields['credential'] = $credential;
}
$provider_collection = $phpbb_container->get('auth.provider_collection');
$auth_provider = $provider_collection->get_provider();
$auth_provider_data = $auth_provider->get_login_data();
if ($auth_provider_data) {
if (isset($auth_provider_data['VARS'])) {
$template->assign_vars($auth_provider_data['VARS']);
}
if (isset($auth_provider_data['BLOCK_VAR_NAME'])) {
foreach ($auth_provider_data['BLOCK_VARS'] as $block_vars) {
$template->assign_block_vars($auth_provider_data['BLOCK_VAR_NAME'], $block_vars);
}
}
$template->assign_vars(array('PROVIDER_TEMPLATE_FILE' => $auth_provider_data['TEMPLATE_FILE']));
}
$s_hidden_fields = build_hidden_fields($s_hidden_fields);
$template->assign_vars(array('LOGIN_ERROR' => $err, 'LOGIN_EXPLAIN' => $l_explain, 'U_SEND_PASSWORD' => $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') : '', 'U_RESEND_ACTIVATION' => $config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=resend_act') : '', 'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=terms'), 'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=privacy'), 'S_DISPLAY_FULL_LOGIN' => $s_display ? true : false, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_ADMIN_AUTH' => $admin, 'USERNAME' => $admin ? $user->data['username'] : '', 'USERNAME_CREDENTIAL' => 'username', 'PASSWORD_CREDENTIAL' => $admin ? 'password_' . $credential : 'password'));
page_header($user->lang['LOGIN']);
$template->set_filenames(array('body' => 'login_body.html'));
make_jumpbox(append_sid("{$phpbb_root_path}viewforum.{$phpEx}"));
page_footer();
}
function get_template()
{
global $config, $user, $template, $phpbb_root_path, $phpEx;
if ($this->is_solved()) {
return false;
} else {
$contact_link = phpbb_get_board_contact_link($config, $phpbb_root_path, $phpEx);
$explain = $user->lang($this->type != CONFIRM_POST ? 'CONFIRM_EXPLAIN' : 'POST_CONFIRM_EXPLAIN', '<a href="' . $contact_link . '">', '</a>');
$template->assign_vars(array('RECAPTCHA_SERVER' => $this->recaptcha_server, 'RECAPTCHA_PUBKEY' => isset($config['recaptcha_pubkey']) ? $config['recaptcha_pubkey'] : '', 'RECAPTCHA_ERRORGET' => '', 'S_RECAPTCHA_AVAILABLE' => self::is_available(), 'S_CONFIRM_CODE' => true, 'S_TYPE' => $this->type, 'L_CONFIRM_EXPLAIN' => $explain));
return 'captcha_recaptcha.html';
}
}
public function get_template()
{
if ($this->is_solved()) {
return false;
} else {
$contact_link = phpbb_get_board_contact_link($this->config, $this->phpbb_root_path, $this->phpEx);
$explain = $this->user->lang($this->type != CONFIRM_POST ? 'GOTHICK_RECAPTCHA2_CONFIRM_EXPLAIN' : 'GOTHICK_RECAPTCHA2_POST_CONFIRM_EXPLAIN', '<a href="' . $contact_link . '">', '</a>');
// Language code for reCAPTCHA to use
$recaptcha2_lang = $this->user->lang('GOTHICK_RECAPTCHA2_LANG');
if ($recaptcha2_lang == 'GOTHICK_RECAPTCHA2_LANG') {
// If we don't have a language code set in our language file, then we don't
// pass anything; reCAPTCHA will attempt to guess the user's language.
$recaptcha2_lang = '';
}
$this->template->assign_vars(array('RECAPTCHA2_SITEKEY' => isset($this->config[self::$CONFIG_SITEKEY]) ? $this->config[self::$CONFIG_SITEKEY] : '', 'S_RECAPTCHA_AVAILABLE' => self::is_available(), 'S_CONFIRM_CODE' => true, 'S_TYPE' => $this->type, 'L_CONFIRM_EXPLAIN' => $explain, 'L_GOTHICK_RECAPTCHA2_LANG' => $recaptcha2_lang));
return '@gothick_recaptcha2/captcha_recaptcha2.html';
}
}
