function phpraid_login()
{
global $db_user_id, $db_group_id, $db_user_name, $db_user_email, $db_user_password, $db_table_user_name;
global $db_table_group_name, $auth_user_class, $auth_alt_user_class, $table_prefix, $db_raid, $phpraid_config;
$username = $password = "";
if (isset($_POST['username'])) {
// User is logging in, set encryption flag to 0 to identify login with plain text password.
$pwdencrypt = FALSE;
$username = mb_strtolower(scrub_input($_POST['username']), "UTF-8");
$password = $_POST['password'];
$wrmpass = md5($_POST['password']);
} elseif (isset($_COOKIE['username']) && isset($_COOKIE['password'])) {
// User is not logging in but processing cooking, set encryption flag to 1 to identify login with encrypted password.
$pwdencrypt = TRUE;
$username = mb_strtolower(scrub_input($_COOKIE['username']), "UTF-8");
$password = $_COOKIE['password'];
$wrmpass = '';
} else {
phpraid_logout();
}
// from site/page/.. change pwd (testing)
//if(isset($_POST['username2'])){
// $username = scrub_input(strtolower($_POST['username2']));
//$password = $pwd_hasher->HashPassword($_POST['password2']);
// $password = md5($_POST['password2']);
//}
//database
$sql = sprintf("SELECT " . $db_user_id . "," . $db_user_name . "," . $db_user_email . "," . $db_user_password . " FROM " . $table_prefix . $db_table_user_name . " WHERE " . $db_user_name . " = %s", quote_smart($username));
$result = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
//WRM database
//$sql = sprintf("SELECT username, password FROM " . $phpraid_config['db_prefix'] . "profile WHERE username = %s",
// quote_smart($username)
// );
//$result2 = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
//if ($data2 = $db_raid->sql_fetchrow($result2))
//{
// $wrmuserpassword = $data2['password'];
//}
while ($data = $db_raid->sql_fetchrow($result, true)) {
//$testVal = password_check($password, $data[$db_user_id]);
//echo "<br>Processing: " . $data[$db_user_name] . " : Password Check: " . $testVal;
if ($username == mb_strtolower($data[$db_user_name], "UTF-8") && ($cmspass = password_check($password, $data[$db_user_id], $pwdencrypt))) {
// The user has a matching username and proper password in the phpbb database.
// We need to validate the users group. If it does not contain the user group that has been set as
// authorized to use WRM, we need to fail the login with a proper message.
if ($auth_user_class != 0) {
$FoundUserInGroup = FALSE;
$sql = sprintf("SELECT " . $db_user_id . "," . $db_group_id . " FROM " . $table_prefix . $db_table_group_name . " WHERE " . $db_user_id . " = %s", quote_smart($data[$db_user_id]));
$resultgroup = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
while ($datagroup = $db_raid->sql_fetchrow($resultgroup, true)) {
if ($datagroup[$db_group_id] == $auth_user_class or $datagroup[$db_group_id] == $auth_alt_user_class) {
$FoundUserInGroup = TRUE;
}
}
if ($FoundUserInGroup == FALSE) {
phpraid_logout();
return -1;
}
}
// User is properly logged in and is allowed to use WRM, go ahead and process his login.
$autologin = scrub_input($_POST['autologin']);
if (isset($autologin)) {
// they want automatic logins so set the cookie
// set to expire in one month
setcookie('username', $data[$db_user_name], time() + 2629743);
setcookie('password', $cmspass, time() + 2629743);
}
// set user profile variables
$_SESSION['username'] = mb_strtolower($data[$db_user_name], "UTF-8");
$_SESSION['session_logged_in'] = 1;
$_SESSION['profile_id'] = $data[$db_user_id];
$_SESSION['email'] = $data[$db_user_email];
if ($phpraid_config['default_group'] != 'nil') {
$user_priv = $phpraid_config['default_group'];
} else {
$user_priv = '0';
}
// User is all logged in and setup, the session is initialized properly. Now we need to create the users
// profile in the WRM database if it does not already exist.
$sql = sprintf("SELECT * FROM " . $phpraid_config['db_prefix'] . "profile WHERE profile_id = %s", quote_smart($_SESSION['profile_id']));
$result = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
if ($data = $db_raid->sql_fetchrow($result)) {
//We found the profile in the database, update.
if ($wrmpass != '') {
$sql = sprintf("UPDATE " . $phpraid_config['db_prefix'] . "profile SET email = %s, password = %s, last_login_time = %s WHERE profile_id = %s", quote_smart($_SESSION['email']), quote_smart($wrmpass), quote_smart(time()), quote_smart($_SESSION['profile_id']));
} else {
$sql = sprintf("UPDATE " . $phpraid_config['db_prefix'] . "profile SET email = %s, last_login_time = %s WHERE profile_id = %s", quote_smart($_SESSION['email']), quote_smart(time()), quote_smart($_SESSION['profile_id']));
}
$db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
} else {
//Profile not found in the database or DB Error, insert.
$sql = sprintf("INSERT INTO " . $phpraid_config['db_prefix'] . "profile VALUES (%s, %s, %s, %s, %s, %s)", quote_smart($_SESSION['profile_id']), quote_smart($_SESSION['email']), quote_smart($wrmpass), quote_smart($user_priv), quote_smart(mb_strtolower($_SESSION['username'], "UTF-8")), quote_smart(time()));
$db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
}
get_permissions();
//security fix
unset($username);
unset($password);
unset($cmspass);
unset($wrmpass);
return 1;
}
}
return 0;
}
function phpraid_login()
{
global $db_raid, $phpraid_config;
global $db_user_id, $db_user_name, $db_user_email, $db_user_password, $table_prefix, $db_table_user_name;
$username = $password = "";
if (isset($_POST['username'])) {
// User is logging in, set encryption flag to 0 to identify login with plain text password.
$pwdencrypt = FALSE;
$username = mb_strtolower(scrub_input($_POST['username']), "UTF-8");
$password = $_POST['password'];
} elseif (isset($_COOKIE['username']) && isset($_COOKIE['password'])) {
// User is not logging in but processing cooking, set encryption flag to 1 to identify login with encrypted password.
$pwdencrypt = TRUE;
$username = mb_strtolower(scrub_input($_COOKIE['username']), "UTF-8");
$password = $_COOKIE['password'];
} else {
phpraid_logout();
}
$sql = "SELECT * FROM " . $phpraid_config['db_prefix'] . "profile";
$sql = sprintf("SELECT " . $db_user_id . " , " . $db_user_name . " , " . $db_user_email . " , " . $db_user_password . " FROM " . $table_prefix . $db_table_user_name . " WHERE " . $db_user_name . " = %s", quote_smart($username));
$result = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
while ($data = $db_raid->sql_fetchrow($result, true)) {
if ($username == mb_strtolower($data[$db_user_name], "UTF-8") && ($cmspass = password_check($password, $data[$db_user_id], $pwdencrypt))) {
// User is properly logged in and is allowed to use WRM, go ahead and process his login.
$autologin = scrub_input($_POST['autologin']);
if (isset($autologin)) {
// they want automatic logins so set the cookie
// set to expire in one month
setcookie('username', $data[$db_user_name], time() + 2629743);
setcookie('password', $cmspass, time() + 2629743);
}
// set user profile variables
$_SESSION['username'] = mb_strtolower($data[$db_user_name], "UTF-8");
$_SESSION['session_logged_in'] = 1;
$_SESSION['profile_id'] = $data[$db_user_id];
$_SESSION['email'] = $data[$db_user_email];
// get user permissions
get_permissions();
// ********************
// * NOTE * IUMS Auth does not do profile checking like external bridges do.
// ********************
/* if($phpraid_config['default_group'] != 'nil')
$user_priv = $phpraid_config['default_group'];
else
$user_priv = '0'; */
// User is all logged in and setup, the session is initialized properly. Now we need to create the users
// profile in the WRM database if it does not already exist.
/* $sql = sprintf("SELECT * FROM " . $phpraid_config['db_prefix'] . "profile WHERE profile_id = %s",
quote_smart($_SESSION['profile_id'])
);
$result = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
if ($data = $db_raid->sql_fetchrow($result))
{*/
//We found the profile in the database, update.
/* $sql = sprintf( "UPDATE " . $phpraid_config['db_prefix'] . "profile ".
" SET email = %s, password = %s, last_login_time = %s WHERE profile_id = %s",
quote_smart($_SESSION['email']),quote_smart($wrmuserpassword),
quote_smart(time()),quote_smart($_SESSION['profile_id'])
);
$db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
}
else
{
//Profile not found in the database or DB Error, insert.
$sql = sprintf("INSERT INTO " . $phpraid_config['db_prefix'] . "profile VALUES (%s, %s, %s, %s, %s, %s)",
quote_smart($_SESSION['profile_id']), quote_smart($_SESSION['email']), quote_smart($wrmuserpassword),
quote_smart($user_priv), quote_smart(strtolower($_SESSION['username'])), quote_smart(time())
);
$db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
}*/
$sql = sprintf("UPDATE " . $phpraid_config['db_prefix'] . "profile SET last_login_time=%s WHERE profile_id=%s", quote_smart(time()), quote_smart($_SESSION['profile_id']));
$db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
//security fix
unset($username);
unset($password);
unset($cmspass);
return 1;
}
}
return 0;
}
