private function _authenticate($inputUserName, $inputPassword, $remember) { global $locale, $settings; $inputUserName = preg_replace(array("/\\=/", "/\\#/", "/\\sOR\\s/"), "", stripinput($inputUserName)); $result = dbquery("SELECT * FROM " . DB_USERS . " WHERE user_name='" . $inputUserName . "' LIMIT 1"); if (dbrows($result) == 1) { $user = dbarray($result); require_once CLASSES . "PasswordAuth.class.php"; // Initialize password auth $passAuth = new PasswordAuth(); $passAuth->currentAlgo = $user["user_algo"]; $passAuth->currentSalt = $user["user_salt"]; $passAuth->currentPasswordHash = $user["user_password"]; $passAuth->inputPassword = $inputPassword; // Check if input password is valid if ($passAuth->isValidCurrentPassword(true)) { if ($settings['multiple_logins'] != 1) { $user['user_algo'] = $passAuth->getNewAlgo(); $user['user_salt'] = $passAuth->getNewSalt(); $user['user_password'] = $passAuth->getNewHash(); $result = dbquery("UPDATE " . DB_USERS . "\n\t\t\t\t\t\tSET user_algo='" . $user['user_algo'] . "', user_salt='" . $user['user_salt'] . "', user_password='******'user_password'] . "'\n\t\t\t\t\t\tWHERE user_id='" . $user['user_id'] . "'"); } if ($user['user_status'] == 0 && $user['user_actiontime'] == 0) { Authenticate::setUserCookie($user['user_id'], $user['user_salt'], $user['user_algo'], $remember, true); Authenticate::_setUserTheme($user); $this->_userData = $user; } else { require_once INCLUDES . "suspend_include.php"; require_once INCLUDES . "sendmail_include.php"; if ($user['user_status'] == 3 && $user['user_actiontime'] < time() || $user['user_status'] == 7) { $result = dbquery("UPDATE " . DB_USERS . " SET user_status='0', user_actiontime='0' WHERE user_id='" . $user['user_id'] . "'"); if ($user['user_status'] == 3) { $subject = $locale['global_453']; $message = $locale['global_455']; unsuspend_log($user['user_id'], 3, $locale['global_450'], true); } else { $subject = $locale['global_454']; $message = $locale['global_452']; } $message = str_replace("USER_NAME", $user['user_name'], $message); sendemail($user['user_name'], $user['user_email'], $settings['siteusername'], $settings['siteemail'], $subject, $message); } else { redirect(Authenticate::getRedirectUrl(4, $user['user_status'], $user['user_id'])); } } } else { redirect(Authenticate::getRedirectUrl(1)); } } else { redirect(Authenticate::getRedirectUrl(1)); } }
require_once "maincore.php"; require_once THEMES . "templates/header.php"; require_once INCLUDES . "suspend_include.php"; include LOCALE . LOCALESET . "reactivate.php"; if (iMEMBER) { redirect("index.php"); } if (isset($_GET['user_id']) && isnum($_GET['user_id']) && isset($_GET['code']) && preg_check("/^[0-9a-z]{32}\$/", $_GET['code'])) { $result = dbquery("SELECT user_name, user_email, user_actiontime, user_password FROM " . DB_USERS . " WHERE user_id='" . $_GET['user_id'] . "' AND user_actiontime>'0' AND user_status='7'"); if (dbrows($result)) { $data = dbarray($result); $code = md5($data['user_actiontime'] . $data['user_password']); if ($_GET['code'] == $code) { if ($data['user_actiontime'] > time()) { $result = dbquery("UPDATE " . DB_USERS . " SET user_status='0', user_actiontime='0', user_lastvisit='" . time() . "' WHERE user_id='" . $_GET['user_id'] . "'"); unsuspend_log($_GET['user_id'], 7, $locale['506'], true); $message = str_replace("[USER_NAME]", $data['user_name'], $locale['505']); require_once INCLUDES . "sendmail_include.php"; sendemail($data['user_name'], $data['user_email'], $settings['siteusername'], $settings['siteemail'], $locale['504'], $message); redirect(BASEDIR . "login.php"); } else { redirect(FUSION_SELF . "?error=1"); } } else { redirect(FUSION_SELF . "?error=2&user_id=" . $data['user_id'] . "&code=" . $_GET['code']); } } else { redirect(FUSION_SELF . "?error=3"); } } elseif (isset($_GET['error']) && isnum($_GET['error'])) { opentable($locale['500']);
} else { $result = dbquery("UPDATE " . DB_USERS . " SET user_status='6', user_actiontime='0' WHERE user_id='" . $user_id . "'"); suspend_log($user_id, 6); } redirect(USER_MANAGEMENT_SELF); } else { redirect(USER_MANAGEMENT_SELF); } // Deactivate User } elseif (isset($_GET['action']) && $_GET['action'] == 7 && $user_id && (!$isAdmin || iSUPERADMIN)) { $result = dbquery("SELECT user_status FROM " . DB_USERS . " WHERE user_id='" . $user_id . "' AND user_level<'103'"); if (dbrows($result)) { $udata = dbarray($result); if ($udata['user_status'] == 7) { $result = dbquery("UPDATE " . DB_USERS . " SET user_status='0', user_actiontime='0' WHERE user_id='" . $user_id . "'"); unsuspend_log($user_id, 7); } else { require_once LOCALE . LOCALESET . "admin/members_email.php"; require_once INCLUDES . "sendmail_include.php"; $code = md5($response_required . $data['user_password']); $message = str_replace("[CODE]", $code, $locale['email_deactivate_message']); $message = str_replace("[USER_NAME]", $data['user_name'], $message); $message = str_replace("[USER_ID]", $data['user_id'], $message); if (sendemail($data['user_name'], $data['user_email'], $settings['siteusername'], $settings['siteemail'], $locale['email_deactivate_subject'], $message)) { $result = dbquery("UPDATE " . DB_USERS . " SET user_status='7', user_actiontime='" . $response_required . "' WHERE user_id='" . $user_id . "'"); suspend_log($user_id, 7); } } redirect(USER_MANAGEMENT_SELF); } else { redirect(USER_MANAGEMENT_SELF);
$session_value = $data['user_id'] . "." . $user_pass; if ($data['user_status'] == 0 && $data['user_actiontime'] == 0) { $_SESSION[COOKIE_PREFIX . 'user_id'] = $data['user_id']; $_SESSION[COOKIE_PREFIX . 'user_pass'] = $user_pass; redirect(BASEDIR . "setuser.php?user="******"setuser.php?error=1&id=" . $data['user_id'], true); } elseif ($data['user_status'] == 2) { redirect(BASEDIR . "setuser.php?error=2", true); } elseif ($data['user_status'] == 3) { if ($data['user_actiontime'] < time()) { $_SESSION[COOKIE_PREFIX . 'user_id'] = $data['user_id']; $_SESSION[COOKIE_PREFIX . 'user_pass'] = $user_pass; $result = dbquery("UPDATE " . DB_USERS . " SET user_status='0', user_actiontime='0' WHERE user_id='" . $data['user_id'] . "'"); require_once INCLUDES . "suspend_include.php"; unsuspend_log($data['user_id'], 3, $locale['global_450'], true); // Send mail require_once INCLUDES . "sendmail_include.php"; $subject = $locale['global_453']; $message = str_replace("USER_NAME", $data['user_name'], $locale['global_452']); sendemail($data['user_name'], $data['user_email'], $settings['siteusername'], $settings['siteemail'], $subject, $message); // Send mail redirect(BASEDIR . "setuser.php?user="******"setuser.php?error=3&id=" . $data['user_id'], true); } } elseif ($data['user_status'] == 4) { redirect(BASEDIR . "setuser.php?error=4&id=" . $data['user_id'], true); } elseif ($data['user_status'] == 5) { redirect(BASEDIR . "setuser.php?error=5", true); } elseif ($data['user_status'] == 6) {
require_once "maincore.php"; require_once THEMES . "templates/header.php"; require_once INCLUDES . "suspend_include.php"; include LOCALE . LOCALESET . "reactivate.php"; if (iMEMBER) { redirect("index.php"); } if (isset($_GET['user_id']) && isnum($_GET['user_id']) && isset($_GET['code']) && preg_check("/^[0-9a-z]{32}\$/", $_GET['code'])) { $result = dbquery("SELECT user_name, user_email, user_actiontime, user_password FROM " . DB_USERS . " WHERE user_id='" . $_GET['user_id'] . "' AND user_actiontime>'0' AND user_status='7'"); if (dbrows($result)) { $data = dbarray($result); $code = md5($data['user_actiontime'] . $data['user_password']); if ($_GET['code'] == $code) { if ($data['user_actiontime'] > time()) { $result = dbquery("UPDATE " . DB_USERS . " SET user_status='0', user_actiontime='0', user_lastvisit=NOW() WHERE user_id='" . $_GET['user_id'] . "'"); unsuspend_log($_GET['user_id'], 7, $locale['506'], TRUE); $message = str_replace("[USER_NAME]", $data['user_name'], $locale['505']); require_once INCLUDES . "sendmail_include.php"; sendemail($data['user_name'], $data['user_email'], $settings['siteusername'], $settings['siteemail'], $locale['504'], $message); redirect(BASEDIR . "login.php"); } else { redirect(FUSION_SELF . "?error=1"); } } else { redirect(FUSION_SELF . "?error=2&user_id=" . $data['user_id'] . "&code=" . $_GET['code']); } } else { redirect(FUSION_SELF . "?error=3"); } } elseif (isset($_GET['error']) && isnum($_GET['error'])) { opentable($locale['500']);
private function _authenticate($inputUserName, $inputPassword, $remember) { global $locale, $settings; $inputUserName = preg_replace(array("/\\=/", "/\\#/", "/\\sOR\\s/"), "", stripinput($inputUserName)); $where = "user_name"; switch ($settings['login_method']) { case 1: $where = "user_email"; break; case 2: $where = preg_match("/^[-0-9A-Z_\\.]{1,50}@([-0-9A-Z_\\.]+\\.){1,50}([0-9A-Z]){2,4}\$/i", $inputUserName) ? "user_email" : "user_name"; break; } $result = dbquery("SELECT * FROM " . DB_USERS . " WHERE " . $where . "='" . $inputUserName . "' LIMIT 1"); if (dbrows($result) == 1) { $user = dbarray($result); // Initialize password auth $passAuth = new PasswordAuth(); $passAuth->currentAlgo = $user["user_algo"]; $passAuth->currentSalt = $user["user_salt"]; $passAuth->currentPasswordHash = $user["user_password"]; $passAuth->inputPassword = $inputPassword; // Check if input password is valid if ($passAuth->isValidCurrentPassword(TRUE)) { if ($settings['multiple_logins'] != 1) { $user['user_algo'] = $passAuth->getNewAlgo(); $user['user_salt'] = $passAuth->getNewSalt(); $user['user_password'] = $passAuth->getNewHash(); $result = dbquery("UPDATE " . DB_USERS . "\n\t\t\t\t\t\tSET user_algo='" . $user['user_algo'] . "', user_salt='" . $user['user_salt'] . "', user_password='******'user_password'] . "'\n\t\t\t\t\t\tWHERE user_id='" . $user['user_id'] . "'"); } if ($user['user_status'] == 0 && $user['user_actiontime'] == 0) { Authenticate::setUserCookie($user['user_id'], $user['user_salt'], $user['user_algo'], $remember, TRUE); Authenticate::_setUserTheme($user); $this->_userData = $user; } else { require_once INCLUDES . "suspend_include.php"; require_once INCLUDES . "sendmail_include.php"; if ($user['user_status'] == 3 && $user['user_actiontime'] < time() || $user['user_status'] == 7) { $result = dbquery("UPDATE " . DB_USERS . " SET user_status='0', user_actiontime='0' WHERE user_id='" . $user['user_id'] . "'"); if ($user['user_status'] == 3) { $subject = str_replace("[SITENAME]", $settings['sitename'], $locale['global_451']); $message = str_replace("[SITEURL]", $settings['siteurl'], $locale['global_455']); $message = str_replace("[SITEUSERNAME]", $settings['siteusername'], $message); unsuspend_log($user['user_id'], 3, $locale['global_450'], TRUE); } else { $subject = $locale['global_454']; $message = str_replace("[SITEURL]", $settings['siteurl'], $locale['global_452']); $message = str_replace("[SITEUSERNAME]", $settings['siteusername'], $message); } $message = str_replace("USER_NAME", $user['user_name'], $message); sendemail($user['user_name'], $user['user_email'], $settings['siteusername'], $settings['siteemail'], $subject, $message); } else { redirect(Authenticate::getRedirectUrl(4, $user['user_status'], $user['user_id'])); } } } else { redirect(Authenticate::getRedirectUrl(1)); } } else { redirect(Authenticate::getRedirectUrl(1)); } }