Example #1
0
function login_func($xmlrpc_params)
{
    global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $mobiquo_config, $user, $register;
    $lang->load("member");
    $input = Tapatalk_Input::filterXmlInput(array('username' => Tapatalk_Input::STRING, 'password' => Tapatalk_Input::STRING, 'anonymous' => Tapatalk_Input::INT, 'push' => Tapatalk_Input::STRING), $xmlrpc_params);
    $logins = login_attempt_check(1);
    $login_text = '';
    if (!username_exists($input['username'])) {
        my_setcookie('loginattempts', $logins + 1);
        $status = 2;
        $response = new xmlrpcval(array('result' => new xmlrpcval(0, 'boolean'), 'result_text' => new xmlrpcval(strip_tags($lang->error_invalidpworusername), 'base64'), 'status' => new xmlrpcval($status, 'string')), 'struct');
        return new xmlrpcresp($response);
    }
    $query = $db->simple_select("users", "loginattempts", "LOWER(username)='" . my_strtolower($input['username_esc']) . "'", array('limit' => 1));
    $loginattempts = $db->fetch_field($query, "loginattempts");
    $errors = array();
    $user = validate_password_from_username($input['username'], $input['password']);
    $correct = false;
    if (!$user['uid']) {
        if (validate_email_format($input['username'])) {
            $mybb->settings['username_method'] = 1;
            $user = validate_password_from_username($input['username'], $input['password']);
        }
        if (!$user['uid']) {
            my_setcookie('loginattempts', $logins + 1);
            $db->update_query("users", array('loginattempts' => 'loginattempts+1'), "LOWER(username) = '" . my_strtolower($input['username_esc']) . "'", 1, true);
            if ($mybb->settings['failedlogincount'] != 0 && $mybb->settings['failedlogintext'] == 1) {
                $login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);
            }
            $errors[] = $lang->error_invalidpworusername . $login_text;
        } else {
            $correct = true;
        }
    } else {
        $correct = true;
    }
    if (!empty($errors)) {
        return xmlrespfalse(implode(" :: ", $errors));
    } else {
        if ($correct) {
            $register = 0;
            return tt_login_success();
        }
    }
    return xmlrespfalse("Invalid login details");
}
Example #2
0
    }
    // Do we have the token? If so let's process it
    if ($mybb->input['token'] && $user['uid']) {
        $query = $db->simple_select("awaitingactivation", "COUNT(aid) AS num", "uid='" . intval($user['uid']) . "' AND code='" . $db->escape_string($mybb->input['token']) . "' AND type='l'");
        // If we're good to go
        if ($db->fetch_field($query, "num") > 0) {
            $db->delete_query("awaitingactivation", "uid='" . intval($user['uid']) . "' AND code='" . $db->escape_string($mybb->input['token']) . "' AND type='l'");
            $db->update_query("adminoptions", array('loginlockoutexpiry' => 0, 'loginattempts' => 0), "uid='" . intval($user['uid']) . "'");
            admin_redirect("index.php");
        } else {
            $error = $lang->error_invalid_token;
        }
    }
    $default_page->show_lockout_unlock($error, 'error');
} elseif ($mybb->input['do'] == "login") {
    $user = validate_password_from_username($mybb->input['username'], $mybb->input['password']);
    if ($user['uid']) {
        $query = $db->simple_select("users", "*", "uid='" . $user['uid'] . "'");
        $mybb->user = $db->fetch_array($query);
    }
    if ($mybb->user['uid']) {
        if (login_attempt_check_acp($mybb->user['uid']) == true) {
            $default_page->show_lockedout();
        }
        $db->delete_query("adminsessions", "uid='{$mybb->user['uid']}'");
        $sid = md5(uniqid(microtime(true)));
        // Create a new admin session for this user
        $admin_session = array("sid" => $sid, "uid" => $mybb->user['uid'], "loginkey" => $mybb->user['loginkey'], "ip" => $db->escape_string(get_ip()), "dateline" => TIME_NOW, "lastactive" => TIME_NOW, "data" => serialize(array()));
        $db->insert_query("adminsessions", $admin_session);
        $admin_session['data'] = array();
        $db->update_query("adminoptions", array("loginattempts" => 0, "loginlockoutexpiry" => 0), "uid='" . intval($mybb->user['uid']) . "'");
Example #3
0
 /**
  * Login procedure for a user + password
  * Possible ToDo: Return error messages / array / whatever
  *
  * @param string $username Username
  * @param string $password Password of User
  * @return boolean
  */
 function login($username, $password, $captcha_hash = '', $captcha_string = '')
 {
     $this->lang->load('member');
     /**
      * If we are already logged in, we do not have to perform the login procedure
      * However, we can make believe that the login did succeed
      * It certainly did a while ago ;)
      */
     if ($this->isLoggedIn()) {
         return true;
     }
     // by default, login is good!
     $bad_login = false;
     /**
      * Let's see how many logins we have already tried
      */
     $logins = login_attempt_check(NON_FATAL);
     // We need a few functions from the user function collection for the login procedur
     require_once MYBB_ROOT . 'inc/functions_user.php';
     // If the username does not exist, login fails
     if (!username_exists($username)) {
         my_setcookie('loginattempts', $logins + 1);
         return false;
     }
     /**
      * Let's get a database version of the login attempts
      * Previous login attempt call relied on cookies
      */
     $query = $this->db->simple_select("users", "loginattempts", "LOWER(username)='" . $this->db->escape_string(my_strtolower($username)) . "'", array('limit' => 1));
     $loginattempts = $this->db->fetch_field($query, "loginattempts");
     // Let's call the handy MyBB validation function and see if we find a user
     $user = validate_password_from_username($username, $password);
     if (!$user['uid']) {
         my_setcookie('loginattempts', $logins + 1);
         $this->db->write_query("UPDATE " . TABLE_PREFIX . "users SET `loginattempts` = `loginattempts` + 1 WHERE LOWER(`username`) = '" . $this->db->escape_string(my_strtolower($username)) . "'");
         $bad_login = true;
     }
     /**
      * Possible ToDo:
      * If we have had more than 3 login attemps a captcha is shown in MyBB
      * Maybe provide the same functionality in MyBBIntegrator ?
      */
     if ($loginattempts > 3 || intval($mybb->cookies['loginattempts']) > 3) {
         // Captcha input is given, let's validate the captcha and see if we can login
         if (!empty($captcha_hash) && !empty($captcha_string)) {
             if (!$this->validateCaptcha($captcha_hash, $captcha_string) || $bad_login === true) {
                 return $this->generateCaptcha();
             }
         } else {
             // Show captcha image for guests if enabled
             if ($this->mybb->settings['captchaimage'] == 1 && function_exists("imagepng") && !$this->mybb->user['uid']) {
                 return $this->generateCaptcha();
             }
         }
     } else {
         if ($bad_login === true) {
             return false;
         }
     }
     // COPPA users always fail :D
     if ($user['coppauser']) {
         return false;
     }
     // Reset both login attempts counter (cookie + database)
     my_setcookie('loginattempts', 1);
     $this->db->update_query("users", array("loginattempts" => 1), "uid='{$user['uid']}'");
     // Delete old session entry
     $this->db->delete_query("sessions", "ip='" . $this->db->escape_string($this->mybb->session->ipaddress) . "' AND sid != '" . $this->mybb->session->sid . "'");
     // Create a new session and save it in the database
     $newsession = array("uid" => $user['uid']);
     $this->db->update_query("sessions", $newsession, "sid='" . $this->mybb->session->sid . "'");
     // Temporarily set the cookie remember option for the login cookies
     $this->mybb->user['remember'] = $user['remember'];
     // Set essential login cookies
     my_setcookie("mybbuser", $user['uid'] . "_" . $user['loginkey'], null, true);
     my_setcookie("sid", $this->mybb->session->sid, -1, true);
     // If there are hooks defined for the end of the login procedure, call them
     $this->plugins->run_hooks("member_do_login_end");
     return true;
 }
 private function _authenticate_user($username = null, $password = null)
 {
     if ($this->authentication_performed) {
         return;
     }
     $username = empty($username) ? $this->declared_user() : $username;
     $password = empty($password) ? $this->declared_pwd() : $password;
     if (!is_string($username) || !is_string($password)) {
         $this->user_authenticated = false;
         $this->auth_user_object = null;
     }
     $result = validate_password_from_username($username, $password);
     if (!is_array($result)) {
         $this->user_authenticated = false;
         $this->auth_user_object = null;
     } else {
         $this->user_authenticated = true;
         $this->auth_user_object = (object) $result;
     }
     $this->authentication_performed = true;
 }
Example #5
0
<?php

header('Content-type: text/plain');
require '../inc/init.php';
require_once $root . "/inc/init_forum.php";
require_once $root . "/forum/inc/functions_user.php";
$user = $_GET["user"];
$password = $_GET["pass"];
if (username_exists($user)) {
    $user_array = validate_password_from_username($user, $password);
    if ($user_array) {
        echo json_encode(array('username' => $user_array['username'], 'uid' => $user_array['uid'], 'logoutkey' => $user_array['logoutkey']));
    } else {
        echo 'false';
    }
} else {
    echo 'false';
}