function login_func($xmlrpc_params)
{
global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $mobiquo_config, $user, $register;
$lang->load("member");
$input = Tapatalk_Input::filterXmlInput(array('username' => Tapatalk_Input::STRING, 'password' => Tapatalk_Input::STRING, 'anonymous' => Tapatalk_Input::INT, 'push' => Tapatalk_Input::STRING), $xmlrpc_params);
$logins = login_attempt_check(1);
$login_text = '';
if (!username_exists($input['username'])) {
my_setcookie('loginattempts', $logins + 1);
$status = 2;
$response = new xmlrpcval(array('result' => new xmlrpcval(0, 'boolean'), 'result_text' => new xmlrpcval(strip_tags($lang->error_invalidpworusername), 'base64'), 'status' => new xmlrpcval($status, 'string')), 'struct');
return new xmlrpcresp($response);
}
$query = $db->simple_select("users", "loginattempts", "LOWER(username)='" . my_strtolower($input['username_esc']) . "'", array('limit' => 1));
$loginattempts = $db->fetch_field($query, "loginattempts");
$errors = array();
$user = validate_password_from_username($input['username'], $input['password']);
$correct = false;
if (!$user['uid']) {
if (validate_email_format($input['username'])) {
$mybb->settings['username_method'] = 1;
$user = validate_password_from_username($input['username'], $input['password']);
}
if (!$user['uid']) {
my_setcookie('loginattempts', $logins + 1);
$db->update_query("users", array('loginattempts' => 'loginattempts+1'), "LOWER(username) = '" . my_strtolower($input['username_esc']) . "'", 1, true);
if ($mybb->settings['failedlogincount'] != 0 && $mybb->settings['failedlogintext'] == 1) {
$login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);
}
$errors[] = $lang->error_invalidpworusername . $login_text;
} else {
$correct = true;
}
} else {
$correct = true;
}
if (!empty($errors)) {
return xmlrespfalse(implode(" :: ", $errors));
} else {
if ($correct) {
$register = 0;
return tt_login_success();
}
}
return xmlrespfalse("Invalid login details");
}
}
// Do we have the token? If so let's process it
if ($mybb->input['token'] && $user['uid']) {
$query = $db->simple_select("awaitingactivation", "COUNT(aid) AS num", "uid='" . intval($user['uid']) . "' AND code='" . $db->escape_string($mybb->input['token']) . "' AND type='l'");
// If we're good to go
if ($db->fetch_field($query, "num") > 0) {
$db->delete_query("awaitingactivation", "uid='" . intval($user['uid']) . "' AND code='" . $db->escape_string($mybb->input['token']) . "' AND type='l'");
$db->update_query("adminoptions", array('loginlockoutexpiry' => 0, 'loginattempts' => 0), "uid='" . intval($user['uid']) . "'");
admin_redirect("index.php");
} else {
$error = $lang->error_invalid_token;
}
}
$default_page->show_lockout_unlock($error, 'error');
} elseif ($mybb->input['do'] == "login") {
$user = validate_password_from_username($mybb->input['username'], $mybb->input['password']);
if ($user['uid']) {
$query = $db->simple_select("users", "*", "uid='" . $user['uid'] . "'");
$mybb->user = $db->fetch_array($query);
}
if ($mybb->user['uid']) {
if (login_attempt_check_acp($mybb->user['uid']) == true) {
$default_page->show_lockedout();
}
$db->delete_query("adminsessions", "uid='{$mybb->user['uid']}'");
$sid = md5(uniqid(microtime(true)));
// Create a new admin session for this user
$admin_session = array("sid" => $sid, "uid" => $mybb->user['uid'], "loginkey" => $mybb->user['loginkey'], "ip" => $db->escape_string(get_ip()), "dateline" => TIME_NOW, "lastactive" => TIME_NOW, "data" => serialize(array()));
$db->insert_query("adminsessions", $admin_session);
$admin_session['data'] = array();
$db->update_query("adminoptions", array("loginattempts" => 0, "loginlockoutexpiry" => 0), "uid='" . intval($mybb->user['uid']) . "'");
/**
* Login procedure for a user + password
* Possible ToDo: Return error messages / array / whatever
*
* @param string $username Username
* @param string $password Password of User
* @return boolean
*/
function login($username, $password, $captcha_hash = '', $captcha_string = '')
{
$this->lang->load('member');
/**
* If we are already logged in, we do not have to perform the login procedure
* However, we can make believe that the login did succeed
* It certainly did a while ago ;)
*/
if ($this->isLoggedIn()) {
return true;
}
// by default, login is good!
$bad_login = false;
/**
* Let's see how many logins we have already tried
*/
$logins = login_attempt_check(NON_FATAL);
// We need a few functions from the user function collection for the login procedur
require_once MYBB_ROOT . 'inc/functions_user.php';
// If the username does not exist, login fails
if (!username_exists($username)) {
my_setcookie('loginattempts', $logins + 1);
return false;
}
/**
* Let's get a database version of the login attempts
* Previous login attempt call relied on cookies
*/
$query = $this->db->simple_select("users", "loginattempts", "LOWER(username)='" . $this->db->escape_string(my_strtolower($username)) . "'", array('limit' => 1));
$loginattempts = $this->db->fetch_field($query, "loginattempts");
// Let's call the handy MyBB validation function and see if we find a user
$user = validate_password_from_username($username, $password);
if (!$user['uid']) {
my_setcookie('loginattempts', $logins + 1);
$this->db->write_query("UPDATE " . TABLE_PREFIX . "users SET `loginattempts` = `loginattempts` + 1 WHERE LOWER(`username`) = '" . $this->db->escape_string(my_strtolower($username)) . "'");
$bad_login = true;
}
/**
* Possible ToDo:
* If we have had more than 3 login attemps a captcha is shown in MyBB
* Maybe provide the same functionality in MyBBIntegrator ?
*/
if ($loginattempts > 3 || intval($mybb->cookies['loginattempts']) > 3) {
// Captcha input is given, let's validate the captcha and see if we can login
if (!empty($captcha_hash) && !empty($captcha_string)) {
if (!$this->validateCaptcha($captcha_hash, $captcha_string) || $bad_login === true) {
return $this->generateCaptcha();
}
} else {
// Show captcha image for guests if enabled
if ($this->mybb->settings['captchaimage'] == 1 && function_exists("imagepng") && !$this->mybb->user['uid']) {
return $this->generateCaptcha();
}
}
} else {
if ($bad_login === true) {
return false;
}
}
// COPPA users always fail :D
if ($user['coppauser']) {
return false;
}
// Reset both login attempts counter (cookie + database)
my_setcookie('loginattempts', 1);
$this->db->update_query("users", array("loginattempts" => 1), "uid='{$user['uid']}'");
// Delete old session entry
$this->db->delete_query("sessions", "ip='" . $this->db->escape_string($this->mybb->session->ipaddress) . "' AND sid != '" . $this->mybb->session->sid . "'");
// Create a new session and save it in the database
$newsession = array("uid" => $user['uid']);
$this->db->update_query("sessions", $newsession, "sid='" . $this->mybb->session->sid . "'");
// Temporarily set the cookie remember option for the login cookies
$this->mybb->user['remember'] = $user['remember'];
// Set essential login cookies
my_setcookie("mybbuser", $user['uid'] . "_" . $user['loginkey'], null, true);
my_setcookie("sid", $this->mybb->session->sid, -1, true);
// If there are hooks defined for the end of the login procedure, call them
$this->plugins->run_hooks("member_do_login_end");
return true;
}
private function _authenticate_user($username = null, $password = null)
{
if ($this->authentication_performed) {
return;
}
$username = empty($username) ? $this->declared_user() : $username;
$password = empty($password) ? $this->declared_pwd() : $password;
if (!is_string($username) || !is_string($password)) {
$this->user_authenticated = false;
$this->auth_user_object = null;
}
$result = validate_password_from_username($username, $password);
if (!is_array($result)) {
$this->user_authenticated = false;
$this->auth_user_object = null;
} else {
$this->user_authenticated = true;
$this->auth_user_object = (object) $result;
}
$this->authentication_performed = true;
}
<?php
header('Content-type: text/plain');
require '../inc/init.php';
require_once $root . "/inc/init_forum.php";
require_once $root . "/forum/inc/functions_user.php";
$user = $_GET["user"];
$password = $_GET["pass"];
if (username_exists($user)) {
$user_array = validate_password_from_username($user, $password);
if ($user_array) {
echo json_encode(array('username' => $user_array['username'], 'uid' => $user_array['uid'], 'logoutkey' => $user_array['logoutkey']));
} else {
echo 'false';
}
} else {
echo 'false';
}
