my_setcookie('loginattempts', $logins + 1); $db->update_query("users", array('loginattempts' => 'loginattempts+1'), "uid='" . (int) $loginhandler->login_data['uid'] . "'", 1, true); $errors = $loginhandler->get_friendly_errors(); $user['loginattempts'] = (int) $loginhandler->login_data['loginattempts']; // If we need a captcha set it here if ($mybb->settings['failedcaptchalogincount'] > 0 && ($user['loginattempts'] > $mybb->settings['failedcaptchalogincount'] || (int) $mybb->cookies['loginattempts'] > $mybb->settings['failedcaptchalogincount'])) { $do_captcha = true; $correct = $loginhandler->captcha_verified; } } else { if ($validated && $loginhandler->captcha_verified == true) { // Successful login if ($loginhandler->login_data['coppauser']) { error($lang->error_awaitingcoppa); } $loginhandler->complete_login(); $plugins->run_hooks("member_do_login_end"); $mybb->input['url'] = $mybb->get_input('url'); if (!empty($mybb->input['url']) && my_strpos(basename($mybb->input['url']), 'member.php') === false) { if ((my_strpos(basename($mybb->input['url']), 'newthread.php') !== false || my_strpos(basename($mybb->input['url']), 'newreply.php') !== false) && my_strpos($mybb->input['url'], '&processed=1') !== false) { $mybb->input['url'] = str_replace('&processed=1', '', $mybb->input['url']); } $mybb->input['url'] = str_replace('&', '&', $mybb->input['url']); // Redirect to the URL if it is not member.php redirect(htmlentities($mybb->input['url']), $lang->redirect_loggedin); } else { redirect("index.php", $lang->redirect_loggedin); } } } $plugins->run_hooks("member_do_login_end");
/** * Login procedure for a user + password * Possible ToDo: Return error messages / array / whatever * * @param string $username Username * @param string $password Password of User * @return boolean */ public function login($username, $password) { $this->plugins->run_hooks("member_do_login_start"); /** * If we are already logged in, we do not have to perform the login procedure */ if ($this->isLoggedIn()) { return true; } // Is a fatal call if user has had too many tries $errors = array(); $logins = login_attempt_check(); require_once MYBB_ROOT . "inc/datahandlers/login.php"; $loginhandler = new LoginDataHandler("get"); $user = array('username' => $username, 'password' => $password, 'remember' => "yes", 'imagestring' => $captcha_string); $options = array('fields' => 'loginattempts', 'username_method' => (int) $this->mybb->settings['username_method']); $user_loginattempts = get_user_by_username($user['username'], $options); $user['loginattempts'] = (int) $user_loginattempts['loginattempts']; $loginhandler->set_data($user); $validated = $loginhandler->validate_login(); if (!$validated) { $this->mybb->input['action'] = "login"; $this->mybb->request_method = "get"; my_setcookie('loginattempts', $logins + 1); $this->db->update_query("users", array('loginattempts' => 'loginattempts+1'), "uid='" . (int) $loginhandler->login_data['uid'] . "'", 1, true); $errors = $loginhandler->get_friendly_errors(); $user['loginattempts'] = (int) $loginhandler->login_data['loginattempts']; // TODO: Force Captchas return false; } else { if ($validated && $loginhandler->captcha_verified == true) { // Successful login but requires captcha if ($loginhandler->login_data['coppauser']) { //error($this->lang->error_awaitingcoppa); return false; } $loginhandler->complete_login(); $this->plugins->run_hooks("member_do_login_end"); $this->mybb->session->init(); // Saving login data in user, so isLoggedIn works without having to reload the page //$this->mybb->user = $loginhandler->login_data; //$this->mybb->user = get_user($loginhandler->login_data['uid']); // Required to be able to logout immediately after logging in // This line is located in class_session.php of mybb //$this->mybb->user['logoutkey'] = md5($this->mybb->user['loginkey']); } } $this->plugins->run_hooks("member_do_login_end"); return true; }
} // Update usergroup if not match if ($mybb_user['usergroup'] != $mybb_group['gid']) { // TODO: Change this in order to preserve list information! // Update user group $query = $db->update_query("users", array('usergroup' => $mybb_group['gid']), 'uid=' . $mybb_user['uid']); // Update group in user_group $mybb_user['usergroup'] = $mybb_group['gid']; // Update usergroups cache $cache->update_usergroups(); } // Log user in require_once MYBB_ROOT . "inc/datahandlers/login.php"; $loginhandler = new LoginDataHandler("get"); $loginhandler->login_data = $mybb_user; if (!$loginhandler->complete_login()) { die("ERROR: Could not log user in!"); } //////////////////////////////////////////////////////////// // Handle requests //////////////////////////////////////////////////////////// if (isset($_GET['term'])) { // Explain the specified term $term = mysql_escape_string($_GET['term']); // Get scope (parent forum) if ($_GET['scope'] == 'public') { // Create thread in the public forum $pid = FORUM_PARENT_PUBLIC; } else { if ($_GET['scope'] == 'team') { // Get forum ID for our team
/** * The switch function deletes the mybbuser cookie, sets a new cookie for the selected account and starts a new session. * Function is called by ajax request and sends the new users post key. * */ function accountswitcher_switch() { global $db, $mybb, $lang, $charset, $cache, $templates; if ($mybb->user['uid'] != 0 && isset($mybb->input['switchuser']) && $mybb->input['switchuser'] == 1 && $mybb->request_method == "post") { require_once MYBB_ROOT . "/inc/plugins/accountswitcher/class_accountswitcher.php"; $eas = new AccountSwitcher($mybb, $db, $cache, $templates); // Get permissions for this user $userPermission = user_permissions($mybb->user['uid']); // Get permissions for the master. First get the master $master = get_user((int) $mybb->user['as_uid']); // Get his permissions $masterPermission = user_permissions($master['uid']); // If one of both has the permission allow to switch if ($userPermission['as_canswitch'] == 1 || $masterPermission['as_canswitch'] == 1) { if (!isset($lang->as_invaliduser)) { $lang->load("accountswitcher"); } verify_post_check($mybb->get_input('my_post_key')); // Get user info $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT)); // Check if user exists if (!$user) { error($lang->as_invaliduser); } // Can the new account be shared? if ($user['as_share'] != 0 && $mybb->settings['aj_shareuser'] == 1) { // Account already used by another user? if ($user['as_shareuid'] != 0) { log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log); return; } // Account only shared by buddies? if ($user['as_buddyshare'] != 0) { // No buddy - no switch if ($user['buddylist'] != '') { $buddylist = explode(",", $user['buddylist']); } if (empty($buddylist) || !empty($buddylist) && !in_array($mybb->user['uid'], $buddylist)) { log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log); return; } } // Shared account is free - set share uid if ($user['as_shareuid'] == 0) { $updated_shareuid = array("as_shareuid" => (int) $mybb->user['uid']); $db->update_query("users", $updated_shareuid, "uid='" . (int) $user['uid'] . "'"); $eas->update_accountswitcher_cache(); $user['as_shareuid'] = (int) $mybb->user['uid']; } } // Make sure you can switch to an attached account only if ($user['as_uid'] == $mybb->user['uid'] || $user['as_uid'] != 0 && $user['as_uid'] == $mybb->user['as_uid'] || $user['uid'] == $mybb->user['as_uid'] || $user['as_shareuid'] == $mybb->user['uid'] || $user['uid'] == $mybb->user['as_shareuid']) { // Is the current account shared? if ($mybb->user['as_share'] != 0) { // Account used by another user? if ($mybb->user['as_shareuid'] == 0) { log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log); return; } // Reset share uid if ($mybb->user['as_shareuid'] != 0) { $updated_shareuid = array("as_shareuid" => 0); $db->update_query("users", $updated_shareuid, "uid='" . (int) $mybb->user['uid'] . "'"); $eas->update_accountswitcher_cache(); } } // Log the old user out my_unsetcookie("mybbuser"); my_unsetcookie("sid"); if ($mybb->user['uid']) { $time = TIME_NOW; // Run this after the shutdown query from session system $db->shutdown_query("UPDATE " . TABLE_PREFIX . "users SET lastvisit='{$time}', lastactive='{$time}' WHERE uid='{$mybb->user['uid']}'"); $db->delete_query("sessions", "sid = '{$session->sid}'"); } // Now let the login datahandler do the work require_once MYBB_ROOT . "inc/datahandlers/login.php"; $loginhandler = new LoginDataHandler("get"); $mybb->input['remember'] = "yes"; $loginhandler->set_data($user); $validated = $loginhandler->validate_login(); $loginhandler->complete_login(); // Create session for this user require_once MYBB_ROOT . "inc/class_session.php"; $session = new session(); $session->init(); $mybb->session =& $session; $mybb->post_code = generate_post_check(); // Send new users post code header("Content-type: text/plain; charset={$charset}"); echo $mybb->post_code; exit; } else { log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log); error($lang->as_notattacheduser); } } } }