Example #1
$message = '';
$referrer = strip_tags(urldecode(html_entity_decode(varset($_SERVER['HTTP_REFERER'], ''), ENT_QUOTES)));
$emailurl = $source == 'referer' ? $referrer : SITEURL;
$comments = $tp->post_toHTML(varset($_POST['comment'], ''), TRUE, 'retain_nl, emotes_off, no_make_clickable');
$author = $tp->post_toHTML(varset($_POST['author_name'], ''), FALSE, 'emotes_off, no_make_clickable');
$email_send = check_email(varset($_POST['email_send'], ''));
if (isset($_POST['emailsubmit'])) {
    if (!$email_send) {
        $error .= LAN_EMAIL_106;
    if ($use_imagecode) {
        if (!isset($_POST['code_verify']) || !isset($_POST['rand_num'])) {
            header('location:' . e_BASE . 'index.php');
        if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) {
            header('location:' . e_BASE . 'index.php');
    if ($comments == '') {
        $message = LAN_EMAIL_6 . ' ' . SITENAME . ' (' . SITEURL . ')';
        if (USER == TRUE) {
            $message .= "\n\n" . LAN_EMAIL_1 . " " . USERNAME;
        } else {
            $message .= "\n\n" . LAN_EMAIL_1 . " " . $author;
    } else {
        //		$message .= $comments."\n";			// Added to message later on
    $ip = e107::getIPHandler()->getIP(FALSE);
Example #2
File: login.php Project: gitye/e107
 # Class called when user attempts to log in
 # @param string $username, $_POSTED user name
 # @param string $userpass, $_POSTED user password
 # @param $autologin - 'signup' - uses a specially encoded password - logs in if matches
 #					- zero for 'normal' login
 #					- non-zero sets the 'remember me' flag in the cookie
 ' @param string $response - response string returned by CHAP login (instead of password)
 # @return  boolean - FALSE on login fail, TRUE on login successful
 public function login($username, $userpass, $autologin, $response = '', $noredirect = false)
     $pref = e107::getPref();
     $tp = e107::getParser();
     $sql = e107::getDb();
     $e_event = e107::getEvent();
     $_E107 = e107::getE107();
     $username = trim($username);
     $userpass = trim($userpass);
     if ($_E107['cli'] && $username == '') {
         return FALSE;
     $forceLogin = $autologin === 'signup';
     if (!$forceLogin && $autologin === 'provider') {
         $forceLogin = '******';
     if ($username == "" || $userpass == "" && $response == '' && $forceLogin !== 'provider') {
         // Required fields blank
         return $this->invalidLogin($username, LOGIN_BLANK_FIELD);
     //	    $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'IP: '.$fip,FALSE,LOG_TO_ROLLING);
     //		$this->e107->check_ban("banlist_ip='{$this->userIP}' ",FALSE);			// This will exit if a ban is in force
     e107::getIPHandler()->checkBan("banlist_ip='{$this->userIP}' ", FALSE);
     // This will exit if a ban is in force
     $autologin = intval($autologin);
     // Will decode to zero if forced login
     $authorized = false;
     if (!$forceLogin && $this->e107->isInstalled('alt_auth')) {
         $authMethod[0] = varset($pref['auth_method'], 'e107');
         // Primary authentication method
         $authMethod[1] = varset($pref['auth_method2'], 'none');
         // Secondary authentication method (if defined)
         $result = false;
         foreach ($authMethod as $method) {
             if ($method == 'e107') {
                 if ($this->lookupUser($username, $forceLogin)) {
                     if ($this->checkUserPassword($username, $userpass, $response, $forceLogin) === TRUE) {
                         $authorized = true;
                         $result = LOGIN_CONTINUE;
                         // Valid User exists in local DB
                     } elseif (varset($pref['auth_badpassword'], TRUE)) {
                         $result = LOGIN_TRY_OTHER;
                         // Should use alternate method for password auth
                     } else {
                         return $this->invalidLogin($username, LOGIN_ABORT);
             } else {
                 if ($method != 'none') {
                     $auth_file = e_PLUGIN . 'alt_auth/' . $method . '_auth.php';
                     if (file_exists($auth_file)) {
                         require_once e_PLUGIN . 'alt_auth/alt_auth_login_class.php';
                         $al = new alt_login($method, $username, $userpass);
                         $result = $al->loginResult;
                         switch ($result) {
                             case LOGIN_ABORT:
                                 return $this->invalidLogin($username, LOGIN_ABORT);
                             case LOGIN_DB_ERROR:
                                 return $this->invalidLogin($username, LOGIN_DB_ERROR);
                             case AUTH_SUCCESS:
                                 $authorized = true;
                             case LOGIN_TRY_OTHER:
             if ($result === LOGIN_CONTINUE) {
     $username = preg_replace("/\\sOR\\s|\\=|\\#/", "", $username);
     // Check secure image
     if (!$forceLogin && $pref['logcode'] && extension_loaded('gd')) {
         require_once e_HANDLER . "secure_img_handler.php";
         $sec_img = new secure_image();
         if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) {
             // Invalid code
             return $this->invalidLogin($username, LOGIN_BAD_CODE);
     if (empty($this->userData)) {
         if (!$this->lookupUser($username, $forceLogin)) {
             return $this->invalidLogin($username, LOGIN_BAD_USERNAME);
             // User doesn't exist
     if ($authorized !== true && $this->checkUserPassword($username, $userpass, $response, $forceLogin) !== true) {
         return $this->invalidLogin($username, LOGIN_BAD_PW);
     // Check user status
     switch ($this->userData['user_ban']) {
             // User not fully signed up - hasn't activated account.
             return $this->invalidLogin($username, LOGIN_NOT_ACTIVATED);
         case USER_BANNED:
             // User banned
             return $this->invalidLogin($username, LOGIN_BANNED, $this->userData['user_id']);
         case USER_VALIDATED:
             // Valid user
             // Nothing to do ATM
         // Nothing to do ATM
         case USER_EMAIL_BOUNCED:
             $bounceLAN = "Emails to [x] are bouncing back. Please [verify your email address is correct].";
             //TODO LAN
             $bounceMessage = $tp->lanVars($bounceLAN, $this->userData['user_email'], true);
             $bounceMessage = str_replace(array('[', ']'), array("<a href='" . e_HTTP . "usersettings.php'>", "</a>"), $bounceMessage);
             e107::getMessage()->addWarning($bounceMessage, 'default', true);
             // May want to pick this up
     // User is OK as far as core is concerned
     //	    $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'User passed basics',FALSE,LOG_TO_ROLLING);
     if ($this->passResult !== FALSE && $this->passResult !== PASSWORD_VALID) {
         // May want to rewrite password using salted hash (or whatever the preferred method is) - $pass_result has the value to write
         // If login by email address also allowed, will have to write that value too
         //		  	$sql->update('user',"`user_password` = '{$pass_result}' WHERE `user_id`=".intval($this->userData['user_id']));
     $userpass = '';
     // Finished with any plaintext password - can get rid of it
     $ret = $e_event->trigger("preuserlogin", $username);
     if ($ret != '') {
         return $this->invalidLogin($username, LOGIN_BAD_TRIGGER, $ret);
     // Trigger events happy as well
     $user_id = $this->userData['user_id'];
     $user_name = $this->userData['user_name'];
     $user_admin = $this->userData['user_admin'];
     $user_email = $this->userData['user_email'];
     /* restrict more than one person logging in using same us/pw */
     if ($pref['disallowMultiLogin']) {
         if ($sql->db_Select("online", "online_ip", "online_user_id='" . $user_id . "." . $user_name . "'")) {
             return $this->invalidLogin($username, LOGIN_MULTIPLE, $user_id);
     // User login definitely accepted here
     $cookieval = $this->userMethods->makeUserCookie($this->userData, $autologin);
     // Calculate class membership - needed for a couple of things
     // Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point
     $class_list = $this->userMethods->addCommonClasses($this->userData, TRUE);
     $user_logging_opts = e107::getConfig()->get('user_audit_opts');
     if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'], ''), $class_list)) {
         // Need to note in user audit trail
         $this->e107->admin_log->user_audit(USER_AUDIT_LOGIN, '', $user_id, $user_name);
     $edata_li = array('user_id' => $user_id, 'user_name' => $user_name, 'class_list' => implode(',', $class_list), 'remember_me' => $autologin, 'user_admin' => $user_admin, 'user_email' => $user_email);
     e107::getEvent()->trigger("login", $edata_li);
     if ($_E107['cli']) {
         return $cookieval;
     if (in_array(e_UC_NEWUSER, $class_list)) {
         if (time() > $this->userData['user_join'] + varset($pref['user_new_period'], 0) * 86400) {
             // 'New user' probationary period expired - we can take them out of the class
             $this->userData['user_class'] = $this->e107->user_class->ucRemove(e_UC_NEWUSER, $this->userData['user_class']);
             //				$this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login new user complete",$this->userData['user_class'],FALSE,FALSE);
             $sql->update('user', "`user_class` = '" . $this->userData['user_class'] . "'", 'WHERE `user_id`=' . $this->userData['user_id']);
             $edata_li = array('user_id' => $user_id, 'user_name' => $username, 'class_list' => implode(',', $class_list), 'user_email' => $user_email);
             $e_event->trigger('userNotNew', $edata_li);
     if ($noredirect) {
         return true;
     $redir = e_REQUEST_URL;
     //$redir = e_SELF;
     //if (e_QUERY) $redir .= '?'.str_replace('&amp;','&',e_QUERY);
     if (isset($pref['frontpage_force']) && is_array($pref['frontpage_force'])) {
         // See if we're to force a page immediately following login - assumes $pref['frontpage_force'] is an ordered list of rules
         //		  $log_info = "New user: "******"  Class: ".$this->userData['user_class']."  Admin: ".$this->userData['user_admin']."  Perms: ".$this->userData['user_perms'];
         //		  $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login Start",$log_info,FALSE,FALSE);
         // FIXME - front page now supports SEF URLs - make a check here
         foreach ($pref['frontpage_force'] as $fk => $fp) {
             if (in_array($fk, $class_list)) {
                 // We've found the entry of interest
                 if (strlen($fp)) {
                     if (strpos($fp, 'http') === FALSE) {
                         $fp = str_replace(e_HTTP, '', $fp);
                         // This handles sites in a subdirectory properly (normally, will replace nothing)
                         $fp = SITEURL . $fp;
                     //$redir = ((strpos($fp, 'http') === FALSE) ? SITEURL : '').$tp->replaceConstants($fp, TRUE, FALSE);
                     $redir = e107::getParser()->replaceConstants($fp, TRUE, FALSE);
                     //				$this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Redirect active",$redir,FALSE,FALSE);
     $redirPrev = e107::getRedirect()->getPreviousUrl();
     if ($redirPrev) {