/** * Find if the given member id and password is valid. If username is NULL, then the member id is used instead. * All authorisation, cookies, and form-logins, are passed through this function. * Some forums do cookie logins differently, so a Boolean is passed in to indicate whether it is a cookie login. * * @param ?SHORT_TEXT The member username (NULL: don't use this in the authentication - but look it up using the ID if needed) * @param MEMBER The member id * @param MD5 The md5-hashed password * @param string The raw password * @param boolean Whether this is a cookie login * @return array A map of 'id' and 'error'. If 'id' is NULL, an error occurred and 'error' is set */ function forum_authorise_login($username, $userid, $password_hashed, $password_raw, $cookie_login = false) { $out = array(); $out['id'] = NULL; if (is_null($userid)) { $rows = $this->connection->query_select('members', array('*'), array('name' => $this->ipb_escape($username)), '', 1); if (array_key_exists(0, $rows)) { $this->MEMBER_ROWS_CACHED[$rows[0]['member_id']] = $rows[0]; } else { $rows = $this->connection->query_select('members', array('*'), array('members_display_name' => $this->ipb_escape($username)), '', 1); if (array_key_exists(0, $rows)) { $this->MEMBER_ROWS_CACHED[$rows[0]['member_id']] = $rows[0]; } } } else { $rows[0] = $this->get_member_row($userid); } if (!array_key_exists(0, $rows)) { $out['error'] = do_lang_tempcode('_USER_NO_EXIST', $username); return $out; } $row = $rows[0]; if ($row['member_banned'] == 1) { $out['error'] = do_lang_tempcode('USER_BANNED'); return $out; } if ($cookie_login) { if ($password_hashed != $row['member_login_key']) { $out['error'] = do_lang_tempcode('USER_BAD_PASSWORD'); return $out; } // Check stronghold global $SITE_INFO; if (array_key_exists('stronghold_cookies', $SITE_INFO) && $SITE_INFO['stronghold_cookies'] == 1) { $ip_octets = explode('.', ocp_srv('REMOTE_ADDR')); $crypt_salt = md5(get_db_forums_password() . get_db_forums_user()); $a = get_member_cookie(); $b = get_pass_cookie(); for ($i = 0; $i < strlen($a) && $i < strlen($b); $i++) { if ($a[$i] != $b[$i]) { break; } } $cookie_prefix = substr($a, 0, $i); $cookie = ocp_admirecookie($cookie_prefix . 'ipb_stronghold'); $stronghold = md5(md5(strval($row['member_id']) . '-' . $ip_octets[0] . '-' . $ip_octets[1] . '-' . $row['member_login_key']) . $crypt_salt); if ($cookie != $stronghold) { $out['error'] = do_lang_tempcode('USER_BAD_STRONGHOLD'); return $out; } } } else { if (!$this->_auth_hashed($row['member_id'], $password_hashed)) { $out['error'] = do_lang_tempcode('USER_BAD_PASSWORD'); return $out; } } $pos = strpos(get_member_cookie(), 'member_id'); ocp_eatcookie(substr(get_member_cookie(), 0, $pos) . 'session_id'); $out['id'] = $row['member_id']; return $out; }
/** * Create a member login cookie. * * @param MEMBER The member id * @param ?SHORT_TEXT The username (NULL: lookup) * @param string The password */ function forum_create_cookie($id, $name, $password) { unset($name); unset($password); $member_cookie_name = get_member_cookie(); $colon_pos = strpos($member_cookie_name, ':'); if ($colon_pos !== false) { $base = substr($member_cookie_name, 0, $colon_pos); $real_member_cookie = substr($member_cookie_name, $colon_pos + 1); $real_pass_cookie = substr(get_pass_cookie(), $colon_pos + 1); $real_session_cookie = 'sid'; } else { $real_member_cookie = $member_cookie_name; $real_pass_cookie = get_pass_cookie(); $real_session_cookie = preg_replace('#\\_u$#', '_sid', $real_member_cookie); } $hash = substr(uniqid(strval(mt_rand(0, 32000)), true), 0, 17); $this->connection->query_insert('sessions_keys', array('key_id' => md5($hash), 'user_id' => $id, 'last_ip' => ip2long(get_ip_address()), 'last_login' => time())); $session_id = uniqid(strval(mt_rand(0, 32000)), true); $this->connection->query_insert('sessions', array('session_id' => $session_id, 'session_user_id' => $id, 'session_forum_id' => 0, 'session_last_visit' => time(), 'session_start' => time(), 'session_time' => time(), 'session_ip' => get_ip_address(), 'session_browser' => get_browser_string(), 'session_forwarded_for' => '', 'session_page' => '', 'session_viewonline' => 1, 'session_autologin' => 1, 'session_admin' => $this->_is_super_admin($id))); $cookie = serialize(array($real_member_cookie => strval($id), $real_pass_cookie => $hash, $real_session_cookie => $session_id)); if ($colon_pos !== false) { ocp_setcookie($base, $cookie); $_COOKIE[$base] = $cookie; } else { ocp_setcookie($real_member_cookie, strval($id)); ocp_setcookie($real_pass_cookie, $hash); ocp_setcookie($real_session_cookie, $session_id); $_COOKIE[$real_member_cookie] = strval($id); $_COOKIE[$real_pass_cookie] = $hash; $_COOKIE[$real_session_cookie] = $session_id; } }
/** * Create a member login cookie. * * @param MEMBER The member id * @param ?SHORT_TEXT The username (NULL: lookup) * @param string The password */ function forum_create_cookie($id, $name, $password) { unset($name); unset($password); // User ocp_setcookie(get_member_cookie(), strval($id)); $_COOKIE[get_member_cookie()] = strval($id); // Password $password_hashed_salted = $this->get_member_row_field($id, 'm_pass_hash_salted'); $password_compat_scheme = $this->get_member_row_field($id, 'm_password_compat_scheme'); if ($password_compat_scheme == 'plain') { $password_hashed_salted = md5($password_hashed_salted); } // can't do direct representation for this, would be a plain text cookie; so in forum_authorise_login we expect it to be md5'd and compare thusly (as per non-cookie call to that function) ocp_setcookie(get_pass_cookie(), $password_hashed_salted); $_COOKIE[get_pass_cookie()] = $password_hashed_salted; }
/** * Create a member login cookie. * * @param MEMBER The member id * @param ?SHORT_TEXT The username (NULL: lookup) * @param string The password */ function forum_create_cookie($id, $name, $password) { unset($name); unset($password); // User ocp_setcookie(get_member_cookie(), strval($id)); $_COOKIE[get_member_cookie()] = strval($id); // Password $password_hashed = $this->get_member_row_field($id, 'password'); global $SITE_INFO; $_password = md5($password_hashed . $SITE_INFO['vb_unique_id']); ocp_setcookie(get_pass_cookie(), $_password); $_COOKIE[get_pass_cookie()] = $_password; }
/** * Do a cookie login. * * @return MEMBER Logged in member (NULL: no login happened) */ function try_cookie_login() { $member = NULL; // Preprocess if this is a serialized cookie $member_cookie_name = get_member_cookie(); $bar_pos = strpos($member_cookie_name, '|'); $colon_pos = strpos($member_cookie_name, ':'); if ($colon_pos !== false) { $base = substr($member_cookie_name, 0, $colon_pos); if (array_key_exists($base, $_COOKIE) && $_COOKIE[$base] != '') { $real_member_cookie = substr($member_cookie_name, $colon_pos + 1); $real_pass_cookie = substr(get_pass_cookie(), $colon_pos + 1); $the_cookie = $_COOKIE[$base]; if (get_magic_quotes_gpc()) { $the_cookie = stripslashes($_COOKIE[$base]); } secure_serialized_data($the_cookie, array()); $unserialize = @unserialize($the_cookie); if (is_array($unserialize)) { if (array_key_exists($real_member_cookie, $unserialize)) { $the_member = $unserialize[$real_member_cookie]; if (get_magic_quotes_gpc()) { $the_member = addslashes(@strval($the_member)); } $_COOKIE[get_member_cookie()] = $the_member; } if (array_key_exists($real_pass_cookie, $unserialize)) { $the_pass = $unserialize[$real_pass_cookie]; if (get_magic_quotes_gpc()) { $the_pass = addslashes($the_pass); } $_COOKIE[get_pass_cookie()] = $the_pass; } } } } elseif ($bar_pos !== false) { $base = substr($member_cookie_name, 0, $bar_pos); if (array_key_exists($base, $_COOKIE) && $_COOKIE[$base] != '') { $real_member_cookie = substr($member_cookie_name, $bar_pos + 1); $real_pass_cookie = substr(get_pass_cookie(), $bar_pos + 1); $the_cookie = $_COOKIE[$base]; if (get_magic_quotes_gpc()) { $the_cookie = stripslashes($_COOKIE[$base]); } $cookie_contents = explode('||', $the_cookie); $the_member = $cookie_contents[intval($real_member_cookie)]; if (get_magic_quotes_gpc()) { $the_member = addslashes($the_member); } $_COOKIE[get_member_cookie()] = $the_member; $the_pass = $cookie_contents[intval($real_pass_cookie)]; if (get_magic_quotes_gpc()) { $the_pass = addslashes($the_pass); } $_COOKIE[get_pass_cookie()] = $the_pass; } } if (array_key_exists(get_member_cookie(), $_COOKIE) && array_key_exists(get_pass_cookie(), $_COOKIE)) { $store = $_COOKIE[get_member_cookie()]; $pass = $_COOKIE[get_pass_cookie()]; if (get_magic_quotes_gpc()) { $store = stripslashes($store); $pass = stripslashes($pass); } if ($GLOBALS['FORUM_DRIVER']->is_cookie_login_name()) { $username = $store; $store = strval($GLOBALS['FORUM_DRIVER']->get_member_from_username($store)); } else { $username = $GLOBALS['FORUM_DRIVER']->get_username(intval($store)); } $member = intval($store); if (!is_guest($member)) { if ($GLOBALS['FORUM_DRIVER']->is_hashed()) { // Test password hash $login_array = $GLOBALS['FORUM_DRIVER']->forum_authorise_login(NULL, $member, $pass, $pass, true); $member = $login_array['id']; } else { // Test password plain $login_array = $GLOBALS['FORUM_DRIVER']->forum_authorise_login(NULL, $member, apply_forum_driver_md5_variant($pass, $username), $pass, true); $member = $login_array['id']; } if (!is_null($member)) { global $IS_A_COOKIE_LOGIN; $IS_A_COOKIE_LOGIN = true; create_session($member, 0, isset($_COOKIE[get_member_cookie() . '_invisible']) && $_COOKIE[get_member_cookie() . '_invisible'] == '1'); } } } return $member; }
/** * Create a member login cookie. * * @param MEMBER The member id * @param ?SHORT_TEXT The username (NULL: lookup) * @param string The password */ function forum_create_cookie($id, $name, $password) { unset($name); unset($password); $member_cookie_name = get_member_cookie(); $colon_pos = strpos($member_cookie_name, ':'); $base = substr($member_cookie_name, 0, $colon_pos); $real_member_cookie = substr($member_cookie_name, $colon_pos + 1); $real_pass_cookie = substr(get_pass_cookie(), $colon_pos + 1); $hash = substr(uniqid(strval(mt_rand(0, 32000)), true), 0, 17); $cookie = serialize(array($real_member_cookie => strval($id), $real_pass_cookie => $hash)); $this->connection->query_insert('sessions', array('session_id' => md5($hash), 'session_user_id' => $id, 'session_ip' => ip2long(get_ip_address()), 'session_time' => time())); ocp_setcookie($base, $cookie); $_COOKIE[$base] = $cookie; }
/** * Process a login. * * @param ID_TEXT Username */ function handle_active_login($username) { global $SESSION_CACHE; $result = array(); $member_cookie_name = get_member_cookie(); $colon_pos = strpos($member_cookie_name, ':'); if ($colon_pos !== false) { $base = substr($member_cookie_name, 0, $colon_pos); $real_member_cookie = substr($member_cookie_name, $colon_pos + 1); $real_pass_cookie = substr(get_pass_cookie(), $colon_pos + 1); $serialized = true; } else { $real_member_cookie = get_member_cookie(); $base = $real_member_cookie; $real_pass_cookie = get_pass_cookie(); $serialized = false; } $password = trim(post_param('password')); $login_array = $GLOBALS['FORUM_DRIVER']->forum_authorise_login($username, NULL, apply_forum_driver_md5_variant($password, $username), $password); $member = $login_array['id']; // Run hooks, if any exist $hooks = find_all_hooks('systems', 'upon_login'); foreach (array_keys($hooks) as $hook) { require_code('hooks/systems/upon_login/' . filter_naughty($hook)); $ob = object_factory('upon_login' . filter_naughty($hook), true); if (is_null($ob)) { continue; } $ob->run(true, $username, $member); // true means "a new login attempt" } if (!is_null($member)) { $remember = post_param_integer('remember', 0); // Create invisibility cookie if (array_key_exists(get_member_cookie() . '_invisible', $_COOKIE) || $remember == 1) { $invisible = post_param_integer('login_invisible', 0); ocp_setcookie(get_member_cookie() . '_invisible', strval($invisible)); $_COOKIE[get_member_cookie() . '_invisible'] = strval($invisible); } // Store the cookies if ($remember == 1) { global $IS_A_COOKIE_LOGIN; $IS_A_COOKIE_LOGIN = true; // Create user cookie if (method_exists($GLOBALS['FORUM_DRIVER'], 'forum_create_cookie')) { $GLOBALS['FORUM_DRIVER']->forum_create_cookie($member, NULL, $password); } else { if ($GLOBALS['FORUM_DRIVER']->is_cookie_login_name()) { $name = $GLOBALS['FORUM_DRIVER']->get_username($member); if ($serialized) { $result[$real_member_cookie] = $name; } else { ocp_setcookie(get_member_cookie(), $name, false, true); $_COOKIE[get_member_cookie()] = $name; } } else { if ($serialized) { $result[$real_member_cookie] = $member; } else { ocp_setcookie(get_member_cookie(), strval($member), false, true); $_COOKIE[get_member_cookie()] = strval($member); } } // Create password cookie if (!$serialized) { if ($GLOBALS['FORUM_DRIVER']->is_hashed()) { ocp_setcookie(get_pass_cookie(), apply_forum_driver_md5_variant($password, $username), false, true); } else { ocp_setcookie(get_pass_cookie(), $password, false, true); } } else { if ($GLOBALS['FORUM_DRIVER']->is_hashed()) { $result[$real_pass_cookie] = apply_forum_driver_md5_variant($password, $username); } else { $result[$real_pass_cookie] = $password; } $_result = serialize($result); ocp_setcookie($base, $_result, false, true); } } } // Create session require_code('users_inactive_occasionals'); create_session($member, 1, post_param_integer('login_invisible', 0) == 1); } else { $GLOBALS['SITE_DB']->query_insert('failedlogins', array('failed_account' => substr(trim(post_param('login_username')), 0, 80), 'date_and_time' => time(), 'ip' => get_ip_address())); $count = $GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT COUNT(*) FROM ' . get_table_prefix() . 'failedlogins WHERE date_and_time>' . strval(time() - 60 * 15) . ' AND ' . db_string_equal_to('ip', get_ip_address())); if ($count > 30) { log_hack_attack_and_exit('BRUTEFORCE_LOGIN_HACK'); } } }