qa_limits_increment(null, QA_LIMIT_LOGINS); $inemailhandle = qa_post_text('emailhandle'); $inpassword = qa_post_text('password'); $inremember = qa_post_text('remember'); $errors = array(); if (qa_opt('allow_login_email_only') || strpos($inemailhandle, '@') !== false) { // handles can't contain @ symbols $matchusers = qa_db_user_find_by_email($inemailhandle); } else { $matchusers = qa_db_user_find_by_handle($inemailhandle); } if (count($matchusers) == 1) { // if matches more than one (should be impossible), don't log in $inuserid = $matchusers[0]; $userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true)); if (strtolower(qa_db_calc_passcheck($inpassword, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) { // login and redirect require_once QA_INCLUDE_DIR . 'qa-app-users.php'; qa_set_logged_in_user($inuserid, $userinfo['handle'], $inremember ? true : false); $topath = qa_get('to'); if (isset($topath)) { qa_redirect_raw(qa_path_to_root() . $topath); } elseif ($passwordsent) { qa_redirect('account'); } else { qa_redirect('welcome'); } } else { $errors['password'] = qa_lang('users/password_wrong'); } } else {
qa_redirect('account', array('state' => 'profile-saved')); } qa_logged_in_user_flush(); } } // Process change password if clicked if (qa_clicked('dochangepassword')) { require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php'; $inoldpassword = qa_post_text('oldpassword'); $innewpassword1 = qa_post_text('newpassword1'); $innewpassword2 = qa_post_text('newpassword2'); if (!qa_check_form_security_code('password', qa_post_text('code'))) { $errors['page'] = qa_lang_html('misc/form_security_again'); } else { $errors = array(); if ($haspassword && strtolower(qa_db_calc_passcheck($inoldpassword, $useraccount['passsalt'])) != strtolower($useraccount['passcheck'])) { $errors['oldpassword'] = qa_lang('users/password_wrong'); } $useraccount['password'] = $inoldpassword; $errors = $errors + qa_password_validate($innewpassword1, $useraccount); // array union if ($innewpassword1 != $innewpassword2) { $errors['newpassword2'] = qa_lang('users/password_mismatch'); } if (empty($errors)) { qa_db_user_set_password($userid, $innewpassword1); qa_db_user_set($userid, 'sessioncode', ''); // stop old 'Remember me' style logins from still working qa_set_logged_in_user($userid, $useraccount['handle'], false, $useraccount['sessionsource']); // reinstate this specific session qa_report_event('u_password', $userid, $useraccount['handle'], qa_cookie_get());
function core_login($username, $password, $remember = false) { require_once QA_INCLUDE_DIR . 'qa-app-limits.php'; if (qa_user_limits_remaining(QA_LIMIT_LOGINS)) { require_once QA_INCLUDE_DIR . 'qa-db-users.php'; require_once QA_INCLUDE_DIR . 'qa-db-selects.php'; $errors = array(); if (qa_opt('allow_login_email_only') || strpos($username, '@') !== false) { // handles can't contain @ symbols $matchusers = qa_db_user_find_by_email($username); } else { $matchusers = qa_db_user_find_by_handle($username); } if (count($matchusers) == 1) { // if matches more than one (should be impossible), don't log in $inuserid = $matchusers[0]; $userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true)); if (strtolower(qa_db_calc_passcheck($password, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) { // login require_once QA_INCLUDE_DIR . 'qa-app-users.php'; qa_set_logged_in_user($inuserid, $userinfo['handle'], $remember ? true : false); return $userinfo; } else { $this->error = new IXR_Error(1512, qa_lang('users/password_wrong')); } } else { $this->error = new IXR_Error(1512, qa_lang('users/user_not_found')); } } else { $this->error = new IXR_Error(1512, qa_lang('users/login_limit')); } qa_limits_increment(null, QA_LIMIT_LOGINS); // log on failure return false; }
function qa_db_user_set_password($userid, $password) { if (qa_to_override(__FUNCTION__)) { $args = func_get_args(); return qa_call_override(__FUNCTION__, $args); } require_once QA_INCLUDE_DIR . 'qa-util-string.php'; $salt = qa_random_alphanum(16); qa_db_query_sub('UPDATE ^users SET passsalt=$, passcheck=UNHEX($) WHERE userid=$', $salt, qa_db_calc_passcheck($password, $salt), $userid); }
function qa_db_user_set_password($userid, $password) { require_once QA_INCLUDE_DIR . 'qa-util-string.php'; $salt = qa_random_alphanum(16); qa_db_query_sub('UPDATE ^users SET passsalt=$, passcheck=UNHEX($) WHERE userid=$', $salt, qa_db_calc_passcheck($password, $salt), $userid); }