/**
* Process Login
*
* @param string Identifier - may be 'id', 'email' or 'username'
* @param string Value for identifier (for example, the user's ID number)
* @param string The password, md5 encoded
* @param string md5( IPS Connect Key (see login method) . Identifier Value )
* @param string Redirect URL, Base64 encoded
* @param string md5( IPS Connect Key . $redirect )
* @return mixed If the redirect URL is provided, this function should redirect the user to that URL with additional paramaters:
* connect_status value from below
* connect_id the ID number in this app
* connect_username the username
* connect_displayname the display name
* connect_email the email address
* connect_unlock If the account is locked, the time that it was locked
* connect_unlock_period The number of minutes until the account is unlocked (will be 0 if account does not automatically unlock)
* If blank, will output to screen a JSON object with the same parameters
* Values:
* SUCCESS login successful
* WRONG_AUTH Password incorrect
* NO_USER Identifier did not match member account
* MISSING_DATA Identifier or password was blank
* ACCOUNT_LOCKED Account has been locked by brute-force prevention
*/
public function login($identifier, $identifierValue, $md5Password, $key, $redirect, $redirectHash)
{
$member = NULL;
$statusCode = 'MISSING_DATA';
$secondsUntilUnlock = 0;
$revalidateUrl = '';
/* Check */
if (in_array($identifier, array('id', 'email', 'username'))) {
$member = IPSMember::load($identifierValue, 'none', $identifier);
if ($member['member_id']) {
/* Check we're not blocked */
if ($this->settings['ipb_bruteforce_attempts'] > 0) {
$failed_attempts = explode(",", IPSText::cleanPermString($member['failed_logins']));
$failed_count = 0;
$total_failed = 0;
$thisip_failed = 0;
$non_expired_att = array();
if (is_array($failed_attempts) and count($failed_attempts)) {
foreach ($failed_attempts as $entry) {
if (!strpos($entry, "-")) {
continue;
}
list($timestamp, $ipaddress) = explode("-", $entry);
if (!$timestamp) {
continue;
}
$total_failed++;
if ($ipaddress != $this->member->ip_address) {
continue;
}
$thisip_failed++;
if ($this->settings['ipb_bruteforce_period'] and $timestamp < time() - $this->settings['ipb_bruteforce_period'] * 60) {
continue;
}
$non_expired_att[] = $entry;
$failed_count++;
}
sort($non_expired_att);
$oldest_entry = array_shift($non_expired_att);
list($oldest, ) = explode("-", $oldest_entry);
}
if ($thisip_failed >= $this->settings['ipb_bruteforce_attempts']) {
if ($this->settings['ipb_bruteforce_unlock']) {
if ($failed_count >= $this->settings['ipb_bruteforce_attempts']) {
$secondsUntilUnlock = $oldest;
$statusCode = 'ACCOUNT_LOCKED';
}
} else {
$statusCode = 'ACCOUNT_LOCKED';
}
}
}
/* Check the password is valid */
if ($statusCode != 'ACCOUNT_LOCKED') {
if (IPSMember::authenticateMember($member['member_id'], $md5Password)) {
/* Are we validating? */
if ($member['ipsconnect_revalidate_url']) {
$statusCode = 'VALIDATING';
$revalidateUrl = $member['ipsconnect_revalidate_url'];
} else {
$validating = ipsRegistry::DB()->buildAndFetch(array('select' => '*', 'from' => 'validating', 'where' => "member_id={$member['member_id']} AND new_reg=1"));
if ($validating['vid']) {
$statusCode = 'VALIDATING';
if ($validating['user_verified'] == 1 or $this->settings['reg_auth_type'] == 'admin') {
$revalidateUrl = 'ADMIN_VALIDATION';
} else {
$revalidateUrl = ipsRegistry::getClass('output')->buildUrl('app=core&module=global&section=register&do=reval', 'public');
}
}
}
if ($statusCode != 'VALIDATING') {
/* Login Successful */
$statusCode = 'SUCCESS';
/* Log us in locally */
$this->han_login->loginWithoutCheckingCredentials($member['member_id'], TRUE);
/* Run memberSync */
IPSLib::runMemberSync('onLogin', $member);
}
} else {
/* Login Failed */
$statusCode = 'WRONG_AUTH';
/* Append failed login */
if ($this->settings['ipb_bruteforce_attempts'] > 0) {
$failed_logins = explode(",", $member['failed_logins']);
$failed_logins[] = time() . '-' . $this->member->ip_address;
$failed_count = 0;
$total_failed = 0;
$non_expired_att = array();
foreach ($failed_logins as $entry) {
list($timestamp, $ipaddress) = explode("-", $entry);
if (!$timestamp) {
continue;
}
$total_failed++;
if ($ipaddress != $this->member->ip_address) {
continue;
}
if ($this->settings['ipb_bruteforce_period'] > 0 and $timestamp < time() - $this->settings['ipb_bruteforce_period'] * 60) {
continue;
}
$failed_count++;
$non_expired_att[] = $entry;
}
if ($member['member_id'] and !$this->settings['failed_done']) {
IPSMember::save($member['email'], array('core' => array('failed_logins' => implode(",", $non_expired_att), 'failed_login_count' => $total_failed)));
}
}
}
}
} else {
$statusCode = 'NO_USER';
}
}
/* Run any custom code */
$this->_runCustom('login', array($member, $statusCode));
/* Hide the email if necessary */
if ($statusCode != 'SUCCESS' and $identifier != 'email') {
$member['email'] = '';
}
/* Return */
if ($redirect) {
$redirect = ($key == md5($this->masterKey . $identifierValue) and $redirectHash == md5($this->masterKey . $redirect)) ? $redirect : base64_encode($this->settings['board_url']);
}
$this->_return($redirect, array('connect_status' => $statusCode, 'connect_id' => $member['member_id'], 'connect_username' => $member['name'], 'connect_displayname' => $member['members_display_name'], 'connect_email' => $member['email'], 'connect_unlock' => $secondsUntilUnlock, 'connect_revalidate_url' => $revalidateUrl, 'connect_unlock_period' => $this->settings['ipb_bruteforce_period']));
}
/**
* handshake_server::handshake_start()
*
* Returns all data...
*
* @access public
* @param integer $reg_id Converge reg ID
* @param string $reg_code Converge API Code (MUST BE PRESENT IN ALL RETURNED API REQUESTS).
* @param integer $reg_date Unix stamp of converge request start time
* @param integer $reg_product_id Converge product ID (MUST BE PRESENT IN ALL RETURNED API REQUESTS)
* @param string $converge_url Converge application base url (no slashes or paths)
* @return mixed xml / boolean false
**/
public function handshakeStart($reg_id = '', $reg_code = '', $reg_date = '', $reg_product_id = '', $converge_url = '', $acp_email = '', $acp_md5_password = '', $http_user = '', $http_pass = '')
{
//-----------------------------------------
// INIT
//-----------------------------------------
$reg_id = intval($reg_id);
$reg_code = IPSText::md5Clean($reg_code);
$reg_date = intval($reg_date);
$reg_product_id = intval($reg_product_id);
$converge_url = IPSText::parseCleanValue($converge_url);
$acp_email = IPSText::parseCleanValue($acp_email);
$acp_md5_password = IPSText::md5Clean($acp_md5_password);
$this->registry->getClass('class_localization')->loadLanguageFile(array('api_langbits'), 'core');
//-----------------------------------------
// Check ACP user
//-----------------------------------------
if (!$acp_email and !$acp_md5_password) {
$this->classApiServer->apiSendError(500, $this->lang->words['missing_email']);
return false;
} else {
$member = IPSMember::load($acp_email, 'extendedProfile,groups');
if (!$member['member_id']) {
$this->classApiServer->apiSendError(501, $this->lang->words['bad_email']);
return false;
} else {
//-----------------------------------------
// Are we an admin?
//-----------------------------------------
if ($member['g_access_cp'] != 1) {
$this->classApiServer->apiSendError(501, $this->lang->words['no_acp_access']);
return false;
}
//-----------------------------------------
// Check password...
//-----------------------------------------
if (IPSMember::authenticateMember($member['member_id'], $acp_md5_password) != true) {
$this->classApiServer->apiSendError(501, $this->lang->words['bad_email']);
return false;
}
}
}
//-----------------------------------------
// Just send it all back and start
// A row in the converge_local table with
// the info, but don't flag as active...
//-----------------------------------------
$reply = array('master_response' => 1, 'reg_id' => $reg_id, 'reg_code' => $reg_code, 'reg_date' => $reg_date, 'reg_product_id' => $reg_product_id, 'converge_url' => $converge_url);
//-----------------------------------------
// Add into DB
//-----------------------------------------
$this->registry->DB()->insert('converge_local', array('converge_api_code' => $reg_code, 'converge_product_id' => $reg_product_id, 'converge_added' => $reg_date, 'converge_ip_address' => my_getenv('REMOTE_ADDR'), 'converge_url' => $converge_url, 'converge_active' => 0, 'converge_http_user' => $http_user, 'converge_http_pass' => $http_pass));
//-----------------------------------------
// Send reply...
//-----------------------------------------
$this->classApiServer->apiSendReply($reply);
}
/**
* Local authentication
*
* @access public
* @param string Username
* @param string Email Address
* @param string Password
* @return boolean Authentication successful
*/
public function authLocal($username, $email_address, $password)
{
$password = md5($password);
//-----------------------------------------
// Type of login
//-----------------------------------------
$type = 'username';
if (is_array($this->method_config) and $this->method_config['login_folder_name'] == 'internal') {
$type = $this->method_config['login_user_id'];
}
/* Forcing email? */
if ($this->_forceEmailCheck) {
$type = 'email';
}
/* If any other method accepts the other type, we need to as well, otherwise form will indicate you can submit it but you can't */
foreach ($this->cache->getCache('login_methods') as $method) {
if ($method['login_user_id'] == 'username' or $method['login_user_id'] == 'either') {
$uses_name = true;
}
if ($method['login_user_id'] == 'email' or $method['login_user_id'] == 'either') {
$uses_email = true;
}
}
if ($uses_name and $uses_email) {
$type = 'either';
}
/* If we only have one, just take it and run with it */
$input = NULL;
if ($email_address xor $username) {
$input = $email_address ? $email_address : $username;
}
switch ($type) {
case 'username':
$this->member_data = IPSMember::load($input ? $input : $username, 'groups', 'username');
break;
case 'email':
$this->member_data = IPSMember::load($input ? $input : $email_address, 'groups', 'email');
break;
case 'either':
$_username = IPSMember::load($input ? $input : $username, 'groups', 'username');
if (!$_username['member_id']) {
$this->member_data = IPSMember::load($input ? $input : $email_address, 'groups', 'email');
} else {
$this->member_data = $_username;
}
break;
}
//-----------------------------------------
// Got an account
//-----------------------------------------
if (!$this->member_data['member_id']) {
$this->return_code = 'NO_USER';
return false;
}
//-----------------------------------------
// Verify it is not blocked
//-----------------------------------------
if (!$this->_checkFailedLogins()) {
return false;
}
//-----------------------------------------
// Check password...
//-----------------------------------------
if (IPSMember::authenticateMember($this->member_data['member_id'], $password) != true) {
if (!$this->_appendFailedLogin()) {
return false;
}
$this->return_code = 'WRONG_AUTH';
return false;
} else {
$this->return_code = 'SUCCESS';
return true;
}
}
/**
* Local authentication
*
* @access public
* @param string Username
* @param string Email Address
* @param string Password
* @return boolean Authentication successful
*/
public function authLocal($username, $email_address, $password)
{
$password = md5($password);
//-----------------------------------------
// Type of login
//-----------------------------------------
$type = 'username';
if (is_array($this->method_config) and $this->method_config['login_folder_name'] == 'internal') {
$type = $this->method_config['login_user_id'];
}
if ($this->_forceEmailCheck === TRUE or $email_address and !$username) {
$type = 'email';
}
switch ($type) {
case 'username':
if (IPSText::mbstrlen($username) > 32) {
$this->return_code = 'NO_USER';
return false;
}
$this->member_data = IPSMember::load($username, 'groups', 'username');
break;
case 'email':
$this->member_data = IPSMember::load($email_address, 'groups', 'email');
break;
}
//-----------------------------------------
// Got an account
//-----------------------------------------
if (!$this->member_data['member_id']) {
$this->return_code = 'NO_USER';
return false;
}
//-----------------------------------------
// Verify it is not blocked
//-----------------------------------------
if (!$this->_checkFailedLogins()) {
return false;
}
//-----------------------------------------
// Check password...
//-----------------------------------------
if (IPSMember::authenticateMember($this->member_data['member_id'], $password) != true) {
if (!$this->_appendFailedLogin()) {
return false;
}
$this->return_code = 'WRONG_AUTH';
return false;
} else {
$this->return_code = 'SUCCESS';
return false;
}
}
function __construct(ipsRegistry $registry)
{
$this->registry = $registry;
$this->DB = $this->registry->DB();
$this->settings =& $this->registry->fetchSettings();
$this->request =& $this->registry->fetchRequest();
$this->cache = $this->registry->cache();
$this->caches =& $this->registry->cache()->fetchCaches();
/* Set require path to include sabre directory */
@set_include_path(IPS_KERNEL_PATH . 'sabre/');
/*noLibHook*/
ipsRegistry::$settings['use_friendly_urls'] = 0;
/* Fetch authentication library */
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login');
$login = new $classToLoad($registry);
/* Require spl for sabre */
require_once 'Sabre.autoload.php';
/*noLibHook*/
/* Attempt authentication */
$auth = new Sabre_HTTP_BasicAuth();
$auth->setRealm("IP.Board WebDav");
/* Enabled? */
if (!$this->settings['webdav_on']) {
$auth->requireLogin();
echo "Please visit your Admin CP - Look and Feel - Externally Edit Templates and CSS to enable this functionality";
exit;
}
/* Fetch details */
$authDetails = $auth->getUserPass();
/* Check auth */
$member = IPSMember::load(IPSText::parseCleanValue($authDetails[0]), 'all', 'username');
if (!$member['member_id']) {
$auth->requireLogin();
print "Authentication Required (User doesn't exist)";
exit;
}
/* Internal auth only */
$result = IPSMember::authenticateMember($member['member_id'], md5(IPSText::parseCleanValue($authDetails[1])));
if ($result === false) {
$auth->requireLogin();
print "Authentication Required (Username or password incorrect)";
exit;
}
/* Load permissions class */
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/classes/class_permissions.php', 'class_permissions');
$this->registry->setClass('class_permissions', new $classToLoad($this->registry));
if (!$member['g_access_cp']) {
$auth->requireLogin();
print "Authentication Required (You are not an admin)";
exit;
}
if (!$this->registry->getClass('class_permissions')->checkPermission('settemplates_external_edit')) {
$auth->requireLogin();
print "You are not permitted to edit skins externally";
exit;
}
/* Require some files for our sabre implementation */
require_once IPS_ROOT_PATH . 'sources/classes/sabre/root/skins.php';
/*noLibHook*/
require_once IPS_ROOT_PATH . 'sources/classes/sabre/directory/templates.php';
/*noLibHook*/
require_once IPS_ROOT_PATH . 'sources/classes/sabre/directory/groups.php';
/*noLibHook*/
require_once IPS_ROOT_PATH . 'sources/classes/sabre/files/templates.php';
/*noLibHook*/
require_once IPS_ROOT_PATH . 'sources/classes/sabre/lock/nolocks.php';
/*noLibHook*/
$tree = new Sabre_DAV_ObjectTree(new sabre_root_skins());
$server = new Sabre_DAV_Server($tree);
$server->setBaseUri($this->getBaseUrl() . '/');
//$server->addPlugin( new Sabre_DAV_Browser_Plugin() );
$server->addPlugin(new Sabre_DAV_Locks_Plugin(new sabre_lock_nolocks()));
/* Process */
$server->exec();
}
<?php
header("Content-Type: text/plain; charset=UTF-8");
// Verify login and password
$login = $_GET['login'];
$password = $_GET['password'];
if (empty($login) || empty($password)) {
exit('Empty login or password');
}
// Load IPB core
define('IPB_THIS_SCRIPT', 'public');
require_once 'initdata.php';
require_once IPS_ROOT_PATH . 'sources/base/ipsRegistry.php';
$reg = ipsRegistry::instance();
$reg->init();
// Resolve member by login
$member = IPSMember::load(IPSText::parseCleanValue($login), 'all', 'username');
$member_id = $member['member_id'];
if (!$member_id) {
exit('Incorrect login');
}
// Try authenticate
$success = IPSMember::authenticateMember($member_id, md5(IPSText::parseCleanValue($password)));
echo $success ? 'OK:' . $member['name'] : 'Incorrect login or password';
