// Is a fatal call if user has had too many tries
$errors = array();
$logins = login_attempt_check();
require_once MYBB_ROOT . "inc/datahandlers/login.php";
$loginhandler = new LoginDataHandler("get");
if ($mybb->get_input('quick_password') && $mybb->get_input('quick_username')) {
$mybb->input['password'] = $mybb->get_input('quick_password');
$mybb->input['username'] = $mybb->get_input('quick_username');
$mybb->input['remember'] = $mybb->get_input('quick_remember');
}
$user = array('username' => $mybb->get_input('username'), 'password' => $mybb->get_input('password'), 'remember' => $mybb->get_input('remember'), 'imagestring' => $mybb->get_input('imagestring'));
$options = array('fields' => 'loginattempts', 'username_method' => (int) $mybb->settings['username_method']);
$user_loginattempts = get_user_by_username($user['username'], $options);
$user['loginattempts'] = (int) $user_loginattempts['loginattempts'];
$loginhandler->set_data($user);
$validated = $loginhandler->validate_login();
if (!$validated) {
$mybb->input['action'] = "login";
$mybb->request_method = "get";
my_setcookie('loginattempts', $logins + 1);
$db->update_query("users", array('loginattempts' => 'loginattempts+1'), "uid='" . (int) $loginhandler->login_data['uid'] . "'", 1, true);
$errors = $loginhandler->get_friendly_errors();
$user['loginattempts'] = (int) $loginhandler->login_data['loginattempts'];
// If we need a captcha set it here
if ($mybb->settings['failedcaptchalogincount'] > 0 && ($user['loginattempts'] > $mybb->settings['failedcaptchalogincount'] || (int) $mybb->cookies['loginattempts'] > $mybb->settings['failedcaptchalogincount'])) {
$do_captcha = true;
$correct = $loginhandler->captcha_verified;
}
} else {
if ($validated && $loginhandler->captcha_verified == true) {
// Successful login
/**
* Login procedure for a user + password
* Possible ToDo: Return error messages / array / whatever
*
* @param string $username Username
* @param string $password Password of User
* @return boolean
*/
public function login($username, $password)
{
$this->plugins->run_hooks("member_do_login_start");
/**
* If we are already logged in, we do not have to perform the login procedure
*/
if ($this->isLoggedIn()) {
return true;
}
// Is a fatal call if user has had too many tries
$errors = array();
$logins = login_attempt_check();
require_once MYBB_ROOT . "inc/datahandlers/login.php";
$loginhandler = new LoginDataHandler("get");
$user = array('username' => $username, 'password' => $password, 'remember' => "yes", 'imagestring' => $captcha_string);
$options = array('fields' => 'loginattempts', 'username_method' => (int) $this->mybb->settings['username_method']);
$user_loginattempts = get_user_by_username($user['username'], $options);
$user['loginattempts'] = (int) $user_loginattempts['loginattempts'];
$loginhandler->set_data($user);
$validated = $loginhandler->validate_login();
if (!$validated) {
$this->mybb->input['action'] = "login";
$this->mybb->request_method = "get";
my_setcookie('loginattempts', $logins + 1);
$this->db->update_query("users", array('loginattempts' => 'loginattempts+1'), "uid='" . (int) $loginhandler->login_data['uid'] . "'", 1, true);
$errors = $loginhandler->get_friendly_errors();
$user['loginattempts'] = (int) $loginhandler->login_data['loginattempts'];
// TODO: Force Captchas
return false;
} else {
if ($validated && $loginhandler->captcha_verified == true) {
// Successful login but requires captcha
if ($loginhandler->login_data['coppauser']) {
//error($this->lang->error_awaitingcoppa);
return false;
}
$loginhandler->complete_login();
$this->plugins->run_hooks("member_do_login_end");
$this->mybb->session->init();
// Saving login data in user, so isLoggedIn works without having to reload the page
//$this->mybb->user = $loginhandler->login_data;
//$this->mybb->user = get_user($loginhandler->login_data['uid']);
// Required to be able to logout immediately after logging in
// This line is located in class_session.php of mybb
//$this->mybb->user['logoutkey'] = md5($this->mybb->user['loginkey']);
}
}
$this->plugins->run_hooks("member_do_login_end");
return true;
}
if ($loginattempts['loginattempts'] == $mybb->settings['maxloginattempts']) {
$db->delete_query("awaitingactivation", "uid='" . (int) $login_user['uid'] . "' AND type='l'");
$lockout_array = array("uid" => $login_user['uid'], "dateline" => TIME_NOW, "code" => random_str(), "type" => "l");
$db->insert_query("awaitingactivation", $lockout_array);
$subject = $lang->sprintf($lang->locked_out_subject, $mybb->settings['bbname']);
$message = $lang->sprintf($lang->locked_out_message, htmlspecialchars_uni($mybb->input['username']), $mybb->settings['bbname'], $mybb->settings['maxloginattempts'], $mybb->settings['bburl'], $mybb->config['admin_dir'], $lockout_array['code'], $lockout_array['uid']);
my_mail($login_user['email'], $subject, $message);
}
log_admin_action(array('type' => 'admin_locked_out', 'uid' => (int) $login_user['uid'], 'username' => $login_user['username']));
$default_page->show_lockedout();
} else {
$default_page->show_login($lang->error_invalid_secret_pin, "error");
}
}
$loginhandler->set_data(array('username' => $mybb->input['username'], 'password' => $mybb->input['password']));
if ($loginhandler->validate_login() == true) {
$mybb->user = get_user($loginhandler->login_data['uid']);
}
if ($mybb->user['uid']) {
if (login_attempt_check_acp($mybb->user['uid']) == true) {
log_admin_action(array('type' => 'admin_locked_out', 'uid' => (int) $mybb->user['uid'], 'username' => $mybb->user['username']));
$default_page->show_lockedout();
}
$db->delete_query("adminsessions", "uid='{$mybb->user['uid']}'");
$sid = md5(uniqid(microtime(true), true));
$useragent = $_SERVER['HTTP_USER_AGENT'];
if (my_strlen($useragent) > 200) {
$useragent = my_substr($useragent, 0, 200);
}
// Create a new admin session for this user
$admin_session = array("sid" => $sid, "uid" => $mybb->user['uid'], "loginkey" => $mybb->user['loginkey'], "ip" => $db->escape_binary(my_inet_pton(get_ip())), "dateline" => TIME_NOW, "lastactive" => TIME_NOW, "data" => my_serialize(array()), "useragent" => $db->escape_string($useragent));
/**
* The switch function deletes the mybbuser cookie, sets a new cookie for the selected account and starts a new session.
* Function is called by ajax request and sends the new users post key.
*
*/
function accountswitcher_switch()
{
global $db, $mybb, $lang, $charset, $cache, $templates;
if ($mybb->user['uid'] != 0 && isset($mybb->input['switchuser']) && $mybb->input['switchuser'] == 1 && $mybb->request_method == "post") {
require_once MYBB_ROOT . "/inc/plugins/accountswitcher/class_accountswitcher.php";
$eas = new AccountSwitcher($mybb, $db, $cache, $templates);
// Get permissions for this user
$userPermission = user_permissions($mybb->user['uid']);
// Get permissions for the master. First get the master
$master = get_user((int) $mybb->user['as_uid']);
// Get his permissions
$masterPermission = user_permissions($master['uid']);
// If one of both has the permission allow to switch
if ($userPermission['as_canswitch'] == 1 || $masterPermission['as_canswitch'] == 1) {
if (!isset($lang->as_invaliduser)) {
$lang->load("accountswitcher");
}
verify_post_check($mybb->get_input('my_post_key'));
// Get user info
$user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
// Check if user exists
if (!$user) {
error($lang->as_invaliduser);
}
// Can the new account be shared?
if ($user['as_share'] != 0 && $mybb->settings['aj_shareuser'] == 1) {
// Account already used by another user?
if ($user['as_shareuid'] != 0) {
log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
return;
}
// Account only shared by buddies?
if ($user['as_buddyshare'] != 0) {
// No buddy - no switch
if ($user['buddylist'] != '') {
$buddylist = explode(",", $user['buddylist']);
}
if (empty($buddylist) || !empty($buddylist) && !in_array($mybb->user['uid'], $buddylist)) {
log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
return;
}
}
// Shared account is free - set share uid
if ($user['as_shareuid'] == 0) {
$updated_shareuid = array("as_shareuid" => (int) $mybb->user['uid']);
$db->update_query("users", $updated_shareuid, "uid='" . (int) $user['uid'] . "'");
$eas->update_accountswitcher_cache();
$user['as_shareuid'] = (int) $mybb->user['uid'];
}
}
// Make sure you can switch to an attached account only
if ($user['as_uid'] == $mybb->user['uid'] || $user['as_uid'] != 0 && $user['as_uid'] == $mybb->user['as_uid'] || $user['uid'] == $mybb->user['as_uid'] || $user['as_shareuid'] == $mybb->user['uid'] || $user['uid'] == $mybb->user['as_shareuid']) {
// Is the current account shared?
if ($mybb->user['as_share'] != 0) {
// Account used by another user?
if ($mybb->user['as_shareuid'] == 0) {
log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
return;
}
// Reset share uid
if ($mybb->user['as_shareuid'] != 0) {
$updated_shareuid = array("as_shareuid" => 0);
$db->update_query("users", $updated_shareuid, "uid='" . (int) $mybb->user['uid'] . "'");
$eas->update_accountswitcher_cache();
}
}
// Log the old user out
my_unsetcookie("mybbuser");
my_unsetcookie("sid");
if ($mybb->user['uid']) {
$time = TIME_NOW;
// Run this after the shutdown query from session system
$db->shutdown_query("UPDATE " . TABLE_PREFIX . "users SET lastvisit='{$time}', lastactive='{$time}' WHERE uid='{$mybb->user['uid']}'");
$db->delete_query("sessions", "sid = '{$session->sid}'");
}
// Now let the login datahandler do the work
require_once MYBB_ROOT . "inc/datahandlers/login.php";
$loginhandler = new LoginDataHandler("get");
$mybb->input['remember'] = "yes";
$loginhandler->set_data($user);
$validated = $loginhandler->validate_login();
$loginhandler->complete_login();
// Create session for this user
require_once MYBB_ROOT . "inc/class_session.php";
$session = new session();
$session->init();
$mybb->session =& $session;
$mybb->post_code = generate_post_check();
// Send new users post code
header("Content-type: text/plain; charset={$charset}");
echo $mybb->post_code;
exit;
} else {
log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
error($lang->as_notattacheduser);
}
}
}
}
