Exemple #1
0
        $config_file = str_replace("@root@", $url_i, $config_file);
        $config_file = str_replace("@mysql_username@", $_POST['mysql_username'], $config_file);
        $config_file = str_replace("@mysql_password@", $_POST['mysql_password'], $config_file);
        $config_file = str_replace("@database_name@", $_POST['database_name'], $config_file);
        $config_file = str_replace("@server_domain@", $_POST['server_domain'], $config_file);
        file_put_contents($url_i . "/app_needed/config.php", $config_file);
        $command = "mysql -h '" . $_POST['mysql_host'] . "' -u '" . $_POST['mysql_username'] . "' -p'" . $_POST['mysql_password'] . "' '" . $_POST['database_name'] . "' < '" . 'database.sql' . "'";
        $output = shell_exec($command);
        sleep(5);
        $conn = @mysql_connect($_POST['mysql_host'], $_POST['mysql_username'], $_POST['mysql_password']);
        @mysql_select_db($_POST['database_name']) or die(mysql_error());
        require_once $url_i . "/app_classes/module_users.inc";
        $unique = class_users::add('', '1', '1', $_POST['email'], $_POST['password'], $_POST['first_name'], $_POST['last_name'], '', '', '', '', '', '', '', '', '', '', '', '1', '1', '1', '1', '');
        if (!$conn) {
            echo "Invalid Database Connection";
            exit;
        }
        $user = new class_users($unique);
        session_start();
        $_SESSION['unique'] = $unique;
        $user->set_valid("1");
        $user->set_verified("1");
        $user->logout();
        $config_file = file_get_contents($url_i . "/install/adb.php");
        $config_file = str_replace("@server_domain@", $_POST['server_domain'], $config_file);
        file_put_contents($url_i . "/adb.php", $config_file);
        echo "The product is succesfully installed! <a href='../login.html'>Login Now</a>";
    } else {
        echo "All fields are required to install the product.";
    }
}
        $sql = "INSERT INTO " . USERS_TABLE . " (user_id, username, username_clean, user_regdate, user_password, user_email, user_email_hash, user_style, user_timezone, user_dateformat, user_lang, user_level, user_active, user_actkey)\n\t\t\tVALUES ({$user_id}, '" . $db->sql_escape($username) . "', '" . $db->sql_escape(utf8_clean_string($username)) . "', " . time() . ", '" . $db->sql_escape($new_password) . "', '" . $db->sql_escape($email) . "', '" . $db->sql_escape(phpbb_email_hash($email)) . "', {$user_style}, {$user_timezone}, '" . $db->sql_escape($user_dateformat) . "', '" . $db->sql_escape($user_lang) . "', 0, 1, 'user_actkey')";
        $db->sql_transaction('begin');
        $result = $db->sql_query($sql);
        $sql = "INSERT INTO " . GROUPS_TABLE . " (group_name, group_description, group_single_user, group_moderator)\n\t\t\tVALUES ('', 'Personal User', 1, 0)";
        $result = $db->sql_query($sql);
        $group_id = $db->sql_nextid();
        $sql = "INSERT INTO " . USER_GROUP_TABLE . " (user_id, group_id, user_pending)\n\t\t\tVALUES ({$user_id}, {$group_id}, 0)";
        $result = $db->sql_query($sql);
        $db->sql_transaction('commit');
        // PROFILE EDIT BRIDGE - BEGIN
        $target_profile_data = array('user_id' => $user_id, 'username' => $username, 'password' => $clean_password, 'email' => $email);
        if (!class_exists('class_users')) {
            include_once IP_ROOT_PATH . 'includes/class_users.' . PHP_EXT;
        }
        if (empty($class_users)) {
            $class_users = new class_users();
        }
        $class_users->profile_update($target_profile_data);
        unset($clean_password);
        unset($target_profile_data);
        // PROFILE EDIT BRIDGE - END
        board_stats();
        $message = $lang['Account_added'];
        message_die(GENERAL_MESSAGE, $message);
    }
}
// End of submit
if ($error) {
    // If an error occured we need to htmlspecialchars again username for output on returned data
    $username = htmlspecialchars($username);
    $new_password = '';
Exemple #3
0
/**
* Login function
*/
function login_db(&$username, &$password, $user_id = false, $increase_attempts = true)
{
    global $db, $config;
    // do not allow empty password
    if (!$password) {
        return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'NO_PASSWORD_SUPPLIED', 'user_row' => array('user_id' => ANONYMOUS));
    }
    if (!$username) {
        return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS));
    }
    // Username only!
    $sql_match = !empty($user_id) ? "user_id = '" . $db->sql_escape($user_id) . "'" : "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
    // Email only!
    //$sql_match = !empty($user_id) ? ("user_id = '" . $db->sql_escape($user_id) . "'") : ("user_email = '" . $db->sql_escape(utf8_clean_string($username)) . "'");
    // Username or email!
    //$sql_match = !empty($user_id) ? ("user_id = '" . $db->sql_escape($user_id) . "'") : (("username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "' OR user_email = '" . $db->sql_escape(utf8_clean_string($username)) . "'"));
    $sql = 'SELECT user_id, username, username_clean, user_password, user_passchg, user_pass_convert, user_email, user_active, user_level, user_login_attempts, user_last_login_attempt
		FROM ' . USERS_TABLE . '
		WHERE ' . $sql_match;
    $result = $db->sql_query($sql);
    $row = $db->sql_fetchrow($result);
    $db->sql_freeresult($result);
    if (!$row) {
        return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS));
    }
    // User inactive...
    if (empty($row['user_active'])) {
        return array('status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row);
    }
    $config['max_login_attempts'] = (int) $config['max_login_attempts'];
    $config['login_reset_time'] = (int) $config['login_reset_time'];
    // Check to see if user is allowed to login again... if his tries are exceeded
    if (!empty($config['max_login_attempts']) && !empty($login_result['user_row']['user_last_login_attempt']) && !empty($config['max_login_attempts']) && $login_result['user_row']['user_last_login_attempt'] >= time() - $config['login_reset_time'] * 60 && $login_result['user_row']['user_login_attempts'] >= $config['max_login_attempts'] + 1) {
        return array('status' => LOGIN_ERROR_ATTEMPTS, 'error_msg' => 'LOGIN_ATTEMPTS_EXCEEDED', 'user_row' => array('user_id' => ANONYMOUS));
    }
    // If there are too much login attempts, we need to check for a confirm image
    // Every auth module is able to define what to do by itself...
    if (!empty($config['max_login_attempts']) && $row['user_login_attempts'] >= $config['max_login_attempts']) {
        /*
        // Visual Confirmation handling
        $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
        $captcha->init(CONFIRM_LOGIN);
        $vc_response = $captcha->validate();
        if ($vc_response)
        {
        	return array(
        		'status' => LOGIN_ERROR_ATTEMPTS,
        		'error_msg' => 'LOGIN_ERROR_ATTEMPTS',
        		'user_row' => $row,
        	);
        }
        */
        redirect(append_sid('login_captcha.' . PHP_EXT . '?uid=' . $row['user_id'], true));
    }
    // If the last login is more than x minutes ago, then reset the login tries/time
    if (!empty($config['login_reset_time']) && !empty($row['user_last_login_attempt']) && $row['user_last_login_attempt'] < time() - $config['login_reset_time'] * 60) {
        reset_login_attempts($login_result['user_row']['user_id']);
        $row['user_last_login_attempt'] = 0;
        $row['user_login_attempts'] = 0;
    }
    // If the password convert flag is set we need to convert it
    if ($row['user_pass_convert']) {
        // in phpBB2 passwords were used exactly as they were sent, with addslashes applied
        $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
        $password_old_format = !STRIP ? addslashes($password_old_format) : $password_old_format;
        $password_new_format = '';
        set_var($password_new_format, stripslashes($password_old_format), 'string', true);
        if ($password == $password_new_format) {
            if (!function_exists('utf8_to_cp1252')) {
                include IP_ROOT_PATH . 'includes/utf/data/recode_basic.' . PHP_EXT;
            }
            // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
            // plain md5 support left in for conversions from other systems.
            if (strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password'])) || strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])) {
                // PROFILE EDIT BRIDGE - BEGIN
                $target_profile_data = array('user_id' => $row['user_id'], 'username' => $username, 'password' => $password_new_format);
                include_once IP_ROOT_PATH . 'includes/class_users.' . PHP_EXT;
                $class_users = new class_users();
                $class_users->profile_update($target_profile_data);
                unset($target_profile_data);
                // PROFILE EDIT BRIDGE - END
                $hash = phpbb_hash($password_new_format);
                // Update the password in the users table to the new format and remove user_pass_convert flag
                $sql = 'UPDATE ' . USERS_TABLE . '
					SET user_password = \'' . $db->sql_escape($hash) . '\',
						user_pass_convert = 0
					WHERE user_id = ' . $row['user_id'];
                $db->sql_query($sql);
                $row['user_pass_convert'] = 0;
                $row['user_password'] = $hash;
            } else {
                // Although we weren't able to convert this password we have to increase login attempt count to make sure this cannot be exploited
                if ($increase_attempts) {
                    increase_login_attempts($row['user_id']);
                }
                return array('status' => LOGIN_ERROR_PASSWORD_CONVERT, 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT', 'user_row' => $row);
            }
        }
    }
    // Check password ...
    if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password'])) {
        // Check for old password hash...
        if (strlen($row['user_password']) == 32) {
            $hash = phpbb_hash($password);
            // Update the password in the users table to the new format
            $sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\tSET user_password = '******', user_pass_convert = 0\n\t\t\t\tWHERE user_id = {$row['user_id']}";
            $db->sql_query($sql);
            $row['user_password'] = $hash;
        }
        if ($row['user_login_attempts'] != 0) {
            reset_login_attempts($row['user_id']);
        }
        // Successful login... set user_login_attempts to zero...
        return array('status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $row);
    }
    // Password incorrect - increase login attempts
    if ($increase_attempts) {
        increase_login_attempts($row['user_id']);
    }
    // Give status about wrong password...
    return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'LOGIN_ERROR_PASSWORD', 'user_row' => $row);
}
Exemple #4
0
        unset($_SESSION['email']);
        unset($_SESSION['unique']);
        echo language("ERROR_login_unverified");
        exit;
    }
    if ($check) {
        echo "<script>window.location.href = '" . APP_PATH . "';</script>";
    }
}
if ($_POST[logout]) {
    if ($logged->logout()) {
        echo 1;
    }
}
if ($_POST[user_settings]) {
    $user = new class_users($_POST[unique]);
    $new_password = mysql_real_escape_string($_POST[new_password]);
    $repeat_password = mysql_real_escape_string($_POST[repeat_password]);
    if ($new_password && $repeat_password) {
        if (strlen($new_password) < 6 || strlen($repeat_password) < 6) {
            echo language('ERROR_password_characters');
            exit;
        }
        if ($new_password == $repeat_password) {
            echo language('SUCCESS_password_changed');
            $user->set_password($new_password);
            exit;
        } else {
            echo language('ERROR_repeat_password');
            exit;
        }
Exemple #5
0
include "app_needed/config.php";
require_once "app_classes/module_statistics.inc";
require_once "app_classes/module_campaigns.inc";
require_once "app_classes/module_tags.inc";
if ($_GET[unique]) {
    $tag = new class_tags($_GET[unique]);
    $campaign = new class_campaigns($_GET[unique]);
} else {
    $tag = new class_tags($_POST['this']);
    $campaign = new class_campaigns($_POST['this']);
}
$unique_user = $campaign->get_unique_user() . $tag->get_unique_user();
$new_user = new class_users($unique_user);
if (!$unique_user) {
    $new_user = new class_users($logged->get_unique());
}
$stats = new class_statistics();
if (!$_SESSION[unique]) {
    header("Location: " . APP_WEBSITE . "/login.html");
}
if (!$_POST[start_date]) {
    $start_date = date("Y-m-d", strtotime("-7 days"));
} else {
    $start_date = $_POST[start_date];
}
if (!$_POST[end_date]) {
    $end_date = date("Y-m-d");
} else {
    $end_date = $_POST[end_date];
}