/** * Validate admin level webservices token, with or without username * * @param $h Webservices * token (admin users only) * @param $u Username * (admin users only) * @return boolean FALSE if invalid, string username if valid */ function webservices_validate_admin($h, $u) { $ret = false; if (preg_match('/^(.+)@(.+)\\.(.+)$/', $u)) { $u = user_email2username($u); } $c_u = webservices_validate($h, $u); if ($u) { $status = user_getfieldbyusername($c_u, 'status'); if ($status == 2) { $ret = $c_u; } } return $ret; }
/** * Validate email and password * * @param string $email * Username * @param string $password * Password * @return boolean TRUE when validated or boolean FALSE when validation failed */ function auth_validate_email($email, $password) { $username = user_email2username($email); _log('login attempt email:' . $email . ' u:' . $username . ' p:' . md5($password) . ' ip:' . $_SERVER['REMOTE_ADDR'], 3, 'auth_validate_email'); return auth_validate_login($username, $password); }
break; case "GET_CONTACT_GROUP": if ($u = webservices_validate($h, $u)) { $c_uid = user_username2uid($u); $json = webservices_get_contact_group($c_uid, $kwd, $c); } else { $json['status'] = 'ERR'; $json['error'] = '100'; } $log_this = TRUE; break; case "GET_TOKEN": $user = array(); if (preg_match('/^(.+)@(.+)\\.(.+)$/', $u)) { if (auth_validate_email($u, $p)) { $u = user_email2username($u); $user = user_getdatabyusername($u); } } else { if (auth_validate_login($u, $p)) { $user = user_getdatabyusername($u); } } if ($user['uid']) { $continue = false; $json['status'] = 'ERR'; $json['error'] = '106'; $ip = explode(',', $user['webservices_ip']); if (is_array($ip)) { foreach ($ip as $key => $net) { if (core_net_match($net, $_SERVER['REMOTE_ADDR'])) {
<?php defined('_SECURE_') or die('Forbidden'); if (_OP_ == 'login') { $username_or_email = trim($_REQUEST['username']); $password = trim($_REQUEST['password']); if ($username_or_email && $password) { $username = ''; $validated = FALSE; if (preg_match('/^(.+)@(.+)\\.(.+)$/', $username_or_email)) { if (auth_validate_email($username_or_email, $password)) { $username = user_email2username($username_or_email); $validated = TRUE; } } else { if (auth_validate_login($username_or_email, $password)) { $username = $username_or_email; $validated = TRUE; } } if ($validated) { $uid = user_username2uid($username); auth_session_setup($uid); if (auth_isvalid()) { logger_print("u:" . $_SESSION['username'] . " uid:" . $uid . " status:" . $_SESSION['status'] . " sid:" . $_SESSION['sid'] . " ip:" . $_SERVER['REMOTE_ADDR'], 2, "login"); } else { logger_print("unable to setup session u:" . $_SESSION['username'] . " status:" . $_SESSION['status'] . " sid:" . $_SESSION['sid'] . " ip:" . $_SERVER['REMOTE_ADDR'], 2, "login"); $_SESSION['error_string'] = _('Unable to login'); } } else { $_SESSION['error_string'] = _('Invalid username or password');