public function __construct($method, &$username, &$userpass)
{
$this->e107 = e107::getInstance();
$newvals = array();
if ($method == 'none') {
$this->loginResult = AUTH_NOCONNECT;
return;
}
require_once e_PLUGIN . 'alt_auth/' . $method . '_auth.php';
$_login = new auth_login();
if (isset($_login->Available) && $_login->Available === FALSE) {
// Relevant auth method not available (e.g. PHP extension not loaded)
$this->loginResult = AUTH_NOT_AVAILABLE;
return;
}
$login_result = $_login->login($username, $userpass, $newvals, FALSE);
if ($login_result === AUTH_SUCCESS) {
require_once e_HANDLER . 'user_handler.php';
require_once e_HANDLER . 'validator_class.php';
if (MAGIC_QUOTES_GPC == FALSE) {
$username = mysql_real_escape_string($username);
}
$username = preg_replace("/\\sOR\\s|\\=|\\#/", "", $username);
$username = substr($username, 0, e107::getPref('loginname_maxlength'));
$aa_sql = e107::getDb('aa');
$userMethods = new UserHandler();
$db_vals = array('user_password' => $aa_sql->escape($userMethods->HashPassword($userpass, $username)));
$xFields = array();
// Possible extended user fields
// See if any of the fields need processing before save
if (isset($_login->copyMethods) && count($_login->copyMethods)) {
foreach ($newvals as $k => $v) {
if (isset($_login->copyMethods[$k])) {
$newvals[$k] = $this->translate($_login->copyMethods[$k], $v);
if (AA_DEBUG1) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth convert", $k . ': ' . $v . '=>' . $newvals[$k], FALSE, LOG_TO_ROLLING);
}
}
}
}
foreach ($newvals as $k => $v) {
if (strpos($k, 'x_') === 0) {
// Extended field
$k = substr($k, 2);
$xFields['user_' . $k] = $v;
} else {
// Normal user table
if (strpos($k, 'user_' !== 0)) {
$k = 'user_' . $k;
}
// translate the field names (but latest handlers don't need translation)
$db_vals[$k] = $v;
}
}
$ulogin = new userlogin();
if (count($xFields)) {
// We're going to have to do something with extended fields as well - make sure there's an object
require_once e_HANDLER . 'user_extended_class.php';
$ue = new e107_user_extended();
$q = $qry = "SELECT u.user_id,u." . implode(',u.', array_keys($db_vals)) . ", ue.user_extended_id, ue." . implode(',ue.', array_keys($xFields)) . " FROM `#user` AS u\n\t\t\t\t\t\tLEFT JOIN `#user_extended` AS ue ON ue.user_extended_id = u.user_id\n\t\t\t\t\t\tWHERE " . $ulogin->getLookupQuery($username, FALSE, 'u.');
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "Query: {$qry}[!br!]" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
} else {
$qry = "SELECT * FROM `#user` WHERE " . $ulogin->getLookupQuery($username, FALSE);
}
if ($aa_sql->db_Select_gen($qry)) {
// Existing user - get current data, see if any changes
$row = $aa_sql->db_Fetch(MYSQL_ASSOC);
foreach ($db_vals as $k => $v) {
if ($row[$k] == $v) {
unset($db_vals[$k]);
}
}
if (count($db_vals)) {
$newUser = array();
$newUser['data'] = $db_vals;
validatorClass::addFieldTypes($userMethods->userVettingInfo, $newUser);
$newUser['WHERE'] = '`user_id`=' . $row['user_id'];
$aa_sql->db_Update('user', $newUser);
if (AA_DEBUG1) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User data update: " . print_r($newUser, TRUE), FALSE, LOG_TO_ROLLING);
}
}
foreach ($xFields as $k => $v) {
if ($row[$k] == $v) {
unset($xFields[$k]);
}
}
if (AA_DEBUG1) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User data read: " . print_r($row, TRUE) . "[!br!]" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User xtnd read: " . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
if (count($xFields)) {
$xArray = array();
$xArray['data'] = $xFields;
if ($row['user_extended_id']) {
$ue->addFieldTypes($xArray);
// Add in the data types for storage
$xArray['WHERE'] = '`user_extended_id`=' . intval($row['user_id']);
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User xtnd update: " . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
$aa_sql->db_Update('user_extended', $xArray);
} else {
// Never been an extended user fields record for this user
$xArray['data']['user_extended_id'] = $row['user_id'];
$ue->addDefaultFields($xArray);
// Add in the data types for storage, plus any default values
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "Write new extended record" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
$aa_sql->db_Insert('user_extended', $xArray);
}
}
} else {
// Just add a new user
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "Add new user: "******"[!br!]" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
if (!isset($db_vals['user_name'])) {
$db_vals['user_name'] = $username;
}
if (!isset($db_vals['user_loginname'])) {
$db_vals['user_loginname'] = $username;
}
if (!isset($db_vals['user_join'])) {
$db_vals['user_join'] = time();
}
$db_vals['user_class'] = e107::getPref('initial_user_classes');
if (!isset($db_vals['user_signature'])) {
$db_vals['user_signature'] = '';
}
if (!isset($db_vals['user_prefs'])) {
$db_vals['user_prefs'] = '';
}
if (!isset($db_vals['user_perms'])) {
$db_vals['user_perms'] = '';
}
$userMethods->userClassUpdate($db_vals, 'userall');
$newUser = array();
$newUser['data'] = $db_vals;
$userMethods->addNonDefaulted($newUser);
validatorClass::addFieldTypes($userMethods->userVettingInfo, $newUser);
$newID = $aa_sql->db_Insert('user', $newUser);
if ($newID !== FALSE) {
if (count($xFields)) {
$xFields['user_extended_id'] = $newID;
$xArray = array();
$xArray['data'] = $xFields;
$ue->addDefaultFields($xArray);
// Add in the data types for storage, plus any default values
$result = $aa_sql->db_Insert('user_extended', $xArray);
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), 'DEBUG', 'Alt auth login', "Add extended: UID={$newID} result={$result}", FALSE, LOG_TO_ROLLING);
}
}
} else {
// Error adding user to database - possibly a conflict on unique fields
$this->e107->admin_log->e_log_event(10, __FILE__ . '|' . __FUNCTION__ . '@' . __LINE__, 'ALT_AUTH', 'Alt auth login', 'Add user fail: DB Error ' . $aa_sql->getLastErrorText() . "[!br!]" . print_r($db_vals, TRUE), FALSE, LOG_TO_ROLLING);
$this->loginResult = LOGIN_DB_ERROR;
return;
}
}
$this->loginResult = LOGIN_CONTINUE;
return;
} else {
// Failure modes
switch ($login_result) {
case AUTH_NOCONNECT:
if (varset(e107::getPref('auth_noconn'), TRUE)) {
$this->loginResult = LOGIN_TRY_OTHER;
return;
}
$username = md5('xx_noconn_xx');
$this->loginResult = LOGIN_ABORT;
return;
case AUTH_BADPASSWORD:
if (varset(e107::getPref('auth_badpassword'), TRUE)) {
$this->loginResult = LOGIN_TRY_OTHER;
return;
}
$userpass = md5('xx_badpassword_xx');
$this->loginResult = LOGIN_ABORT;
// Not going to magically be able to log in!
return;
}
}
$this->loginResult = LOGIN_ABORT;
// catch-all just in case
return;
}
private function processActivationLink()
{
global $userMethods;
$sql = e107::getDb();
$tp = e107::getParser();
$ns = e107::getRender();
$log = e107::getLog();
$pref = e107::pref('core');
$qs = explode('.', e_QUERY);
if ($qs[0] == 'activate' && (count($qs) == 3 || count($qs) == 4) && $qs[2]) {
// FIXME TODO use generic multilanguage selection => e107::coreLan();
// return the message in the correct language.
if (isset($qs[3]) && strlen($qs[3]) == 2) {
require_once e_HANDLER . 'language_class.php';
$slng = new language();
$the_language = $slng->convert($qs[3]);
if (is_readable(e_LANGUAGEDIR . $the_language . '/lan_' . e_PAGE)) {
include e_LANGUAGEDIR . $the_language . '/lan_' . e_PAGE;
} else {
include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE);
}
} else {
include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE);
}
e107::getCache()->clear("online_menu_totals");
if ($sql->select("user", "*", "user_sess='" . $tp->toDB($qs[2], true) . "' ")) {
if ($row = $sql->fetch()) {
$dbData = array();
$dbData['WHERE'] = " user_sess='" . $tp->toDB($qs[2], true) . "' ";
$dbData['data'] = array('user_ban' => '0', 'user_sess' => '');
// Set initial classes, and any which the user can opt to join
if ($init_class = $userMethods->userClassUpdate($row, 'userfull')) {
//print_a($init_class); exit;
$dbData['data']['user_class'] = $init_class;
}
$userMethods->addNonDefaulted($dbData);
validatorClass::addFieldTypes($userMethods->userVettingInfo, $dbData);
$newID = $sql->update('user', $dbData);
if ($newID === false) {
$log->e_log_event(10, debug_backtrace(), 'USER', 'Verification Fail', print_r($row, true), false, LOG_TO_ROLLING);
$ns->tablerender(LAN_SIGNUP_75, LAN_SIGNUP_101);
return false;
}
// Log to user audit log if enabled
$log->user_audit(USER_AUDIT_EMAILACK, $row);
e107::getEvent()->trigger('userveri', $row);
// Legacy event
e107::getEvent()->trigger('user_signup_activated', $row);
e107::getEvent()->trigger('userfull', $row);
// 'New' event
if (varset($pref['autologinpostsignup'])) {
require_once e_HANDLER . 'login.php';
$usr = new userlogin();
$usr->login($row['user_loginname'], md5($row['user_name'] . $row['user_password'] . $row['user_join']), 'signup', '');
}
$text = "<div class='alert alert-success'>" . LAN_SIGNUP_74 . " <a href='index.php'>" . LAN_SIGNUP_22 . "</a> " . LAN_SIGNUP_23 . "<br />" . LAN_SIGNUP_24 . " " . SITENAME . "</div>";
$ns->tablerender(LAN_SIGNUP_75, $text);
}
} else {
// Invalid activation code
$log->e_log_event(10, debug_backtrace(), 'USER', 'Invalid Verification URL', print_r($qs, true), false, LOG_TO_ROLLING);
echo e107::getMessage()->addError("Invalid URL")->render();
// header("location: ".e_BASE."index.php");
return false;
}
}
}
/**
* User login via external user provider
* @param string $xup external user provider identifier
* @return boolean success
*/
public final function loginProvider($xup)
{
if (!e107::getPref('social_login_active', false)) {
return false;
}
if ($this->isUser()) {
return true;
}
$userlogin = new userlogin();
$userlogin->login($xup, '', 'provider', false, true);
$userdata = $userlogin->getUserData();
$this->setSessionData(true)->setData($userdata);
e107::getEvent()->trigger('user_xup_login', $userdata);
return $this->isUser();
}
if ($newID === FALSE) {
$admin_log->e_log_event(10, debug_backtrace(), 'USER', 'Verification Fail', print_r($row, TRUE), FALSE, LOG_TO_ROLLING);
require_once HEADERF;
$ns->tablerender(LAN_SIGNUP_75, LAN_SIGNUP_101);
require_once FOOTERF;
exit;
}
// Log to user audit log if enabled
$admin_log->user_audit(USER_AUDIT_EMAILACK, $row);
$e_event->trigger('userveri', $row);
// Legacy event
$e_event->trigger('userfull', $row);
// 'New' event
if (varset($pref['autologinpostsignup'])) {
require_once e_HANDLER . 'login.php';
$usr = new userlogin();
$usr->login($row['user_loginname'], md5($row['user_name'] . $row['user_password'] . $row['user_join']), 'signup', '');
}
require_once HEADERF;
$text = LAN_SIGNUP_74 . " <a href='index.php'>" . LAN_SIGNUP_22 . "</a> " . LAN_SIGNUP_23 . "<br />" . LAN_SIGNUP_24 . " " . SITENAME;
$ns->tablerender(LAN_SIGNUP_75, $text);
require_once FOOTERF;
exit;
}
} else {
// Invalid activation code
header("location: " . e_BASE . "index.php");
exit;
}
}
}
