public function __construct($method, &$username, &$userpass) { $this->e107 = e107::getInstance(); $newvals = array(); if ($method == 'none') { $this->loginResult = AUTH_NOCONNECT; return; } require_once e_PLUGIN . 'alt_auth/' . $method . '_auth.php'; $_login = new auth_login(); if (isset($_login->Available) && $_login->Available === FALSE) { // Relevant auth method not available (e.g. PHP extension not loaded) $this->loginResult = AUTH_NOT_AVAILABLE; return; } $login_result = $_login->login($username, $userpass, $newvals, FALSE); if ($login_result === AUTH_SUCCESS) { require_once e_HANDLER . 'user_handler.php'; require_once e_HANDLER . 'validator_class.php'; if (MAGIC_QUOTES_GPC == FALSE) { $username = mysql_real_escape_string($username); } $username = preg_replace("/\\sOR\\s|\\=|\\#/", "", $username); $username = substr($username, 0, e107::getPref('loginname_maxlength')); $aa_sql = e107::getDb('aa'); $userMethods = new UserHandler(); $db_vals = array('user_password' => $aa_sql->escape($userMethods->HashPassword($userpass, $username))); $xFields = array(); // Possible extended user fields // See if any of the fields need processing before save if (isset($_login->copyMethods) && count($_login->copyMethods)) { foreach ($newvals as $k => $v) { if (isset($_login->copyMethods[$k])) { $newvals[$k] = $this->translate($_login->copyMethods[$k], $v); if (AA_DEBUG1) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth convert", $k . ': ' . $v . '=>' . $newvals[$k], FALSE, LOG_TO_ROLLING); } } } } foreach ($newvals as $k => $v) { if (strpos($k, 'x_') === 0) { // Extended field $k = substr($k, 2); $xFields['user_' . $k] = $v; } else { // Normal user table if (strpos($k, 'user_' !== 0)) { $k = 'user_' . $k; } // translate the field names (but latest handlers don't need translation) $db_vals[$k] = $v; } } $ulogin = new userlogin(); if (count($xFields)) { // We're going to have to do something with extended fields as well - make sure there's an object require_once e_HANDLER . 'user_extended_class.php'; $ue = new e107_user_extended(); $q = $qry = "SELECT u.user_id,u." . implode(',u.', array_keys($db_vals)) . ", ue.user_extended_id, ue." . implode(',ue.', array_keys($xFields)) . " FROM `#user` AS u\n\t\t\t\t\t\tLEFT JOIN `#user_extended` AS ue ON ue.user_extended_id = u.user_id\n\t\t\t\t\t\tWHERE " . $ulogin->getLookupQuery($username, FALSE, 'u.'); if (AA_DEBUG) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "Query: {$qry}[!br!]" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING); } } else { $qry = "SELECT * FROM `#user` WHERE " . $ulogin->getLookupQuery($username, FALSE); } if ($aa_sql->db_Select_gen($qry)) { // Existing user - get current data, see if any changes $row = $aa_sql->db_Fetch(MYSQL_ASSOC); foreach ($db_vals as $k => $v) { if ($row[$k] == $v) { unset($db_vals[$k]); } } if (count($db_vals)) { $newUser = array(); $newUser['data'] = $db_vals; validatorClass::addFieldTypes($userMethods->userVettingInfo, $newUser); $newUser['WHERE'] = '`user_id`=' . $row['user_id']; $aa_sql->db_Update('user', $newUser); if (AA_DEBUG1) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User data update: " . print_r($newUser, TRUE), FALSE, LOG_TO_ROLLING); } } foreach ($xFields as $k => $v) { if ($row[$k] == $v) { unset($xFields[$k]); } } if (AA_DEBUG1) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User data read: " . print_r($row, TRUE) . "[!br!]" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING); } if (AA_DEBUG) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User xtnd read: " . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING); } if (count($xFields)) { $xArray = array(); $xArray['data'] = $xFields; if ($row['user_extended_id']) { $ue->addFieldTypes($xArray); // Add in the data types for storage $xArray['WHERE'] = '`user_extended_id`=' . intval($row['user_id']); if (AA_DEBUG) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User xtnd update: " . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING); } $aa_sql->db_Update('user_extended', $xArray); } else { // Never been an extended user fields record for this user $xArray['data']['user_extended_id'] = $row['user_id']; $ue->addDefaultFields($xArray); // Add in the data types for storage, plus any default values if (AA_DEBUG) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "Write new extended record" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING); } $aa_sql->db_Insert('user_extended', $xArray); } } } else { // Just add a new user if (AA_DEBUG) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "Add new user: "******"[!br!]" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING); } if (!isset($db_vals['user_name'])) { $db_vals['user_name'] = $username; } if (!isset($db_vals['user_loginname'])) { $db_vals['user_loginname'] = $username; } if (!isset($db_vals['user_join'])) { $db_vals['user_join'] = time(); } $db_vals['user_class'] = e107::getPref('initial_user_classes'); if (!isset($db_vals['user_signature'])) { $db_vals['user_signature'] = ''; } if (!isset($db_vals['user_prefs'])) { $db_vals['user_prefs'] = ''; } if (!isset($db_vals['user_perms'])) { $db_vals['user_perms'] = ''; } $userMethods->userClassUpdate($db_vals, 'userall'); $newUser = array(); $newUser['data'] = $db_vals; $userMethods->addNonDefaulted($newUser); validatorClass::addFieldTypes($userMethods->userVettingInfo, $newUser); $newID = $aa_sql->db_Insert('user', $newUser); if ($newID !== FALSE) { if (count($xFields)) { $xFields['user_extended_id'] = $newID; $xArray = array(); $xArray['data'] = $xFields; $ue->addDefaultFields($xArray); // Add in the data types for storage, plus any default values $result = $aa_sql->db_Insert('user_extended', $xArray); if (AA_DEBUG) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), 'DEBUG', 'Alt auth login', "Add extended: UID={$newID} result={$result}", FALSE, LOG_TO_ROLLING); } } } else { // Error adding user to database - possibly a conflict on unique fields $this->e107->admin_log->e_log_event(10, __FILE__ . '|' . __FUNCTION__ . '@' . __LINE__, 'ALT_AUTH', 'Alt auth login', 'Add user fail: DB Error ' . $aa_sql->getLastErrorText() . "[!br!]" . print_r($db_vals, TRUE), FALSE, LOG_TO_ROLLING); $this->loginResult = LOGIN_DB_ERROR; return; } } $this->loginResult = LOGIN_CONTINUE; return; } else { // Failure modes switch ($login_result) { case AUTH_NOCONNECT: if (varset(e107::getPref('auth_noconn'), TRUE)) { $this->loginResult = LOGIN_TRY_OTHER; return; } $username = md5('xx_noconn_xx'); $this->loginResult = LOGIN_ABORT; return; case AUTH_BADPASSWORD: if (varset(e107::getPref('auth_badpassword'), TRUE)) { $this->loginResult = LOGIN_TRY_OTHER; return; } $userpass = md5('xx_badpassword_xx'); $this->loginResult = LOGIN_ABORT; // Not going to magically be able to log in! return; } } $this->loginResult = LOGIN_ABORT; // catch-all just in case return; }
private function processActivationLink() { global $userMethods; $sql = e107::getDb(); $tp = e107::getParser(); $ns = e107::getRender(); $log = e107::getLog(); $pref = e107::pref('core'); $qs = explode('.', e_QUERY); if ($qs[0] == 'activate' && (count($qs) == 3 || count($qs) == 4) && $qs[2]) { // FIXME TODO use generic multilanguage selection => e107::coreLan(); // return the message in the correct language. if (isset($qs[3]) && strlen($qs[3]) == 2) { require_once e_HANDLER . 'language_class.php'; $slng = new language(); $the_language = $slng->convert($qs[3]); if (is_readable(e_LANGUAGEDIR . $the_language . '/lan_' . e_PAGE)) { include e_LANGUAGEDIR . $the_language . '/lan_' . e_PAGE; } else { include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE); } } else { include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE); } e107::getCache()->clear("online_menu_totals"); if ($sql->select("user", "*", "user_sess='" . $tp->toDB($qs[2], true) . "' ")) { if ($row = $sql->fetch()) { $dbData = array(); $dbData['WHERE'] = " user_sess='" . $tp->toDB($qs[2], true) . "' "; $dbData['data'] = array('user_ban' => '0', 'user_sess' => ''); // Set initial classes, and any which the user can opt to join if ($init_class = $userMethods->userClassUpdate($row, 'userfull')) { //print_a($init_class); exit; $dbData['data']['user_class'] = $init_class; } $userMethods->addNonDefaulted($dbData); validatorClass::addFieldTypes($userMethods->userVettingInfo, $dbData); $newID = $sql->update('user', $dbData); if ($newID === false) { $log->e_log_event(10, debug_backtrace(), 'USER', 'Verification Fail', print_r($row, true), false, LOG_TO_ROLLING); $ns->tablerender(LAN_SIGNUP_75, LAN_SIGNUP_101); return false; } // Log to user audit log if enabled $log->user_audit(USER_AUDIT_EMAILACK, $row); e107::getEvent()->trigger('userveri', $row); // Legacy event e107::getEvent()->trigger('user_signup_activated', $row); e107::getEvent()->trigger('userfull', $row); // 'New' event if (varset($pref['autologinpostsignup'])) { require_once e_HANDLER . 'login.php'; $usr = new userlogin(); $usr->login($row['user_loginname'], md5($row['user_name'] . $row['user_password'] . $row['user_join']), 'signup', ''); } $text = "<div class='alert alert-success'>" . LAN_SIGNUP_74 . " <a href='index.php'>" . LAN_SIGNUP_22 . "</a> " . LAN_SIGNUP_23 . "<br />" . LAN_SIGNUP_24 . " " . SITENAME . "</div>"; $ns->tablerender(LAN_SIGNUP_75, $text); } } else { // Invalid activation code $log->e_log_event(10, debug_backtrace(), 'USER', 'Invalid Verification URL', print_r($qs, true), false, LOG_TO_ROLLING); echo e107::getMessage()->addError("Invalid URL")->render(); // header("location: ".e_BASE."index.php"); return false; } } }
/** * User login via external user provider * @param string $xup external user provider identifier * @return boolean success */ public final function loginProvider($xup) { if (!e107::getPref('social_login_active', false)) { return false; } if ($this->isUser()) { return true; } $userlogin = new userlogin(); $userlogin->login($xup, '', 'provider', false, true); $userdata = $userlogin->getUserData(); $this->setSessionData(true)->setData($userdata); e107::getEvent()->trigger('user_xup_login', $userdata); return $this->isUser(); }
if ($newID === FALSE) { $admin_log->e_log_event(10, debug_backtrace(), 'USER', 'Verification Fail', print_r($row, TRUE), FALSE, LOG_TO_ROLLING); require_once HEADERF; $ns->tablerender(LAN_SIGNUP_75, LAN_SIGNUP_101); require_once FOOTERF; exit; } // Log to user audit log if enabled $admin_log->user_audit(USER_AUDIT_EMAILACK, $row); $e_event->trigger('userveri', $row); // Legacy event $e_event->trigger('userfull', $row); // 'New' event if (varset($pref['autologinpostsignup'])) { require_once e_HANDLER . 'login.php'; $usr = new userlogin(); $usr->login($row['user_loginname'], md5($row['user_name'] . $row['user_password'] . $row['user_join']), 'signup', ''); } require_once HEADERF; $text = LAN_SIGNUP_74 . " <a href='index.php'>" . LAN_SIGNUP_22 . "</a> " . LAN_SIGNUP_23 . "<br />" . LAN_SIGNUP_24 . " " . SITENAME; $ns->tablerender(LAN_SIGNUP_75, $text); require_once FOOTERF; exit; } } else { // Invalid activation code header("location: " . e_BASE . "index.php"); exit; } } }