コード例 #1
0
ファイル: fn.php プロジェクト: 10corp/playSMS
/**
 * Validate token
 *
 * @param string $token
 *        Token
 * @return string User ID when validated or boolean FALSE when validation failed
 */
function auth_validate_token($token)
{
    $token = trim($token);
    if (_APP_ == 'main' || _APP_ == 'menu') {
        _log('login attempt token:' . $token . ' ip:' . $_SERVER['REMOTE_ADDR'], 3, 'auth_validate_token');
    }
    if ($token) {
        $db_query = "SELECT uid,username,enable_webservices,webservices_ip FROM " . _DB_PREF_ . "_tblUser WHERE flag_deleted='0' AND token='{$token}'";
        $db_result = dba_query($db_query);
        $db_row = dba_fetch_array($db_result);
        $username = trim($db_row['username']);
        // check blacklist
        if (blacklist_ifipexists($username, $_SERVER['REMOTE_ADDR'])) {
            _log('IP blacklisted u:' . $username . ' uid:' . $uid . ' ip:' . $_SERVER['REMOTE_ADDR'], 2, 'auth_validate_login');
            return FALSE;
        }
        if (($uid = trim($db_row['uid'])) && $username && $db_row['enable_webservices']) {
            $ip = explode(',', $db_row['webservices_ip']);
            if (is_array($ip)) {
                foreach ($ip as $key => $net) {
                    if (core_net_match($net, $_SERVER['REMOTE_ADDR'])) {
                        if (user_banned_get($uid)) {
                            _log('user banned u:' . $username . ' uid:' . $uid . ' ip:' . $_SERVER['REMOTE_ADDR'], 2, 'auth_validate_token');
                            return FALSE;
                        }
                        if (_APP_ == 'main' || _APP_ == 'menu') {
                            _log('valid login u:' . $username . ' uid:' . $uid . ' ip:' . $_SERVER['REMOTE_ADDR'], 2, 'auth_validate_token');
                        }
                        // remove IP on successful login
                        blacklist_clearip($username, $_SERVER['REMOTE_ADDR']);
                        return $uid;
                    }
                }
            }
        }
    }
    // check blacklist
    blacklist_checkip($username, $_SERVER['REMOTE_ADDR']);
    _log('invalid login t:' . $token . ' ip:' . $_SERVER['REMOTE_ADDR'], 2, 'auth_validate_token');
    return FALSE;
}
コード例 #2
0
ファイル: webservices.php プロジェクト: 10corp/playSMS
         $u = user_email2username($u);
         $user = user_getdatabyusername($u);
     }
 } else {
     if (auth_validate_login($u, $p)) {
         $user = user_getdatabyusername($u);
     }
 }
 if ($user['uid']) {
     $continue = false;
     $json['status'] = 'ERR';
     $json['error'] = '106';
     $ip = explode(',', $user['webservices_ip']);
     if (is_array($ip)) {
         foreach ($ip as $key => $net) {
             if (core_net_match($net, $_SERVER['REMOTE_ADDR'])) {
                 $continue = true;
             }
         }
     }
     if ($continue) {
         $continue = false;
         if ($token = $user['token']) {
             $continue = true;
         } else {
             $json['status'] = 'ERR';
             $json['error'] = '104';
         }
     }
     if ($continue) {
         if ($user['enable_webservices']) {