/** * Validate token * * @param string $token * Token * @return string User ID when validated or boolean FALSE when validation failed */ function auth_validate_token($token) { $token = trim($token); if (_APP_ == 'main' || _APP_ == 'menu') { _log('login attempt token:' . $token . ' ip:' . $_SERVER['REMOTE_ADDR'], 3, 'auth_validate_token'); } if ($token) { $db_query = "SELECT uid,username,enable_webservices,webservices_ip FROM " . _DB_PREF_ . "_tblUser WHERE flag_deleted='0' AND token='{$token}'"; $db_result = dba_query($db_query); $db_row = dba_fetch_array($db_result); $username = trim($db_row['username']); // check blacklist if (blacklist_ifipexists($username, $_SERVER['REMOTE_ADDR'])) { _log('IP blacklisted u:' . $username . ' uid:' . $uid . ' ip:' . $_SERVER['REMOTE_ADDR'], 2, 'auth_validate_login'); return FALSE; } if (($uid = trim($db_row['uid'])) && $username && $db_row['enable_webservices']) { $ip = explode(',', $db_row['webservices_ip']); if (is_array($ip)) { foreach ($ip as $key => $net) { if (core_net_match($net, $_SERVER['REMOTE_ADDR'])) { if (user_banned_get($uid)) { _log('user banned u:' . $username . ' uid:' . $uid . ' ip:' . $_SERVER['REMOTE_ADDR'], 2, 'auth_validate_token'); return FALSE; } if (_APP_ == 'main' || _APP_ == 'menu') { _log('valid login u:' . $username . ' uid:' . $uid . ' ip:' . $_SERVER['REMOTE_ADDR'], 2, 'auth_validate_token'); } // remove IP on successful login blacklist_clearip($username, $_SERVER['REMOTE_ADDR']); return $uid; } } } } } // check blacklist blacklist_checkip($username, $_SERVER['REMOTE_ADDR']); _log('invalid login t:' . $token . ' ip:' . $_SERVER['REMOTE_ADDR'], 2, 'auth_validate_token'); return FALSE; }
$u = user_email2username($u); $user = user_getdatabyusername($u); } } else { if (auth_validate_login($u, $p)) { $user = user_getdatabyusername($u); } } if ($user['uid']) { $continue = false; $json['status'] = 'ERR'; $json['error'] = '106'; $ip = explode(',', $user['webservices_ip']); if (is_array($ip)) { foreach ($ip as $key => $net) { if (core_net_match($net, $_SERVER['REMOTE_ADDR'])) { $continue = true; } } } if ($continue) { $continue = false; if ($token = $user['token']) { $continue = true; } else { $json['status'] = 'ERR'; $json['error'] = '104'; } } if ($continue) { if ($user['enable_webservices']) {