public function index() { // if(isset($_SESSION['person_id'])){ // redirect('/'); // } if ($this->session->userdata('person_id')) { redirect('/'); } $this->load->library('form_validation'); $this->load->model('person_model'); $this->form_validation->set_rules('email', 'Email Address', 'required|valid_email'); $this->form_validation->set_rules('password', 'Password', 'required|min_length[4]'); $data['error'] = ''; if ($this->form_validation->run()) { $person = $this->person_model->verify_person($this->input->post('email'), $this->input->post('password')); if ($person) { if (is_not_banned($person->PERSON_ID)) { $this->session->set_userdata('person_id', $person->PERSON_ID); redirect($this->input->get('return')); } else { $data['error'] = 'You are banned. Please contact admin.'; } } else { $data['error'] = 'E-mail or password is incorrect.'; } } $data['return'] = $this->input->get('return'); $data['header'] = $this->load->view('header', $this->header, TRUE); $data['footer'] = $this->load->view('footer', $this->footer, TRUE); $this->load->view('auth/index', $data); }
function DoLogin() { global $txt, $scripturl, $user_info, $user_settings, $smcFunc; global $cookiename, $maintenance, $modSettings, $context, $sourcedir; // Load cookie authentication stuff. require_once $sourcedir . '/Subs-Auth.php'; if (isset($modSettings['integrate_login']) && is_callable($modSettings['integrate_login'])) { call_user_func(strpos($modSettings['integrate_login'], '::') === false ? $modSettings['integrate_login'] : explode('::', $modSettings['integrate_login']), $user_settings['member_name'], isset($_REQUEST['hash_passwrd']) && strlen($_REQUEST['hash_passwrd']) == 40 ? $_REQUEST['hash_passwrd'] : null, $modSettings['cookieTime']); } // Get ready to set the cookie... $username = $user_settings['member_name']; $user_info['id'] = $user_settings['id_member']; // Bam! Cookie set. A session too, just in case. setLoginCookie(60 * $modSettings['cookieTime'], $user_settings['id_member'], sha1($user_settings['passwd'] . $user_settings['password_salt'])); // Reset the login threshold. if (isset($_SESSION['failed_login'])) { unset($_SESSION['failed_login']); } $user_info['is_guest'] = false; $user_settings['additional_groups'] = explode(',', $user_settings['additional_groups']); $user_info['is_admin'] = $user_settings['id_group'] == 1 || in_array(1, $user_settings['additional_groups']); // Are you banned? is_not_banned(true); // An administrator, set up the login so they don't have to type it again. if ($user_info['is_admin'] && isset($user_settings['openid_uri']) && empty($user_settings['openid_uri'])) { $_SESSION['admin_time'] = time(); unset($_SESSION['just_registered']); } // Don't stick the language or theme after this point. unset($_SESSION['language'], $_SESSION['id_theme']); // First login? $request = $smcFunc['db_query']('', ' SELECT last_login FROM {db_prefix}members WHERE id_member = {int:id_member} AND last_login = 0', array('id_member' => $user_info['id'])); if ($smcFunc['db_num_rows']($request) == 1) { $_SESSION['first_login'] = true; } else { unset($_SESSION['first_login']); } $smcFunc['db_free_result']($request); // You've logged in, haven't you? updateMemberData($user_info['id'], array('last_login' => time(), 'member_ip' => $user_info['ip'], 'member_ip2' => $_SERVER['BAN_CHECK_IP'])); // Get rid of the online entry for that old guest.... $smcFunc['db_query']('', ' DELETE FROM {db_prefix}log_online WHERE session = {string:session}', array('session' => 'ip' . $user_info['ip'])); $_SESSION['log_time'] = 0; // Just log you back out if it's in maintenance mode and you AREN'T an admin. if (empty($maintenance) || allowedTo('admin_forum')) { redirectexit('action=login2;sa=check;member=' . $user_info['id'], $context['server']['needs_login_fix']); } else { redirectexit('action=logout;' . $context['session_var'] . '=' . $context['session_id'], $context['server']['needs_login_fix']); } }
function smf_main() { global $modSettings, $settings, $user_info, $board, $topic, $board_info, $maintenance, $sourcedir; // Special case: session keep-alive, output a transparent pixel. if (isset($_GET['action']) && $_GET['action'] == 'keepalive') { header('Content-Type: image/gif'); die("GIF89a€!ù,D;"); } // Load the user's cookie (or set as guest) and load their settings. loadUserSettings(); // Load the current board's information. loadBoard(); // Load the current user's permissions. loadPermissions(); // Attachments don't require the entire theme to be loaded. if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'dlattach' && (!empty($modSettings['allow_guestAccess']) && $user_info['is_guest'])) { detectBrowser(); } else { loadTheme(); } // Check if the user should be disallowed access. is_not_banned(); // If we are in a topic and don't have permission to approve it then duck out now. if (!empty($topic) && empty($board_info['cur_topic_approved']) && !allowedTo('approve_posts') && ($user_info['id'] != $board_info['cur_topic_starter'] || $user_info['is_guest'])) { fatal_lang_error('not_a_topic', false); } // Do some logging, unless this is an attachment, avatar, toggle of editor buttons, theme option, XML feed etc. if (empty($_REQUEST['action']) || !in_array($_REQUEST['action'], array('dlattach', 'findmember', 'jseditor', 'jsoption', 'requestmembers', 'smstats', '.xml', 'xmlhttp', 'verificationcode', 'viewquery', 'viewsmfile'))) { // Log this user as online. writeLog(); // Don't track stats of portal xml actions. if (empty($_REQUEST['action']) || $_REQUEST['action'] != 'portal' || !isset($_GET['xml'])) { // Track forum statistics and hits...? if (!empty($modSettings['hitStats'])) { trackStats(array('hits' => '+')); } } } // Load SimplePortal. sportal_init(); // Is the forum in maintenance mode? (doesn't apply to administrators.) if (!empty($maintenance) && !allowedTo('admin_forum')) { // You can only login.... otherwise, you're getting the "maintenance mode" display. if (isset($_REQUEST['action']) && ($_REQUEST['action'] == 'login2' || $_REQUEST['action'] == 'logout')) { require_once $sourcedir . '/LogInOut.php'; return $_REQUEST['action'] == 'login2' ? 'Login2' : 'Logout'; } else { require_once $sourcedir . '/Subs-Auth.php'; return 'InMaintenance'; } } elseif (empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && (!isset($_REQUEST['action']) || !in_array($_REQUEST['action'], array('coppa', 'login', 'login2', 'register', 'register2', 'reminder', 'activate', 'help', 'smstats', 'mailq', 'verificationcode', 'openidreturn')))) { require_once $sourcedir . '/Subs-Auth.php'; return 'KickGuest'; } elseif (empty($_REQUEST['action'])) { // Go catch it boy! Catch it! $sp_action = sportal_catch_action(); if ($sp_action) { return $sp_action; } // Action and board are both empty... BoardIndex! if (empty($board) && empty($topic)) { require_once $sourcedir . '/BoardIndex.php'; return 'BoardIndex'; } elseif (empty($topic)) { require_once $sourcedir . '/MessageIndex.php'; return 'MessageIndex'; } else { require_once $sourcedir . '/Display.php'; return 'Display'; } } // Here's the monstrous $_REQUEST['action'] array - $_REQUEST['action'] => array($file, $function). $actionArray = array('activate' => array('Register.php', 'Activate'), 'admin' => array('Admin.php', 'AdminMain'), 'announce' => array('Post.php', 'AnnounceTopic'), 'attachapprove' => array('ManageAttachments.php', 'ApproveAttach'), 'buddy' => array('Subs-Members.php', 'BuddyListToggle'), 'calendar' => array('Calendar.php', 'CalendarMain'), 'clock' => array('Calendar.php', 'clock'), 'collapse' => array('BoardIndex.php', 'CollapseCategory'), 'coppa' => array('Register.php', 'CoppaForm'), 'credits' => array('Who.php', 'Credits'), 'deletemsg' => array('RemoveTopic.php', 'DeleteMessage'), 'display' => array('Display.php', 'Display'), 'dlattach' => array('Display.php', 'Download'), 'editpoll' => array('Poll.php', 'EditPoll'), 'editpoll2' => array('Poll.php', 'EditPoll2'), 'emailuser' => array('SendTopic.php', 'EmailUser'), 'findmember' => array('Subs-Auth.php', 'JSMembers'), 'forum' => array('BoardIndex.php', 'BoardIndex'), 'portal' => array('PortalMain.php', 'sportal_main'), 'groups' => array('Groups.php', 'Groups'), 'help' => array('Help.php', 'ShowHelp'), 'helpadmin' => array('Help.php', 'ShowAdminHelp'), 'im' => array('PersonalMessage.php', 'MessageMain'), 'jseditor' => array('Subs-Editor.php', 'EditorMain'), 'jsmodify' => array('Post.php', 'JavaScriptModify'), 'jsoption' => array('Themes.php', 'SetJavaScript'), 'lock' => array('LockTopic.php', 'LockTopic'), 'lockvoting' => array('Poll.php', 'LockVoting'), 'login' => array('LogInOut.php', 'Login'), 'login2' => array('LogInOut.php', 'Login2'), 'logout' => array('LogInOut.php', 'Logout'), 'markasread' => array('Subs-Boards.php', 'MarkRead'), 'mergetopics' => array('SplitTopics.php', 'MergeTopics'), 'mlist' => array('Memberlist.php', 'Memberlist'), 'moderate' => array('ModerationCenter.php', 'ModerationMain'), 'modifycat' => array('ManageBoards.php', 'ModifyCat'), 'modifykarma' => array('Karma.php', 'ModifyKarma'), 'movetopic' => array('MoveTopic.php', 'MoveTopic'), 'movetopic2' => array('MoveTopic.php', 'MoveTopic2'), 'notify' => array('Notify.php', 'Notify'), 'notifyboard' => array('Notify.php', 'BoardNotify'), 'openidreturn' => array('Subs-OpenID.php', 'smf_openID_return'), 'pm' => array('PersonalMessage.php', 'MessageMain'), 'post' => array('Post.php', 'Post'), 'post2' => array('Post.php', 'Post2'), 'printpage' => array('Printpage.php', 'PrintTopic'), 'profile' => array('Profile.php', 'ModifyProfile'), 'quotefast' => array('Post.php', 'QuoteFast'), 'quickmod' => array('MessageIndex.php', 'QuickModeration'), 'quickmod2' => array('Display.php', 'QuickInTopicModeration'), 'recent' => array('Recent.php', 'RecentPosts'), 'register' => array('Register.php', 'Register'), 'register2' => array('Register.php', 'Register2'), 'reminder' => array('Reminder.php', 'RemindMe'), 'removepoll' => array('Poll.php', 'RemovePoll'), 'removetopic2' => array('RemoveTopic.php', 'RemoveTopic2'), 'reporttm' => array('SendTopic.php', 'ReportToModerator'), 'requestmembers' => array('Subs-Auth.php', 'RequestMembers'), 'restoretopic' => array('RemoveTopic.php', 'RestoreTopic'), 'search' => array('Search.php', 'PlushSearch1'), 'search2' => array('Search.php', 'PlushSearch2'), 'sendtopic' => array('SendTopic.php', 'EmailUser'), 'smstats' => array('Stats.php', 'SMStats'), 'suggest' => array('Subs-Editor.php', 'AutoSuggestHandler'), 'spellcheck' => array('Subs-Post.php', 'SpellCheck'), 'splittopics' => array('SplitTopics.php', 'SplitTopics'), 'stats' => array('Stats.php', 'DisplayStats'), 'sticky' => array('LockTopic.php', 'Sticky'), 'theme' => array('Themes.php', 'ThemesMain'), 'trackip' => array('Profile-View.php', 'trackIP'), 'about:mozilla' => array('Karma.php', 'BookOfUnknown'), 'about:unknown' => array('Karma.php', 'BookOfUnknown'), 'unread' => array('Recent.php', 'UnreadTopics'), 'unreadreplies' => array('Recent.php', 'UnreadTopics'), 'verificationcode' => array('Register.php', 'VerificationCode'), 'viewprofile' => array('Profile.php', 'ModifyProfile'), 'vote' => array('Poll.php', 'Vote'), 'viewquery' => array('ViewQuery.php', 'ViewQuery'), 'viewsmfile' => array('Admin.php', 'DisplayAdminFile'), 'who' => array('Who.php', 'Who'), '.xml' => array('News.php', 'ShowXmlFeed'), 'xmlhttp' => array('Xml.php', 'XMLhttpMain')); // Allow modifying $actionArray easily. call_integration_hook('integrate_actions', array(&$actionArray)); if (!empty($context['disable_sp'])) { unset($actionArray['portal'], $actionArray['forum']); } // Get the function and file to include - if it's not there, do the board index. if (!isset($_REQUEST['action']) || !isset($actionArray[$_REQUEST['action']])) { // Catch the action with the theme? if (!empty($settings['catch_action'])) { require_once $sourcedir . '/Themes.php'; return 'WrapAction'; } // Fall through to the board index then... require_once $sourcedir . '/BoardIndex.php'; return 'BoardIndex'; } // Otherwise, it was set - so let's go to that action. require_once $sourcedir . '/' . $actionArray[$_REQUEST['action']][0]; return $actionArray[$_REQUEST['action']][1]; }
/** * The main dispatcher. * This delegates to each area. */ function elk_main() { global $modSettings, $user_info, $topic, $board_info, $context; // Special case: session keep-alive, output a transparent pixel. if (isset($_GET['action']) && $_GET['action'] == 'keepalive') { header('Content-Type: image/gif'); die("GIF89a€!ù,D;"); } // We should set our security headers now. frameOptionsHeader(); securityOptionsHeader(); // Load the user's cookie (or set as guest) and load their settings. loadUserSettings(); // Load the current board's information. loadBoard(); // Load the current user's permissions. loadPermissions(); // Load BadBehavior before we go much further loadBadBehavior(); // Attachments don't require the entire theme to be loaded. if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'dlattach' && (!empty($modSettings['allow_guestAccess']) && $user_info['is_guest'])) { detectBrowser(); } else { loadTheme(); } // Check if the user should be disallowed access. is_not_banned(); // If we are in a topic and don't have permission to approve it then duck out now. if (!empty($topic) && empty($board_info['cur_topic_approved']) && !allowedTo('approve_posts') && ($user_info['id'] != $board_info['cur_topic_starter'] || $user_info['is_guest'])) { fatal_lang_error('not_a_topic', false); } $no_stat_actions = array('dlattach', 'findmember', 'jsoption', 'requestmembers', 'jslocale', 'xmlpreview', 'suggest', '.xml', 'xmlhttp', 'verificationcode', 'viewquery', 'viewadminfile'); call_integration_hook('integrate_pre_log_stats', array(&$no_stat_actions)); // Do some logging, unless this is an attachment, avatar, toggle of editor buttons, theme option, XML feed etc. if (empty($_REQUEST['action']) || !in_array($_REQUEST['action'], $no_stat_actions)) { // I see you! writeLog(); // Track forum statistics and hits...? if (!empty($modSettings['hitStats'])) { trackStats(array('hits' => '+')); } } unset($no_stat_actions); // What shall we do? require_once SOURCEDIR . '/SiteDispatcher.class.php'; $dispatcher = new Site_Dispatcher(); // Show where we came from, and go $context['site_action'] = $dispatcher->site_action(); $context['site_action'] = !empty($context['site_action']) ? $context['site_action'] : (isset($_REQUEST['action']) ? $_REQUEST['action'] : ''); $dispatcher->dispatch(); }
$context['linktree'] = array(); // Load the user and their cookie, as well as their settings. loadUserSettings(); // Load the current user's permissions.... loadPermissions(); // Load BadBehavior functions loadBadBehavior(); // Load the current or SSI theme. (just use $ssi_theme = id_theme;) loadTheme(isset($ssi_theme) ? (int) $ssi_theme : 0); // @todo: probably not the best place, but somewhere it should be set... if (!headers_sent()) { header('Content-Type: text/html; charset=UTF-8'); } // Take care of any banning that needs to be done. if (isset($_REQUEST['ssi_ban']) || isset($ssi_ban) && $ssi_ban === true) { is_not_banned(); } // Do we allow guests in here? if (empty($ssi_guest_access) && empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && basename($_SERVER['PHP_SELF']) != 'SSI.php') { require_once CONTROLLERDIR . '/Auth.controller.php'; $controller = new Auth_Controller(); $controller->action_kickguest(); obExit(null, true); } // Load the stuff like the menu bar, etc. if (isset($ssi_layers)) { $template_layers = Template_Layers::getInstance(); $template_layers->removeAll(); foreach ($ssi_layers as $layer) { $template_layers->addBegin($layer); }
/** * Initialises key values for SimpleDesk. * * This function initialises certain key constructs for SimpleDesk, such as constants, that are used throughout * SimpleDesk. It should be called first right up in Load.php anyway. * * Calling multiple times is not significantly detrimental to performance; the function is aware if it has been * called previously. * * @since 2.0 */ function shd_init() { global $modSettings, $sourcedir, $user_info, $context, $smcFunc; static $called = null; if (!empty($called)) { return; } $called = true; $context['shd_home'] = 'action=helpdesk;sa=main'; // What SD version are we on? It's now here! define('SHD_VERSION', 'SimpleDesk 2.0 Anatidae'); // This isn't the SMF way. But for something like this, it's way way more logical and readable. define('TICKET_STATUS_NEW', 0); define('TICKET_STATUS_PENDING_STAFF', 1); define('TICKET_STATUS_PENDING_USER', 2); define('TICKET_STATUS_CLOSED', 3); define('TICKET_STATUS_WITH_SUPERVISOR', 4); define('TICKET_STATUS_ESCALATED', 5); define('TICKET_STATUS_DELETED', 6); define('TICKET_URGENCY_LOW', 0); define('TICKET_URGENCY_MEDIUM', 1); define('TICKET_URGENCY_HIGH', 2); define('TICKET_URGENCY_VHIGH', 3); define('TICKET_URGENCY_SEVERE', 4); define('TICKET_URGENCY_CRITICAL', 5); define('MSG_STATUS_NORMAL', 0); define('MSG_STATUS_DELETED', 1); // Relationship types define('RELATIONSHIP_LINKED', 0); define('RELATIONSHIP_DUPLICATED', 1); define('RELATIONSHIP_ISPARENT', 2); define('RELATIONSHIP_ISCHILD', 3); // Custom fields, their types, positions, content type define('CFIELD_TICKET', 1); define('CFIELD_REPLY', 2); define('CFIELD_PLACE_DETAILS', 1); define('CFIELD_PLACE_INFO', 2); define('CFIELD_PLACE_PREFIX', 3); define('CFIELD_PLACE_PREFIXFILTER', 4); define('CFIELD_TYPE_TEXT', 1); define('CFIELD_TYPE_LARGETEXT', 2); define('CFIELD_TYPE_INT', 3); define('CFIELD_TYPE_FLOAT', 4); define('CFIELD_TYPE_SELECT', 5); define('CFIELD_TYPE_CHECKBOX', 6); define('CFIELD_TYPE_RADIO', 7); define('CFIELD_TYPE_MULTI', 8); // Ticket notification options define('NOTIFY_PREFS', 0); define('NOTIFY_ALWAYS', 1); define('NOTIFY_NEVER', 2); // Roles and permissions define('ROLE_USER', 1); define('ROLE_STAFF', 2); //define('ROLE_SUPERVISOR', 3); define('ROLE_ADMIN', 4); define('ROLEPERM_DISALLOW', 0); define('ROLEPERM_ALLOW', 1); define('ROLEPERM_DENY', 2); // How many digits should we show for ticket numbers? Normally we pad to 5 digits, e.g. 00001 - this is how we set that width. if (empty($modSettings['shd_zerofill']) || $modSettings['shd_zerofill'] < 0) { $modSettings['shd_zerofill'] = 0; } // Load some stuff shd_load_language('sd_language/SimpleDesk'); require_once $sourcedir . '/sd_source/Subs-SimpleDeskPermissions.php'; // Set up defaults $defaults = array('shd_attachments_mode' => 'ticket', 'shd_ticketnav_style' => 'sd', 'shd_staff_badge' => 'nobadge', 'shd_privacy_display' => 'smart'); foreach ($defaults as $var => $val) { if (empty($modSettings[$var])) { $modSettings[$var] = $val; } } $modSettings['helpdesk_active'] = isset($modSettings['admin_features']) ? in_array('shd', explode(',', $modSettings['admin_features'])) : false; if ($modSettings['helpdesk_active']) { shd_load_plugin_files('init'); shd_load_plugin_langfiles('init'); } shd_load_user_perms(); if (!empty($modSettings['shd_maintenance_mode'])) { if (!empty($modSettings['shd_helpdesk_only']) && !$user_info['is_admin'] && !shd_allowed_to('admin_helpdesk', 0)) { // You can only login.... otherwise, you're getting the "maintenance mode" display. Except we have to boot up a decent amount of SMF. if (empty($_REQUEST['action']) || $_REQUEST['action'] != 'login2' && $_REQUEST['action'] != 'logout') { $_GET['action'] = ''; $_REQUEST['action'] = ''; $context['shd_maintenance_mode'] = true; loadBoard(); loadPermissions(); loadTheme(); is_not_banned(); require_once $sourcedir . '/Subs-Auth.php'; InMaintenance(); obExit(null, null, false); } } else { $modSettings['helpdesk_active'] &= $user_info['is_admin'] || shd_allowed_to('admin_helpdesk', 0); } } // Last minute stuff if ($modSettings['helpdesk_active']) { // Are they actually going into the helpdesk? If they are, do we need to deal with their theme? if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'helpdesk') { // First figure out what department they're in. $this_dept = 0; $depts = shd_allowed_to('access_helpdesk', false); // Do they only have one dept? If so, that's the one. if (count($depts) == 1) { $this_dept = $depts[0]; } elseif (isset($_REQUEST['dept'])) { $_REQUEST['dept'] = (int) $_REQUEST['dept']; if (in_array($_REQUEST['dept'], $depts)) { $this_dept = $_REQUEST['dept']; } } elseif (isset($_REQUEST['newdept'])) { $_REQUEST['newdept'] = (int) $_REQUEST['newdept']; if (in_array($_REQUEST['newdept'], $depts)) { $this_dept = $_REQUEST['newdept']; } } elseif (isset($_REQUEST['ticket'])) { $ticket = (int) $_REQUEST['ticket']; if (!empty($ticket)) { $query = shd_db_query('', ' SELECT hdt.id_dept, dept_name, dept_theme FROM {db_prefix}helpdesk_tickets AS hdt INNER JOIN {db_prefix}helpdesk_depts AS hdd ON (hdt.id_dept = hdd.id_dept) WHERE id_ticket = {int:ticket} AND {query_see_ticket}', array('ticket' => $ticket)); if ($row = $smcFunc['db_fetch_row']($query)) { if (in_array($row[0], $depts)) { list($this_dept, $context['shd_dept_name'], $theme) = $row; } } $smcFunc['db_free_result']($query); } } if (!empty($this_dept) && !isset($theme)) { $context['queried_dept'] = $this_dept; $query = $smcFunc['db_query']('', ' SELECT dept_theme FROM {db_prefix}helpdesk_depts WHERE id_dept = {int:dept}', array('dept' => $this_dept)); if ($row = $smcFunc['db_fetch_row']($query)) { $theme = $row[0]; } $smcFunc['db_free_result']($query); } // If for whatever reason we didn't establish a theme, see if there's a forum default one. if (empty($theme) && !empty($modSettings['shd_theme'])) { $theme = $modSettings['shd_theme']; } // Action. if (!empty($theme)) { // This is ever so slightly hacky. But as this function is called sufficiently early we can get away with it. unset($_REQUEST['theme'], $modSettings['theme_allow']); $modSettings['theme_guests'] = $theme; } } } $context['shd_plugins'] = empty($modSettings['shd_enabled_plugins']) || empty($modSettings['helpdesk_active']) ? array() : explode(',', $modSettings['shd_enabled_plugins']); call_integration_hook('shd_hook_init'); }
/** * This function performs the logging in. * * What it does: * - It sets the cookie, it call hooks, updates runtime settings for the user. * * @package Authorization */ function doLogin() { global $user_info, $user_settings, $maintenance, $modSettings, $context; // Load authentication stuffs. require_once SUBSDIR . '/Auth.subs.php'; // Call login integration functions. call_integration_hook('integrate_login', array($user_settings['member_name'], isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) == 64 ? $_POST['hash_passwrd'] : null, $modSettings['cookieTime'])); // Get ready to set the cookie... $user_info['id'] = $user_settings['id_member']; // Bam! Cookie set. A session too, just in case. setLoginCookie(60 * $modSettings['cookieTime'], $user_settings['id_member'], hash('sha256', $user_settings['passwd'] . $user_settings['password_salt'])); // Reset the login threshold. if (isset($_SESSION['failed_login'])) { unset($_SESSION['failed_login']); } $user_info['is_guest'] = false; $user_settings['additional_groups'] = explode(',', $user_settings['additional_groups']); $user_info['is_admin'] = $user_settings['id_group'] == 1 || in_array(1, $user_settings['additional_groups']); // Are you banned? is_not_banned(true); // An administrator, set up the login so they don't have to type it again. if ($user_info['is_admin'] && isset($user_settings['openid_uri']) && empty($user_settings['openid_uri'])) { // Let's validate if they really want.. if (!empty($modSettings['auto_admin_session']) && $modSettings['auto_admin_session'] == 1) { $_SESSION['admin_time'] = time(); } unset($_SESSION['just_registered']); } // Don't stick the language or theme after this point. unset($_SESSION['language'], $_SESSION['id_theme']); // We want to know if this is first login if (isFirstLogin($user_info['id'])) { $_SESSION['first_login'] = true; } else { unset($_SESSION['first_login']); } // You're one of us: need to know all about you now, IP, stuff. $req = request(); // You've logged in, haven't you? updateMemberData($user_info['id'], array('last_login' => time(), 'member_ip' => $user_info['ip'], 'member_ip2' => $req->ban_ip())); // Get rid of the online entry for that old guest.... deleteOnline('ip' . $user_info['ip']); $_SESSION['log_time'] = 0; // Log this entry, only if we have it enabled. if (!empty($modSettings['loginHistoryDays'])) { logLoginHistory($user_info['id'], $user_info['ip'], $user_info['ip2']); } // Just log you back out if it's in maintenance mode and you AREN'T an admin. if (empty($maintenance) || allowedTo('admin_forum')) { redirectexit('action=auth;sa=check;member=' . $user_info['id'], $context['server']['needs_login_fix']); } else { redirectexit('action=logout;' . $context['session_var'] . '=' . $context['session_id'], $context['server']['needs_login_fix']); } }
function Login2() { global $txt, $db_prefix, $scripturl, $user_info, $user_settings; global $cookiename, $maintenance, $ID_MEMBER, $modSettings, $context, $sc; global $sourcedir; // Load cookie authentication stuff. require_once $sourcedir . '/Subs-Auth.php'; if (isset($_GET['sa']) && $_GET['sa'] == 'salt' && !$user_info['is_guest']) { if (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\\{i:0;(i:\\d{1,6}|s:[1-8]:"\\d{1,8}");i:1;s:(0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\\d{1,14};(i:3;i:\\d;)?\\}$~', $_COOKIE[$cookiename]) === 1) { list(, , $timeout) = @unserialize($_COOKIE[$cookiename]); } elseif (isset($_SESSION['login_' . $cookiename])) { list(, , $timeout) = @unserialize(stripslashes($_SESSION['login_' . $cookiename])); } else { trigger_error('Login2(): Cannot be logged in without a session or cookie', E_USER_ERROR); } $user_settings['passwordSalt'] = substr(md5(mt_rand()), 0, 4); updateMemberData($ID_MEMBER, array('passwordSalt' => '\'' . $user_settings['passwordSalt'] . '\'')); setLoginCookie($timeout - time(), $ID_MEMBER, sha1($user_settings['passwd'] . $user_settings['passwordSalt'])); redirectexit('action=login2;sa=check;member=' . $ID_MEMBER, $context['server']['needs_login_fix']); } elseif (isset($_GET['sa']) && $_GET['sa'] == 'check') { // Strike! You're outta there! if ($_GET['member'] != $ID_MEMBER) { fatal_lang_error('login_cookie_error', false); } // Some whitelisting for login_url... if (empty($_SESSION['login_url'])) { redirectexit(); } else { // Best not to clutter the session data too much... $temp = $_SESSION['login_url']; unset($_SESSION['login_url']); redirectexit($temp); } } // Beyond this point you are assumed to be a guest trying to login. if (!$user_info['is_guest']) { redirectexit(); } // Set the login_url if it's not already set. if (empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) { $_SESSION['login_url'] = $_SESSION['old_url']; } // Are you guessing with a script that doesn't keep the session id? spamProtection('login'); // Been guessing a lot, haven't we? if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3) { fatal_lang_error('login_threshold_fail'); } // Set up the cookie length. (if it's invalid, just fall through and use the default.) if (isset($_POST['cookieneverexp']) || !empty($_POST['cookielength']) && $_POST['cookielength'] == -1) { $modSettings['cookieTime'] = 3153600; } elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 || $_POST['cookielength'] <= 525600)) { $modSettings['cookieTime'] = (int) $_POST['cookielength']; } // Set things up in case an error occurs. if (!empty($maintenance) || empty($modSettings['allow_guestAccess'])) { $context['sub_template'] = 'kick_guest'; } loadLanguage('Login'); // Load the template stuff - wireless or normal. if (WIRELESS) { $context['sub_template'] = WIRELESS_PROTOCOL . '_login'; } else { loadTemplate('Login'); $context['sub_template'] = 'login'; } // Set up the default/fallback stuff. $context['default_username'] = isset($_REQUEST['user']) ? htmlspecialchars(stripslashes($_REQUEST['user'])) : ''; $context['default_password'] = ''; $context['never_expire'] = $modSettings['cookieTime'] == 525600 || $modSettings['cookieTime'] == 3153600; $context['login_error'] =& $txt[106]; $context['page_title'] = $txt[34]; // You forgot to type your username, dummy! if (!isset($_REQUEST['user']) || $_REQUEST['user'] == '') { $context['login_error'] =& $txt[37]; return; } // Hmm... maybe 'admin' will login with no password. Uhh... NO! if ((!isset($_REQUEST['passwrd']) || $_REQUEST['passwrd'] == '') && (!isset($_REQUEST['hash_passwrd']) || strlen($_REQUEST['hash_passwrd']) != 40)) { $context['login_error'] =& $txt[38]; return; } // No funky symbols either. if (preg_match('~[<>&"\'=\\\\]~', $_REQUEST['user']) != 0) { $context['login_error'] =& $txt[240]; return; } // Are we using any sort of integration to validate the login? if (isset($modSettings['integrate_validate_login']) && function_exists($modSettings['integrate_validate_login'])) { if (call_user_func($modSettings['integrate_validate_login'], $_REQUEST['user'], isset($_REQUEST['hash_passwrd']) && strlen($_REQUEST['hash_passwrd']) == 40 ? $_REQUEST['hash_passwrd'] : null, $modSettings['cookieTime']) == 'retry') { $context['login_error'] = $txt['login_hash_error']; $context['disable_login_hashing'] = true; return; } } // Load the data up! $request = db_query("\n\t\tSELECT passwd, ID_MEMBER, ID_GROUP, lngfile, is_activated, emailAddress, additionalGroups, memberName, passwordSalt\n\t\tFROM {$db_prefix}members\n\t\tWHERE memberName = '{$_REQUEST['user']}'\n\t\tLIMIT 1", __FILE__, __LINE__); // Probably mistyped or their email, try it as an email address. (memberName first, though!) if (mysql_num_rows($request) == 0) { mysql_free_result($request); $request = db_query("\n\t\t\tSELECT passwd, ID_MEMBER, ID_GROUP, lngfile, is_activated, emailAddress, additionalGroups, memberName, passwordSalt\n\t\t\tFROM {$db_prefix}members\n\t\t\tWHERE emailAddress = '{$_REQUEST['user']}'\n\t\t\tLIMIT 1", __FILE__, __LINE__); // Let them try again, it didn't match anything... if (mysql_num_rows($request) == 0) { $context['login_error'] =& $txt[40]; return; } } $user_settings = mysql_fetch_assoc($request); mysql_free_result($request); // What is the true activation status of this account? $activation_status = $user_settings['is_activated'] > 10 ? $user_settings['is_activated'] - 10 : $user_settings['is_activated']; // Check if the account is activated - COPPA first... if ($activation_status == 5) { $context['login_error'] = $txt['coppa_not_completed1'] . ' <a href="' . $scripturl . '?action=coppa;member=' . $user_settings['ID_MEMBER'] . '">' . $txt['coppa_not_completed2'] . '</a>'; return; } elseif ($activation_status == 3) { fatal_lang_error('still_awaiting_approval'); } elseif ($activation_status == 4) { // Display an error if we haven't decided to undelete. if (!isset($_REQUEST['undelete'])) { $context['login_error'] = $txt['awaiting_delete_account']; $context['login_show_undelete'] = true; return; } else { updateMemberData($user_settings['ID_MEMBER'], array('is_activated' => 1)); updateSettings(array('unapprovedMembers' => $modSettings['unapprovedMembers'] > 0 ? $modSettings['unapprovedMembers'] - 1 : 0)); } } elseif ($activation_status != 1) { log_error($txt['activate_not_completed1'] . ' - <span class="remove">' . $user_settings['memberName'] . '</span>', false); $context['login_error'] = $txt['activate_not_completed1'] . ' <a href="' . $scripturl . '?action=activate;sa=resend;u=' . $user_settings['ID_MEMBER'] . '">' . $txt['activate_not_completed2'] . '</a>'; return; } // Figure out the password using SMF's encryption - if what they typed is right. if (isset($_REQUEST['hash_passwrd']) && strlen($_REQUEST['hash_passwrd']) == 40) { // Needs upgrading? if (strlen($user_settings['passwd']) != 40) { $context['login_error'] = $txt['login_hash_error']; $context['disable_login_hashing'] = true; return; } elseif ($_REQUEST['hash_passwrd'] == sha1($user_settings['passwd'] . $sc)) { $sha_passwd = $user_settings['passwd']; } else { $_SESSION['failed_login'] = @$_SESSION['failed_login'] + 1; if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) { redirectexit('action=reminder'); } else { log_error($txt[39] . ' - <span class="remove">' . $user_settings['memberName'] . '</span>'); $context['disable_login_hashing'] = true; $context['login_error'] = $txt[39]; return; } } } else { $sha_passwd = sha1(strtolower($user_settings['memberName']) . un_htmlspecialchars(stripslashes($_REQUEST['passwrd']))); } // Bad password! Thought you could fool the database?! if ($user_settings['passwd'] != $sha_passwd) { // Maybe we were too hasty... let's try some other authentication methods. $other_passwords = array(); // None of the below cases will be used most of the time (because the salt is normally set.) if ($user_settings['passwordSalt'] == '') { // YaBB SE, Discus, MD5 (used a lot), SHA-1 (used some), SMF 1.0.x, IkonBoard, and none at all. $other_passwords[] = crypt($_REQUEST['passwrd'], substr($_REQUEST['passwrd'], 0, 2)); $other_passwords[] = crypt($_REQUEST['passwrd'], substr($user_settings['passwd'], 0, 2)); $other_passwords[] = md5($_REQUEST['passwrd']); $other_passwords[] = sha1($_REQUEST['passwrd']); $other_passwords[] = md5_hmac($_REQUEST['passwrd'], strtolower($user_settings['memberName'])); $other_passwords[] = md5($_REQUEST['passwrd'] . strtolower($user_settings['memberName'])); $other_passwords[] = $_REQUEST['passwrd']; // This one is a strange one... MyPHP, crypt() on the MD5 hash. $other_passwords[] = crypt(md5($_REQUEST['passwrd']), md5($_REQUEST['passwrd'])); // Snitz style - SHA-256. Technically, this is a downgrade, but most PHP configurations don't support sha256 anyway. if (strlen($user_settings['passwd']) == 64 && function_exists('mhash') && defined('MHASH_SHA256')) { $other_passwords[] = bin2hex(mhash(MHASH_SHA256, $_REQUEST['passwrd'])); } } elseif (strlen($user_settings['passwd']) == 32) { // vBulletin 3 style hashing? Let's welcome them with open arms \o/. $other_passwords[] = md5(md5($_REQUEST['passwrd']) . $user_settings['passwordSalt']); // Hmm.. p'raps it's Invision 2 style? $other_passwords[] = md5(md5($user_settings['passwordSalt']) . md5($_REQUEST['passwrd'])); } // Maybe they are using a hash from before the password fix. $other_passwords[] = sha1(strtolower($user_settings['memberName']) . addslashes(un_htmlspecialchars(stripslashes($_REQUEST['passwrd'])))); // SMF's sha1 function can give a funny result on Linux (Not our fault!). If we've now got the real one let the old one be valid! require_once $sourcedir . '/Subs-Compat.php'; $other_passwords[] = sha1_smf(strtolower($user_settings['memberName']) . un_htmlspecialchars(stripslashes($_REQUEST['passwrd']))); // Whichever encryption it was using, let's make it use SMF's now ;). if (in_array($user_settings['passwd'], $other_passwords)) { $user_settings['passwd'] = $sha_passwd; $user_settings['passwordSalt'] = substr(md5(mt_rand()), 0, 4); // Update the password and set up the hash. updateMemberData($user_settings['ID_MEMBER'], array('passwd' => '\'' . $user_settings['passwd'] . '\'', 'passwordSalt' => '\'' . $user_settings['passwordSalt'] . '\'')); } else { // They've messed up again - keep a count to see if they need a hand. $_SESSION['failed_login'] = @$_SESSION['failed_login'] + 1; // Hmm... don't remember it, do you? Here, try the password reminder ;). if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) { redirectexit('action=reminder'); } else { // Log an error so we know that it didn't go well in the error log. log_error($txt[39] . ' - <span class="remove">' . $user_settings['memberName'] . '</span>'); $context['login_error'] = $txt[39]; return; } } } elseif ($user_settings['passwordSalt'] == '') { $user_settings['passwordSalt'] = substr(md5(mt_rand()), 0, 4); updateMemberData($user_settings['ID_MEMBER'], array('passwordSalt' => '\'' . $user_settings['passwordSalt'] . '\'')); } if (isset($modSettings['integrate_login']) && function_exists($modSettings['integrate_login'])) { $modSettings['integrate_login']($user_settings['memberName'], isset($_REQUEST['hash_passwrd']) && strlen($_REQUEST['hash_passwrd']) == 40 ? $_REQUEST['hash_passwrd'] : null, $modSettings['cookieTime']); } // Get ready to set the cookie... $username = $user_settings['memberName']; $ID_MEMBER = $user_settings['ID_MEMBER']; // Bam! Cookie set. A session too, just incase. setLoginCookie(60 * $modSettings['cookieTime'], $user_settings['ID_MEMBER'], sha1($user_settings['passwd'] . $user_settings['passwordSalt'])); // Reset the login threshold. if (isset($_SESSION['failed_login'])) { unset($_SESSION['failed_login']); } $user_info['is_guest'] = false; $user_settings['additionalGroups'] = explode(',', $user_settings['additionalGroups']); $user_info['is_admin'] = $user_settings['ID_GROUP'] == 1 || in_array(1, $user_settings['additionalGroups']); // Are you banned? is_not_banned(true); // An administrator, set up the login so they don't have to type it again. if ($user_info['is_admin']) { $_SESSION['admin_time'] = time(); unset($_SESSION['just_registered']); } // Don't stick the language or theme after this point. unset($_SESSION['language']); unset($_SESSION['ID_THEME']); // You've logged in, haven't you? updateMemberData($ID_MEMBER, array('lastLogin' => time(), 'memberIP' => '\'' . $user_info['ip'] . '\'', 'memberIP2' => '\'' . $_SERVER['BAN_CHECK_IP'] . '\'')); // Get rid of the online entry for that old guest.... db_query("\n\t\tDELETE FROM {$db_prefix}log_online\n\t\tWHERE session = 'ip{$user_info['ip']}'\n\t\tLIMIT 1", __FILE__, __LINE__); $_SESSION['log_time'] = 0; // Just log you back out if it's in maintenance mode and you AREN'T an admin. if (empty($maintenance) || allowedTo('admin_forum')) { redirectexit('action=login2;sa=check;member=' . $ID_MEMBER, $context['server']['needs_login_fix']); } else { redirectexit('action=logout;sesc=' . $sc, $context['server']['needs_login_fix']); } }
function smf_main() { global $modSettings, $settings, $user_info, $board, $topic, $board_info, $maintenance, $sourcedir, $request_name, $txt, $user_settings, $mobiquo_config, $topic_per_page, $limit_num; // Load the user's cookie (or set as guest) and load their settings. loadUserSettings(); // Load the current board's information. loadBoard(); // Load the current user's permissions. loadPermissions(); // Attachments don't require the entire theme to be loaded. loadTheme(); header('Mobiquo_is_login:'******'context']['user']['is_logged'] ? 'true' : 'false')); // Check if the user should be disallowed access. if (!in_array($request_name, array('get_config', 'login'))) { is_not_banned(); } // If we are in a topic and don't have permission to approve it then duck out now. if (!empty($topic) && empty($board_info['cur_topic_approved']) && !allowedTo('approve_posts') && ($user_info['id'] != $board_info['cur_topic_starter'] || $user_info['is_guest'])) { //fatal_lang_error('not_a_topic', false); get_error('The topic is not approved'); } // Do some logging, unless this is an attachment, avatar, toggle of editor buttons, theme option, XML feed etc. if (empty($_REQUEST['action']) || !in_array($_REQUEST['action'], array('dlattach', 'findmember', 'jseditor', 'jsoption', 'requestmembers', 'smstats', '.xml', 'xmlhttp', 'verificationcode', 'viewquery', 'viewsmfile'))) { // Log this user as online. writeLog(); // Track forum statistics and hits...? if (!empty($modSettings['hitStats'])) { trackStats(array('hits' => '+')); } } // Is the forum in maintenance mode? (doesn't apply to administrators.) if (!empty($maintenance) && !allowedTo('admin_forum')) { if ($request_name != 'get_config' && $request_name != 'login') { get_error($txt['maintain_mode_on']); } } elseif (empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && (!isset($_REQUEST['action']) || !in_array($_REQUEST['action'], array('push_content_check', 'user_subscription', 'set_api_key', 'reset_push_slug', 'prefetch_account', 'update_password', 'forget_password', 'sign_in', 'coppa', 'login', 'login2', 'register', 'register2', 'reminder', 'activate', 'help', 'smstats', 'mailq', 'verificationcode', 'openidreturn')))) { if ($request_name != 'get_config' && $request_name != 'prefetch_account') { loadLanguage('Login'); get_error($txt['only_members_can_access']); //require_once($sourcedir . '/Subs-Auth.php'); //return 'KickGuest'; } } //-------------transform input data to local character set if needed utf8_to_local(); //-------------change some setting for tapatalk display $settings['message_index_preview'] = 1; $modSettings['todayMod_bak'] = $modSettings['todayMod']; $modSettings['todayMod'] = 0; $user_settings['pm_prefs'] = 0; $user_info['user_time_format'] = $user_info['time_format']; $user_info['time_format'] = '%Y%m%dT%H:%M:%S+00:00'; $modSettings['disableCustomPerPage'] = 1; $modSettings['disableCheckUA'] = 1; $modSettings['defaultMaxMessages'] = isset($limit_num) ? $limit_num : 20; $modSettings['defaultMaxMembers'] = 100; $modSettings['search_results_per_page'] = isset($topic_per_page) && $topic_per_page > 0 ? $topic_per_page : 20; $modSettings['defaultMaxTopics'] = isset($topic_per_page) && $topic_per_page > 0 ? $topic_per_page : 20; $modSettings['disable_pm_verification'] = $mobiquo_config['disable_pm_verification']; //-------------do something before action-------------- if (function_exists('before_action_' . $request_name)) { call_user_func('before_action_' . $request_name); } if (empty($_REQUEST['action']) && !empty($board)) { if (empty($topic)) { require_once 'include/MessageIndex.php'; return 'MessageIndex'; } else { require_once 'include/Display.php'; return 'Display'; } } // Here's the monstrous $_REQUEST['action'] array - $_REQUEST['action'] => array($file, $function). $actionArray = array('activate' => array('Register.php', 'Activate'), 'admin' => array('Admin.php', 'AdminMain'), 'announce' => array('Post.php', 'AnnounceTopic'), 'attachapprove' => array('ManageAttachments.php', 'ApproveAttach'), 'buddy' => array('Subs-Members.php', 'BuddyListToggle'), 'calendar' => array('Calendar.php', 'CalendarMain'), 'clock' => array('Calendar.php', 'clock'), 'collapse' => array('BoardIndex.php', 'CollapseCategory'), 'coppa' => array('Register.php', 'CoppaForm'), 'credits' => array('Who.php', 'Credits'), 'deletemsg' => array('RemoveTopic.php', 'DeleteMessage'), 'display' => array('Display.php', 'Display'), 'dlattach' => array('Display.php', 'Download'), 'editpoll' => array('Poll.php', 'EditPoll'), 'editpoll2' => array('Poll.php', 'EditPoll2'), 'emailuser' => array('SendTopic.php', 'EmailUser'), 'findmember' => array('Subs-Auth.php', 'JSMembers'), 'groups' => array('Groups.php', 'Groups'), 'help' => array('Help.php', 'ShowHelp'), 'helpadmin' => array('Help.php', 'ShowAdminHelp'), 'im' => array('PersonalMessage.php', 'MessageMain'), 'jseditor' => array('Subs-Editor.php', 'EditorMain'), 'jsmodify' => array('Post.php', 'JavaScriptModify'), 'jsoption' => array('Themes.php', 'SetJavaScript'), 'lock' => array('LockTopic.php', 'LockTopic'), 'lockvoting' => array('Poll.php', 'LockVoting'), 'login' => array('LogInOut.php', 'Login'), 'login2' => array('LogInOut.php', 'Login2'), 'logout' => array('LogInOut.php', 'Logout'), 'markasread' => array('Subs-Boards.php', 'MarkRead'), 'mergetopics' => array('SplitTopics.php', 'MergeTopics'), 'mlist' => array('Memberlist.php', 'Memberlist'), 'moderate' => array('ModerationCenter.php', 'ModerationMain'), 'modifycat' => array('ManageBoards.php', 'ModifyCat'), 'modifykarma' => array('Karma.php', 'ModifyKarma'), 'movetopic' => array('MoveTopic.php', 'MoveTopic'), 'movetopic2' => array('MoveTopic.php', 'MoveTopic2'), 'notify' => array('Notify.php', 'Notify'), 'notifyboard' => array('Notify.php', 'BoardNotify'), 'openidreturn' => array('Subs-OpenID.php', 'smf_openID_return'), 'pm' => array('PersonalMessage.php', 'MessageMain'), 'post' => array('Post.php', 'Post'), 'post2' => array('Post.php', 'Post2'), 'printpage' => array('Printpage.php', 'PrintTopic'), 'profile' => array('Profile.php', 'ModifyProfile'), 'quotefast' => array('Post.php', 'QuoteFast'), 'quickmod' => array('MessageIndex.php', 'QuickModeration'), 'quickmod2' => array('Display.php', 'QuickInTopicModeration'), 'recent' => array('Recent.php', 'RecentPosts'), 'register' => array('Register.php', 'Register'), 'register2' => array('Register.php', 'Register2'), 'reminder' => array('Reminder.php', 'RemindMe'), 'removepoll' => array('Poll.php', 'RemovePoll'), 'removetopic2' => array('RemoveTopic.php', 'RemoveTopic2'), 'reporttm' => array('SendTopic.php', 'ReportToModerator'), 'requestmembers' => array('Subs-Auth.php', 'RequestMembers'), 'restoretopic' => array('RemoveTopic.php', 'RestoreTopic'), 'search' => array('Search.php', 'PlushSearch1'), 'search2' => array('Search.php', 'PlushSearch2'), 'sendtopic' => array('SendTopic.php', 'EmailUser'), 'smstats' => array('Stats.php', 'SMStats'), 'suggest' => array('Subs-Editor.php', 'AutoSuggestHandler'), 'spellcheck' => array('Subs-Post.php', 'SpellCheck'), 'splittopics' => array('SplitTopics.php', 'SplitTopics'), 'stats' => array('Stats.php', 'DisplayStats'), 'sticky' => array('LockTopic.php', 'Sticky'), 'theme' => array('Themes.php', 'ThemesMain'), 'trackip' => array('Profile-View.php', 'trackIP'), 'about:mozilla' => array('Karma.php', 'BookOfUnknown'), 'about:unknown' => array('Karma.php', 'BookOfUnknown'), 'unread' => array('Recent.php', 'UnreadTopics'), 'unreadreplies' => array('Recent.php', 'UnreadTopics'), 'verificationcode' => array('Register.php', 'VerificationCode'), 'viewprofile' => array('Profile.php', 'ModifyProfile'), 'vote' => array('Poll.php', 'Vote'), 'viewquery' => array('ViewQuery.php', 'ViewQuery'), 'viewsmfile' => array('Admin.php', 'DisplayAdminFile'), 'who' => array('Who.php', 'Who'), '.xml' => array('News.php', 'ShowXmlFeed'), 'xmlhttp' => array('Xml.php', 'XMLhttpMain')); // Allow modifying $actionArray easily. call_integration_hook('integrate_actions', array(&$actionArray)); //error_log($request_name.'-'.$_REQUEST['action']); //for debugging // Get the function and file to include - if it's not there, do the board index. if (!isset($_REQUEST['action']) || !isset($actionArray[$_REQUEST['action']])) { if (function_exists('action_' . $request_name)) { return 'action_' . $request_name; } else { get_error('Invalid action'); } } $local_action = array('login2', 'post', 'post2', 'who', 'profile', 'notify', 'notifyboard', 'markasread', 'unread', 'search2', 'pm', 'logout'); // Otherwise, it was set - so let's go to that action. if (in_array($_REQUEST['action'], $local_action)) { if (file_exists(TT_ROOT . 'include/' . $actionArray[$_REQUEST['action']][0])) { require_once TT_ROOT . 'include/' . $actionArray[$_REQUEST['action']][0]; } else { if (file_exists($sourcedir . '/' . $actionArray[$_REQUEST['action']][0])) { require_once $sourcedir . '/' . $actionArray[$_REQUEST['action']][0]; } } } else { if (file_exists($sourcedir . '/' . $actionArray[$_REQUEST['action']][0])) { require_once $sourcedir . '/' . $actionArray[$_REQUEST['action']][0]; } } return $actionArray[$_REQUEST['action']][1]; }
function method_sign_in() { global $db_prefix, $context, $user_profile, $modSettings, $register, $sourcedir, $user_info, $boardurl, $txt; require_once $sourcedir . '/Register.php'; require_once $sourcedir . '/Subs-Members.php'; require_once $sourcedir . '/Subs-Auth.php'; $token = $context['mob_request']['params'][0][0]; $code = $context['mob_request']['params'][1][0]; $email = isset($context['mob_request']['params'][2][0]) ? base64_decode($context['mob_request']['params'][2][0]) : ''; $username = isset($context['mob_request']['params'][3][0]) ? base64_decode($context['mob_request']['params'][3][0]) : ''; $password = isset($context['mob_request']['params'][4][0]) ? base64_decode($context['mob_request']['params'][4][0]) : ''; // verify tapatalk token and code first $ttid = TapatalkSsoVerification($token, $code); if (empty($ttid)) { get_error('Tapatalk authorization verify failed, please login with your username and password.'); } $tapatalk_id_email = $ttid->email; $result_status = true; $register = false; $result_text = ''; if (!$ttid->result || empty($tapatalk_id_email)) { get_error($ttid->result_text ? $ttid->result_text : 'Tapatalk authorization verify failed, please login with your username and password'); } // sign in with email or register an account $login_id = emailExists($tapatalk_id_email); if (empty($login_id)) { if (empty($username)) { get_error('Invalid Parameters', 2); } else { if (isReservedName($username, 0, true, false)) { get_error($txt[473], 1); } else { if (empty($password)) { $password = tt_generatePassword(); } $_POST['user'] = $username; $_POST['email'] = $tapatalk_id_email; $_POST['passwrd1'] = $password; $_POST['passwrd2'] = $password; $_POST['regagree'] = 'on'; $_POST['regSubmit'] = 'Register'; $_POST['skip_coppa'] = 1; $_SESSION['old_url'] = $boardurl; $modSettings['disable_visual_verification'] = 1; $modSettings['recaptcha_enabled'] = 0; $modSettings['recaptcha_enable'] = 0; $modSettings['captchaenable'] = 0; // compatibility with old CAPTCHA Mod $modSettings['anti_spam_ver_enable'] = false; if ($modSettings['registration_method'] == 1) { $modSettings['registration_method'] = 0; } $login_id = Register2(); $register = true; $result_status = $modSettings['registration_method'] == 2 ? false : true; $result_text = $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : ''; if (empty($login_id)) { get_error('Register failed'); } } } } // do login if ($login_id) { $request = db_query("\n SELECT passwd, ID_MEMBER AS id_member, is_activated, ID_GROUP AS id_group, emailAddress AS email_address, additionalGroups AS additional_groups, memberName AS member_name,\n passwordSalt AS password_salt, ID_POST_GROUP\n FROM {$db_prefix}members\n WHERE ID_MEMBER = '{$login_id}'\n ", __FILE__, __LINE__); $user = mysql_fetch_assoc($request); if ($user['is_activated'] == 3 && !$register) { fatal_lang_error('still_awaiting_approval'); } // Set the login cookie setLoginCookie(60 * $modSettings['cookieTime'], $login_id, sha1($user['passwd'] . $user['password_salt'])); loadMemberData($user['id_member'], false, 'profile'); $user_info = $user_profile[$user['id_member']]; $user_info['is_guest'] = false; $user_info['is_admin'] = $user['id_group'] == 1 || in_array(1, explode(',', $user['additional_groups'])); $user_info['id'] = $user['id_member']; if (empty($user_info['additionalGroups'])) { $user_info['groups'] = array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']); } else { $user_info['groups'] = array_merge(array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']), explode(',', $user_info['additionalGroups'])); } $user_info['groups'] = array_unique(array_map('intval', $user_info['groups'])); // Banned? is_not_banned(true); // Don't stick the language or theme after this point. unset($_SESSION['language']); unset($_SESSION['ID_THEME']); // You've logged in, haven't you? updateMemberData($user_info['id'], array('lastLogin' => time(), 'memberIP' => '\'' . $user_info['ip'] . '\'', 'memberIP2' => '\'' . $_SERVER['BAN_CHECK_IP'] . '\'')); // Get rid of the online entry for that old guest.... db_query("\n DELETE FROM {$db_prefix}log_online\n WHERE session = 'ip{$user_info['ip']}'\n LIMIT 1", __FILE__, __LINE__); $_SESSION['log_time'] = 0; loadPermissions(); update_push(); // We got this far? return a positive response.... outputRPCLogin($result_status, $result_text); } else { get_error('Sign In Failed'); } }
function smf_main() { global $modSettings, $settings, $user_info, $board, $topic, $maintenance, $sourcedir; // Special case: session keep-alive. if (isset($_GET['action']) && $_GET['action'] == 'keepalive') { die; } // Load the user's cookie (or set as guest) and load their settings. loadUserSettings(); // Load the current board's information. loadBoard(); // Load the current theme. (note that ?theme=1 will also work, may be used for guest theming.) loadTheme(); // Check if the user should be disallowed access. is_not_banned(); // Load the current user's permissions. loadPermissions(); // Do some logging, unless this is an attachment, avatar, theme option or XML feed. if (empty($_REQUEST['action']) || !in_array($_REQUEST['action'], array('dlattach', 'jsoption', '.xml'))) { // Log this user as online. writeLog(); // Track forum statistics and hits...? if (!empty($modSettings['hitStats'])) { trackStats(array('hits' => '+')); } } // Is the forum in maintenance mode? (doesn't apply to administrators.) if (!empty($maintenance) && !allowedTo('admin_forum')) { // You can only login.... otherwise, you're getting the "maintenance mode" display. if (isset($_REQUEST['action']) && ($_REQUEST['action'] == 'login2' || $_REQUEST['action'] == 'logout')) { require_once $sourcedir . '/LogInOut.php'; return $_REQUEST['action'] == 'login2' ? 'Login2' : 'Logout'; } else { require_once $sourcedir . '/Subs-Auth.php'; return 'InMaintenance'; } } elseif (empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && (!isset($_REQUEST['action']) || !in_array($_REQUEST['action'], array('coppa', 'login', 'login2', 'register', 'register2', 'reminder', 'activate', 'smstats', 'help', 'verificationcode')))) { require_once $sourcedir . '/Subs-Auth.php'; return 'KickGuest'; } elseif (empty($_REQUEST['action'])) { // Action and board are both empty... BoardIndex! if (empty($board) && empty($topic)) { require_once $sourcedir . '/BoardIndex.php'; return 'BoardIndex'; } elseif (empty($topic)) { require_once $sourcedir . '/MessageIndex.php'; return 'MessageIndex'; } else { require_once $sourcedir . '/Display.php'; return 'Display'; } } // Here's the monstrous $_REQUEST['action'] array - $_REQUEST['action'] => array($file, $function). $actionArray = array('activate' => array('Register.php', 'Activate'), 'admin' => array('Admin.php', 'Admin'), 'announce' => array('Post.php', 'AnnounceTopic'), 'ban' => array('ManageBans.php', 'Ban'), 'boardrecount' => array('Admin.php', 'AdminBoardRecount'), 'buddy' => array('Subs-Members.php', 'BuddyListToggle'), 'calendar' => array('Calendar.php', 'CalendarMain'), 'cleanperms' => array('Admin.php', 'CleanupPermissions'), 'collapse' => array('Subs-Boards.php', 'CollapseCategory'), 'convertentities' => array('Admin.php', 'ConvertEntities'), 'convertutf8' => array('Admin.php', 'ConvertUtf8'), 'coppa' => array('Register.php', 'CoppaForm'), 'deletemsg' => array('RemoveTopic.php', 'DeleteMessage'), 'detailedversion' => array('Admin.php', 'VersionDetail'), 'display' => array('Display.php', 'Display'), 'dlattach' => array('Display.php', 'Download'), 'dumpdb' => array('DumpDatabase.php', 'DumpDatabase2'), 'editpoll' => array('Poll.php', 'EditPoll'), 'editpoll2' => array('Poll.php', 'EditPoll2'), 'featuresettings' => array('ModSettings.php', 'ModifyFeatureSettings'), 'featuresettings2' => array('ModSettings.php', 'ModifyFeatureSettings2'), 'findmember' => array('Subs-Auth.php', 'JSMembers'), 'help' => array('Help.php', 'ShowHelp'), 'helpadmin' => array('Help.php', 'ShowAdminHelp'), 'im' => array('PersonalMessage.php', 'MessageMain'), 'jsoption' => array('Themes.php', 'SetJavaScript'), 'jsmodify' => array('Post.php', 'JavaScriptModify'), 'lock' => array('LockTopic.php', 'LockTopic'), 'lockVoting' => array('Poll.php', 'LockVoting'), 'login' => array('LogInOut.php', 'Login'), 'login2' => array('LogInOut.php', 'Login2'), 'logout' => array('LogInOut.php', 'Logout'), 'maintain' => array('Admin.php', 'Maintenance'), 'manageattachments' => array('ManageAttachments.php', 'ManageAttachments'), 'manageboards' => array('ManageBoards.php', 'ManageBoards'), 'managecalendar' => array('ManageCalendar.php', 'ManageCalendar'), 'managesearch' => array('ManageSearch.php', 'ManageSearch'), 'markasread' => array('Subs-Boards.php', 'MarkRead'), 'membergroups' => array('ManageMembergroups.php', 'ModifyMembergroups'), 'mergetopics' => array('SplitTopics.php', 'MergeTopics'), 'mlist' => array('Memberlist.php', 'Memberlist'), 'modifycat' => array('ManageBoards.php', 'ModifyCat'), 'modifykarma' => array('Karma.php', 'ModifyKarma'), 'modlog' => array('Modlog.php', 'ViewModlog'), 'movetopic' => array('MoveTopic.php', 'MoveTopic'), 'movetopic2' => array('MoveTopic.php', 'MoveTopic2'), 'news' => array('ManageNews.php', 'ManageNews'), 'notify' => array('Notify.php', 'Notify'), 'notifyboard' => array('Notify.php', 'BoardNotify'), 'optimizetables' => array('Admin.php', 'OptimizeTables'), 'packageget' => array('PackageGet.php', 'PackageGet'), 'packages' => array('Packages.php', 'Packages'), 'permissions' => array('ManagePermissions.php', 'ModifyPermissions'), 'pgdownload' => array('PackageGet.php', 'PackageGet'), 'pm' => array('PersonalMessage.php', 'MessageMain'), 'post' => array('Post.php', 'Post'), 'post2' => array('Post.php', 'Post2'), 'postsettings' => array('ManagePosts.php', 'ManagePostSettings'), 'printpage' => array('Printpage.php', 'PrintTopic'), 'profile' => array('Profile.php', 'ModifyProfile'), 'profile2' => array('Profile.php', 'ModifyProfile2'), 'quotefast' => array('Post.php', 'QuoteFast'), 'quickmod' => array('Subs-Boards.php', 'QuickModeration'), 'quickmod2' => array('Subs-Boards.php', 'QuickModeration2'), 'recent' => array('Recent.php', 'RecentPosts'), 'regcenter' => array('ManageRegistration.php', 'RegCenter'), 'register' => array('Register.php', 'Register'), 'register2' => array('Register.php', 'Register2'), 'reminder' => array('Reminder.php', 'RemindMe'), 'removetopic2' => array('RemoveTopic.php', 'RemoveTopic2'), 'removeoldtopics2' => array('RemoveTopic.php', 'RemoveOldTopics2'), 'removepoll' => array('Poll.php', 'RemovePoll'), 'repairboards' => array('RepairBoards.php', 'RepairBoards'), 'reporttm' => array('SendTopic.php', 'ReportToModerator'), 'reports' => array('Reports.php', 'ReportsMain'), 'requestmembers' => array('Subs-Auth.php', 'RequestMembers'), 'search' => array('Search.php', 'PlushSearch1'), 'search2' => array('Search.php', 'PlushSearch2'), 'sendtopic' => array('SendTopic.php', 'SendTopic'), 'serversettings' => array('ManageServer.php', 'ModifySettings'), 'serversettings2' => array('ManageServer.php', 'ModifySettings2'), 'smileys' => array('ManageSmileys.php', 'ManageSmileys'), 'smstats' => array('Stats.php', 'SMStats'), 'spellcheck' => array('Subs-Post.php', 'SpellCheck'), 'splittopics' => array('SplitTopics.php', 'SplitTopics'), 'stats' => array('Stats.php', 'DisplayStats'), 'sticky' => array('LockTopic.php', 'Sticky'), 'theme' => array('Themes.php', 'ThemesMain'), 'trackip' => array('Profile.php', 'trackIP'), 'about:mozilla' => array('Karma.php', 'BookOfUnknown'), 'about:unknown' => array('Karma.php', 'BookOfUnknown'), 'unread' => array('Recent.php', 'UnreadTopics'), 'unreadreplies' => array('Recent.php', 'UnreadTopics'), 'viewErrorLog' => array('ManageErrors.php', 'ViewErrorLog'), 'viewmembers' => array('ManageMembers.php', 'ViewMembers'), 'viewprofile' => array('Profile.php', 'ModifyProfile'), 'verificationcode' => array('Register.php', 'VerificationCode'), 'vote' => array('Poll.php', 'Vote'), 'viewquery' => array('ViewQuery.php', 'ViewQuery'), 'who' => array('Who.php', 'Who'), '.xml' => array('News.php', 'ShowXmlFeed')); // Get the function and file to include - if it's not there, do the board index. if (!isset($_REQUEST['action']) || !isset($actionArray[$_REQUEST['action']])) { // Catch the action with the theme? if (!empty($settings['catch_action'])) { require_once $sourcedir . '/Themes.php'; return 'WrapAction'; } // Fall through to the board index then... require_once $sourcedir . '/BoardIndex.php'; return 'BoardIndex'; } // Otherwise, it was set - so let's go to that action. require_once $sourcedir . '/' . $actionArray[$_REQUEST['action']][0]; return $actionArray[$_REQUEST['action']][1]; }