function auth()
{
// Globals
global $DB;
global $TIMEMARK;
global $IGB;
// Handle possible logouts, activations et all.
include_once './functions/login/preAuth.php';
// Trust, INC.
$alert = getConfig("trustSetting");
if ($IGB && $alert == 2) {
// So we are an IGB call and we want passwordless logins.
// Check for a previous "Login"
$MySelf = authKeyIsValid();
// Now we check if MySelf is "true" if it is, we have a valid login.
if ($MySelf == false) {
/*
* Okay here we want passwordless logins. We also have no previous active login.
* This means we now have to search the database for a matching username.
*/
global $EVE_Charname;
$MySelf = authVerify(sanitize($EVE_Charname), false, true);
/*
* If we were successfull $MySelf does now contain a userrecord, or is false on failure.
*/
if ($MySelf == false) {
/*
* No such user found. To avoid a login loop we will now break the cycle and
* present the user with the request account form.
*/
makeNotice("You do not belong here. Leave at once!", "warning", "ACCESS DENIED");
die;
global $page;
$page = makeRequestAccountPage(true) . makeFooter();
print $page;
} else {
/*
* Here we found a matching user. What we do now is to create an auth key
* for this user, drop other logins from the database and store the login time.
*/
createAuthKey($MySelf);
$DB->query("update users set lastlogin = '******' where username = '******'");
$_SESSION['MySelf'] = base64_encode(serialize($MySelf));
// Beta Warning.
global $IS_BETA;
if ($IS_BETA && $_SESSION[betawarning] != $MySelf->getLastlogin()) {
$_SESSION[betawarning] = $MySelf->getLastlogin();
makeNotice("You are using a beta version of MiningBuddy. Be aware that some functions may not " . "be ready for production servers, and that there may be bugs around. You have been warned.", "warning", "Beta Warning");
}
}
}
} else {
/*
* Lets see wether there is a login request, this has priority over
* anything else. We dont want to create a login loop.
*/
if (isset($_POST['login'])) {
/*
* So we have a login post. We will now check the username and
* password combination against the database. Lets see if it is
* a legit user or a fraud^wtypo.
*/
// The dynamical banning module.
checkBan();
$SUPPLIED_USERNAME = strtolower(sanitize($_POST['username']));
// Check for validity.
if (!ctypeAlnum($SUPPLIED_USERNAME)) {
makeNotice("Invalid username. Only characters a-z, A-Z and 0-9 are allowed.", "error", "Invalid Username");
}
if (!isset($_SESSION['testauth'])) {
$SUPPLIED_PASSWORD = sha1($_POST['password']);
// Lets check the password.
$MySelf = authVerify($SUPPLIED_USERNAME, $SUPPLIED_PASSWORD);
} else {
$MySelf = authVerify($SUPPLIED_USERNAME, false);
}
if ($MySelf == false) {
// Lets try again, shall we?
makeLoginPage($SUPPLIED_USERNAME);
} else {
if ($MySelf->isValid()) {
// storing the new login time.
$DB->query("update users set lastlogin = '******' where username = '******'");
// Create the auth-key.
createAuthKey($MySelf);
}
}
// We are done here.
$_SESSION['MySelf'] = base64_encode(serialize($MySelf));
// Beta Warning.
global $IS_BETA;
if ($IS_BETA && $_SESSION['betawarning'] != $MySelf->getLastlogin()) {
$_SESSION[betawarning] = $MySelf->getLastlogin();
makeNotice("You are using a beta version of MiningBuddy. Be aware that some functions may not " . "be ready for production servers, and that there may be bugs around. You have been warned.", "warning", "Beta Warning");
} else {
header("Location: index.php?{$_SERVER['QUERY_STRING']}");
die;
}
}
/*
* This is to check wether the user still has a valid login ticket.
*/
$MySelf = authKeyIsValid();
if ($MySelf == false) {
$_SESSION['lastModDisplay'] = false;
session_destroy();
makeLoginPage();
die;
}
}
/*
* Print motd. (Only on login) - and only if set.
*/
$MOTD = getTemplate("motd", "announce");
if (!$_SESSION['seenMotd'] && !empty($MOTD)) {
$_SESSION['seenMotd'] = true;
makeNotice(nl2br(stripslashes($MOTD)), "notice", "Announcement");
}
return $MySelf;
}
function authVerify($username, $password, $trust = false)
{
global $DB;
global $TIMEMARK;
// lower case it.
$username = strtolower($username);
if (!isset($_SESSION['testauth'])) {
$url = "https://auth.pleaseignore.com/api/1.0/login?user={$username}&pass={$password}";
$contents = file_get_contents($url);
$obj = json_decode($contents, TRUE);
} else {
$obj = $_SESSION['testauth'];
}
// and query it.
if (!$password && $trust) {
// Passwordless login (WAHHHHH!!!!)
$userDS = $DB->query("select * from users where username='******' AND deleted='0' limit 1");
$passwordless = true;
} else {
if ($obj['auth'] == "ok" && !isset($_SESSION['testauth'])) {
// TEST Authentication
$_SESSION['testauth'] = $obj;
makeLoginPage($SUPPLIED_USERNAME);
} else {
if ($obj['auth'] == "ok" && isset($_SESSION['testauth'])) {
$userDS = $DB->query("select * from users where username='******' AND deleted='0' limit 1");
$passwordless = false;
} else {
if (!$password) {
return false;
}
}
}
}
if ($passwordless) {
$user = $userDS->fetchRow();
} else {
if ($obj['auth'] != "ok") {
// No one found
$_SESSION['failedLogins']++;
// Log failed attempts.
$user_valid = $DB->getCol("SELECT COUNT(username) FROM users WHERE username = '******' LIMIT 1");
$user_valid = $user_valid[0];
$DB->query("INSERT INTO failed_logins (time, ip, username, username_valid, agent) VALUES (?,?,?,?,?)", array($TIMEMARK, "{$_SERVER['REMOTE_ADDR']}", stripslashes(sanitize($username)), $user_valid, sanitize($_SERVER['HTTP_USER_AGENT'])));
return false;
} else {
if ($userDS->numRows() == 0 && $obj['auth'] == "ok") {
// User is a TEST user but does not have an account
$DB->query("insert into users (username, password, email, " . "addedby, confirmed, emailvalid,canLogin,authID) " . "values (?, ?, ?, ?, ?,?, ?, ?)", array(stripcslashes($username), "", $obj['email'], 1, 1, 1, 1, $obj[id]));
// Were we successful?
if ($DB->affectedRows() == 0) {
// No!
makeNotice("Could not create user!", "error");
} else {
// Yes
$userDS = $DB->query("select * from users where username='******' AND deleted='0' limit 1");
$user = $userDS->fetchRow();
}
} else {
if ($userDS->numRows() > 0 && $obj['auth'] == "ok") {
// Try TEST Auth
$user = $userDS->fetchRow();
if ($user['authID'] == null) {
$DB->query("update users set authID='{$obj['id']}' where id='{$user['id']}'");
}
if ($user['authID'] == null) {
$DB->query("update users set authID='{$obj['id']}' where id='{$user['id']}'");
}
if ($user == null) {
return false;
makeNotice("Your account is not a member of the B0rthole user group." . "<br>Please join the group on TEST Auth.", "error", "Unable to login");
}
}
}
}
}
// Is the account activated yet?
if ("{$user['canLogin']}" != "1" || "{$user['confirmed']}" != "1") {
// Nyet!
makeNotice("Your account has not yet been activated or been blocked." . "<br>Please ask your CEO for assistance.", "error", "Unable to login");
} else {
/* HOLD IT RIGHT THERE!
* We have a login from IGB with valid trust setting. BUT HEY!
* Does the API key match?
*/
if ($passwordless) {
// Just return the account as we're using TEST 'leetsauce' auth.
$MyAccount = new user($user, $TIMEMARK);
return $MyAccount;
// Load the api!
$api = new api($user['id']);
if (!$api->valid()) {
// NO valid api key!!!!11
session_destroy();
makenotice("For fast login you need to supply your API key. Log in to MiningBuddy out of game and set your API key under preferences. Only then can you do fast logins. <a href=\"http://myeve.eve-online.com/api/default.asp?\">Visit the EVE api page here (right click, copy URL)</a>", "warning", "ACCESS DENIED");
die;
// return (false);
} else {
$MyAccount = new user($user, $TIMEMARK);
return $MyAccount;
}
} else {
// // Out of game logins.
$MyAccount = new user($user, $TIMEMARK);
return $MyAccount;
}
}
// We dont :(
return false;
}
function process_get()
{
global $page;
global $MySelf;
$ajax = 0;
switch ($_GET['action']) {
// Maintenance!
case "maintenance":
$page = maintenance();
break;
// a specific run is requested.
// a specific run is requested.
case "show":
$page = listRun();
$ajax = 20;
break;
// a profile is requested.
// a profile is requested.
case "profile":
$page = profile();
break;
// a profile change is requested.
// a profile change is requested.
case "modprofile":
$page = modProfile();
break;
// Admin request to delete an api key (NOT user deleting own!)
// Admin request to delete an api key (NOT user deleting own!)
case "delapi":
$page = deleteAPIKey();
break;
// Quick toggle of login capabilities.
// Quick toggle of login capabilities.
case "toggleLogin":
$page = toggleLogin();
break;
// Quick confirm an account.
// Quick confirm an account.
case "quickconfirm":
$page = quickConfirm();
break;
// Change of eMail requested
// Change of eMail requested
case "changeemail":
$page = makeEmailChangeForm();
break;
// Show corp hierarchy
// Show corp hierarchy
case "hierarchy":
$page = showHierarchy();
break;
// Browser solar Systems
// Browser solar Systems
case "browse":
$page = browser();
break;
// User wants to delete a run.
// User wants to delete a run.
case "deleterun":
deleteRun();
break;
// User wants to see the preferences page.
// User wants to see the preferences page.
case "preferences":
$page = makePreferences();
break;
// A banker wants to see the transaction log for a user.
// A banker wants to see the transaction log for a user.
case "showTransactions":
$page = showTransactions();
break;
// User wants to manage his cans.
// User wants to manage his cans.
case "cans":
$page = makeCanPage();
break;
// Print out fancy global statistics
// Print out fancy global statistics
case "globstats":
$page = globalStatistics();
break;
// User wants to re-validate his email.
// User wants to re-validate his email.
case "revalidate":
validate();
break;
// User wants to pop a can.
// User wants to pop a can.
case "popcan":
$page = popCan();
break;
// Kick a user.
// Kick a user.
case "kickban":
$page = kick();
break;
// User wants to toggle the empty/full setting of a can.
// User wants to toggle the empty/full setting of a can.
case "togglecan":
$page = toggleCan();
break;
// close a run.
// close a run.
case "endrun":
endrun();
break;
// Show ore values
// Show ore values
case "showorevalue":
$page = showOreValue();
break;
// Show ship values
// Show ship values
case "showshipvalue":
$page = showShipValue();
break;
// Show Corp Hierarchy
// Show Corp Hierarchy
case "hier":
$page = showHierarchy();
break;
// manage payouts
// manage payouts
case "payout":
$page = payout();
break;
// set/view the online time
// set/view the online time
case "onlinetime":
$page = onlineTime();
break;
// Mods a template
// Mods a template
case "edittemplate":
$page = editTemplate();
break;
// Some Admin wants to change the ore values.
// Some Admin wants to change the ore values.
case "changeow":
$page = makeOreWorth();
break;
// Some Admin wants to change the ore values.
// Some Admin wants to change the ore values.
case "changesv":
$page = makeShipValue();
break;
// Password change request. We wont touch that.
// Password change request. We wont touch that.
case "changepw":
$page = makePWChangeForm();
break;
// User wants to join the selected run.
// User wants to join the selected run.
case "joinrun":
$page = joinRun();
break;
// User wants to part the selected run.
// User wants to part the selected run.
case "partrun":
$page = leaveRun();
break;
// Password change request. We wont touch that.
// Password change request. We wont touch that.
case "lostpass":
$page = makeLostPassForm();
break;
// Lotto: Create group
// Lotto: Create group
case "lotto_createGroup":
$page = lotto_createGroup();
break;
// add ore from a haul to an open run.
// add ore from a haul to an open run.
case "addhaul":
$page = addHaulPage();
break;
// Edit site configuration
// Edit site configuration
case "configuration":
$page = configuration();
break;
// Add an event.
// Add an event.
case "addevent":
$page = addEvent();
break;
// Show all events.
// Show all events.
case "showevents":
$page = showEvents();
break;
// Join an Event
// Join an Event
case "joinevent":
$page = joinEvent();
break;
// Show an event.
// Show an event.
case "showevent":
$page = showEvent();
break;
// lists all ore runs.
// lists all ore runs.
case "list":
$page = listRuns();
$ajax = 60;
break;
// Manage wallet
// Manage wallet
case "manageWallet":
$page = manageWallet();
break;
// Show current ranks
// Show current ranks
case "showranks":
$page = showRanks();
break;
// delete a rank
// delete a rank
case "deleterank":
$page = delRank();
break;
// delete an event from the database.
// delete an event from the database.
case "deleteevent":
$page = deleteEvent();
break;
// lists all users.
// lists all users.
case "editusers":
$page = listUsers();
break;
// lists one user.
// lists one user.
case "edituser":
$page = listUser();
break;
// prints the form for a new run.
// prints the form for a new run.
case "newrun":
$page = makeNewOreRunPage();
break;
// add a new user.
// add a new user.
case "newuser":
$page = makeAddUserForm();
break;
// Toggle the charity flag.
// Toggle the charity flag.
case "toggleCharity":
toggleCharity();
break;
/* Locking unlocking */
/* Locking unlocking */
case "lockrun":
toggleLock();
break;
// prints the main welcome page.
// prints the main welcome page.
default:
$page = makeWelcome();
break;
/* LOTTO STUFF */
/* LOTTO STUFF */
case "editLotto":
$page = lotto_editLottery();
break;
case "lotto":
$page = lotto_playLotto();
break;
case "claimTicket":
lotto_claimTicket();
break;
case "drawLotto":
lotto_draw();
break;
case "buycredits":
$page = lotto_buyTickets();
break;
case "style":
$page = style();
break;
case "getItemList":
$page = getItemList();
break;
case "switch":
$MySelf = null;
$_SESSION['MySelf'] = null;
unset($_SERVER[QUERY_STRING]);
makeLoginPage($SUPPLIED_USERNAME);
break;
}
if ($ajax > 1) {
$ajaxHtml = "<script>window.setTimeout(function(){\$.ajax({";
if (isset($_REQUEST['ajax'])) {
$ajaxHtml .= "url: '?" . $_SERVER['QUERY_STRING'] . "',";
} else {
$ajaxHtml .= "url: '?" . $_SERVER['QUERY_STRING'] . "&ajax',";
}
$ajaxHtml .= "success: function(data) {\$('#content').html(data);}";
$ajaxHtml .= "});},(" . $ajax * 1000 . "));</script>";
$page .= $ajaxHtml;
}
if (isset($_REQUEST['ajax'])) {
$html = new html();
$page = $html->clean($page);
print $page;
} else {
// Clean & Print the page.
$html = new html();
$html->addBody($page);
print $html->flush();
}
}
