case "start": $step = "create_tables"; break; case "create_tables": $step = "create_admin_user"; break; case "create_admin_user": if (!empty($_POST["admin_user"]) && !empty($_POST["admin_pass"]) && !empty($_POST["admin_pass2"]) && !empty($_POST["admin_email"])) { // Check if the two entered passwords are equal. if ($_POST["admin_pass"] != $_POST["admin_pass2"]) { phorum_admin_error("The password fields do not match"); break; } // Check if the user already exists as an admin user. // If yes, then we can use that existing user. $user_id = phorum_api_user_authenticate(PHORUM_ADMIN_SESSION, $_POST["admin_user"], $_POST["admin_pass"]); if ($user_id) { $user = phorum_api_user_get($user_id); if (empty($user["admin"])) { phorum_admin_error("That user already exists but without admin " . "permissions. Please create a different user."); break; } } // Authenticating the user failed? Let's check if the user // already exists at all. if (!$user_id) { $user = phorum_api_user_search('username', $_POST['admin_user']); if ($user) { phorum_admin_error("That user already exists in the database."); break; }
// Check if the phorum_tmp_cookie was set. If not, the user's // browser does not support cookies. If cookies are required, // then the login will be denied. if ($PHORUM['use_cookies'] == PHORUM_REQUIRE_COOKIES && !isset($_COOKIE['phorum_tmp_cookie'])) { $error = $PHORUM['DATA']['LANG']['RequireCookies']; } elseif ($_POST['username'] == '' || $_POST['password'] == '') { $error = $PHORUM['DATA']['LANG']['ErrRequired']; } else { // See if the temporary cookie was found. If yes, then the // browser does support cookies. If not, then we disable // the use of cookies. if (!isset($_COOKIE['phorum_tmp_cookie'])) { $PHORUM['use_cookies'] = PHORUM_NO_COOKIES; } // Check if the login credentials are right. $user_id = phorum_api_user_authenticate(PHORUM_FORUM_SESSION, $_POST['username'], $_POST['password']); // They are. Setup the active user and start a Phorum session. if ($user_id) { // Make the authenticated user the active Phorum user // and start a Phorum user session. Because this is a fresh // login, we can enable the short term session and we request // refreshing of the session id(s). if (phorum_api_user_set_active_user(PHORUM_FORUM_SESSION, $user_id, PHORUM_FLAG_SESSION_ST) && phorum_api_user_session_create(PHORUM_FORUM_SESSION, PHORUM_SESSID_RESET_LOGIN)) { // Destroy the temporary cookie that is used for testing // for cookie compatibility. if (isset($_COOKIE['phorum_tmp_cookie'])) { setcookie('phorum_tmp_cookie', '', 0, $PHORUM['session_path'], $PHORUM['session_domain']); } // Determine the URL to redirect the user to. // If redir is a number, it is a URL constant. $php = PHORUM_FILE_EXTENSION;
phorum_hook("password_reset", $hook_args); } } else { // Check if the phorum_tmp_cookie was set. If not, the user's // browser does not support cookies. if ($PHORUM["use_cookies"] == PHORUM_REQUIRE_COOKIES && !isset($_COOKIE["phorum_tmp_cookie"])) { $error = $PHORUM["DATA"]["LANG"]["RequireCookies"]; } else { // See if the temporary cookie was found. If yes, then the // browser does support cookies. If not, then we disable // the use of cookies. if (!isset($_COOKIE["phorum_tmp_cookie"])) { $PHORUM["use_cookies"] = PHORUM_NO_COOKIES; } // Check if the login credentials are right. $user_id = phorum_api_user_authenticate(PHORUM_FORUM_SESSION, trim($_POST["username"]), trim($_POST["password"])); // They are. Setup the active user and start a Phorum session. if ($user_id) { // Make the authenticated user the active Phorum user // and start a Phorum user session. Because this is a fresh // login, we can enable the short term session and we request // refreshing of the session id(s). if (phorum_api_user_set_active_user(PHORUM_FORUM_SESSION, $user_id, PHORUM_FLAG_SESSION_ST) && phorum_api_user_session_create(PHORUM_FORUM_SESSION, PHORUM_SESSID_RESET_LOGIN)) { // Destroy the temporary cookie that is used for testing // for cookie compatibility. if (isset($_COOKIE["phorum_tmp_cookie"])) { setcookie("phorum_tmp_cookie", "", 0, $PHORUM["session_path"], $PHORUM["session_domain"]); } // Determine the URL to redirect the user to. // If redir is a number, it is a URL constant. if (is_numeric($_POST["redir"])) {
function testUserApiAuthentication() { //var_dump($GLOBALS['PHORUM']); // authentication $username = '******' . $this->sharedFixture; $ret = phorum_api_user_authenticate(PHORUM_FORUM_SESSION, $username, ''); $this->assertFalse($ret, 'User authenticated without password.'); $ret = phorum_api_user_authenticate(PHORUM_FORUM_SESSION, $username, 'FOO'); $this->assertFalse($ret, 'User authenticated with wrong password.'); $ret = phorum_api_user_authenticate(PHORUM_FORUM_SESSION, $username, 'testPwd'); $this->assertGreaterThan(0, $ret, 'User authenticated with correct password.'); }
<?php # Handle a user forum login if (!defined('PHORUM')) { return; } require_once "./include/api/base.php"; require_once "./include/api/user.php"; // Check the username and password. $user_id = phorum_api_user_authenticate(PHORUM_FORUM_SESSION, "username", "password"); if (!$user_id) { die("Username or password incorrect!\n"); } // Make the authenticated user the active user for Phorum. This is all // that is needed to tell Phorum that this user is logged in. $set_active = phorum_api_user_set_active_user(PHORUM_FORUM_SESSION, $user_id, PHORUM_FLAG_SESSION_ST); if (!$set_active) { die("Setting user_id {$user_id} as the active user failed!\n"); } // Create a session for the active user, so the user will be remembered // on subsequent requests. phorum_api_user_session_create(PHORUM_FORUM_SESSION, PHORUM_SESSID_RESET_LOGIN); // appropriate at login time
// This program is free software. You can redistribute it and/or modify // // it under the terms of either the current Phorum License (viewable at // // phorum.org) or the Phorum License that was distributed with this file // // // // This program is distributed in the hope that it will be useful, // // but WITHOUT ANY WARRANTY, without even the implied warranty of // // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // // // // You should have received a copy of the Phorum License // // along with this program. // //////////////////////////////////////////////////////////////////////////////// if (!defined("PHORUM_CONTROL_CENTER")) { return; } if (count($_POST)) { $old_password = trim($_POST["password_old"]); $new_password = trim($_POST['password_new']); // attempt to authenticate the user if (empty($old_password) || !phorum_api_user_authenticate(PHORUM_FORUM_SESSION, $PHORUM['user']['username'], $old_password)) { $error = $PHORUM["DATA"]["LANG"]["ErrOriginalPassword"]; } elseif (empty($new_password) || empty($_POST['password_new2']) || $_POST['password_new'] !== $_POST['password_new2']) { $error = $PHORUM["DATA"]["LANG"]["ErrPassword"]; } else { // everything's good, save $_POST['password_temp'] = $_POST['password'] = $new_password; list($error, $okmsg) = phorum_controlcenter_user_save($panel); } } $PHORUM["DATA"]["HEADING"] = $PHORUM["DATA"]["LANG"]["ChangePassword"]; $PHORUM['DATA']['PROFILE']['CHANGEPASSWORD'] = 1; $template = "cc_usersettings";