case "start":
$step = "create_tables";
break;
case "create_tables":
$step = "create_admin_user";
break;
case "create_admin_user":
if (!empty($_POST["admin_user"]) && !empty($_POST["admin_pass"]) && !empty($_POST["admin_pass2"]) && !empty($_POST["admin_email"])) {
// Check if the two entered passwords are equal.
if ($_POST["admin_pass"] != $_POST["admin_pass2"]) {
phorum_admin_error("The password fields do not match");
break;
}
// Check if the user already exists as an admin user.
// If yes, then we can use that existing user.
$user_id = phorum_api_user_authenticate(PHORUM_ADMIN_SESSION, $_POST["admin_user"], $_POST["admin_pass"]);
if ($user_id) {
$user = phorum_api_user_get($user_id);
if (empty($user["admin"])) {
phorum_admin_error("That user already exists but without admin " . "permissions. Please create a different user.");
break;
}
}
// Authenticating the user failed? Let's check if the user
// already exists at all.
if (!$user_id) {
$user = phorum_api_user_search('username', $_POST['admin_user']);
if ($user) {
phorum_admin_error("That user already exists in the database.");
break;
}
// Check if the phorum_tmp_cookie was set. If not, the user's
// browser does not support cookies. If cookies are required,
// then the login will be denied.
if ($PHORUM['use_cookies'] == PHORUM_REQUIRE_COOKIES && !isset($_COOKIE['phorum_tmp_cookie'])) {
$error = $PHORUM['DATA']['LANG']['RequireCookies'];
} elseif ($_POST['username'] == '' || $_POST['password'] == '') {
$error = $PHORUM['DATA']['LANG']['ErrRequired'];
} else {
// See if the temporary cookie was found. If yes, then the
// browser does support cookies. If not, then we disable
// the use of cookies.
if (!isset($_COOKIE['phorum_tmp_cookie'])) {
$PHORUM['use_cookies'] = PHORUM_NO_COOKIES;
}
// Check if the login credentials are right.
$user_id = phorum_api_user_authenticate(PHORUM_FORUM_SESSION, $_POST['username'], $_POST['password']);
// They are. Setup the active user and start a Phorum session.
if ($user_id) {
// Make the authenticated user the active Phorum user
// and start a Phorum user session. Because this is a fresh
// login, we can enable the short term session and we request
// refreshing of the session id(s).
if (phorum_api_user_set_active_user(PHORUM_FORUM_SESSION, $user_id, PHORUM_FLAG_SESSION_ST) && phorum_api_user_session_create(PHORUM_FORUM_SESSION, PHORUM_SESSID_RESET_LOGIN)) {
// Destroy the temporary cookie that is used for testing
// for cookie compatibility.
if (isset($_COOKIE['phorum_tmp_cookie'])) {
setcookie('phorum_tmp_cookie', '', 0, $PHORUM['session_path'], $PHORUM['session_domain']);
}
// Determine the URL to redirect the user to.
// If redir is a number, it is a URL constant.
$php = PHORUM_FILE_EXTENSION;
phorum_hook("password_reset", $hook_args);
}
} else {
// Check if the phorum_tmp_cookie was set. If not, the user's
// browser does not support cookies.
if ($PHORUM["use_cookies"] == PHORUM_REQUIRE_COOKIES && !isset($_COOKIE["phorum_tmp_cookie"])) {
$error = $PHORUM["DATA"]["LANG"]["RequireCookies"];
} else {
// See if the temporary cookie was found. If yes, then the
// browser does support cookies. If not, then we disable
// the use of cookies.
if (!isset($_COOKIE["phorum_tmp_cookie"])) {
$PHORUM["use_cookies"] = PHORUM_NO_COOKIES;
}
// Check if the login credentials are right.
$user_id = phorum_api_user_authenticate(PHORUM_FORUM_SESSION, trim($_POST["username"]), trim($_POST["password"]));
// They are. Setup the active user and start a Phorum session.
if ($user_id) {
// Make the authenticated user the active Phorum user
// and start a Phorum user session. Because this is a fresh
// login, we can enable the short term session and we request
// refreshing of the session id(s).
if (phorum_api_user_set_active_user(PHORUM_FORUM_SESSION, $user_id, PHORUM_FLAG_SESSION_ST) && phorum_api_user_session_create(PHORUM_FORUM_SESSION, PHORUM_SESSID_RESET_LOGIN)) {
// Destroy the temporary cookie that is used for testing
// for cookie compatibility.
if (isset($_COOKIE["phorum_tmp_cookie"])) {
setcookie("phorum_tmp_cookie", "", 0, $PHORUM["session_path"], $PHORUM["session_domain"]);
}
// Determine the URL to redirect the user to.
// If redir is a number, it is a URL constant.
if (is_numeric($_POST["redir"])) {
function testUserApiAuthentication()
{
//var_dump($GLOBALS['PHORUM']);
// authentication
$username = '******' . $this->sharedFixture;
$ret = phorum_api_user_authenticate(PHORUM_FORUM_SESSION, $username, '');
$this->assertFalse($ret, 'User authenticated without password.');
$ret = phorum_api_user_authenticate(PHORUM_FORUM_SESSION, $username, 'FOO');
$this->assertFalse($ret, 'User authenticated with wrong password.');
$ret = phorum_api_user_authenticate(PHORUM_FORUM_SESSION, $username, 'testPwd');
$this->assertGreaterThan(0, $ret, 'User authenticated with correct password.');
}
<?php
# Handle a user forum login
if (!defined('PHORUM')) {
return;
}
require_once "./include/api/base.php";
require_once "./include/api/user.php";
// Check the username and password.
$user_id = phorum_api_user_authenticate(PHORUM_FORUM_SESSION, "username", "password");
if (!$user_id) {
die("Username or password incorrect!\n");
}
// Make the authenticated user the active user for Phorum. This is all
// that is needed to tell Phorum that this user is logged in.
$set_active = phorum_api_user_set_active_user(PHORUM_FORUM_SESSION, $user_id, PHORUM_FLAG_SESSION_ST);
if (!$set_active) {
die("Setting user_id {$user_id} as the active user failed!\n");
}
// Create a session for the active user, so the user will be remembered
// on subsequent requests.
phorum_api_user_session_create(PHORUM_FORUM_SESSION, PHORUM_SESSID_RESET_LOGIN);
// appropriate at login time
// This program is free software. You can redistribute it and/or modify //
// it under the terms of either the current Phorum License (viewable at //
// phorum.org) or the Phorum License that was distributed with this file //
// //
// This program is distributed in the hope that it will be useful, //
// but WITHOUT ANY WARRANTY, without even the implied warranty of //
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. //
// //
// You should have received a copy of the Phorum License //
// along with this program. //
////////////////////////////////////////////////////////////////////////////////
if (!defined("PHORUM_CONTROL_CENTER")) {
return;
}
if (count($_POST)) {
$old_password = trim($_POST["password_old"]);
$new_password = trim($_POST['password_new']);
// attempt to authenticate the user
if (empty($old_password) || !phorum_api_user_authenticate(PHORUM_FORUM_SESSION, $PHORUM['user']['username'], $old_password)) {
$error = $PHORUM["DATA"]["LANG"]["ErrOriginalPassword"];
} elseif (empty($new_password) || empty($_POST['password_new2']) || $_POST['password_new'] !== $_POST['password_new2']) {
$error = $PHORUM["DATA"]["LANG"]["ErrPassword"];
} else {
// everything's good, save
$_POST['password_temp'] = $_POST['password'] = $new_password;
list($error, $okmsg) = phorum_controlcenter_user_save($panel);
}
}
$PHORUM["DATA"]["HEADING"] = $PHORUM["DATA"]["LANG"]["ChangePassword"];
$PHORUM['DATA']['PROFILE']['CHANGEPASSWORD'] = 1;
$template = "cc_usersettings";
