// Create an URI session id if cookies are not used.. if(!$PHORUM["use_cookies"]) { $uri_session_id = md5($_POST['username'].microtime().$_POST['password']); $user = array( 'user_id' => $PHORUM['user']['user_id'], 'sessid_st'=> $uri_session_id ); phorum_user_save_simple($user); phorum_user_create_session(PHORUM_SESSION_LONG_TERM,true,$uri_session_id); // Create cookie session(s). } else { if (!$PHORUM["DATA"]["LOGGEDIN"]) { phorum_user_create_session(PHORUM_SESSION_LONG_TERM, false); } if($PHORUM["tight_security"]){ phorum_user_create_session(PHORUM_SESSION_SHORT_TERM, true); } } // Determine the URL to redirect the user to. // If redir is a number, it is a URL constant. if(is_numeric($_POST["redir"])){ $redir = phorum_get_url($_POST["redir"]); } // Redirecting to the registration or login page is a little weird, // so we just go to the list page if we came from one of those. elseif (isset($PHORUM['use_cookies']) && $PHORUM["use_cookies"] && !strstr($_POST["redir"], "register." . PHORUM_FILE_EXTENSION) && !strstr($_POST["redir"], "login." . PHORUM_FILE_EXTENSION)) { $redir = $_POST["redir"]; // By default, we redirect to the list page.
function phorum_user_check_session( $cookie = PHORUM_SESSION_LONG_TERM ) { $PHORUM = $GLOBALS["PHORUM"]; // If we do URI based authentication, we will only look at the // PHORUM_SESSION_LONG_TERM session (which is the session key that is // stored in the URI). Here we rewrite requests for // PHORUM_SESSION_SHORT_TERM so we will handle tighter security correctly. if ( isset($PHORUM["use_cookies"]) && ! $PHORUM["use_cookies"] && $cookie == PHORUM_SESSION_SHORT_TERM) { $cookie = PHORUM_SESSION_LONG_TERM; } if ( ( $cookie != PHORUM_SESSION_LONG_TERM || ( isset( $PHORUM["use_cookies"] ) && $PHORUM["use_cookies"] ) ) && isset( $_COOKIE[$cookie] ) ) { // REAL cookies ;) $sessid = $_COOKIE[$cookie]; $GLOBALS["PHORUM"]["use_cookies"]=true; } elseif ( isset( $PHORUM["args"][$cookie] ) ) { // in the p5-urls $sessid = $PHORUM["args"][$cookie]; $GLOBALS["PHORUM"]["use_cookies"]=false; } elseif ( isset( $_POST[$cookie] ) ) { // from post-forms $sessid = $_POST[$cookie]; $GLOBALS["PHORUM"]["use_cookies"]=false; } elseif ( isset( $_GET[$cookie] ) ) { // should rarely happen but helps in some cases $sessid = $_GET[$cookie]; $GLOBALS["PHORUM"]["use_cookies"]=false; } $success = false; if ( !empty( $sessid ) && $GLOBALS["PHORUM"]["use_cookies"]) { // this part is for cookie-authentication where we have username and password list( $userid, $md5session ) = explode( ":", $sessid, 2 ); if(!is_numeric($userid)) { phorum_user_clear_session( $cookie ); return false; } $user=phorum_user_get($userid, true, true); if (empty($user)) { phorum_user_clear_session( $cookie ); return false; } if ( ($cookie==PHORUM_SESSION_LONG_TERM && !empty($user['cookie_sessid_lt']) && $user['cookie_sessid_lt'] == $md5session) || ($cookie==PHORUM_SESSION_SHORT_TERM && !empty($user['sessid_st']) && $user['sessid_st'] == $md5session) || ($cookie==PHORUM_SESSION_ADMIN && !empty($user['cookie_sessid_lt']) && md5($user['cookie_sessid_lt'].$PHORUM["admin_session_salt"]) == $md5session) ) { if ( $user["active"] ) { // write access is false by default, need to check the st-cookie too $user['write_access']=false; $GLOBALS["PHORUM"]["user"] = $user; $success = true; phorum_user_create_session( $cookie ); } else { phorum_user_clear_session( $cookie ); } } } elseif( !empty( $sessid ) && !$GLOBALS["PHORUM"]["use_cookies"]) { // this part is for uri-authentication where we only have a session-id $uri_session_id = urldecode( $sessid ); if ( $user_id = phorum_db_user_check_field('sessid_st',$uri_session_id,'=')) { $user = phorum_user_get( $user_id, true, true ); if ( $user["active"] ) { // write access is enabled for uri-authentication as thats requiring login at every visit $user['write_access']=true; $GLOBALS["PHORUM"]["user"] = $user; $success = true; phorum_user_create_session( $cookie, false, $user['sessid_st'] ); } else { phorum_user_clear_session( $cookie ); } } } // track user activity if($success && $PHORUM["track_user_activity"] && $GLOBALS["PHORUM"]["user"]["date_last_active"] < time() - $PHORUM["track_user_activity"] ) { $tmp_user["user_id"] = $GLOBALS["PHORUM"]["user"]["user_id"]; $tmp_user["date_last_active"] = time(); if(isset($PHORUM['forum_id'])) { $tmp_user["last_active_forum"]= $PHORUM['forum_id']; } else { $tmp_user["last_active_forum"]= 0; } phorum_user_save_simple( $tmp_user); } return $success; }
/** * A common function which is used to save the userdata from the post-data. * @param panel - The panel for which to save data. * @return array - An array containing $error and $okmsg. */ function phorum_controlcenter_user_save($panel) { $PHORUM = $GLOBALS['PHORUM']; $error = ""; $okmsg = ""; // Setup the default userdata fields that may be changed // from the control panel interface. $userdata = array( 'signature' => NULL, 'hide_email' => NULL, 'hide_activity' => NULL, 'password' => NULL, 'tz_offset' => NULL, 'is_dst' => NULL, 'user_language' => NULL, 'threaded_list' => NULL, 'threaded_read' => NULL, 'email_notify' => NULL, 'show_signature' => NULL, 'pm_email_notify' => NULL, 'email' => NULL, 'email_temp' => NULL, 'user_template' => NULL, 'moderation_email'=> NULL, ); // Add custom profile fields as acceptable fields. foreach ($PHORUM["PROFILE_FIELDS"] as $field) { $userdata[$field["name"]] = NULL; } // Update userdata with $_POST information. foreach ($_POST as $key => $val) { if (array_key_exists($key, $userdata)) { $userdata[$key] = $val; } } // Remove unused profile fields. foreach ($userdata as $key => $val) { if (is_null($val)) { unset($userdata[$key]); } } // Set static userdata. $userdata["user_id"] = $PHORUM["user"]["user_id"]; $userdata["fk_campsite_user_id"] = $PHORUM["user"]["fk_campsite_user_id"]; // Run a hook, so module writers can update and check the userdata. $userdata = phorum_hook("cc_save_user", $userdata); // Set $error, in case the before_register hook did set an error. if (isset($userdata['error'])) { $error=$userdata['error']; unset($userdata['error']); // Try to update the userdata in the database. } elseif (!phorum_user_save($userdata)) { // Updating the user failed. $error = $PHORUM["DATA"]["LANG"]["ErrUserAddUpdate"]; } else { // Sync the campsite user require_once('../../admin-files/localizer/Localizer.php'); require_once('../../classes/User.php'); $campsiteUser = new User($userdata["fk_campsite_user_id"]); if ($campsiteUser->exists()) { if (array_key_exists('password', $userdata)) { $campsiteUser->setPassword($userdata["password"]); } elseif (array_key_exists('email', $userdata)) { $campsiteUser->setProperty('EMail', $userdata["email"]); } } // Updating the user was successful. $okmsg = $PHORUM["DATA"]["LANG"]["ProfileUpdatedOk"]; // Let the userdata be reloaded. phorum_user_set_current_user($userdata["user_id"]); // If a new password was set, let's create a new session. if (isset($userdata["password"]) && !empty($userdata["password"])) { phorum_user_create_session(); } // Copy data from the updated user back into the template data. // Leave PANEL and forum_id alone (these are injected into the // userdata in the template from this script). foreach ($GLOBALS["PHORUM"]["DATA"]["PROFILE"] as $key => $val) { if ($key == "PANEL" || $key == "forum_id") continue; if (isset($GLOBALS["PHORUM"]["user"][$key])) { $GLOBALS["PHORUM"]["DATA"]["PROFILE"][$key] = $GLOBALS["PHORUM"]["user"][$key]; } else { $GLOBALS["PHORUM"]["DATA"]["PROFILE"][$key] = ""; } } } return array($error, $okmsg); }
// // // This program is distributed in the hope that it will be useful, // // but WITHOUT ANY WARRANTY, without even the implied warranty of // // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // // // // You should have received a copy of the Phorum License // // along with this program. // //////////////////////////////////////////////////////////////////////////////// // don't allow this page to be loaded directly if(!defined("PHORUM_ADMIN")) exit(); if(isset($_POST["username"]) && isset($_POST["password"])){ if(phorum_user_check_login($_POST["username"], $_POST["password"])!=0){ if($PHORUM["user"]["admin"]){ phorum_user_create_session(PHORUM_SESSION_ADMIN); if(!empty($_POST["target"])){ phorum_redirect_by_url($_POST['target']); } else { phorum_redirect_by_url($_SERVER['PHP_SELF']); } exit(); } } } include_once "./include/admin/PhorumInputForm.php"; $frm = new PhorumInputForm ("", "post"); if(count($_REQUEST)){