コード例 #1
0
ファイル: user_functions.inc.php プロジェクト: babae/etano
function check_login_member($level_code)
{
    // is this user banned?
    global $_bans;
    if (isset($_bans[_PUNISH_BANUSER_]) && in_array($_SESSION[_LICENSE_KEY_]['user']['user'], $_bans[_PUNISH_BANUSER_])) {
        die;
    } elseif (isset($_bans[_PUNISH_BANIP_]) && in_array(sprintf('%u', ip2long($_SERVER['REMOTE_ADDR'])), $_bans[_PUNISH_BANIP_])) {
        die;
    } elseif (isset($_bans[_PUNISH_BANEMAIL_]) && in_array($_SESSION[_LICENSE_KEY_]['user']['email'], $_bans[_PUNISH_BANEMAIL_])) {
        die;
    }
    global $dbtable_prefix;
    if (!isset($GLOBALS['_access_level'][$level_code])) {
        $GLOBALS['_access_level'][$level_code] = 0;
        // no access allowed if level not defined
    }
    // ask visitors to login if they land on a page that doesn't allow guests
    if (!($GLOBALS['_access_level'][$level_code] & 1) && empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) {
        $_SESSION[_LICENSE_KEY_]['user']['timedout'] = array('url' => (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'], 'method' => $_SERVER['REQUEST_METHOD'], 'qs' => $_SERVER['REQUEST_METHOD'] == 'GET' ? $_GET : $_POST);
        redirect2page('login.php');
    }
    //	unset($_SESSION[_LICENSE_KEY_]['user']['timedout']);
    if (($GLOBALS['_access_level'][$level_code] & $_SESSION[_LICENSE_KEY_]['user']['membership']) != $_SESSION[_LICENSE_KEY_]['user']['membership']) {
        redirect2page('info.php', array(), 'type=access');
        // no access to this feature
    }
    if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) && $_SESSION[_LICENSE_KEY_]['user']['pstat'] < STAT_APPROVED && empty($GLOBALS['_allow_na'][$level_code])) {
        redirect2page('info.php', array(), 'type=profile_na');
        // no access to this feature until the profile gets approved
    }
    $user_id = !empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) ? $_SESSION[_LICENSE_KEY_]['user']['user_id'] : 0;
    if (USE_DB_SESSIONS == 0) {
        $now = gmdate('YmdHis');
        $query = "UPDATE `{$dbtable_prefix}online` SET `last_activity`='{$now}' WHERE `fk_user_id`={$user_id} AND `sess`='" . session_id() . "'";
        if (!($res = @mysql_query($query))) {
            trigger_error(mysql_error(), E_USER_ERROR);
        }
        if (!mysql_affected_rows()) {
            $query = "REPLACE INTO `{$dbtable_prefix}online` SET `fk_user_id`={$user_id},`sess`='" . session_id() . "',`last_activity`='{$now}'";
            if (!($res = @mysql_query($query))) {
                trigger_error(mysql_error(), E_USER_ERROR);
            }
        }
    }
    // log and rate limit
    $log['level'] = $level_code;
    $log['user_id'] = $user_id;
    $log['sess'] = session_id();
    $log['user'] = $_SESSION[_LICENSE_KEY_]['user']['user'];
    $log['membership'] = $_SESSION[_LICENSE_KEY_]['user']['membership'];
    $log['ip'] = sprintf('%u', ip2long($_SERVER['REMOTE_ADDR']));
    if ($level_code != 'all' && $level_code != 'auth') {
        rate_limiter($log);
        log_user_action($log);
    }
}
コード例 #2
0
ファイル: EtanoApi.class.php プロジェクト: babae/etano
 static function login_by_id($user_id)
 {
     global $dbtable_prefix;
     EtanoApi::load_common();
     if (is_file(_BASEPATH_ . '/events/processors/login.php')) {
         include_once _BASEPATH_ . '/events/processors/login.php';
     }
     require_once _BASEPATH_ . '/skins_site/' . EtanoApi::get_my_skin() . '/lang/login.inc.php';
     $score_threshold = 600;
     // seconds
     $error = false;
     $topass = array();
     $nextpage = 'login.php';
     $qs = '';
     $qssep = '';
     $log['level'] = 'login';
     $log['user_id'] = $user_id;
     $log['sess'] = session_id();
     //		$log['user']=$user;
     //		$log['membership']=$_SESSION[_LICENSE_KEY_]['user']['membership'];
     $log['ip'] = sprintf('%u', ip2long($_SERVER['REMOTE_ADDR']));
     log_user_action($log);
     rate_limiter($log);
     $query = "SELECT a.`" . USER_ACCOUNT_ID . "` as `user_id`,b.`_user` as `user`,a.`status`,a.`membership`,UNIX_TIMESTAMP(a.`last_activity`) as `last_activity`,a.`email`,b.`status` as `pstat` FROM `" . USER_ACCOUNTS_TABLE . "` a LEFT JOIN `{$dbtable_prefix}user_profiles` b ON a.`" . USER_ACCOUNT_ID . "`=b.`fk_user_id` WHERE a.`" . USER_ACCOUNT_ID . "`={$user_id}";
     if (!($res = @mysql_query($query))) {
         trigger_error(mysql_error(), E_USER_ERROR);
     }
     if (mysql_num_rows($res)) {
         $user = mysql_fetch_assoc($res);
         $user['membership'] = (int) $user['membership'];
         $user['user_id'] = (int) $user['user_id'];
         if ($user['status'] == ASTAT_ACTIVE) {
             $time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y'));
             $user['prefs'] = get_user_settings($user['user_id'], 'def_user_prefs', array('date_format', 'datetime_format', 'time_offset', 'rate_my_photos', 'profile_comments'));
             $score = 0;
             // it might happen that the user is already logged in. Don't add the login score if that's the case.
             $query = "SELECT `fk_user_id` FROM `{$dbtable_prefix}online` WHERE `fk_user_id`=" . $user['user_id'];
             if (!($res = @mysql_query($query))) {
                 trigger_error(mysql_error(), E_USER_ERROR);
             }
             if (!mysql_num_rows($res)) {
                 $score += add_member_score($user['user_id'], 'login', 1, true);
                 // just read the value
             }
             if ($user['last_activity'] < $time - $score_threshold) {
                 $score += add_member_score($user['user_id'], 'login_bonus', 1, true);
                 // just read the value
             }
             if (!empty($score)) {
                 add_member_score($user['user_id'], 'force', 1, false, $score);
             }
             $query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `last_activity`='" . gmdate('YmdHis') . "' WHERE `" . USER_ACCOUNT_ID . "`=" . $user['user_id'];
             if (!($res = @mysql_query($query))) {
                 trigger_error(mysql_error(), E_USER_ERROR);
             }
             if (USE_DB_SESSIONS == 1) {
                 $query = "REPLACE INTO `{$dbtable_prefix}online` SET `fk_user_id`=" . $user['user_id'] . ",`sess`='" . session_id() . "',`sess_data`='" . sanitize_and_format(serialize($_SESSION), TYPE_STRING, FORMAT_ADDSLASH) . "'";
                 if (!($res = @mysql_query($query))) {
                     trigger_error(mysql_error(), E_USER_ERROR);
                 }
             }
             unset($user['last_activity'], $user['email']);
             $_SESSION[_LICENSE_KEY_]['user'] = array_merge(isset($_SESSION[_LICENSE_KEY_]['user']) ? $_SESSION[_LICENSE_KEY_]['user'] : array(), $user);
             $_SESSION[_LICENSE_KEY_]['user']['loginout'] = $time;
             if (isset($_on_after_login)) {
                 for ($i = 0; isset($_on_after_login[$i]); ++$i) {
                     call_user_func($_on_after_login[$i]);
                 }
             }
         } elseif ($user['status'] == ASTAT_UNVERIFIED) {
             throw new Exception('', ASTAT_UNVERIFIED);
         } elseif ($user['status'] == ASTAT_SUSPENDED) {
             throw new Exception($GLOBALS['_lang'][71], ASTAT_SUSPENDED);
         }
     } else {
         throw new Exception($GLOBALS['_lang'][72], 0);
     }
     return true;
 }
コード例 #3
0
ファイル: login.php プロジェクト: babae/etano
$topass = array();
$nextpage = 'login.php';
$qs = '';
$qssep = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $user = strtolower(sanitize_and_format_gpc($_POST, 'user', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''));
    $pass = sanitize_and_format_gpc($_POST, 'pass', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
    if (!empty($user) && !empty($pass)) {
        $log['level'] = 'login';
        $log['user_id'] = !empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) ? $_SESSION[_LICENSE_KEY_]['user']['user_id'] : 0;
        $log['sess'] = session_id();
        $log['user'] = $user;
        $log['membership'] = $_SESSION[_LICENSE_KEY_]['user']['membership'];
        $log['ip'] = sprintf('%u', ip2long($_SERVER['REMOTE_ADDR']));
        log_user_action($log);
        rate_limiter($log);
        $query = "SELECT a.`" . USER_ACCOUNT_ID . "` as `user_id`,b.`_user` as `user`,a.`status`,a.`membership`,UNIX_TIMESTAMP(a.`last_activity`) as `last_activity`,a.`email`,b.`status` as `pstat` FROM `" . USER_ACCOUNTS_TABLE . "` a LEFT JOIN `{$dbtable_prefix}user_profiles` b ON a.`" . USER_ACCOUNT_ID . "`=b.`fk_user_id` WHERE a.`" . USER_ACCOUNT_USER . "`='{$user}' AND a.`" . USER_ACCOUNT_PASS . "`=" . PASSWORD_ENC_FUNC . "('{$pass}')";
        if (!($res = @mysql_query($query))) {
            trigger_error(mysql_error(), E_USER_ERROR);
        }
        if (mysql_num_rows($res)) {
            $user = mysql_fetch_assoc($res);
            $user['membership'] = (int) $user['membership'];
            $user['user_id'] = (int) $user['user_id'];
            if ($user['status'] == ASTAT_ACTIVE) {
                $time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y'));
                $user['prefs'] = get_user_settings($user['user_id'], 'def_user_prefs', array('date_format', 'datetime_format', 'time_offset', 'rate_my_photos', 'profile_comments'));
                $score = 0;
                // it might happen that the user is already logged in. Don't add the login score if that's the case.
                $query = "SELECT `fk_user_id` FROM `{$dbtable_prefix}online` WHERE `fk_user_id`=" . $user['user_id'];
                if (!($res = @mysql_query($query))) {