/**
* Reset IP address login attempt counter
*
* @param string $label
* single label, can be $username or $uid, its up to the implementator
* @param string $ip
* single IP address
* @return boolean TRUE on resetted counter
*/
function firewall_hook_blacklist_clearip($label, $ip)
{
$ret = FALSE;
$hash = md5($label . $ip);
if (registry_remove(0, 'feature', 'firewall', $hash)) {
$ret = TRUE;
}
return $ret;
}
/**
* Set option to site configuration
*
* @param array $config
* Partial or full site configuration
* @return array Site configuration
*/
function site_config_set($config)
{
global $user_config, $plugin_config;
registry_remove($user_config['uid'], 'core', 'site_config');
// save domain owner
if ($user_config['status'] == 2 || $user_config['status'] == 3) {
$items['uid'] = $user_config['uid'];
} else {
$items['uid'] = 0;
}
registry_update($user_config['uid'], 'core', 'site_config', $config);
return site_config_get();
}
/**
* Validate username and password
*
* @param string $username
* Username
* @param string $password
* Password
* @return boolean TRUE when validated or boolean FALSE when validation failed
*/
function auth_validate_login($username, $password)
{
$uid = user_username2uid($username);
_log('login attempt u:' . $username . ' uid:' . $uid . ' p:' . md5($password) . ' ip:' . $_SERVER['REMOTE_ADDR'], 3, 'auth_validate_login');
// check blacklist
if (blacklist_ifipexists($username, $_SERVER['REMOTE_ADDR'])) {
_log('IP blacklisted u:' . $username . ' uid:' . $uid . ' ip:' . $_SERVER['REMOTE_ADDR'], 2, 'auth_validate_login');
return FALSE;
}
if (user_banned_get($uid)) {
_log('user banned u:' . $username . ' uid:' . $uid . ' ip:' . $_SERVER['REMOTE_ADDR'], 2, 'auth_validate_login');
return FALSE;
}
$db_query = "SELECT password FROM " . _DB_PREF_ . "_tblUser WHERE flag_deleted='0' AND username='******'";
$db_result = dba_query($db_query);
$db_row = dba_fetch_array($db_result);
$res_password = trim($db_row['password']);
$password = md5($password);
if ($password && $res_password && $password == $res_password) {
_log('valid login u:' . $username . ' uid:' . $uid . ' ip:' . $_SERVER['REMOTE_ADDR'], 2, 'auth_validate_login');
// remove IP on successful login
blacklist_clearip($username, $_SERVER['REMOTE_ADDR']);
return true;
} else {
$ret = registry_search(1, 'auth', 'tmp_password', $username);
$tmp_password = $ret['auth']['tmp_password'][$username];
if ($password && $tmp_password && $password == $tmp_password) {
_log('valid login u:' . $username . ' uid:' . $uid . ' ip:' . $_SERVER['REMOTE_ADDR'] . ' using temporary password', 2, 'auth_validate_login');
if (!registry_remove(1, 'auth', 'tmp_password', $username)) {
_log('WARNING: unable to remove temporary password after successful login', 3, 'login');
}
// remove IP on successful login
blacklist_clearip($username, $_SERVER['REMOTE_ADDR']);
return true;
}
}
// check blacklist
blacklist_checkip($username, $_SERVER['REMOTE_ADDR']);
_log('invalid login u:' . $username . ' uid:' . $uid . ' ip:' . $_SERVER['REMOTE_ADDR'], 2, 'auth_validate_login');
return false;
}
}
header("Location: " . _u('index.php?app=main&inc=core_sender_id&op=sender_id_edit&id=' . $_REQUEST['id']));
exit;
break;
case "toggle_status":
$search = array('id' => $_REQUEST['id'], 'registry_family' => 'sender_id');
foreach (registry_search_record($search) as $row) {
$status = $row['registry_value'] == 0 ? 1 : 0;
$items[$row['registry_key']] = $status;
registry_update($row['uid'], 'features', 'sender_id', $items);
}
$_SESSION['dialog']['info'][] = ($status == 1 ? _('Sender ID is now approved') : _('Sender ID is now disabled')) . ' (' . _('Sender ID') . ': ' . $row['registry_key'] . ')';
header("Location: " . _u('index.php?app=main&inc=core_sender_id&op=sender_id_list'));
exit;
break;
case "sender_id_delete":
$nav = themes_nav_session();
$search = themes_search_session();
$ref = $nav['url'] . '&search_keyword=' . $search['keyword'] . '&page=' . $nav['page'] . '&nav=' . $nav['nav'];
$uid = auth_isadmin() && $data_sender_id[0]['uid'] ? $data_sender_id[0]['uid'] : $user_config['uid'];
registry_remove($uid, 'features', 'sender_id', $data_sender_id[0]['registry_key']);
registry_remove($uid, 'features', 'sender_id_description', $data_sender_id[0]['registry_key']);
$default_sender_id = sender_id_default_get($uid);
if (strtoupper($data_sender_id[0]['registry_key']) == strtoupper($default_sender_id)) {
sender_id_default_set($data_sender_id[0]['uid'], '');
}
$_SESSION['dialog']['info'][] = _('Sender ID has been removed') . ' (' . _('Sender ID') . ': ' . $data_sender_id[0]['registry_key'] . ')';
header("Location: " . _u($ref));
exit;
break;
}
} else {
$json['status'] = 'ERR';
$json['error'] = '100';
}
$log_this = TRUE;
break;
case "WS_LOGIN":
$user = user_getdatabyusername($u);
if ($c_uid = $user['uid']) {
// supplied login key
$login_key = trim($_REQUEST['login_key']);
// saved login key
$reg = registry_search($c_uid, 'core', 'webservices', 'login_key');
$c_login_key = trim($reg['core']['webservices']['login_key']);
// immediately remove saved login key, only proceed upon successful removal
if (registry_remove($c_uid, 'core', 'webservices', 'login_key')) {
// auth by comparing login keys
if ($login_key && $c_login_key && $login_key == $c_login_key) {
// setup login session
auth_session_setup($c_uid);
_log("webservices logged in u:" . $u . " ip:" . $_SERVER['REMOTE_ADDR'] . " op:" . _OP_, 3, "webservices");
} else {
_log("webservices invalid login u:" . $u . " ip:" . $_SERVER['REMOTE_ADDR'] . " op:" . _OP_, 3, "webservices");
}
} else {
_log("webservices error unable to remove registry u:" . $u . " ip:" . $_SERVER['REMOTE_ADDR'] . " op:" . _OP_, 3, "webservices");
}
} else {
_log("webservices invalid user u:" . $u . " ip:" . $_SERVER['REMOTE_ADDR'] . " op:" . _OP_, 3, "webservices");
}
// redirect to index.php no matter what
/**
* Remove account from banned account list
*
* @param integer $uid
* User ID
* @return boolean TRUE if user successfully removed from banned user list
*/
function user_banned_remove($uid)
{
if (registry_remove(1, 'auth', 'banned_users', $uid)) {
_log('unbanned uid:' . $uid, 2, 'user_banned_remove');
return TRUE;
} else {
return FALSE;
}
}
