private function _autologin($member_id)
{
// Load Auth Library
$this->EE->load->library('auth');
// First get the member based on the member_id
$this->EE->db->where('member_id', $member_id);
$query = $this->EE->db->get('members');
// We know its valid because we just created the member in
// either the checkout or the registration form
if (!($result = $query->row())) {
// We'll return if there is no user though for safe keeping.
// The user wouldn't be logged in but the parnet checkout / registration
// could continue without error
return;
}
// Log them in
$session = new Auth_result($result);
$session->remember_me(60 * 60 * 24);
$session->start_session();
}
/**
* Do Multi-site authentication
*
* @param array array of sites
* @return object member auth object
*/
function _do_multi_auth($sites, $session_id)
{
if (!$sites or $this->EE->config->item('allow_multi_logins') == 'n') {
return array('login' => lang('not_authorized'));
}
// Kill old sessions first
$this->EE->session->gc_probability = 100;
$this->EE->session->delete_old_sessions();
// Grab session
$sess_q = $this->EE->db->get_where('sessions', array('session_id' => $session_id));
if (!$sess_q->num_rows()) {
return FALSE;
}
// Grab member
$mem_q = $this->EE->db->get_where('members', array('member_id' => $sess_q->row('member_id')));
if (!$mem_q->num_rows()) {
return FALSE;
}
$incoming = new Auth_result($mem_q->row());
// this is silly - only works for the first site
if (isset($_POST['auto_login'])) {
$incoming->remember_me(60 * 60 * 24 * 365);
}
// hook onto an existing session
$incoming->use_session_id($session_id);
$incoming->start_session();
$new_row = $sess_q->row_array();
$some_row['site_id'] = $this->EE->config->item('site_id');
return $incoming;
}
/**
* Register Member
*/
public function register_member()
{
// Do we allow new member registrations?
if (ee()->config->item('allow_member_registration') == 'n') {
return FALSE;
}
// Is user banned?
if (ee()->session->userdata('is_banned') === TRUE) {
return ee()->output->show_user_error('general', array(lang('not_authorized')));
}
// Blacklist/Whitelist Check
if (ee()->blacklist->blacklisted == 'y' && ee()->blacklist->whitelisted == 'n') {
return ee()->output->show_user_error('general', array(lang('not_authorized')));
}
ee()->load->helper('url');
// -------------------------------------------
// 'member_member_register_start' hook.
// - Take control of member registration routine
// - Added EE 1.4.2
//
ee()->extensions->call('member_member_register_start');
if (ee()->extensions->end_script === TRUE) {
return;
}
//
// -------------------------------------------
// Set the default globals
$default = array('username', 'password', 'password_confirm', 'email', 'screen_name', 'url', 'location');
foreach ($default as $val) {
if (!isset($_POST[$val])) {
$_POST[$val] = '';
}
}
if ($_POST['screen_name'] == '') {
$_POST['screen_name'] = $_POST['username'];
}
// Instantiate validation class
if (!class_exists('EE_Validate')) {
require APPPATH . 'libraries/Validate.php';
}
$VAL = new EE_Validate(array('member_id' => '', 'val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => trim_nbs($_POST['username']), 'cur_username' => '', 'screen_name' => trim_nbs($_POST['screen_name']), 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => trim($_POST['email']), 'cur_email' => ''));
$VAL->validate_username();
$VAL->validate_screen_name();
$VAL->validate_password();
$VAL->validate_email();
// Do we have any custom fields?
$query = ee()->db->select('m_field_id, m_field_name, m_field_label, m_field_type, m_field_list_items, m_field_required')->where('m_field_reg', 'y')->get('member_fields');
$cust_errors = array();
$cust_fields = array();
if ($query->num_rows() > 0) {
foreach ($query->result_array() as $row) {
$field_name = 'm_field_id_' . $row['m_field_id'];
// Assume we're going to save this data, unless it's empty to begin with
$valid = isset($_POST[$field_name]) && $_POST[$field_name] != '';
// Basic validations
if ($row['m_field_required'] == 'y' && !$valid) {
$cust_errors[] = lang('mbr_field_required') . ' ' . $row['m_field_label'];
} elseif ($row['m_field_type'] == 'select' && $valid) {
// Ensure their selection is actually a valid choice
$options = explode("\n", $row['m_field_list_items']);
if (!in_array(htmlentities($_POST[$field_name]), $options)) {
$valid = FALSE;
$cust_errors[] = lang('mbr_field_invalid') . ' ' . $row['m_field_label'];
}
}
if ($valid) {
$cust_fields[$field_name] = ee()->security->xss_clean($_POST[$field_name]);
}
}
}
if (isset($_POST['email_confirm']) && $_POST['email'] != $_POST['email_confirm']) {
$cust_errors[] = lang('mbr_emails_not_match');
}
if (ee()->config->item('use_membership_captcha') == 'y') {
if (!isset($_POST['captcha']) or $_POST['captcha'] == '') {
$cust_errors[] = lang('captcha_required');
}
}
if (ee()->config->item('require_terms_of_service') == 'y') {
if (!isset($_POST['accept_terms'])) {
$cust_errors[] = lang('mbr_terms_of_service_required');
}
}
// -------------------------------------------
// 'member_member_register_errors' hook.
// - Additional error checking prior to submission
// - Added EE 2.5.0
//
ee()->extensions->call('member_member_register_errors', $this);
if (ee()->extensions->end_script === TRUE) {
return;
}
//
// -------------------------------------------
$errors = array_merge($VAL->errors, $cust_errors, $this->errors);
// Display error is there are any
if (count($errors) > 0) {
return ee()->output->show_user_error('submission', $errors);
}
// Do we require captcha?
if (ee()->config->item('use_membership_captcha') == 'y') {
$query = ee()->db->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='" . ee()->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . ee()->input->ip_address() . "' AND date > UNIX_TIMESTAMP()-7200");
if ($query->row('count') == 0) {
return ee()->output->show_user_error('submission', array(lang('captcha_incorrect')));
}
ee()->db->query("DELETE FROM exp_captcha WHERE (word='" . ee()->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . ee()->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200");
}
ee()->load->helper('security');
// Assign the base query data
$data = array('username' => trim_nbs(ee()->input->post('username')), 'password' => sha1($_POST['password']), 'ip_address' => ee()->input->ip_address(), 'unique_id' => ee()->functions->random('encrypt'), 'join_date' => ee()->localize->now, 'email' => trim_nbs(ee()->input->post('email')), 'screen_name' => trim_nbs(ee()->input->post('screen_name')), 'url' => prep_url(ee()->input->post('url')), 'location' => ee()->input->post('location'), 'language' => ee()->config->item('deft_lang') ? ee()->config->item('deft_lang') : 'english', 'date_format' => ee()->config->item('date_format') ? ee()->config->item('date_format') : '%n/%j/%y', 'time_format' => ee()->config->item('time_format') ? ee()->config->item('time_format') : '12', 'include_seconds' => ee()->config->item('include_seconds') ? ee()->config->item('include_seconds') : 'n', 'timezone' => ee()->config->item('default_site_timezone'));
// Set member group
if (ee()->config->item('req_mbr_activation') == 'manual' or ee()->config->item('req_mbr_activation') == 'email') {
$data['group_id'] = 4;
// Pending
} else {
if (ee()->config->item('default_member_group') == '') {
$data['group_id'] = 4;
// Pending
} else {
$data['group_id'] = ee()->config->item('default_member_group');
}
}
// Optional Fields
$optional = array('bio' => 'bio', 'language' => 'deft_lang', 'timezone' => 'server_timezone', 'date_format' => 'date_format', 'time_format' => 'time_format', 'include_seconds' => 'include_seconds');
foreach ($optional as $key => $value) {
if (isset($_POST[$value])) {
$data[$key] = $_POST[$value];
}
}
// We generate an authorization code if the member needs to self-activate
if (ee()->config->item('req_mbr_activation') == 'email') {
$data['authcode'] = ee()->functions->random('alnum', 10);
}
// Insert basic member data
ee()->db->query(ee()->db->insert_string('exp_members', $data));
$member_id = ee()->db->insert_id();
// Insert custom fields
$cust_fields['member_id'] = $member_id;
ee()->db->query(ee()->db->insert_string('exp_member_data', $cust_fields));
// Create a record in the member homepage table
// This is only necessary if the user gains CP access,
// but we'll add the record anyway.
ee()->db->query(ee()->db->insert_string('exp_member_homepage', array('member_id' => $member_id)));
// Mailinglist Subscribe
$mailinglist_subscribe = FALSE;
if (isset($_POST['mailinglist_subscribe']) && is_numeric($_POST['mailinglist_subscribe'])) {
// Kill duplicate emails from authorizatin queue.
ee()->db->where('email', $_POST['email'])->delete('mailing_list_queue');
// Validate Mailing List ID
$query = ee()->db->select('COUNT(*) as count')->where('list_id', $_POST['mailinglist_subscribe'])->get('mailing_lists');
// Email Not Already in Mailing List
$results = ee()->db->select('COUNT(*) as count')->where('email', $_POST['email'])->where('list_id', $_POST['mailinglist_subscribe'])->get('mailing_list');
// INSERT Email
if ($query->row('count') > 0 && $results->row('count') == 0) {
$mailinglist_subscribe = TRUE;
$code = ee()->functions->random('alnum', 10);
if (ee()->config->item('req_mbr_activation') == 'email') {
// Activated When Membership Activated
ee()->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\r\n\t\t\t\t\t\t\t\tVALUES ('" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')");
} elseif (ee()->config->item('req_mbr_activation') == 'manual') {
// Mailing List Subscribe Email
ee()->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\r\n\t\t\t\t\t\t\t\tVALUES ('" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')");
ee()->lang->loadfile('mailinglist');
$action_id = ee()->functions->fetch_action_id('Mailinglist', 'authorize_email');
$swap = array('activation_url' => ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $code, 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url'));
$template = ee()->functions->fetch_email_template('mailinglist_activation_instructions');
$email_tit = ee()->functions->var_swap($template['title'], $swap);
$email_msg = ee()->functions->var_swap($template['data'], $swap);
// Send email
ee()->load->library('email');
ee()->email->wordwrap = true;
ee()->email->mailtype = 'plain';
ee()->email->priority = '3';
ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name'));
ee()->email->to($_POST['email']);
ee()->email->subject($email_tit);
ee()->email->message($email_msg);
ee()->email->send();
} else {
// Automatically Accepted
ee()->db->query("INSERT INTO exp_mailing_list (list_id, authcode, email, ip_address)\r\n\t\t\t\t\t\t\t\t\t\t VALUES ('" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str(ee()->input->ip_address()) . "')");
}
}
}
// Update
if (ee()->config->item('req_mbr_activation') == 'none') {
ee()->stats->update_member_stats();
}
// Send admin notifications
if (ee()->config->item('new_member_notification') == 'y' && ee()->config->item('mbr_notification_emails') != '') {
$name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username'];
$swap = array('name' => $name, 'site_name' => stripslashes(ee()->config->item('site_name')), 'control_panel_url' => ee()->config->item('cp_url'), 'username' => $data['username'], 'email' => $data['email']);
$template = ee()->functions->fetch_email_template('admin_notify_reg');
$email_tit = $this->_var_swap($template['title'], $swap);
$email_msg = $this->_var_swap($template['data'], $swap);
// Remove multiple commas
$notify_address = reduce_multiples(ee()->config->item('mbr_notification_emails'), ',', TRUE);
// Send email
ee()->load->helper('text');
ee()->load->library('email');
ee()->email->wordwrap = true;
ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name'));
ee()->email->to($notify_address);
ee()->email->subject($email_tit);
ee()->email->message(entities_to_ascii($email_msg));
ee()->email->Send();
}
// -------------------------------------------
// 'member_member_register' hook.
// - Additional processing when a member is created through the User Side
// - $member_id added in 2.0.1
//
ee()->extensions->call('member_member_register', $data, $member_id);
if (ee()->extensions->end_script === TRUE) {
return;
}
//
// -------------------------------------------
// Send user notifications
if (ee()->config->item('req_mbr_activation') == 'email') {
$action_id = ee()->functions->fetch_action_id('Member', 'activate_member');
$name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username'];
$board_id = ee()->input->get_post('board_id') !== FALSE && is_numeric(ee()->input->get_post('board_id')) ? ee()->input->get_post('board_id') : 1;
$forum_id = ee()->input->get_post('FROM') == 'forum' ? '&r=f&board_id=' . $board_id : '';
$add = $mailinglist_subscribe !== TRUE ? '' : '&mailinglist=' . $_POST['mailinglist_subscribe'];
$swap = array('name' => $name, 'activation_url' => ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $data['authcode'] . $forum_id . $add, 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url'), 'username' => $data['username'], 'email' => $data['email']);
$template = ee()->functions->fetch_email_template('mbr_activation_instructions');
$email_tit = $this->_var_swap($template['title'], $swap);
$email_msg = $this->_var_swap($template['data'], $swap);
// Send email
ee()->load->helper('text');
ee()->load->library('email');
ee()->email->wordwrap = true;
ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name'));
ee()->email->to($data['email']);
ee()->email->subject($email_tit);
ee()->email->message(entities_to_ascii($email_msg));
ee()->email->Send();
$message = lang('mbr_membership_instructions_email');
} elseif (ee()->config->item('req_mbr_activation') == 'manual') {
$message = lang('mbr_admin_will_activate');
} else {
// Log user in (the extra query is a little annoying)
ee()->load->library('auth');
$member_data_q = ee()->db->get_where('members', array('member_id' => $member_id));
$incoming = new Auth_result($member_data_q->row());
$incoming->remember_me();
$incoming->start_session();
$message = lang('mbr_your_are_logged_in');
}
// Build the message
if (ee()->input->get_post('FROM') == 'forum') {
$query = $this->_do_form_query();
$site_name = $query->row('board_label');
$return = $query->row('board_forum_url');
} else {
$site_name = ee()->config->item('site_name') == '' ? lang('back') : stripslashes(ee()->config->item('site_name'));
$return = ee()->config->item('site_url');
}
$data = array('title' => lang('mbr_registration_complete'), 'heading' => lang('thank_you'), 'content' => lang('mbr_registration_completed') . "\n\n" . $message, 'redirect' => '', 'link' => array($return, $site_name));
ee()->output->show_message($data);
}
/**
* Remote Login
*
* Allows One to Login Someone During a Form Submission
* - In EE 2.4, they abstracted the login methods a bit. We will not modify this method
* too much until any problems are known as it is not widely used.
*
* @access public
* @return string
*/
public function _remote_login()
{
/** ----------------------------------------
/** Is user already logged in?
/** ----------------------------------------*/
if (ee()->session->userdata['member_id'] != 0) {
return;
}
/** ----------------------------------------
/** Is user banned?
/** ----------------------------------------*/
if (ee()->session->userdata['is_banned'] == TRUE) {
return $this->_output_error('general', array(ee()->lang->line('not_authorized')));
}
ee()->lang->loadfile('login');
/** ----------------------------------------
/** Error trapping
/** ----------------------------------------*/
$errors = array();
/** ----------------------------------------
/** No username/password? Bounce them...
/** ----------------------------------------*/
if (!ee()->input->get('multi') and (!ee()->input->post('username') or !ee()->input->post('password'))) {
return $this->_output_error('submission', array(ee()->lang->line('mbr_form_empty')));
}
//--------------------------------------------
// 2.2.x+ needs auth lib
//--------------------------------------------
if (APP_VER >= '2.2.0') {
ee()->load->library('auth');
}
/** ----------------------------------------
/** Is IP and User Agent required for login?
/** ----------------------------------------*/
if (ee()->config->item('require_ip_for_login') == 'y') {
if (ee()->session->userdata['ip_address'] == '' or ee()->session->userdata['user_agent'] == '') {
return $this->_output_error('general', array(ee()->lang->line('unauthorized_request')));
}
}
/** ----------------------------------------
/** Check password lockout status
/** ----------------------------------------*/
if (ee()->session->check_password_lockout() === TRUE) {
$line = ee()->lang->line('password_lockout_in_effect');
$line = str_replace("%x", ee()->config->item('password_lockout_interval'), $line);
return $this->_output_error('general', array($line));
}
/** ----------------------------------------
/** Fetch member data
/** ----------------------------------------*/
if (ee()->input->get('multi') === FALSE) {
$sql = "SELECT \texp_members.*\n\t\t\t\t\tFROM \texp_members, exp_member_groups\n\t\t\t\t\tWHERE \tusername = '******'username')) . "'\n\t\t\t\t\tAND \texp_members.group_id = exp_member_groups.group_id";
if (ee()->config->item('site_id') !== FALSE) {
$sql .= " AND exp_member_groups.site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "'";
}
$query = ee()->db->query($sql);
} else {
if (ee()->config->item('allow_multi_logins') == 'n' or !ee()->config->item('multi_login_sites') or ee()->config->item('multi_login_sites') == '') {
return $this->_output_error('general', array(ee()->lang->line('not_authorized')));
}
// Current site in list. Original login site.
if (ee()->input->get('cur') === FALSE or ee()->input->get('orig') === FALSE) {
return $this->_output_error('general', array(ee()->lang->line('not_authorized')));
}
// Kill old sessions first
ee()->session->gc_probability = 100;
ee()->session->delete_old_sessions();
// Set cookie expiration to one year if the "remember me" button is clicked
$expire = !isset($_POST['auto_login']) ? '0' : 60 * 60 * 24 * 365;
// Check Session ID
$sql = "SELECT \texp_members.*\n\t\t\t\t\tFROM \texp_sessions, \n\t\t\t\t\t\t\texp_members \n\t\t\t\t\tWHERE \texp_sessions.session_id = '" . ee()->db->escape_str(ee()->input->get('multi')) . "'\n\t\t\t\t\tAND\t\texp_sessions.member_id = exp_members.member_id\n\t\t\t\t\tAND \texp_sessions.last_activity > {$expire}";
if (ee()->config->item('site_id') !== FALSE) {
$sql .= " AND exp_member_groups.site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "'";
}
$query = ee()->db->query($sql);
if ($query->num_rows() == 0) {
return;
}
// Set Various Cookies
// new auth lib in 2.2.x+ does this itself
if (APP_VER < '2.2.0') {
ee()->functions->set_cookie(ee()->session->c_password, $query->row('password'), $expire);
ee()->functions->set_cookie(ee()->session->c_anon);
ee()->functions->set_cookie(ee()->session->c_expire, time() + $expire, $expire);
ee()->functions->set_cookie(ee()->session->c_uniqueid, $query->row('unique_id'), $expire);
if (ee()->config->item('user_session_type') == 'cs' or ee()->config->item('user_session_type') == 's') {
ee()->functions->set_cookie(ee()->session->c_session, ee()->input->get('multi'), ee()->session->session_length);
}
}
// -------------------------------------------
// 'member_member_login_multi' hook.
// - Additional processing when a member is logging into multiple sites
//
if (ee()->extensions->active_hook('member_member_login_multi') === TRUE) {
$edata = ee()->extensions->universal_call('member_member_login_multi', $query->row);
if (ee()->extensions->end_script === TRUE) {
return;
}
}
//
// -------------------------------------------
// Check if there are any more sites to log into
$sites = explode('|', ee()->config->item('multi_login_sites'));
$next = ee()->input->get('cur') + 1 != ee()->input->get('orig') ? ee()->input->get('cur') + 1 : ee()->input->get('cur') + 2;
if (!isset($sites[$next])) {
// We're done.
$data = array('title' => ee()->lang->line('mbr_login'), 'heading' => ee()->lang->line('thank_you'), 'content' => ee()->lang->line('mbr_you_are_logged_in'), 'redirect' => $sites[ee()->input->get('orig')], 'link' => array($sites[ee()->input->get('orig')], ee()->lang->line('back')));
ee()->output->show_message($data);
} else {
// Next Site
$next_url = $sites[$next] . '?ACT=' . ee()->functions->fetch_action_id('Member', 'member_login') . '&multi=' . ee()->input->get('multi') . '&cur=' . $next . '&orig=' . ee()->input->get_post('orig');
return ee()->functions->redirect($next_url);
}
}
/** ----------------------------------------
/** Invalid Username
/** ----------------------------------------*/
if ($query->num_rows() == 0) {
ee()->session->save_password_lockout();
return $this->_output_error('submission', array(ee()->lang->line('no_username')));
}
/** ----------------------------------------
/** Is the member account pending?
/** ----------------------------------------*/
if ($query->row('group_id') == 4) {
return $this->_output_error('general', array(ee()->lang->line('mbr_account_not_active')));
}
// ----------------------------------------
// Check password
// ----------------------------------------
if (APP_VER < '2.2.0') {
$password = ee()->functions->hash(stripslashes(ee()->input->post('password')));
if ($query->row('password') != $password) {
// To enable backward compatibility with pMachine we'll test to see
// if the password was encrypted with MD5. If so, we will encrypt the
// password using SHA1 and update the member's info.
$orig_enc_type = ee()->config->item('encryption_type');
ee()->config->set_item('encryption_type', ee()->config->item('encryption_type') == 'md5' ? 'sha1' : 'md5');
$password = ee()->functions->hash(stripslashes(ee()->input->post('password')));
ee()->config->set_item('encryption_type', $orig_enc_type);
if ($query->row('password') == $password) {
$password = ee()->functions->hash(stripslashes(ee()->input->post('password')));
$sql = "UPDATE exp_members \n\t\t\t\t\t\t\tSET password = '******' \n\t\t\t\t\t\t\tWHERE member_id = '" . $query->row('member_id') . "' ";
ee()->db->query($sql);
} else {
/** ----------------------------------------
/** Invalid password
/** ----------------------------------------*/
ee()->session->save_password_lockout();
$errors[] = ee()->lang->line('no_password');
}
}
} else {
$passwd = ee()->auth->hash_password(stripslashes(ee()->input->post('password')), $query->row('salt'));
if (!isset($passwd['salt']) or $passwd['password'] != $query->row('password')) {
ee()->session->save_password_lockout();
$errors[] = ee()->lang->line('no_password');
}
}
/** --------------------------------------------------
/** Do we allow multiple logins on the same account?
/** --------------------------------------------------*/
if (ee()->config->item('allow_multi_logins') == 'n') {
// Kill old sessions first
ee()->session->gc_probability = 100;
ee()->session->delete_old_sessions();
$expire = time() - ee()->session->session_length;
// See if there is a current session
$sql = "SELECT ip_address, user_agent FROM exp_sessions \n\t\t\t\t\tWHERE member_id = '" . $query->row('member_id') . "'\n\t\t\t\t\tAND last_activity > {$expire}";
if (ee()->config->item('site_id') !== FALSE) {
$sql .= " AND site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "'";
}
$result = ee()->db->query($sql);
// If a session exists, trigger the error message
if ($result->num_rows() == 1) {
if (ee()->session->userdata['ip_address'] != $result->row('ip_address') or ee()->session->userdata['user_agent'] != $result->row('user_agent')) {
$errors[] = ee()->lang->line('multi_login_warning');
}
}
}
/** ----------------------------------------
/** Are there errors to display?
/** ----------------------------------------*/
if (count($errors) > 0) {
return $this->_output_error('submission', $errors);
}
/** ----------------------------------------
/** Set cookies
/** ----------------------------------------*/
// Set cookie expiration to one year if the "remember me" button is clicked
$expire = !isset($_POST['auto_login']) ? '0' : 60 * 60 * 24 * 365;
ee()->functions->set_cookie(ee()->session->c_expire, time() + $expire, $expire);
ee()->functions->set_cookie(ee()->session->c_uniqueid, $query->row('unique_id'), $expire);
if (APP_VER < '2.2.0') {
ee()->functions->set_cookie(ee()->session->c_password, $password, $expire);
} else {
$member = ee()->db->get_where('members', array('member_id' => $query->row('member_id')));
$session = new Auth_result($member->row());
if (APP_VER >= '2.4.0') {
$session->remember_me(60 * 60 * 24 * 182);
}
$session->start_session();
// Update system stats
ee()->load->library('stats');
if (!$this->check_no(ee()->config->item('enable_online_user_tracking'))) {
ee()->stats->update_stats();
}
}
// Does the user want to remain anonymous?
$anon = $this->EE->input->post('anon') == 1 ? '' : 'y';
if ($anon == 'y') {
ee()->functions->set_cookie(ee()->session->c_anon, 1, $expire);
} else {
ee()->functions->set_cookie(ee()->session->c_anon);
}
/** ----------------------------------------
/** Create a new session
/** ----------------------------------------*/
ee()->session->create_new_session($query->row('member_id'));
/** ----------------------------------------
/** Populate session
/** ----------------------------------------*/
ee()->session->userdata['username'] = $query->row('username');
ee()->session->userdata['screen_name'] = $query->row('screen_name');
ee()->session->userdata['email'] = $query->row('email');
ee()->session->userdata['url'] = $query->row('url');
ee()->session->userdata['location'] = $query->row('location');
/** ----------------------------------------
/** Update stats
/** ----------------------------------------*/
$cutoff = ee()->localize->now - 15 * 60;
$sql = "DELETE FROM \texp_online_users \n\t\t\t\t\t WHERE \t\t(ip_address = 'ee()->input->ip_address()' \n\t\t\t\t\t\t\t\t\tAND\tmember_id = '0') \n\t\t\t\t\t OR \t\t\tdate < {$cutoff}";
if (ee()->config->item('site_id') !== FALSE) {
$sql .= " AND site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "'";
}
ee()->db->query($sql);
$data = array('member_id' => ee()->session->userdata('member_id'), 'name' => ee()->session->userdata['screen_name'] == '' ? ee()->session->userdata['username'] : ee()->session->userdata['screen_name'], 'ip_address' => ee()->input->ip_address(), 'date' => ee()->localize->now, 'anon' => $anon);
if (ee()->config->item('site_id') !== FALSE) {
$data['site_id'] = ee()->config->item('site_id');
}
if (APP_VER < '2.2.0') {
if ($this->EE->config->item('enable_online_user_tracking') == 'n' or $this->EE->config->item('disable_all_tracking') == 'y') {
// No!
} else {
ee()->db->query(ee()->db->update_string('exp_online_users', $data, array("ip_address" => ee()->input->ip_address(), "member_id" => $data['member_id'])));
}
}
/** ----------------------------------------
/** Delete old password lockouts
/** ----------------------------------------*/
ee()->session->delete_password_lockout();
}
/**
* EE login
*
* This method takes an EE member id and logs that person in.
*
* @access public
* @return boolean
*/
public function ee_login($member_id = '')
{
// --------------------------------------------
// Run security tests
// --------------------------------------------
if ($this->_security() === FALSE) {
return FALSE;
}
//--------------------------------------------
// 2.2.0 Auth lib
//--------------------------------------------
ee()->load->library('auth');
// This should go in the auth lib.
if (!ee()->auth->check_require_ip()) {
$this->error[] = lang('not_authorized');
return FALSE;
}
// --------------------------------------------
// 'fbc_member_login_start' hook.
// --------------------------------------------
if (ee()->extensions->active_hook('fbc_member_login_start') === TRUE) {
$edata = ee()->extensions->universal_call('fbc_member_login_start');
if (ee()->extensions->end_script === TRUE) {
return FALSE;
}
}
// --------------------------------------------
// Kill old sessions first
// --------------------------------------------
ee()->session->gc_probability = 100;
ee()->session->delete_old_sessions();
// --------------------------------------------
// Use Facebook's session expiration as our own, or set to one day if there's any trouble.
// --------------------------------------------
$this->api();
$this->api->connect_to_api();
$expire = (isset($this->api->user['expires']) === TRUE and is_numeric($this->api->user['expires']) === TRUE) ? 86400 : $this->api->user['expires'] - time();
$expire = 86400;
// Let's do this for a while. Facebook can continually refresh the session it keeps for a user, but we are not going to try to continually update ours. Let's just give the user some breathing room.
// --------------------------------------------
// Get member data
// --------------------------------------------
if (($member_data = $this->data->get_member_data_from_member_id($member_id)) === FALSE) {
return FALSE;
}
// --------------------------------------------
// Is the member account pending?
// --------------------------------------------
if ($member_data['group_id'] == 4) {
$this->show_error(array(lang('mbr_account_not_active')));
}
// --------------------------------------------
// Do we allow multiple logins on the same account?
// --------------------------------------------
if (ee()->config->item('allow_multi_logins') == 'n') {
$expire = time() - ee()->session->session_length;
// See if there is a current session
$result = ee()->db->query("SELECT ip_address, user_agent\n\t\t\t\t\t\t\t\t FROM exp_sessions\n\t\t\t\t\t\t\t\t WHERE member_id = '" . $member_data['member_id'] . "'\n\t\t\t\t\t\t\t\t AND last_activity > " . ee()->db->escape_str($expire) . "");
// If a session exists, trigger the error message
if ($result->num_rows() == 1) {
$row = $result->row_array();
if (ee()->session->userdata('ip_address') != $row['ip_address'] or ee()->session->userdata('user_agent') != $row['user_agent']) {
$errors[] = lang('multi_login_warning');
}
}
}
// --------------------------------------------
// New auth method in EE 2.2.0
// --------------------------------------------
$member = ee()->db->get_where('members', array('member_id' => $member_data['member_id']));
$session = new Auth_result($member->row());
if (is_callable(array($session, 'remember_me'))) {
$session->remember_me(60 * 60 * 24 * 182);
}
$session->start_session();
// Update system stats
ee()->load->library('stats');
if (!$this->check_no(ee()->config->item('enable_online_user_tracking'))) {
ee()->stats->update_stats();
}
// --------------------------------------------
// Log this
// --------------------------------------------
$this->log_to_cp('Logged in', $member_data);
// --------------------------------------------
// 'fbc_member_login_single' hook.
// --------------------------------------------
if (ee()->extensions->active_hook('fbc_member_login_single') === TRUE) {
$edata = ee()->extensions->universal_call('fbc_member_login_single', $member_data);
if (ee()->extensions->end_script === TRUE) {
return FALSE;
}
}
// --------------------------------------------
// Return success
// --------------------------------------------
return TRUE;
}
/**
* Do Multi-site authentication
*
* @param array $sites Array of site URLs to login to
* @param string $login_state The hash identifying the member
* @return object member auth object
*/
private function _do_multi_auth($sites, $login_state)
{
if (!$sites or ee()->config->item('allow_multi_logins') == 'n' or empty($login_state)) {
return ee()->output->show_user_error('general', lang('not_authorized'));
}
// Kill old sessions first
ee()->session->gc_probability = 100;
ee()->session->delete_old_sessions();
// Grab session
$sess_q = ee()->db->get_where('sessions', array('user_agent' => substr(ee()->input->user_agent(), 0, 120), 'login_state' => $login_state));
if (!$sess_q->num_rows()) {
return ee()->output->show_user_error('general', lang('not_authorized'));
}
// Grab member
$mem_q = ee()->db->get_where('members', array('member_id' => $sess_q->row('member_id')));
if (!$mem_q->num_rows()) {
return FALSE;
}
$incoming = new Auth_result($mem_q->row());
$csrf_token = ee()->csrf->refresh_token();
// this is silly - only works for the first site
if (isset($_POST['auto_login'])) {
$incoming->remember_me();
}
// hook onto an existing session
$incoming->use_session_id($sess_q->row('session_id'));
$incoming->start_session();
$new_row = $sess_q->row_array();
$some_row['site_id'] = ee()->config->item('site_id');
return $incoming;
}
private function autologin($data, $member_id)
{
// Log user in (the extra query is a little annoying)
$this->EE->load->library('auth');
$member_data_q = $this->EE->db->get_where('members', array('member_id' => $member_id));
$incoming = new Auth_result($member_data_q->row());
$incoming->remember_me(60 * 60 * 24 * 182);
$incoming->start_session();
$message = lang('mbr_your_are_logged_in');
}