$aUser['month'] = (int) (empty($aUser['month']) ? date('m') : $aUser['month']); $aUser['year'] = (int) (empty($aUser['year']) ? date('Y') : $aUser['year']); if ($aUser['day'] === 0 || $aUser['day'] > 31) { $aUser['day'] = 1; } if ($aUser['month'] === 0 || $aUser['month'] > 12) { $aUser['month'] = 1; } if ($aUser['year'] < 1900) { $aUser['year'] = 1982; } $aUser['user_name'] = $aUser['user']; $aUser['user_name'] = str_replace(' ', '_', $aUser['user_name']); Phpfox::getService('user.validate')->user($aUser['user_name']); if (!Phpfox_Error::isPassed()) { Phpfox_Error::reset(); $aUser['user_name'] = $aUser['user_name'] . '_' . uniqid(); } $aInsert = array('user_group_id' => $aUser['type'] == '0' ? '1' : '2', 'user_name' => $oParseInput->clean($aUser['user_name'], 255), 'full_name' => $oParseInput->clean($aUser['user'], 255), 'status' => $oParseInput->clean($aUser['headline'], 255), 'password' => md5($aUser['password'] . md5($sSalt)), 'password_salt' => $sSalt, 'email' => $aUser['email'], 'joined' => $aUser['signup'], 'gender' => isset($aCacheGender[$aUser['gender']]) ? $aCacheGender[$aUser['gender']] : 0, 'birthday' => Phpfox::getService('user')->buildAge($aUser['day'], $aUser['month'], $aUser['year']), 'birthday_search' => Phpfox::getLib('date')->mktime(0, 0, 0, $aUser['month'], $aUser['day'], $aUser['year']), 'country_iso' => isset($aCacheCountry[$aUser['location']]) ? $aCacheCountry[$aUser['location']] : null, 'language_id' => 'en', 'time_zone' => null, 'last_login' => $aUser['login'], 'upgrade_user_id' => $aUser['id'], 'user_image' => '{file/pic/user/' . $aUser['user'] . '%s.jpg}'); $iId = $this->_db()->insert(Phpfox::getT('user'), $aInsert); // check if user profile was private if ($aUser['friends_only'] == 1) { $aPrivacy = array('user_id' => $iId, 'user_privacy' => 'profile.view_profile', 'user_value' => 2); $this->_db()->insert(Phpfox::getT('user_privacy'), $aPrivacy); } // check if only friends could add comments if ($aUser['friends_comment'] == 1) { $aPrivacy = array('user_id' => $iId, 'user_privacy' => 'comment.add_comment', 'user_value' => 2); $this->_db()->insert(Phpfox::getT('user_privacy'), $aPrivacy); } // Notifications
public function login($sLogin, $sPassword, $bRemember = false, $sType = 'email', $bNoPasswordCheck = false) { $sSelect = 'user_id, email, user_name, password, password_salt, status_id'; /* Used to control the return in case we detect a brute force attack */ $bReturn = false; $sLogin = $this->database()->escape($sLogin); if ($sPlugin = Phpfox_Plugin::get('user.service_auth_login__start')) { eval($sPlugin); if (isset($mReturn)) { return $mReturn; } } $aRow = $this->database()->select($sSelect)->from($this->_sTable)->where($sType == 'both' ? "email = '" . $sLogin . "' OR user_name = '" . $sLogin . "'" : ($sType == 'email' ? "email" : "user_name") . " = '" . $sLogin . "'")->execute('getRow'); if ($sPlugin = Phpfox_Plugin::get('user.service_auth_login_skip_email_verification')) { eval($sPlugin); } if (!defined('PHPFOX_INSTALLER') && isset($aRow['status_id']) && $aRow['status_id'] == 1 && !isset($bEmailVerification)) { Phpfox::getLib('session')->set('cache_user_id', $aRow['user_id']); if (defined('PHPFOX_MUST_PAY_FIRST')) { Phpfox::getLib('url')->send('subscribe.register', array('id' => PHPFOX_MUST_PAY_FIRST, 'login' => '1')); } Phpfox::getLib('url')->send('user.verify', null, Phpfox::getPhrase('user.you_need_to_verify_your_email_address_before_logging_in', array('email' => $aRow['email']))); } if (!isset($aRow['user_name'])) { switch (Phpfox::getParam('user.login_type')) { case 'user_name': $sMessage = Phpfox::getPhrase('user.invalid_user_name'); break; case 'email': $sMessage = Phpfox::getPhrase('user.invalid_email'); break; default: $sMessage = Phpfox::getPhrase('user.invalid_login_id'); } Phpfox_Error::set($sMessage); if ($sPlugin = Phpfox_Plugin::get('user.service_auth_login__no_user_name')) { eval($sPlugin); } //return array(false, $aRow); $bReturn = true; } else { $bDoPhpfoxLoginCheck = true; if ($sPlugin = Phpfox_Plugin::get('user.service_auth_login__password')) { eval($sPlugin); } if (!$bNoPasswordCheck && $bDoPhpfoxLoginCheck && Phpfox::getLib('hash')->setHash($sPassword, $aRow['password_salt']) != $aRow['password']) { Phpfox_Error::set(Phpfox::getPhrase('user.invalid_password')); //return array(false, $aRow); $bReturn = true; } } /* Add the check for the brute force here */ if (!empty($aRow) && !defined('PHPFOX_INSTALLER') && Phpfox::getParam('user.brute_force_time_check') > 0) { /* Check if the account is already locked */ $iLocked = $this->database()->select('brute_force_locked_at')->from(Phpfox::getT('user_field'))->where('user_id = ' . $aRow['user_id'])->execute('getSlaveField'); $iUnlockTimeOut = $iLocked + Phpfox::getParam('user.brute_force_cool_down') * 60; $iRemaining = $iUnlockTimeOut - PHPFOX_TIME; $iTimeFrom = PHPFOX_TIME - 60 * Phpfox::getParam('user.brute_force_time_check'); $iAttempts = $this->database()->select('COUNT(*)')->from(Phpfox::getT('user_ip'))->where('user_id = ' . $aRow['user_id'] . ' AND type_id = "login_failed" AND time_stamp > ' . $iTimeFrom)->execute('getSlaveField'); $aReplace = array('iCoolDown' => Phpfox::getParam('user.brute_force_cool_down'), 'sForgotLink' => Phpfox::getLib('url')->makeUrl('user.password.request'), 'iUnlockTimeOut' => ceil($iRemaining / 60)); if ($iRemaining > 0) { Phpfox_Error::reset(); Phpfox_Error::set(Phpfox::getPhrase('user.brute_force_account_locked', $aReplace)); return array(false, $aRow); } if ($iAttempts >= Phpfox::getParam('user.brute_force_attempts_count')) { $this->database()->update(Phpfox::getT('user_field'), array('brute_force_locked_at' => PHPFOX_TIME), 'user_id = ' . $aRow['user_id']); Phpfox_Error::reset(); /* adjust new remaining time*/ $aReplace['iUnlockTimeOut'] = Phpfox::getParam('user.brute_force_cool_down'); Phpfox_Error::set(Phpfox::getPhrase('user.brute_force_account_locked', $aReplace)); $bReturn = true; } } if ($bReturn == true) { /* Log the attempt */ $this->database()->insert(Phpfox::getT('user_ip'), array('user_id' => isset($aRow['user_id']) ? $aRow['user_id'] : '0', 'type_id' => 'login_failed', 'ip_address' => Phpfox::getIp(), 'time_stamp' => PHPFOX_TIME)); return array(false, $aRow); } // ban check $oBan = Phpfox::getService('ban'); if (!$oBan->check('email', $aRow['email'])) { Phpfox_Error::set(Phpfox::getPhrase('ban.global_ban_message')); } if (!$oBan->check('ip', Phpfox::getLib('request')->getIp())) { // this is a new phrase, text: "Your IP address is not allowed" Phpfox_Error::set(Phpfox::getPhrase('ban.not_allowed_ip_address')); } $aBanned = Phpfox::getService('ban')->isUserBanned($aRow); if ($aBanned['is_banned']) { if (isset($aBanned['reason']) && !empty($aBanned['reason'])) { $aBanned['reason'] = str_replace(''', "'", Phpfox::getLib('parse.output')->parse($aBanned['reason'])); $sReason = preg_replace('/\\{phrase var=\'(.*)\'\\}/ise', "'' . Phpfox::getPhrase('\\1',array(), false, null, '" . Phpfox::getUserBy('language_id') . "') . ''", $aBanned['reason']); Phpfox_Error::set($sReason); } else { Phpfox_Error::set(Phpfox::getPhrase('ban.global_ban_message')); } } if (Phpfox_Error::isPassed()) { if ($sPlugin = Phpfox_Plugin::get('user.service_auth_login__cookie_start')) { eval($sPlugin); } $sPasswordHash = Phpfox::getLib('hash')->setRandomHash(Phpfox::getLib('hash')->setHash($aRow['password'], $aRow['password_salt'])); // Set cookie (yummy) $iTime = $bRemember ? PHPFOX_TIME + 3600 * 24 * 365 : 0; Phpfox::setCookie($this->_sNameCookieUserId, $aRow['user_id'], $iTime, Phpfox::getParam('core.force_secure_site') ? true : false); Phpfox::setCookie($this->_sNameCookieHash, $sPasswordHash, $iTime, Phpfox::getParam('core.force_secure_site') ? true : false); if (!defined('PHPFOX_INSTALLER')) { Phpfox::getLib('session')->remove(Phpfox::getParam('core.theme_session_prefix') . 'theme'); } $this->database()->update($this->_sTable, array('last_login' => PHPFOX_TIME), 'user_id = ' . $aRow['user_id']); $this->database()->insert(Phpfox::getT('user_ip'), array('user_id' => $aRow['user_id'], 'type_id' => 'login', 'ip_address' => Phpfox::getIp(), 'time_stamp' => PHPFOX_TIME)); if (Phpfox::getParam('core.auth_user_via_session')) { $this->database()->delete(Phpfox::getT('session'), 'user_id = ' . (int) $aRow['user_id']); $this->database()->insert(Phpfox::getT('session'), array('user_id' => $aRow['user_id'], 'last_activity' => PHPFOX_TIME, 'id_hash' => Phpfox::getLib('request')->getIdHash())); } if ($sPlugin = Phpfox_Plugin::get('user.service_auth_login__cookie_end')) { eval($sPlugin); } return array(true, $aRow); } if ($sPlugin = Phpfox_Plugin::get('user.service_auth_login__end')) { eval($sPlugin); } return array(false, $aRow); }
/** * Adds a user. * Required fields: * - full_name - string(255) - Used as the site wide display name * - email - string(255) - Users unique email * * Option fields: * - user_name - string(100) - Used to create vanity URL, if not passed we will create one from the "full_name" * - birth_year - int - Users birth year * - birth_month - int - Users birth month * - birth_day - int - Users birth day * - gender - string - Users gender (Must be "male" or "female") * - country - string - Users location (eg. United States, Sweden etc...) * - city - string - Users city (eg. Miami, Stockholm etc...) * - state - string - Users state/province (eg. Florida, Skane etc...) * - joined - int - Time stamp of when the user joined (Must be a UNIX time stamp) * * @param array $aVals Holds an array of all the required/option fields */ public function addUser($aVals) { static $aCacheData = null; if ($aCacheData === null) { $aRows = $this->database()->select('country_iso, name')->from(Phpfox::getT('country'))->execute('getRows'); foreach ($aRows as $aRow) { $aCacheData['country'][strtolower($aRow['name'])] = $aRow['country_iso']; $aCacheData['country_iso'][$aRow['country_iso']] = $aRow['country_iso']; } $aRows = $this->database()->select('child_id, name')->from(Phpfox::getT('country_child'))->execute('getRows'); foreach ($aRows as $aRow) { $aCacheData['country_child'][strtolower($aRow['name'])] = $aRow['child_id']; } } if (empty($aVals['full_name']) || empty($aVals['email'])) { return false; } $aUser = array('user_group_id' => '2', 'full_name' => $aVals['full_name'], 'email' => $aVals['email']); $iEmailCheck = $this->database()->select('COUNT(*)')->from(Phpfox::getT('user'))->where('email = \'' . $this->database()->escape($aVals['email']) . '\'')->execute('getField'); if ($iEmailCheck) { return false; } if (empty($aVals['password'])) { $sSalt = ''; for ($i = 0; $i < 3; $i++) { $sSalt .= chr(rand(33, 91)); } } if (!empty($aVals['birth_year'])) { $aVals['day'] = (int) (empty($aVals['day']) ? date('d') : $aVals['birth_day']); $aVals['month'] = (int) (empty($aVals['month']) ? date('m') : $aVals['birth_month']); $aVals['year'] = (int) (empty($aVals['year']) ? date('Y') : $aVals['birth_year']); if ($aVals['day'] === 0 || $aVals['day'] > 31) { $aVals['day'] = 1; } if ($aVals['month'] === 0 || $aVals['month'] > 12) { $aVals['month'] = 1; } if ($aVals['year'] < 1900) { $aVals['year'] = 1982; } $aUser['birthday'] = Phpfox::getService('user')->buildAge($aVals['day'], $aVals['month'], $aVals['year']); $aUser['birthday_search'] = Phpfox::getLib('date')->mktime(0, 0, 0, $aVals['month'], $aVals['day'], $aVals['year']); } if (!empty($aVals['gender'])) { $aUser['gender'] = strtolower($aVals['gender']) == 'male' ? '1' : '2'; } if (empty($aVals['user_name'])) { $aVals['user_name'] = $aVals['full_name']; } $aUser['user_name'] = Phpfox::getLib('parse.input')->cleanTitle($aVals['user_name']); Phpfox::getService('user.validate')->user($aUser['user_name']); // $aErrors = Phpfox_Error::get(); if (!Phpfox_Error::isPassed()) { Phpfox_Error::reset(); $aUser['user_name'] = $aUser['user_name'] . '_' . uniqid(); } if (!empty($aVals['country']) && isset($aCacheData['country']) && isset($aCacheData['country'][strtolower($aVals['country'])])) { $aUser['country_iso'] = $aCacheData['country'][strtolower($aVals['country'])]; } if (!empty($aVals['country_iso']) && isset($aCacheData['country_iso']) && isset($aCacheData['country_iso'][$aVals['country_iso']])) { $aUser['country_iso'] = $aCacheData['country_iso'][$aVals['country_iso']]; } $sPassword = ''; if (empty($aVals['password'])) { for ($i = 1; $i <= 10; $i++) { $sPassword .= substr('0123456789aBcDeF/()$#!', rand(0, 21), 1); } $aUser['password'] = md5(md5($sPassword) . md5($sSalt)); $aUser['password_salt'] = $sSalt; } if (!empty($aVals['joined'])) { $aUser['joined'] = $aVals['joined']; } if (!empty($aVals['last_login'])) { $aUser['last_login'] = $aVals['last_login']; } if (!empty($aVals['last_activity'])) { $aUser['last_activity'] = $aVals['last_activity']; } $iId = $this->database()->insert(Phpfox::getT('user'), $aUser); $aUserField = array('user_id' => $iId); if (!empty($aVals['city'])) { $aUserField['city_location'] = $this->parseInput()->clean($aVals['city']); } if (!empty($aVals['state']) && isset($aCacheData['country_child']) && isset($aCacheData['country_child'][strtolower($aVals['state'])])) { $aUserField['country_child_id'] = $aCacheData['country_child'][strtolower($aVals['state'])]; } if (!empty($aVals['zip'])) { $aUserField['postal_code'] = $this->parseInput()->clean($aVals['zip']); } if (!empty($aVals['birth_year'])) { $aUserField['birthday_range'] = Phpfox::getService('user')->buildAge($aVals['day'], $aVals['month']); } if (!empty($aVals['total_view'])) { $aUserField['total_view'] = (int) $aVals['total_view']; } $this->database()->insert(Phpfox::getT('user_field'), $aUserField); $aExtra = array('user_id' => $iId); $this->database()->insert(Phpfox::getT('user_activity'), $aExtra); $this->database()->insert(Phpfox::getT('user_space'), $aExtra); $this->database()->insert(Phpfox::getT('user_count'), $aExtra); /* if (isset($aVals['import_user_id'])) { $this->database()->insert(Phpfox::getT('user_import'), array( 'import_user_id' => (int) $aVals['import_user_id'], 'user_id' => $iId ) ); } */ $oFile = Phpfox::getLib('file'); $oImage = Phpfox::getLib('image'); if (!empty($aVals['profile_image']) && file_exists($aVals['profile_image'])) { $sPath = $aVals['profile_image']; $sFileName = $iId . '%s.' . substr($sPath, -3); $sTo = Phpfox::getParam('core.dir_user') . sprintf($sFileName, ''); if (file_exists($sTo)) { $oFile->unlink($sTo); } $oFile->copy($sPath, $sTo); foreach (Phpfox::getParam('user.user_pic_sizes') as $iSize) { $oImage->createThumbnail(Phpfox::getParam('core.dir_user') . sprintf($sFileName, ''), Phpfox::getParam('core.dir_user') . sprintf($sFileName, '_' . $iSize), $iSize, $iSize); $oImage->createThumbnail(Phpfox::getParam('core.dir_user') . sprintf($sFileName, ''), Phpfox::getParam('core.dir_user') . sprintf($sFileName, '_' . $iSize . '_square'), $iSize, $iSize, false); } $this->database()->update(Phpfox::getT('user'), array('user_image' => $sFileName, 'server_id' => '0'), 'user_id = ' . (int) $iId); } return array('user_id' => $iId, 'password' => $sPassword, 'user_name' => $aUser['user_name']); }