/** * Login validation function * * Username and encoded password is compare to db entries in the jos_users * table. A successful validation updates the current session record with * the users details. */ function login($username = null, $passwd = null, $remember = 0, $userid = NULL) { global $acl, $_VERSION; $bypost = 0; $valid_remember = false; // if no username and password passed from function, then function is being called from login module/component if (!$username || !$passwd) { $username = stripslashes(strval(mosGetParam($_POST, 'username', ''))); $passwd = stripslashes(strval(mosGetParam($_POST, 'passwd', ''))); $bypost = 1; // extra check to ensure that Joomla! sessioncookie exists if (!$this->_session->session_id) { mosErrorAlert(_ALERT_ENABLED); return; } josSpoofCheck(NULL, 1); } $row = null; if (!$username || !$passwd) { mosErrorAlert(_LOGIN_INCOMPLETE); exit; } else { if ($remember && strlen($username) == 32 && $userid) { // query used for remember me cookie $harden = mosHash(@$_SERVER['HTTP_USER_AGENT']); $query = "SELECT id, name, username, password, usertype, block, gid" . "\n FROM #__users" . "\n WHERE id = " . (int) $userid; $this->_db->setQuery($query); $this->_db->loadObject($user); list($hash, $salt) = explode(':', $user->password); $check_username = md5($user->username . $harden); $check_password = md5($hash . $harden); if ($check_username == $username && $check_password == $passwd) { $row = $user; $valid_remember = true; } } else { // query used for login via login module $query = "SELECT id, name, username, password, usertype, block, gid" . "\n FROM #__users" . "\n WHERE username = "******"DELETE FROM #__session" . "\n WHERE session_id != " . $this->_db->Quote($session->session_id) . "\n AND username = "******"\n AND userid = " . (int) $row->id . "\n AND gid = " . (int) $row->gid . "\n AND guest = 0"; $this->_db->setQuery($query); $this->_db->query(); } // update user visit data $currentDate = date("Y-m-d\\TH:i:s"); $query = "UPDATE #__users" . "\n SET lastvisitDate = " . $this->_db->Quote($currentDate) . "\n WHERE id = " . (int) $session->userid; $this->_db->setQuery($query); if (!$this->_db->query()) { die($this->_db->stderr(true)); } // set remember me cookie if selected $remember = strval(mosGetParam($_POST, 'remember', '')); if ($remember == 'yes') { // cookie lifetime of 365 days $lifetime = time() + 365 * 24 * 60 * 60; $remCookieName = mosMainFrame::remCookieName_User(); $remCookieValue = mosMainFrame::remCookieValue_User($row->username) . mosMainFrame::remCookieValue_Pass($hash) . $row->id; setcookie($remCookieName, $remCookieValue, $lifetime, '/'); } mosCache::cleanCache(); } else { if ($bypost) { mosErrorAlert(_LOGIN_INCORRECT); } else { $this->logout(); mosRedirect('index.php'); } exit; } } }