예제 #1
0
function handle_facebook_connection_login($current_logged_in_member)
{
    if (!class_exists('ocp_tempcode')) {
        return NULL;
    }
    if (is_guest($current_logged_in_member)) {
        $current_logged_in_member = NULL;
        // We are not a normal cookie login so ocPortal has loaded up a Guest session already in the expectation of keeping it. Unsetting it will force a rebind (existing session may be reused though)
        require_code('users_inactive_occasionals');
        set_session_id(-1);
    }
    // If already session-logged-in onto a Facebook account, don't bother doing anything
    if (!is_null($current_logged_in_member) && $GLOBALS['FORUM_DRIVER']->get_member_row_field($current_logged_in_member, 'm_password_compat_scheme') == 'facebook') {
        return $current_logged_in_member;
    }
    // Who is this user, from Facebook's point of view?
    global $FACEBOOK_CONNECT;
    $facebook_uid = $FACEBOOK_CONNECT->getUser();
    if (is_null($facebook_uid)) {
        return $current_logged_in_member;
    }
    try {
        $details = $FACEBOOK_CONNECT->api('/me');
    } catch (Exception $e) {
        return $current_logged_in_member;
    }
    $details2 = $FACEBOOK_CONNECT->api('/me', array('fields' => 'picture', 'type' => 'normal'));
    if (!is_array($details) || !is_array($details2)) {
        return $current_logged_in_member;
    }
    $details = array_merge($details, $details2);
    if (!isset($details['name'])) {
        return $current_logged_in_member;
    }
    $username = $details['name'];
    $photo_url = array_key_exists('picture', $details) ? $details['picture'] : '';
    if (is_array($photo_url)) {
        $photo_url = $photo_url['data']['url'];
    }
    if ($photo_url != '') {
        $photo_url = 'http://graph.facebook.com/' . strval($facebook_uid) . '/picture?type=large';
        // In case URL changes
    }
    $avatar_url = $photo_url == '' ? mixed() : $photo_url;
    $photo_thumb_url = '';
    if ($photo_url != '') {
        $photo_thumb_url = $photo_url;
    }
    $email_address = array_key_exists('email', $details) ? $details['email'] : '';
    $timezone = mixed();
    if (isset($details['timezone'])) {
        require_code('temporal');
        $timezone = convert_timezone_offset_to_formal_timezone($details['timezone']);
    }
    $language = mixed();
    if (isset($details['locale'])) {
        $language = strtoupper($details['locale']);
    }
    if ($language !== NULL) {
        if (!file_exists(get_custom_file_base() . '/lang_custom/' . $language)) {
            $language = preg_replace('#\\_.*$#', '', $language);
            if (!file_exists(get_custom_file_base() . '/lang_custom/' . $language)) {
                $language = '';
            }
        }
    }
    $dob = array_key_exists('birthday', $details) ? $details['birthday'] : '';
    $dob_day = mixed();
    $dob_month = mixed();
    $dob_year = mixed();
    if ($dob != '') {
        $_dob = explode('/', $dob);
        $dob_day = intval($_dob[1]);
        $dob_month = intval($_dob[0]);
        $dob_year = intval($_dob[2]);
    }
    // See if they have logged in before - i.e. have a synched account
    $member_row = $GLOBALS['FORUM_DB']->query_select('f_members', array('*'), array('m_password_compat_scheme' => 'facebook', 'm_pass_hash_salted' => $facebook_uid), 'ORDER BY id DESC', 1);
    $member = array_key_exists(0, $member_row) ? $member_row[0]['id'] : NULL;
    if (is_guest($member)) {
        $member = NULL;
    }
    /*if (!is_null($member)) // Useful for debugging
    	{
    		require_code('ocf_members_action2');
    		ocf_delete_member($member);
    		$member=NULL;
    	}*/
    // If logged in before using Facebook, see if they've changed their name or email or timezone on Facebook -- if so, try and update locally to match
    if (!is_null($member)) {
        if (!is_null($current_logged_in_member) && $current_logged_in_member !== NULL && !is_guest($current_logged_in_member) && $current_logged_in_member != $member) {
            return $current_logged_in_member;
        }
        // User has an active login, and the Facebook account is bound to a DIFFERENT login. Take precedence to the other login that is active on top of this
        $last_visit_time = $member[0]['m_last_visit_time'];
        if ($timezone !== NULL) {
            if (tz_time(time(), $timezone) == tz_time(time(), $member[0]['m_timezone_offset'])) {
                $timezone = $member[0]['m_timezone_offset'];
            }
            // If equivalent, don't change
        }
        $test = $GLOBALS['FORUM_DB']->query_value_null_ok('f_members', 'id', array('m_username' => $username));
        if (!is_null($test)) {
            $update_map = array('m_username' => $username, 'm_dob_day' => $dob_day, 'm_dob_month' => $dob_month, 'm_dob_year' => $dob_year);
            if ($email_address != '') {
                $update_map['m_email_address'] = $email_address;
            }
            if ($avatar_url !== NULL && ($test == '' || strpos($test, 'facebook') !== false || strpos($test, 'fbcdn') !== false)) {
                if ($timezone !== NULL) {
                    $update_map['m_timezone_offset'] = $timezone;
                }
                $update_map['m_avatar_url'] = $avatar_url;
                $update_map['m_photo_url'] = $photo_url;
                $update_map['m_photo_thumb_url'] = $photo_thumb_url;
            }
            $GLOBALS['FORUM_DB']->query_update('f_members', $update_map, array('m_password_compat_scheme' => 'facebook', 'm_pass_hash_salted' => strval($facebook_uid)), '', 1);
            if ($username != $member[0]['m_username']) {
                // Fix cacheing for usernames
                $to_fix = array('f_forums/f_cache_last_username', 'f_posts/p_poster_name_if_guest', 'f_topics/t_cache_first_username', 'f_topics/t_cache_last_username');
                foreach ($to_fix as $fix) {
                    list($table, $field) = explode('/', $fix);
                    $GLOBALS['FORUM_DB']->query_update($table, array($field => $username), array($field => $member[0]['m_username']));
                }
            }
        }
    }
    // Not logged in before using Facebook, so we need to create an account, or bind to the active ocPortal login if there is one
    $in_a_sane_place = get_page_name() != 'login' && (running_script('index') || running_script('execute_temp'));
    // If we're in some weird script, or the login module UI, it's not a sane place, don't be doing account creation yet
    if (is_null($member) && $in_a_sane_place) {
        // Bind to existing ocPortal login?
        if (!is_null($current_logged_in_member)) {
            /*if (post_param_integer('associated_confirm',0)==0)		Won't work because Facebook is currently done in JS and cookies force this. If user wishes to cancel they must go to http://www.facebook.com/settings?tab=applications and remove the app, then run a lost password reset.
            		{
            			$title=get_page_title('LOGIN_FACEBOOK_HEADER');
            			$message=do_lang_tempcode('LOGGED_IN_SURE_FACEBOOK',escape_html($GLOBALS['FORUM_DRIVER']->get_username($current_logged_in_member)));
            			$middle=do_template('YESNO_SCREEN',array('TITLE'=>$title,'TEXT'=>$message,'HIDDEN'=>form_input_hidden('associated_confirm','1'),'URL'=>get_self_url_easy()));
            			$tpl=globalise($middle,NULL,'',true);
            			$tpl->evaluate_echo();
            			exit();
            		}*/
            $GLOBALS['FORUM_DB']->query_update('f_members', array('m_password_compat_scheme' => 'facebook', 'm_pass_hash_salted' => $facebook_uid), array('id' => $current_logged_in_member), '', 1);
            require_code('site');
            require_lang('facebook');
            attach_message(do_lang_tempcode('FACEBOOK_ACCOUNT_CONNECTED', escape_html(get_site_name()), escape_html($GLOBALS['FORUM_DRIVER']->get_username($current_logged_in_member)), array(escape_html($username))), 'inform');
            return $current_logged_in_member;
        }
        // If we're still here, we have to create a new account...
        // -------------------------------------------------------
        $completion_form_submitted = post_param('email_address', '') != '';
        // If there's a conflicting username, we may need to change it (suffix a number)
        require_code('ocf_members_action2');
        $username = get_username_from_human_name($username);
        // Ask ocP to finish off the profile from the information presented in the POST environment (a standard mechanism in ocPortal, for third party logins of various kinds)
        require_lang('ocf');
        require_code('ocf_members');
        require_code('ocf_groups');
        require_code('ocf_members2');
        require_code('ocf_members_action');
        $_custom_fields = ocf_get_all_custom_fields_match(ocf_get_all_default_groups(true), NULL, NULL, NULL, 1);
        if (!$completion_form_submitted && count($_custom_fields) != 0 && get_value('no_finish_profile') !== '1') {
            $GLOBALS['FACEBOOK_FINISHING_PROFILE'] = true;
            $middle = ocf_member_external_linker_ask($username, 'facebook', $email_address, $dob_day, $dob_month, $dob_year);
            $tpl = globalise($middle, NULL, '', true);
            $tpl->evaluate_echo();
            exit;
        } else {
            $username = post_param('username', $username);
            if (count($_custom_fields) != 0 && get_value('no_finish_profile') !== '1') {
                // Was not auto-generated, so needs to be checked
                ocf_check_name_valid($username, NULL, NULL);
            }
            $member = ocf_member_external_linker($username, $facebook_uid, 'facebook', false, $email_address, $dob_day, $dob_month, $dob_year, $timezone, $language, $avatar_url, $photo_url, $photo_thumb_url);
        }
    }
    if (!is_null($member)) {
        require_code('users_inactive_occasionals');
        create_session($member, 1, isset($_COOKIE[get_member_cookie() . '_invisible']) && $_COOKIE[get_member_cookie() . '_invisible'] == '1');
        // This will mark it as confirmed
    }
    return $member;
}
예제 #2
0
파일: ipb1.php 프로젝트: erico-deh/ocPortal
 /**
  * Find if the given member id and password is valid. If username is NULL, then the member id is used instead.
  * All authorisation, cookies, and form-logins, are passed through this function.
  * Some forums do cookie logins differently, so a Boolean is passed in to indicate whether it is a cookie login.
  *
  * @param  ?SHORT_TEXT	The member username (NULL: don't use this in the authentication - but look it up using the ID if needed)
  * @param  MEMBER			The member id
  * @param  MD5				The md5-hashed password
  * @param  string			The raw password
  * @param  boolean		Whether this is a cookie login
  * @return array			A map of 'id' and 'error'. If 'id' is NULL, an error occurred and 'error' is set
  */
 function forum_authorise_login($username, $userid, $password_hashed, $password_raw, $cookie_login = false)
 {
     unset($cookie_login);
     $out = array();
     $out['id'] = NULL;
     if (is_null($userid)) {
         $rows = $this->connection->query_select('members', array('*'), array('name' => $this->ipb_escape($username)), '', 1);
         if (array_key_exists(0, $rows)) {
             $this->MEMBER_ROWS_CACHED[$rows[0]['id']] = $rows[0];
         }
     } else {
         $rows[0] = $this->get_member_row($userid);
     }
     if (!array_key_exists(0, $rows)) {
         $out['error'] = do_lang_tempcode('_USER_NO_EXIST', $username);
         return $out;
     }
     $row = $rows[0];
     if ($this->is_banned($row['id'])) {
         $out['error'] = do_lang_tempcode('USER_BANNED');
         return $out;
     }
     if ($row['password'] != $password_hashed) {
         $out['error'] = do_lang_tempcode('USER_BAD_PASSWORD');
         return $out;
     }
     $pos = strpos(get_member_cookie(), 'member_id');
     ocp_eatcookie(substr(get_member_cookie(), 0, $pos) . 'session_id');
     $out['id'] = $row['id'];
     return $out;
 }
예제 #3
0
 /**
  * The actualiser for toggling invisible mode.
  *
  * @return tempcode	The UI.
  */
 function invisible()
 {
     if (get_option('is_on_invisibility') == '1') {
         $visible = array_key_exists(get_session_id(), $GLOBALS['SESSION_CACHE']) && $GLOBALS['SESSION_CACHE'][get_session_id()]['session_invisible'] == 0;
     } else {
         $visible = false;
         // Small fudge: always say thay are not visible now, so this will make them visible -- because they don't have permission to be invisible
     }
     $title = get_page_title($visible ? 'INVISIBLE' : 'BE_VISIBLE');
     $GLOBALS['SITE_DB']->query_update('sessions', array('session_invisible' => $visible ? 1 : 0), array('the_user' => get_member(), 'the_session' => get_session_id()), '', 1);
     global $SESSION_CACHE;
     if ($SESSION_CACHE[get_session_id()]['the_user'] == get_member()) {
         $SESSION_CACHE[get_session_id()]['session_invisible'] = $visible ? 1 : 0;
         if (get_value('session_prudence') !== '1') {
             persistant_cache_set('SESSION_CACHE', $SESSION_CACHE);
         }
     }
     decache('side_users_online');
     // Store in cookie, if we have login cookies around
     if (array_key_exists(get_member_cookie(), $_COOKIE)) {
         require_code('users_active_actions');
         ocp_setcookie(get_member_cookie() . '_invisible', strval($visible ? 1 : 0));
         $_COOKIE[get_member_cookie() . '_invisible'] = strval($visible ? 1 : 0);
     }
     $url = get_param('redirect', NULL);
     if (is_null($url)) {
         $_url = build_url(array('page' => ''), '');
         $url = $_url->evaluate();
     }
     return redirect_screen($title, $url, do_lang_tempcode('SUCCESS'));
 }
예제 #4
0
 /**
  * Find if the given member id and password is valid. If username is NULL, then the member id is used instead.
  * All authorisation, cookies, and form-logins, are passed through this function.
  * Some forums do cookie logins differently, so a Boolean is passed in to indicate whether it is a cookie login.
  *
  * @param  ?SHORT_TEXT	The member username (NULL: don't use this in the authentication - but look it up using the ID if needed)
  * @param  MEMBER			The member id
  * @param  MD5				The md5-hashed password
  * @param  string			The raw password
  * @param  boolean		Whether this is a cookie login
  * @return array			A map of 'id' and 'error'. If 'id' is NULL, an error occurred and 'error' is set
  */
 function forum_authorise_login($username, $userid, $password_hashed, $password_raw, $cookie_login = false)
 {
     $out = array();
     $out['id'] = NULL;
     if (is_null($userid)) {
         $rows = $this->connection->query_select('users', array('*'), array('username_clean' => strtolower($username)), '', 1);
         if (array_key_exists(0, $rows)) {
             $this->MEMBER_ROWS_CACHED[$rows[0]['user_id']] = $rows[0];
         }
     } else {
         $rows[0] = $this->get_member_row($userid);
     }
     if (!array_key_exists(0, $rows)) {
         $out['error'] = do_lang_tempcode('_USER_NO_EXIST', $username);
         return $out;
     }
     $row = $rows[0];
     if ($this->is_banned($row['user_id'])) {
         $out['error'] = do_lang_tempcode('USER_BANNED');
         return $out;
     }
     if ($cookie_login) {
         $lookup = $this->connection->query_value_null_ok('sessions_keys', 'user_id', array('key_id' => md5($password_raw)));
         if ($row['user_id'] !== $lookup) {
             $out['error'] = do_lang_tempcode('USER_BAD_PASSWORD');
             return $out;
         }
     } else {
         if ($row['user_password'] != $password_hashed) {
             $out['error'] = do_lang_tempcode('USER_BAD_PASSWORD');
             return $out;
         }
     }
     $pos = strpos(get_member_cookie(), '_data:userid');
     if ($pos !== false) {
         ocp_eatcookie(substr(get_member_cookie(), 0, $pos) . '_sid');
     }
     $out['id'] = $row['user_id'];
     return $out;
 }
예제 #5
0
/**
 * Get the ID of the currently active member.
 * It see's if the session exists / cookie is valid -- and gets the member id accordingly
 *
 * @param  boolean		Whether to just do a quick check, don't establish new sessions
 * @return MEMBER			The member requesting this web page (possibly the guest member - which strictly speaking, is not a member)
 */
function get_member($quick_only = false)
{
    global $SESSION_CACHE, $MEMBER_CACHED, $GETTING_MEMBER, $SITE_INFO;
    if ($MEMBER_CACHED !== NULL) {
        $GETTING_MEMBER = false;
        return $MEMBER_CACHED;
    }
    // If lots of aging sessions, clean out
    reset($SESSION_CACHE);
    if (count($SESSION_CACHE) > 50 && $SESSION_CACHE[key($SESSION_CACHE)]['last_activity'] < time() - 60 * 60 * max(1, intval(get_option('session_expiry_time')))) {
        delete_expired_sessions_or_recover();
    }
    // Try via backdoor that someone with full server access can place
    $backdoor_ip_address = mixed();
    // Enable to a real IP address to force login from FTP access (if lost admin password)
    if (array_key_exists('backdoor_ip', $SITE_INFO)) {
        $backdoor_ip_address = $SITE_INFO['backdoor_ip'];
    }
    if (is_string($backdoor_ip_address) && get_ip_address() == $backdoor_ip_address) {
        require_code('users_active_actions');
        $MEMBER_CACHED = restricted_manually_enabled_backdoor();
        // Will have created a session in here already
        return $MEMBER_CACHED;
    }
    if ($GETTING_MEMBER) {
        if (!isset($GLOBALS['FORUM_DRIVER'])) {
            return db_get_first_id();
        }
        // :S
        return $GLOBALS['FORUM_DRIVER']->get_guest_id();
    }
    $GETTING_MEMBER = true;
    global $FORCE_INVISIBLE_GUEST;
    if ($FORCE_INVISIBLE_GUEST) {
        $GETTING_MEMBER = false;
        if (!isset($GLOBALS['FORUM_DRIVER'])) {
            fatal_exit(do_lang_tempcode('INTERNAL_ERROR'));
        }
        $MEMBER_CACHED = $GLOBALS['FORUM_DRIVER']->get_guest_id();
        return $MEMBER_CACHED;
    }
    $member = NULL;
    $cookie_bits = explode(':', str_replace('|', ':', get_member_cookie()));
    $base = $cookie_bits[0];
    // Try by session
    $session = get_session_id();
    if ($session != -1 && get_param_integer('keep_force_htaccess', 0) == 0) {
        $ip = get_ip_address(3);
        // I hope AOL can cope with this
        $allow_unbound_guest = true;
        // Note: Guest sessions are not IP bound
        $member_row = NULL;
        if ($SESSION_CACHE !== NULL && array_key_exists($session, $SESSION_CACHE) && $SESSION_CACHE[$session] !== NULL && array_key_exists('the_user', $SESSION_CACHE[$session]) && (get_option('ip_strict_for_sessions') == '0' || $SESSION_CACHE[$session]['ip'] == $ip || is_guest($SESSION_CACHE[$session]['the_user']) && $allow_unbound_guest || $SESSION_CACHE[$session]['session_confirmed'] == 0 && !is_guest($SESSION_CACHE[$session]['the_user'])) && $SESSION_CACHE[$session]['last_activity'] > time() - 60 * 60 * max(1, intval(get_option('session_expiry_time')))) {
            $member_row = $SESSION_CACHE[$session];
        }
        if ($member_row !== NULL && (!array_key_exists($base, $_COOKIE) || !is_guest($member_row['the_user']))) {
            $member = $member_row['the_user'];
            if ($member !== NULL && time() - $member_row['last_activity'] > 10) {
                //$GLOBALS['SITE_DB']->query_update('sessions',array('last_activity'=>time(),'the_zone'=>get_zone_name(),'the_page'=>get_page_name()),array('the_session'=>$session),'',1);  Done in get_page_title now
                $SESSION_CACHE[$session]['last_activity'] = time();
                if (get_value('session_prudence') !== '1') {
                    persistant_cache_set('SESSION_CACHE', $SESSION_CACHE);
                }
            }
            global $SESSION_CONFIRMED;
            $SESSION_CONFIRMED = $member_row['session_confirmed'];
            if (get_forum_type() == 'ocf') {
                $GLOBALS['FORUM_DRIVER']->ocf_flood_control($member);
            }
            if (!is_guest($member) && $GLOBALS['FORUM_DRIVER']->is_banned($member)) {
                warn_exit(do_lang_tempcode('USER_BANNED'));
            }
            // Test this member still exists
            if ($GLOBALS['FORUM_DRIVER']->get_username($member) === NULL) {
                $member = $GLOBALS['FORUM_DRIVER']->get_guest_id();
            }
            if (array_key_exists($base, $_COOKIE)) {
                global $IS_A_COOKIE_LOGIN;
                $IS_A_COOKIE_LOGIN = true;
            }
        } else {
            require_code('users_inactive_occasionals');
            set_session_id(-1);
        }
    }
    if ($member === NULL && get_session_id() == -1 && get_param_integer('keep_force_htaccess', 0) == 0) {
        // Try by cookie (will defer to forum driver to authorise against detected cookie)
        require_code('users_inactive_occasionals');
        $member = try_cookie_login();
        // Can forum driver help more directly?
        if (method_exists($GLOBALS['FORUM_DRIVER'], 'get_member')) {
            $member = $GLOBALS['FORUM_DRIVER']->get_member();
        }
    }
    // Try via additional login providers. They can choose whether to respect existing $member of get_session_id() settings. Some may do an account linkage, so we need to let them decide what to do.
    $hooks = find_all_hooks('systems', 'login_providers');
    foreach (array_keys($hooks) as $hook) {
        require_code('hooks/systems/login_providers/' . $hook);
        $ob = object_factory('Hook_login_provider_' . $hook);
        $member = $ob->try_login($member);
    }
    // Guest or banned
    if ($member === NULL) {
        $member = $GLOBALS['FORUM_DRIVER']->get_guest_id();
        $is_guest = true;
    } else {
        $is_guest = is_guest($member);
    }
    // If we are doing a very quick init, bomb out now - no need to establish session etc
    global $SITE_INFO;
    if ($quick_only) {
        $GETTING_MEMBER = false;
        return $member;
    }
    // If one of the try_* functions hasn't actually created the session, call it here
    $session = get_session_id();
    if ($session == -1) {
        require_code('users_inactive_occasionals');
        create_session($member);
    }
    // If we are logged in, maybe do some further processing
    if (!$is_guest) {
        // Is there a su operation?
        $ks = get_param('keep_su', '');
        if ($ks != '') {
            require_code('users_inactive_occasionals');
            $member = try_su_login($member);
        }
        // Run hooks, if any exist
        $hooks = find_all_hooks('systems', 'upon_login');
        foreach (array_keys($hooks) as $hook) {
            require_code('hooks/systems/upon_login/' . filter_naughty($hook));
            $ob = object_factory('upon_login' . filter_naughty($hook), true);
            if ($ob === NULL) {
                continue;
            }
            $ob->run(false, NULL, $member);
            // false means "not a new login attempt"
        }
    }
    // Ok we have our answer
    $MEMBER_CACHED = $member;
    $GETTING_MEMBER = false;
    // We call this to ensure any HTTP-auth specific code has a chance to run
    is_httpauth_login();
    return $member;
}
예제 #6
0
파일: ipb3.php 프로젝트: erico-deh/ocPortal
 /**
  * Find if the given member id and password is valid. If username is NULL, then the member id is used instead.
  * All authorisation, cookies, and form-logins, are passed through this function.
  * Some forums do cookie logins differently, so a Boolean is passed in to indicate whether it is a cookie login.
  *
  * @param  ?SHORT_TEXT	The member username (NULL: don't use this in the authentication - but look it up using the ID if needed)
  * @param  MEMBER			The member id
  * @param  MD5				The md5-hashed password
  * @param  string			The raw password
  * @param  boolean		Whether this is a cookie login
  * @return array			A map of 'id' and 'error'. If 'id' is NULL, an error occurred and 'error' is set
  */
 function forum_authorise_login($username, $userid, $password_hashed, $password_raw, $cookie_login = false)
 {
     $out = array();
     $out['id'] = NULL;
     if (is_null($userid)) {
         $rows = $this->connection->query_select('members', array('*'), array('name' => $this->ipb_escape($username)), '', 1);
         if (array_key_exists(0, $rows)) {
             $this->MEMBER_ROWS_CACHED[$rows[0]['member_id']] = $rows[0];
         } else {
             $rows = $this->connection->query_select('members', array('*'), array('members_display_name' => $this->ipb_escape($username)), '', 1);
             if (array_key_exists(0, $rows)) {
                 $this->MEMBER_ROWS_CACHED[$rows[0]['member_id']] = $rows[0];
             }
         }
     } else {
         $rows[0] = $this->get_member_row($userid);
     }
     if (!array_key_exists(0, $rows)) {
         $out['error'] = do_lang_tempcode('_USER_NO_EXIST', $username);
         return $out;
     }
     $row = $rows[0];
     if ($row['member_banned'] == 1) {
         $out['error'] = do_lang_tempcode('USER_BANNED');
         return $out;
     }
     if ($cookie_login) {
         if ($password_hashed != $row['member_login_key']) {
             $out['error'] = do_lang_tempcode('USER_BAD_PASSWORD');
             return $out;
         }
         // Check stronghold
         global $SITE_INFO;
         if (array_key_exists('stronghold_cookies', $SITE_INFO) && $SITE_INFO['stronghold_cookies'] == 1) {
             $ip_octets = explode('.', ocp_srv('REMOTE_ADDR'));
             $crypt_salt = md5(get_db_forums_password() . get_db_forums_user());
             $a = get_member_cookie();
             $b = get_pass_cookie();
             for ($i = 0; $i < strlen($a) && $i < strlen($b); $i++) {
                 if ($a[$i] != $b[$i]) {
                     break;
                 }
             }
             $cookie_prefix = substr($a, 0, $i);
             $cookie = ocp_admirecookie($cookie_prefix . 'ipb_stronghold');
             $stronghold = md5(md5(strval($row['member_id']) . '-' . $ip_octets[0] . '-' . $ip_octets[1] . '-' . $row['member_login_key']) . $crypt_salt);
             if ($cookie != $stronghold) {
                 $out['error'] = do_lang_tempcode('USER_BAD_STRONGHOLD');
                 return $out;
             }
         }
     } else {
         if (!$this->_auth_hashed($row['member_id'], $password_hashed)) {
             $out['error'] = do_lang_tempcode('USER_BAD_PASSWORD');
             return $out;
         }
     }
     $pos = strpos(get_member_cookie(), 'member_id');
     ocp_eatcookie(substr(get_member_cookie(), 0, $pos) . 'session_id');
     $out['id'] = $row['member_id'];
     return $out;
 }
예제 #7
0
파일: vb3.php 프로젝트: erico-deh/ocPortal
 /**
  * Create a member login cookie.
  *
  * @param  MEMBER			The member id
  * @param  ?SHORT_TEXT	The username (NULL: lookup)
  * @param  string			The password
  */
 function forum_create_cookie($id, $name, $password)
 {
     unset($name);
     unset($password);
     // User
     ocp_setcookie(get_member_cookie(), strval($id));
     $_COOKIE[get_member_cookie()] = strval($id);
     // Password
     $password_hashed = $this->get_member_row_field($id, 'password');
     global $SITE_INFO;
     $_password = md5($password_hashed . $SITE_INFO['vb_unique_id']);
     ocp_setcookie(get_pass_cookie(), $_password);
     $_COOKIE[get_pass_cookie()] = $_password;
 }
예제 #8
0
파일: ocf.php 프로젝트: erico-deh/ocPortal
 /**
  * Create a member login cookie.
  *
  * @param  MEMBER			The member id
  * @param  ?SHORT_TEXT	The username (NULL: lookup)
  * @param  string			The password
  */
 function forum_create_cookie($id, $name, $password)
 {
     unset($name);
     unset($password);
     // User
     ocp_setcookie(get_member_cookie(), strval($id));
     $_COOKIE[get_member_cookie()] = strval($id);
     // Password
     $password_hashed_salted = $this->get_member_row_field($id, 'm_pass_hash_salted');
     $password_compat_scheme = $this->get_member_row_field($id, 'm_password_compat_scheme');
     if ($password_compat_scheme == 'plain') {
         $password_hashed_salted = md5($password_hashed_salted);
     }
     // can't do direct representation for this, would be a plain text cookie; so in forum_authorise_login we expect it to be md5'd and compare thusly (as per non-cookie call to that function)
     ocp_setcookie(get_pass_cookie(), $password_hashed_salted);
     $_COOKIE[get_pass_cookie()] = $password_hashed_salted;
 }
/**
 * Do a cookie login.
 *
 * @return MEMBER			Logged in member (NULL: no login happened)
 */
function try_cookie_login()
{
    $member = NULL;
    // Preprocess if this is a serialized cookie
    $member_cookie_name = get_member_cookie();
    $bar_pos = strpos($member_cookie_name, '|');
    $colon_pos = strpos($member_cookie_name, ':');
    if ($colon_pos !== false) {
        $base = substr($member_cookie_name, 0, $colon_pos);
        if (array_key_exists($base, $_COOKIE) && $_COOKIE[$base] != '') {
            $real_member_cookie = substr($member_cookie_name, $colon_pos + 1);
            $real_pass_cookie = substr(get_pass_cookie(), $colon_pos + 1);
            $the_cookie = $_COOKIE[$base];
            if (get_magic_quotes_gpc()) {
                $the_cookie = stripslashes($_COOKIE[$base]);
            }
            secure_serialized_data($the_cookie, array());
            $unserialize = @unserialize($the_cookie);
            if (is_array($unserialize)) {
                if (array_key_exists($real_member_cookie, $unserialize)) {
                    $the_member = $unserialize[$real_member_cookie];
                    if (get_magic_quotes_gpc()) {
                        $the_member = addslashes(@strval($the_member));
                    }
                    $_COOKIE[get_member_cookie()] = $the_member;
                }
                if (array_key_exists($real_pass_cookie, $unserialize)) {
                    $the_pass = $unserialize[$real_pass_cookie];
                    if (get_magic_quotes_gpc()) {
                        $the_pass = addslashes($the_pass);
                    }
                    $_COOKIE[get_pass_cookie()] = $the_pass;
                }
            }
        }
    } elseif ($bar_pos !== false) {
        $base = substr($member_cookie_name, 0, $bar_pos);
        if (array_key_exists($base, $_COOKIE) && $_COOKIE[$base] != '') {
            $real_member_cookie = substr($member_cookie_name, $bar_pos + 1);
            $real_pass_cookie = substr(get_pass_cookie(), $bar_pos + 1);
            $the_cookie = $_COOKIE[$base];
            if (get_magic_quotes_gpc()) {
                $the_cookie = stripslashes($_COOKIE[$base]);
            }
            $cookie_contents = explode('||', $the_cookie);
            $the_member = $cookie_contents[intval($real_member_cookie)];
            if (get_magic_quotes_gpc()) {
                $the_member = addslashes($the_member);
            }
            $_COOKIE[get_member_cookie()] = $the_member;
            $the_pass = $cookie_contents[intval($real_pass_cookie)];
            if (get_magic_quotes_gpc()) {
                $the_pass = addslashes($the_pass);
            }
            $_COOKIE[get_pass_cookie()] = $the_pass;
        }
    }
    if (array_key_exists(get_member_cookie(), $_COOKIE) && array_key_exists(get_pass_cookie(), $_COOKIE)) {
        $store = $_COOKIE[get_member_cookie()];
        $pass = $_COOKIE[get_pass_cookie()];
        if (get_magic_quotes_gpc()) {
            $store = stripslashes($store);
            $pass = stripslashes($pass);
        }
        if ($GLOBALS['FORUM_DRIVER']->is_cookie_login_name()) {
            $username = $store;
            $store = strval($GLOBALS['FORUM_DRIVER']->get_member_from_username($store));
        } else {
            $username = $GLOBALS['FORUM_DRIVER']->get_username(intval($store));
        }
        $member = intval($store);
        if (!is_guest($member)) {
            if ($GLOBALS['FORUM_DRIVER']->is_hashed()) {
                // Test password hash
                $login_array = $GLOBALS['FORUM_DRIVER']->forum_authorise_login(NULL, $member, $pass, $pass, true);
                $member = $login_array['id'];
            } else {
                // Test password plain
                $login_array = $GLOBALS['FORUM_DRIVER']->forum_authorise_login(NULL, $member, apply_forum_driver_md5_variant($pass, $username), $pass, true);
                $member = $login_array['id'];
            }
            if (!is_null($member)) {
                global $IS_A_COOKIE_LOGIN;
                $IS_A_COOKIE_LOGIN = true;
                create_session($member, 0, isset($_COOKIE[get_member_cookie() . '_invisible']) && $_COOKIE[get_member_cookie() . '_invisible'] == '1');
            }
        }
    }
    return $member;
}
예제 #10
0
 /**
  * Standard login provider hook.
  *
  * @param  ?MEMBER		Member ID already detected as logged in (NULL: none). May be a guest ID.
  * @return ?MEMBER		Member ID now detected as logged in (NULL: none). May be a guest ID.
  */
 function try_login($member)
 {
     // Some kind of OpenID provider
     try {
         require_code('openid');
         require_code('developer_tools');
         if (!isset($_REQUEST['openid_mode'])) {
             if (array_key_exists('openid_identifier', $_POST)) {
                 destrictify();
                 $openid = new LightOpenID();
                 $openid->identity = $_POST['openid_identifier'];
                 $openid->required = array('namePerson/friendly', 'namePerson', 'contact/email', 'birthDate', 'pref/language', 'media/image/default');
                 header('Location: ' . $openid->authUrl());
                 exit;
             }
         } elseif ($_GET['openid_mode'] == 'cancel') {
             destrictify();
             require_code('site');
             require_code('site2');
             attach_message('You cancelled your OpenID login, so you are not logged into the site.', 'inform');
         } else {
             destrictify();
             $openid = new LightOpenID();
             if ($openid->validate()) {
                 $attributes = $openid->getAttributes();
                 // If member already existed, no action needed - just create a session to existing record
                 $member = $GLOBALS['FORUM_DB']->query_value_null_ok('f_members', 'id', array('m_password_compat_scheme' => 'openid', 'm_pass_hash_salted' => $openid->identity));
                 if (!is_null($member)) {
                     require_code('users_inactive_occasionals');
                     create_session($member, 1, isset($_COOKIE[get_member_cookie() . '_invisible']) && $_COOKIE[get_member_cookie() . '_invisible'] == '1');
                     // This will mark it as confirmed
                     return $member;
                 }
                 require_code('ocf_members');
                 require_code('ocf_groups');
                 require_lang('ocf');
                 if (running_script('index') || running_script('execute_temp')) {
                     require_code('ocf_members_action');
                     require_code('ocf_members_action2');
                     $email = '';
                     if (array_key_exists('contact/email', $attributes)) {
                         $email = $attributes['contact/email'];
                     }
                     $username = $openid->identity;
                     // Yuck, we'll try and build on this
                     if (array_key_exists('namePerson/friendly', $attributes)) {
                         $username = $attributes['namePerson/friendly'];
                     } elseif (array_key_exists('namePerson', $attributes)) {
                         $username = $attributes['namePerson'];
                     } elseif ($email != '') {
                         $username = substr($email, 0, strpos($email, '@'));
                     }
                     if ($username != '') {
                         $_username = $username;
                         $i = 1;
                         do {
                             $test = $GLOBALS['FORUM_DB']->query_value_null_ok('f_members', 'id', array('m_username' => $_username));
                             if (!is_null($test)) {
                                 $i++;
                                 $_username = $username . ' (' . strval($i) . ')';
                             }
                         } while (!is_null($test));
                         $username = $_username;
                     }
                     $dob = '';
                     if (array_key_exists('birthDate', $attributes)) {
                         $dob = $attributes['birthDate'];
                     }
                     $dob_day = mixed();
                     $dob_month = mixed();
                     $dob_year = mixed();
                     if ($dob != '') {
                         $dob_bits = explode('-', $dob);
                         $dob_day = intval($dob_bits[2]);
                         $dob_month = intval($dob_bits[1]);
                         $dob_year = intval($dob_bits[0]);
                     }
                     $language = mixed();
                     if (array_key_exists('pref/language', $attributes)) {
                         if (file_exists(get_file_base() . '/lang_custom/' . $attributes['pref/language'])) {
                             $language = $attributes['pref/language'];
                         }
                     }
                     require_code('config2');
                     set_option('maximum_password_length', '1000');
                     $member = ocf_member_external_linker($username, $openid->identity, 'openid', false, $email, $dob_day, $dob_month, $dob_year, NULL, $language);
                     $avatar = '';
                     if (array_key_exists('media/image/default', $attributes)) {
                         $avatar = $attributes['media/image/default'];
                     }
                     ocf_member_choose_avatar($avatar, $member);
                 }
                 if (!is_null($member)) {
                     require_code('users_inactive_occasionals');
                     create_session($member, 1, isset($_COOKIE[get_member_cookie() . '_invisible']) && $_COOKIE[get_member_cookie() . '_invisible'] == '1');
                     // This will mark it as confirmed
                 }
             } else {
                 require_code('site');
                 require_code('site2');
                 attach_message('An unknown error occurred during OpenID login.', 'warn');
             }
         }
     } catch (ErrorException $e) {
         require_code('site');
         require_code('site2');
         attach_message($e->getMessage(), 'warn');
     }
     return $member;
 }
예제 #11
0
파일: smf.php 프로젝트: erico-deh/ocPortal
 /**
  * Create a member login cookie.
  *
  * @param  MEMBER			The member id
  * @param  ?SHORT_TEXT	The username (NULL: lookup)
  * @param  string			The password
  */
 function forum_create_cookie($id, $name, $password)
 {
     unset($name);
     unset($password);
     list($stub, ) = explode(':', get_member_cookie());
     if (!$GLOBALS['SMF_NEW'] || !function_exists('sha1')) {
         $row = $this->get_member_row($id);
         $_password = $this->forum_md5($row['passwd'], 'ys');
         $bits = explode('::', $_password);
         $_password = $bits[0];
     } elseif (function_exists('sha1')) {
         $row = $this->get_member_row($id);
         $_password = sha1($row['passwd'] . $row['passwordSalt']);
     }
     $data = array($id, $_password, time() + get_cookie_days() * 24 * 60 * 60, 3);
     ocp_setcookie($stub, serialize($data));
     $_COOKIE[$stub] = strval($id);
 }
예제 #12
0
/**
 * Process a logout.
 */
function handle_active_logout()
{
    // Kill cookie
    //	$expire=time()-300;
    $member_cookie_name = get_member_cookie();
    $colon_pos = strpos($member_cookie_name, ':');
    if ($colon_pos !== false) {
        $base = substr($member_cookie_name, 0, $colon_pos);
    } else {
        $real_member_cookie = get_member_cookie();
        $base = $real_member_cookie;
    }
    ocp_eatcookie($base);
    unset($_COOKIE[$base]);
    // Kill session
    $session = get_session_id();
    if ($session != -1) {
        delete_session($session);
    }
}
예제 #13
0
파일: mybb.php 프로젝트: erico-deh/ocPortal
 /**
  * Custom get member function
  *
  * @return mixed			The member or the default guest id (0)
  */
 function get_member()
 {
     //get cookie information if available
     $cookie_raw_info = array_key_exists(get_member_cookie(), $_COOKIE) ? $_COOKIE[get_member_cookie()] : '';
     $cookie_info = array();
     $cookie_info = explode('_', $cookie_raw_info);
     $cookie_member = array_key_exists(0, $cookie_info) ? $cookie_info[0] : '';
     $cookie_loginkey = array_key_exists(1, $cookie_info) ? $cookie_info[1] : '';
     if ($cookie_member != '') {
         $row = $this->get_member_row(intval($cookie_member));
         //is the cookie info correct
         if ($cookie_loginkey == $row['loginkey']) {
             //if it is correct then return the cookie member
             return $cookie_member;
         } else {
             //return the default guest id, because the login key is not correct
             return $this->get_guest_id();
         }
     } else {
         //return the default guest id, because there is no member cookie information
         return $this->get_guest_id();
     }
     //return the default guest id
     return $this->get_guest_id();
 }