예제 #1
0
*/
require_once dirname(__FILE__) . '/config.inc.php';
//find out member_id
if (strlen($_SESSION['_amember_user']['login'])) {
    // found user session
    $member_id = intval($_SESSION['_amember_user']['member_id']);
} else {
    if (!strlen($login)) {
        $login = $_SERVER['PHP_AUTH_USER'];
    }
    if (!strlen($login)) {
        $login = $_SERVER['REMOTE_USER'];
    }
    $ul = $db->users_find_by_string($login, 'login', 1);
    if (!count($ul)) {
        $db->log_error("Unknown user was logged in: '{$login}'. Look like protection isn't setup correctly");
        exit;
    }
    $member_id = $ul[0]['member_id'];
}
// log access
$db->log_access($member_id);
if (!$_SESSION['ip_checked']) {
    //skip if already checked
    if ($db->check_multiple_ip($member_id, $config['max_ip_count'], $config['max_ip_period'], $_SERVER['REMOTE_ADDR'])) {
        //limit exceeded
        member_lock_by_ip($member_id);
    }
    $_SESSION['ip_checked'] = 1;
}
session_write_close();
예제 #2
0
function _amember_check_access()
{
    global $_product_id, $_link_id, $db, $config;
    $this_config = $config['plugins']['protect']['php_include'];
    $_SESSION['_amember_user'] = array();
    $_SESSION['_amember_product_ids'] = array();
    if (defined("INCREMENTAL_CONTENT_PLUGIN")) {
        $_SESSION['_amember_link_ids'] = array();
    }
    $_SESSION['_amember_products'] = array();
    $_SESSION['_amember_links'] = array();
    $_SESSION['_amember_subscriptions'] = array();
    $l = $_POST['amember_login'];
    $p = $_POST['amember_pass'];
    if (!strlen($l)) {
        $l = $_GET['amember_login'];
        $p = $_GET['amember_pass'];
    }
    if (!strlen($l)) {
        $l = $_SESSION['_amember_login'];
        $p = $_SESSION['_amember_pass'];
    }
    if (!strlen($l)) {
        $l = $_COOKIE['_amember_ru'];
        $p = $_COOKIE['_amember_rp'];
    }
    $b =& new BruteforceProtector(BRUTEFORCE_PROTECT_USER, $db, $config['bruteforce_count'], $config['bruteforce_delay']);
    $b->setIP($_SERVER['REMOTE_ADDR']);
    $left = null;
    // how long secs to wait if login is not allowed
    if (!$b->loginAllowed($left)) {
        if ($_SESSION['_amember_login']) {
            unset($_SESSION['_amember_login']);
        }
        if ($_SESSION['_amember_pass']) {
            unset($_SESSION['_amember_pass']);
        }
        $min = ceil($left / 60);
        return sprintf(_LOGIN_WAIT_BEFORE_NEXT_ATTEMPT, $min);
    }
    // check for vBulletin login
    if (!strlen($l)) {
        list($l, $p) = plugin_check_logged_in();
        $skip_bruteforce_check = 1;
    }
    if (in_array($_POST['login_attempt_id'], (array) $_SESSION['_amember_login_attempt_id'])) {
        return _LOGIN_SESSION_EXPIRED;
    }
    if (strlen($l) && strlen($p)) {
        if (!$db->check_login($l, $p, $_SESSION['_amember_id'], $accept_md5 = 1)) {
            if (!$skip_bruteforce_check) {
                $b->reportFailedLogin();
            }
            if ($_SESSION['_amember_login']) {
                unset($_SESSION['_amember_login']);
            }
            if ($_SESSION['_amember_pass']) {
                unset($_SESSION['_amember_pass']);
            }
            return _LOGIN_INCORRECT;
        }
        if ($_product_id[0] != 'ONLY_LOGIN' && !$db->check_access($l, $_product_id) && !link_check_access($l, $_link_id)) {
            $_SESSION['_amember_login'] = $l;
            $_SESSION['_amember_pass'] = $p;
            return sprintf(_LOGIN_ACCESS_NOT_ALLOWED, "<a href=\"{$config['root_url']}/member.php\">", "</a>");
        } else {
            $_SESSION['_amember_login'] = $l;
            $_SESSION['_amember_pass'] = $p;
            /// check for ip violance
            /// lock user if it needed
            //			if (!$_SESSION['ip_checked']){ //skip if already checked
            if ($db->check_multiple_ip($_SESSION['_amember_id'], $config['max_ip_count'], $config['max_ip_period'], $_SERVER['REMOTE_ADDR'])) {
                //limit exceeded
                member_lock_by_ip($_SESSION['_amember_id']);
            }
            $_SESSION['ip_checked'] = 1;
            //		  }
            // assign user info to session var '_amember_id
            // and to same template var
            $_SESSION['_amember_user'] = $db->get_user($_SESSION['_amember_id']);
            $_SESSION['_amember_login'] = $_SESSION['_amember_user']['login'];
            // login is case insensitive, will use original login from DB instead of $_POST['login']
            if ($_SESSION['_amember_user']['data']['is_locked'] > 0) {
                return _LOGIN_ACCOUNT_DISABLED;
            }
            if ($config['manually_approve'] && !$_SESSION['_amember_user']['data']['is_approved'] > 0) {
                return _LOGIN_MANUAL_VERIFICATION_PENDING;
            }
            /* // it is no more needed, was developed for htpasswd
            			if (!strcasecmp($l, $_SESSION['_amember_user']['login']) && 
            				 strcmp($l, $ln=$_SESSION['_amember_user']['login']))
            				return sprintf(_LOGIN_USERNAME_WRONG_CASE, $l, $ln);
            			*/
            // find out active subscriptions for this user
            $pl = (array) $db->get_user_payments($_SESSION['_amember_id'], 1);
            $today = date('Y-m-d');
            foreach ($pl as $pp) {
                if ($pp['begin_date'] <= $today && $pp['expire_date'] >= $today) {
                    $_SESSION['_amember_product_ids'][] = $pp['product_id'];
                    $_SESSION['_amember_subscriptions'][] = $pp;
                }
            }
            $_SESSION['_amember_product_ids'] = array_unique($_SESSION['_amember_product_ids']);
            if (defined("INCREMENTAL_CONTENT_PLUGIN")) {
                $_SESSION['_amember_links'] = user_get_links($_SESSION['_amember_id']);
            }
            if (defined("INCREMENTAL_CONTENT_PLUGIN")) {
                if ($_SESSION['_amember_links']) {
                    foreach ($_SESSION['_amember_links'] as $link_id => $link) {
                        $_SESSION['_amember_link_ids'][] = $link_id;
                    }
                }
            }
            foreach ($_SESSION['_amember_product_ids'] as $product_id) {
                $pr = $db->get_product($product_id);
                $urls = array();
                foreach (preg_split('/[\\r\\n]+/', trim($pr['add_urls'])) as $u) {
                    if (!strlen($u)) {
                        continue;
                    }
                    list($k, $v) = preg_split('/\\|/', $u);
                    if (!$v) {
                        $v = $pr['title'];
                    }
                    $urls[$k] = $v;
                }
                $pr['add_urls'] = $urls;
                $_SESSION['_amember_products'][] = $pr;
            }
            if ($_POST['login_attempt_id']) {
                $_SESSION['_amember_login_attempt_id'][] = $_POST['login_attempt_id'];
            }
            $db->log_access($_SESSION['_amember_id']);
            php_include_remember_login($_SESSION['_amember_user']);
            plugin_after_login($_SESSION['_amember_user']);
            return '';
        }
    }
    return _LOGIN_PLEASE_LOGIN;
}