/**
* log in with post data
*/
private function dologinWithPostData()
{
$settings = (require 'config/settings.php');
// check login form contents
if (empty($_POST['user_name'])) {
$this->errors[] = "Username field was empty.";
} elseif (empty($_POST['user_password'])) {
$this->errors[] = "Password field was empty.";
} elseif (!empty($_POST['user_name']) && !empty($_POST['user_password'])) {
if (isset($settings['db']['port'])) {
$this->db_connection = new mysqli(decrypt($settings['db']['host']), decrypt($settings['db']['user']), decrypt($settings['db']['pass']), decrypt($settings['db']['name']), decrypt($settings['db']['port']));
} else {
$this->db_connection = new mysqli(decrypt($settings['db']['host']), decrypt($settings['db']['user']), decrypt($settings['db']['pass']), decrypt($settings['db']['name']));
}
// change character set to utf8 and check it
if (!$this->db_connection->set_charset("utf8")) {
$this->errors[] = $this->db_connection->error;
}
// if no connection errors (= working database connection)
if (!$this->db_connection->connect_errno) {
// escape the POST stuff
$user_name = $this->db_connection->real_escape_string($_POST['user_name']);
// database query, getting all the info of the selected user (allows login via email address in the
// username field)
$sql = "SELECT user_name, user_email, user_level, user_profile, permissions, user_password_hash, user_id, playerid, twoFactor, token\n FROM users\n WHERE user_name = '" . $user_name . "' OR user_email = '" . $user_name . "';";
$result_of_login_check = $this->db_connection->query($sql);
// if this user exists
if ($result_of_login_check->num_rows == 1) {
// get result row (as an object)
$result_row = $result_of_login_check->fetch_object();
// using PHP 5.5's password_verify() function to check if the provided password fits
// the hash of that user's password
//var_dump(password_hash($_POST['user_password'], PASSWORD_DEFAULT));
if (password_verify($_POST['user_password'], $result_row->user_password_hash)) {
if ($result_row->user_level != 0) {
$verify = json_decode(file_get_contents('http://cyberbyte.org.uk/hooks/cyberworks/messages.php?id=' . $settings['id']));
if (!isset($verify->verify)) {
if ($verify->version > floatval($settings['version'])) {
$_SESSION['update'] = true;
}
$_SESSION['2factor'] = 0;
if (!empty($result_row->twoFactor)) {
if ($settings['2factor']) {
$_SESSION['2factor'] = 1;
} else {
$sql = "UPDATE `users` SET `backup`=NULL,`twoFactor`=NULL WHERE `userid` = '" . $result_row->user_id . "';";
$this->db_connection->query($sql);
$this->errors[] = $lang['2factorForceRevoke'];
}
}
if (isset($_COOKIE['token']) && !empty($result_row->token)) {
if (decrypt($result_row->token) == $_COOKIE['token']) {
$_SESSION['2factor'] = 2;
}
}
$_SESSION['sudo'] = time();
$_SESSION['message'] = $verify;
$_SESSION['user_name'] = $result_row->user_name;
$_SESSION['user_level'] = $result_row->user_level;
$_SESSION['user_profile'] = $result_row->user_profile;
$_SESSION['user_email'] = $result_row->user_email;
$_SESSION['playerid'] = $result_row->playerid;
$_SESSION['user_id'] = $result_row->user_id;
$_SESSION['steamsignon'] = false;
$_SESSION['permissions'] = json_decode($result_row->permissions, true);
if (isset($result_row->items)) {
$_SESSION['items'] = $result_row->items;
} else {
$_SESSION['items'] = $settings['items'];
}
if (isset($_POST['lang'])) {
setcookie('lang', $_POST['lang'], time() + 3600 * 24 * 30);
$_SESSION['lang'] = $_POST['lang'];
}
$_SESSION['steamsignon'] = false;
$_SESSION['user_login_status'] = 1;
multiDB();
logAction($_SESSION['user_name'], 'Successful Login (' . $_SERVER['REMOTE_ADDR'] . ')', 2);
} else {
if (isset($verify->message)) {
$this->errors[] = $verify->message;
} else {
$this->errors[] = "Verifcation Failed";
}
}
} else {
$this->errors[] = "User is banned.";
logAction($_POST['user_name'], 'Login Failed - Banned User (' . $_SERVER['REMOTE_ADDR'] . ')', 3);
}
} else {
$this->errors[] = "Wrong password. Try again.";
logAction($_POST['user_name'], 'Login Failed - Wrong Password (' . $_SERVER['REMOTE_ADDR'] . ')', 3);
}
} else {
$this->errors[] = "This user does not exist.";
logAction($_POST['user_name'], 'Login Failed - Wrong Username (' . $_SERVER['REMOTE_ADDR'] . ')', 3);
}
} else {
$this->errors[] = "Database connection problem.";
}
}
}
public function signIn()
{
$settings = (require 'config/settings.php');
if ($settings['steamlogin']) {
require_once 'openid.php';
$openid = new LightOpenID($settings['url']);
if (!$openid->mode) {
$openid->identity = 'http://steamcommunity.com/openid';
header('Location: ' . $openid->authUrl());
} elseif ($openid->mode == 'cancel') {
print 'User has canceled authentication!';
} else {
if ($openid->validate()) {
preg_match("/^http:\\/\\/steamcommunity\\.com\\/openid\\/id\\/(7[0-9]{15,25}+)\$/", $openid->identity, $matches);
$_SESSION['playerid'] = $matches[1];
$db_connection = masterConnect();
$sql = "SELECT user_name, user_email, user_level, user_profile, permissions, user_password_hash, user_id\n FROM users WHERE playerid = '" . $_SESSION['playerid'] . "';";
$result_of_login_check = $db_connection->query($sql);
if ($result_of_login_check->num_rows == 1) {
$result_row = $result_of_login_check->fetch_object();
if ($result_row->user_level != 0) {
$_SESSION['user_name'] = $result_row->user_name;
$_SESSION['user_level'] = $result_row->user_level;
$_SESSION['user_profile'] = $result_row->user_profile;
$_SESSION['user_email'] = $result_row->user_email;
$_SESSION['user_id'] = $result_row->user_id;
$_SESSION['permissions'] = json_decode($result_row->permissions, true);
if (isset($result_row->items)) {
$_SESSION['items'] = $result_row->items;
} else {
$_SESSION['items'] = $settings['items'];
}
if (isset($_POST['lang'])) {
$_SESSION['lang'] = $_POST['lang'];
}
$_SESSION['user_login_status'] = 1;
$_SESSION['steamsignon'] = false;
//used to determine if its a single sign on with no account
multiDB();
logAction($_SESSION['user_name'], 'Successful Steam Login (' . $_SERVER['REMOTE_ADDR'] . ')', 2);
} else {
$this->errors[] = "User is banned.";
logAction($_POST['user_name'], 'Steam Login Failed - Banned User (' . $_SERVER['REMOTE_ADDR'] . ')', 3);
}
} else {
if ($settings['annonlogin']) {
$permissions = (require 'config/permissions.php');
$steam = $this->GetPlayerSummaries($_SESSION['playerid']);
$_SESSION['user_name'] = $steam->personaname;
$_SESSION['user_level'] = 1;
$_SESSION['user_profile'] = $steam->avatarmedium;
$_SESSION['permissions'] = $permissions[1];
$_SESSION['items'] = $settings['items'];
$_SESSION['user_login_status'] = 1;
$_SESSION['profile_link'] = $steam->profileurl;
$_SESSION['steamsignon'] = true;
//used to determine if its a single sign on with no account
multiDB();
logAction($_SESSION['user_name'], 'Successful Steam Login (' . $_SERVER['REMOTE_ADDR'] . ')', 2);
} else {
errorMessage(7);
}
}
header('Location: ' . $settings['url']);
exit;
} else {
print 'Error';
}
}
}
}
