function kleeja_auth_login($name, $pass, $hashed = false, $expire, $loginadm = false, $return_name = false) { global $lang, $config, $usrcp, $userinfo; global $script_path, $script_encoding, $script_srv, $script_db, $script_user, $script_pass, $script_prefix; //check for last slash / if (isset($script_path)) { if (isset($script_path[strlen($script_path)]) && $script_path[strlen($script_path)] == '/') { $script_path = substr($script_path, 0, strlen($script_path)); } //get some useful data from phbb config file if (file_exists(PATH . $script_path . SCRIPT_CONFIG_PATH)) { include PATH . $script_path . SCRIPT_CONFIG_PATH; $forum_srv = $dbhost; $forum_db = $dbname; $forum_user = $dbuser; $forum_pass = $dbpasswd; $forum_prefix = $table_prefix; if (empty($dbhost)) { $forum_srv = 'localhost'; } if (!empty($dbport)) { $forum_srv .= ':' . $dbport; } } else { big_error('Forum path is not correct', sprintf($lang['SCRIPT_AUTH_PATH_WRONG'], 'phpBB3')); } } else { $forum_srv = $script_srv; $forum_db = $script_db; $forum_user = $script_user; $forum_pass = $script_pass; $forum_prefix = $script_prefix; } //if no variables of db if (empty($forum_srv) || empty($forum_user) || empty($forum_db)) { return; } //conecting ... $SQLBB = new SSQL($forum_srv, $forum_user, $forum_pass, $forum_db, true); $SQLBB->set_names('utf8'); unset($forum_pass); // We do not need this any longer //get utf tools global $phpbb_root_path, $phpEx; $phpbb_root_path = PATH . $script_path . '/'; $phpEx = 'php'; define('IN_PHPBB', true); include_once PATH . $script_path . '/includes/utf/utf_tools.' . $phpEx; $row_leve = 'user_type'; $admin_level = 3; $query2 = array('SELECT' => '*', 'FROM' => "`{$forum_prefix}users`"); $query2['WHERE'] = $hashed ? "user_id=" . intval($name) . " AND user_password='******' " : "username_clean='" . $SQLBB->escape(utf8_clean_string($name)) . "'"; if ($return_name) { $query2['SELECT'] = "username"; $query2['WHERE'] = "user_id=" . intval($name); } $query = ''; if (!$hashed) { $result2 = $SQLBB->build($query2); while ($row = $SQLBB->fetch($result2)) { $SQLBB->free($result2); if ($return_name) { return $row['username']; } else { if (phpbb_check_hash($pass, $row['user_password'])) { $query = $query2; } } } } else { $query = $query2; } if (empty($query)) { $SQLBB->close(); return false; } ($hook = $plugin->run_hook('qr_select_usrdata_phpbb_usr_class')) ? eval($hook) : null; //run hook $result = $SQLBB->build($query); if ($SQLBB->num($result) != 0) { while ($row = $SQLBB->fetch($result)) { if ($SQLBB->num($SQLBB->query("SELECT ban_userid FROM `{$forum_prefix}banlist` WHERE ban_userid=" . intval($row['user_id']))) == 0) { if (!$loginadm) { define('USER_ID', $row['user_id']); define('GROUP_ID', $row[$row_leve] == $admin_level ? '1' : '3'); define('USER_NAME', $row['username']); define('USER_MAIL', $row['user_email']); if ($row[$row_leve] == $admin_level) { define('USER_ADMIN', true); } } $userinfo = $row; $userinfo['group_id'] = $row[$row_leve] == $admin_level ? '1' : '3'; $user_y = kleeja_base64_encode(serialize(array('id' => $row['user_id'], 'name' => $row['username'], 'mail' => $row['user_email'], 'last_visit' => time()))); if (!$hashed && !$loginadm) { $usrcp->kleeja_set_cookie('ulogu', $usrcp->en_de_crypt($row['user_id'] . '|' . $row['user_password'] . '|' . $expire . '|' . sha1(md5($config['h_key'] . $row['user_password']) . $expire) . '|' . ($row[$row_leve] == $admin_level ? '1' : '3') . '|' . $user_y), $expire); } ($hook = $plugin->run_hook('qr_while_usrdata_phpbb_usr_class')) ? eval($hook) : null; //run hook } else { //he is banned from phpBB $SQLBB->free($result); unset($pass); $SQLBB->close(); return false; } } $SQLBB->free($result); unset($pass); $SQLBB->close(); return true; } else { $SQLBB->free($result); $SQLBB->close(); return false; } //dont know why they come here ! return false; }
switch ($db_type) { case 'mysqli': include_once $_path . 'includes/mysqli.php'; break; default: include_once $_path . 'includes/mysql.php'; } include_once 'includes/functions_install.php'; $order_update_files = array('RC_to_1.5' => 7, '1.0_to_1.5' => 8); $SQL = new SSQL($dbserver, $dbuser, $dbpass, $dbname); // // Is current db is up-to-date ? // $config['db_version'] = inst_get_config('db_version'); if ($config['db_version'] == false) { $SQL->query("INSERT INTO `{$dbprefix}config` (`name` ,`value`) VALUES ('db_version', '')"); } if (!isset($_GET['step'])) { $_GET['step'] = 'action_file'; } $IN_UPDATE = true; /** * print header */ if (!isset($_POST['action_file_do'])) { echo gettpl('header.html'); } /** * Navigation .. */ switch ($_GET['step']) {
$user_pass = $usrcp->kleeja_hash_password($_POST['password'] . $user_salt); $user_name = $SQL->escape($_POST['username']); $user_mail = $SQL->escape($_POST['email']); $config_sitename = $SQL->escape($_POST['sitename']); $config_siteurl = $SQL->escape($_POST['siteurl']); $config_sitemail = $SQL->escape($_POST['sitemail']); $config_style = $SQL->escape($_POST['style']); $config_urls_type = in_array($_POST['urls_type'], array('id', 'filename', 'direct')) ? $_POST['urls_type'] : 'id'; $clean_name = $usrcp->cleanusername($SQL->escape($user_name)); /// ok .. we will get sqls now .. include 'includes/install_sqls.php'; include 'includes/default_values.php'; $err = $dots = 0; $errors = ''; //do important alter before $SQL->query($install_sqls['ALTER_DATABASE_UTF']); $sqls_done = $sql_err = array(); foreach ($install_sqls as $name => $sql_content) { if ($name == 'DROP_TABLES' || $name == 'ALTER_DATABASE_UTF') { continue; } if ($SQL->query($sql_content)) { if ($name == 'call') { $sqls_done[] = $lang['INST_CRT_CALL']; } elseif ($name == 'reports') { $sqls_done[] = $lang['INST_CRT_REPRS']; } elseif ($name == 'stats') { $sqls_done[] = $lang['INST_CRT_STS']; } elseif ($name == 'users') { $sqls_done[] = $lang['INST_CRT_USRS']; } elseif ($name == 'users') {
/** * Get config value from database directly, if not return false. */ function inst_get_config($name) { global $SQL, $dbprefix; if (!is_resource($SQL)) { global $dbserver, $dbuser, $dbpass, $dbname; if (!isset($dbserver)) { return false; } $SQL = new SSQL($dbserver, $dbuser, $dbpass, $dbname); } $SQL->show_errors = false; $sql = "SELECT value FROM `{$dbprefix}config` WHERE `name` = '" . $name . "'"; $result = $SQL->query($sql); if ($SQL->num_rows($result) == 0) { return false; } else { $current_ver = $SQL->fetch_array($result); return $current_ver['value']; } }