*/
require_once dirname(__FILE__) . '/config.inc.php';
//find out member_id
if (strlen($_SESSION['_amember_user']['login'])) {
// found user session
$member_id = intval($_SESSION['_amember_user']['member_id']);
} else {
if (!strlen($login)) {
$login = $_SERVER['PHP_AUTH_USER'];
}
if (!strlen($login)) {
$login = $_SERVER['REMOTE_USER'];
}
$ul = $db->users_find_by_string($login, 'login', 1);
if (!count($ul)) {
$db->log_error("Unknown user was logged in: '{$login}'. Look like protection isn't setup correctly");
exit;
}
$member_id = $ul[0]['member_id'];
}
// log access
$db->log_access($member_id);
if (!$_SESSION['ip_checked']) {
//skip if already checked
if ($db->check_multiple_ip($member_id, $config['max_ip_count'], $config['max_ip_period'], $_SERVER['REMOTE_ADDR'])) {
//limit exceeded
member_lock_by_ip($member_id);
}
$_SESSION['ip_checked'] = 1;
}
session_write_close();
function _amember_check_access()
{
global $_product_id, $_link_id, $db, $config;
$this_config = $config['plugins']['protect']['php_include'];
$_SESSION['_amember_user'] = array();
$_SESSION['_amember_product_ids'] = array();
if (defined("INCREMENTAL_CONTENT_PLUGIN")) {
$_SESSION['_amember_link_ids'] = array();
}
$_SESSION['_amember_products'] = array();
$_SESSION['_amember_links'] = array();
$_SESSION['_amember_subscriptions'] = array();
$l = $_POST['amember_login'];
$p = $_POST['amember_pass'];
if (!strlen($l)) {
$l = $_GET['amember_login'];
$p = $_GET['amember_pass'];
}
if (!strlen($l)) {
$l = $_SESSION['_amember_login'];
$p = $_SESSION['_amember_pass'];
}
if (!strlen($l)) {
$l = $_COOKIE['_amember_ru'];
$p = $_COOKIE['_amember_rp'];
}
$b =& new BruteforceProtector(BRUTEFORCE_PROTECT_USER, $db, $config['bruteforce_count'], $config['bruteforce_delay']);
$b->setIP($_SERVER['REMOTE_ADDR']);
$left = null;
// how long secs to wait if login is not allowed
if (!$b->loginAllowed($left)) {
if ($_SESSION['_amember_login']) {
unset($_SESSION['_amember_login']);
}
if ($_SESSION['_amember_pass']) {
unset($_SESSION['_amember_pass']);
}
$min = ceil($left / 60);
return sprintf(_LOGIN_WAIT_BEFORE_NEXT_ATTEMPT, $min);
}
// check for vBulletin login
if (!strlen($l)) {
list($l, $p) = plugin_check_logged_in();
$skip_bruteforce_check = 1;
}
if (in_array($_POST['login_attempt_id'], (array) $_SESSION['_amember_login_attempt_id'])) {
return _LOGIN_SESSION_EXPIRED;
}
if (strlen($l) && strlen($p)) {
if (!$db->check_login($l, $p, $_SESSION['_amember_id'], $accept_md5 = 1)) {
if (!$skip_bruteforce_check) {
$b->reportFailedLogin();
}
if ($_SESSION['_amember_login']) {
unset($_SESSION['_amember_login']);
}
if ($_SESSION['_amember_pass']) {
unset($_SESSION['_amember_pass']);
}
return _LOGIN_INCORRECT;
}
if ($_product_id[0] != 'ONLY_LOGIN' && !$db->check_access($l, $_product_id) && !link_check_access($l, $_link_id)) {
$_SESSION['_amember_login'] = $l;
$_SESSION['_amember_pass'] = $p;
return sprintf(_LOGIN_ACCESS_NOT_ALLOWED, "<a href=\"{$config['root_url']}/member.php\">", "</a>");
} else {
$_SESSION['_amember_login'] = $l;
$_SESSION['_amember_pass'] = $p;
/// check for ip violance
/// lock user if it needed
// if (!$_SESSION['ip_checked']){ //skip if already checked
if ($db->check_multiple_ip($_SESSION['_amember_id'], $config['max_ip_count'], $config['max_ip_period'], $_SERVER['REMOTE_ADDR'])) {
//limit exceeded
member_lock_by_ip($_SESSION['_amember_id']);
}
$_SESSION['ip_checked'] = 1;
// }
// assign user info to session var '_amember_id
// and to same template var
$_SESSION['_amember_user'] = $db->get_user($_SESSION['_amember_id']);
$_SESSION['_amember_login'] = $_SESSION['_amember_user']['login'];
// login is case insensitive, will use original login from DB instead of $_POST['login']
if ($_SESSION['_amember_user']['data']['is_locked'] > 0) {
return _LOGIN_ACCOUNT_DISABLED;
}
if ($config['manually_approve'] && !$_SESSION['_amember_user']['data']['is_approved'] > 0) {
return _LOGIN_MANUAL_VERIFICATION_PENDING;
}
/* // it is no more needed, was developed for htpasswd
if (!strcasecmp($l, $_SESSION['_amember_user']['login']) &&
strcmp($l, $ln=$_SESSION['_amember_user']['login']))
return sprintf(_LOGIN_USERNAME_WRONG_CASE, $l, $ln);
*/
// find out active subscriptions for this user
$pl = (array) $db->get_user_payments($_SESSION['_amember_id'], 1);
$today = date('Y-m-d');
foreach ($pl as $pp) {
if ($pp['begin_date'] <= $today && $pp['expire_date'] >= $today) {
$_SESSION['_amember_product_ids'][] = $pp['product_id'];
$_SESSION['_amember_subscriptions'][] = $pp;
}
}
$_SESSION['_amember_product_ids'] = array_unique($_SESSION['_amember_product_ids']);
if (defined("INCREMENTAL_CONTENT_PLUGIN")) {
$_SESSION['_amember_links'] = user_get_links($_SESSION['_amember_id']);
}
if (defined("INCREMENTAL_CONTENT_PLUGIN")) {
if ($_SESSION['_amember_links']) {
foreach ($_SESSION['_amember_links'] as $link_id => $link) {
$_SESSION['_amember_link_ids'][] = $link_id;
}
}
}
foreach ($_SESSION['_amember_product_ids'] as $product_id) {
$pr = $db->get_product($product_id);
$urls = array();
foreach (preg_split('/[\\r\\n]+/', trim($pr['add_urls'])) as $u) {
if (!strlen($u)) {
continue;
}
list($k, $v) = preg_split('/\\|/', $u);
if (!$v) {
$v = $pr['title'];
}
$urls[$k] = $v;
}
$pr['add_urls'] = $urls;
$_SESSION['_amember_products'][] = $pr;
}
if ($_POST['login_attempt_id']) {
$_SESSION['_amember_login_attempt_id'][] = $_POST['login_attempt_id'];
}
$db->log_access($_SESSION['_amember_id']);
php_include_remember_login($_SESSION['_amember_user']);
plugin_after_login($_SESSION['_amember_user']);
return '';
}
}
return _LOGIN_PLEASE_LOGIN;
}