Exemplo n.º 1
0
function authenticate_user($user, $password, $password_is_hash = false)
{
    global $db, $panther_user;
    $field = is_int($user) ? 'u.id' : 'u.username';
    $ps = $db->run('SELECT u.*, g.*, o.logged, o.idle FROM ' . $db->prefix . 'users AS u INNER JOIN ' . $db->prefix . 'groups AS g ON g.g_id=u.group_id LEFT JOIN ' . $db->prefix . 'online AS o ON o.user_id=u.id WHERE ' . $field . '=?', array($user));
    // Check if there's a user matching $user and $password
    $panther_user = $ps->fetch();
    if (!isset($panther_user['id']) || $password_is_hash && !panther_hash_equals($password, $panther_user['password']) || !$password_is_hash && !panther_hash_equals($password, $panther_user['password'])) {
        set_default_user();
    } else {
        $panther_user['is_guest'] = false;
    }
}
Exemplo n.º 2
0
     $insert = array('ip_address' => get_remote_address(), 'username' => $form_username);
     $db->insert('login_queue', $insert) or message($lang_login['IP address in queue']);
     $attempt = $db->lastInsertId($db->prefix . 'login_queue');
     // This time, it's actually in our favour. Yes, I know!
     while (!check_queue($form_username, $attempt, $db)) {
         usleep(250 * 1000);
     }
     //Force delay between logins, remove dead attempts
     usleep(ATTEMPT_DELAY * 1000);
     $data = array(':id' => $attempt, ':timeout' => TIMEOUT * 1000);
     $db->delete('login_queue', 'id=:id OR last_checked < NOW() - INTERVAL :timeout MICROSECOND', $data);
 }
 $data = array(':username' => $form_username);
 $ps = $db->select('users', 'password, salt, group_id, id, login_key', $data, 'username=:username');
 $cur_user = $ps->fetch();
 if (!panther_hash_equals($cur_user['password'], panther_hash($form_password . $cur_user['salt']))) {
     $errors[] = sprintf($lang_login['Wrong user/pass'], ' <a href="' . panther_link($panther_url['request_password']) . '">' . $lang_login['Forgotten pass'] . '</a>');
 }
 ($hook = get_extensions('login_after_validation')) ? eval($hook) : null;
 if (empty($errors)) {
     // Update the status if this is the first time the user logged in
     if ($cur_user['group_id'] == PANTHER_UNVERIFIED) {
         $update = array('group_id' => $panther_config['o_default_user_group']);
         $data = array(':id' => $cur_user['id']);
         $db->update('users', $update, 'id=:id', $data);
         // Regenerate the users info cache
         if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
             require PANTHER_ROOT . 'include/cache.php';
         }
         generate_users_info_cache();
     }
Exemplo n.º 3
0
function confirm_referrer($script, $use_ip = true)
{
    global $lang_common, $panther_user;
    // Yeah, pretty complex ternary =)
    $sent_hash = isset($_POST['csrf_token']) ? panther_trim($_POST['csrf_token']) : (isset($_GET['csrf_token']) ? panther_trim($_GET['csrf_token']) : '');
    if (!panther_hash_equals(generate_csrf_token($script, $use_ip), $sent_hash)) {
        message($lang_common['Bad referrer']);
    }
}