Exemplo n.º 1
0
 $plugins->run_hooks("member_do_login_start");
 // Is a fatal call if user has had too many tries
 $errors = array();
 $logins = login_attempt_check();
 require_once MYBB_ROOT . "inc/datahandlers/login.php";
 $loginhandler = new LoginDataHandler("get");
 if ($mybb->get_input('quick_password') && $mybb->get_input('quick_username')) {
     $mybb->input['password'] = $mybb->get_input('quick_password');
     $mybb->input['username'] = $mybb->get_input('quick_username');
     $mybb->input['remember'] = $mybb->get_input('quick_remember');
 }
 $user = array('username' => $mybb->get_input('username'), 'password' => $mybb->get_input('password'), 'remember' => $mybb->get_input('remember'), 'imagestring' => $mybb->get_input('imagestring'));
 $options = array('fields' => 'loginattempts', 'username_method' => (int) $mybb->settings['username_method']);
 $user_loginattempts = get_user_by_username($user['username'], $options);
 $user['loginattempts'] = (int) $user_loginattempts['loginattempts'];
 $loginhandler->set_data($user);
 $validated = $loginhandler->validate_login();
 if (!$validated) {
     $mybb->input['action'] = "login";
     $mybb->request_method = "get";
     my_setcookie('loginattempts', $logins + 1);
     $db->update_query("users", array('loginattempts' => 'loginattempts+1'), "uid='" . (int) $loginhandler->login_data['uid'] . "'", 1, true);
     $errors = $loginhandler->get_friendly_errors();
     $user['loginattempts'] = (int) $loginhandler->login_data['loginattempts'];
     // If we need a captcha set it here
     if ($mybb->settings['failedcaptchalogincount'] > 0 && ($user['loginattempts'] > $mybb->settings['failedcaptchalogincount'] || (int) $mybb->cookies['loginattempts'] > $mybb->settings['failedcaptchalogincount'])) {
         $do_captcha = true;
         $correct = $loginhandler->captcha_verified;
     }
 } else {
     if ($validated && $loginhandler->captcha_verified == true) {
Exemplo n.º 2
0
 /**
  * Login procedure for a user + password
  * Possible ToDo: Return error messages / array / whatever
  *
  * @param string $username Username
  * @param string $password Password of User
  * @return boolean
  */
 public function login($username, $password)
 {
     $this->plugins->run_hooks("member_do_login_start");
     /**
      * If we are already logged in, we do not have to perform the login procedure
      */
     if ($this->isLoggedIn()) {
         return true;
     }
     // Is a fatal call if user has had too many tries
     $errors = array();
     $logins = login_attempt_check();
     require_once MYBB_ROOT . "inc/datahandlers/login.php";
     $loginhandler = new LoginDataHandler("get");
     $user = array('username' => $username, 'password' => $password, 'remember' => "yes", 'imagestring' => $captcha_string);
     $options = array('fields' => 'loginattempts', 'username_method' => (int) $this->mybb->settings['username_method']);
     $user_loginattempts = get_user_by_username($user['username'], $options);
     $user['loginattempts'] = (int) $user_loginattempts['loginattempts'];
     $loginhandler->set_data($user);
     $validated = $loginhandler->validate_login();
     if (!$validated) {
         $this->mybb->input['action'] = "login";
         $this->mybb->request_method = "get";
         my_setcookie('loginattempts', $logins + 1);
         $this->db->update_query("users", array('loginattempts' => 'loginattempts+1'), "uid='" . (int) $loginhandler->login_data['uid'] . "'", 1, true);
         $errors = $loginhandler->get_friendly_errors();
         $user['loginattempts'] = (int) $loginhandler->login_data['loginattempts'];
         // TODO: Force Captchas
         return false;
     } else {
         if ($validated && $loginhandler->captcha_verified == true) {
             // Successful login but requires captcha
             if ($loginhandler->login_data['coppauser']) {
                 //error($this->lang->error_awaitingcoppa);
                 return false;
             }
             $loginhandler->complete_login();
             $this->plugins->run_hooks("member_do_login_end");
             $this->mybb->session->init();
             // Saving login data in user, so isLoggedIn works without having to reload the page
             //$this->mybb->user = $loginhandler->login_data;
             //$this->mybb->user = get_user($loginhandler->login_data['uid']);
             // Required to be able to logout immediately after logging in
             // This line is located in class_session.php of mybb
             //$this->mybb->user['logoutkey'] = md5($this->mybb->user['loginkey']);
         }
     }
     $this->plugins->run_hooks("member_do_login_end");
     return true;
 }
Exemplo n.º 3
0
         // Did we hit lockout for the first time? Send the unlock email to the administrator
         if ($loginattempts['loginattempts'] == $mybb->settings['maxloginattempts']) {
             $db->delete_query("awaitingactivation", "uid='" . (int) $login_user['uid'] . "' AND type='l'");
             $lockout_array = array("uid" => $login_user['uid'], "dateline" => TIME_NOW, "code" => random_str(), "type" => "l");
             $db->insert_query("awaitingactivation", $lockout_array);
             $subject = $lang->sprintf($lang->locked_out_subject, $mybb->settings['bbname']);
             $message = $lang->sprintf($lang->locked_out_message, htmlspecialchars_uni($mybb->input['username']), $mybb->settings['bbname'], $mybb->settings['maxloginattempts'], $mybb->settings['bburl'], $mybb->config['admin_dir'], $lockout_array['code'], $lockout_array['uid']);
             my_mail($login_user['email'], $subject, $message);
         }
         log_admin_action(array('type' => 'admin_locked_out', 'uid' => (int) $login_user['uid'], 'username' => $login_user['username']));
         $default_page->show_lockedout();
     } else {
         $default_page->show_login($lang->error_invalid_secret_pin, "error");
     }
 }
 $loginhandler->set_data(array('username' => $mybb->input['username'], 'password' => $mybb->input['password']));
 if ($loginhandler->validate_login() == true) {
     $mybb->user = get_user($loginhandler->login_data['uid']);
 }
 if ($mybb->user['uid']) {
     if (login_attempt_check_acp($mybb->user['uid']) == true) {
         log_admin_action(array('type' => 'admin_locked_out', 'uid' => (int) $mybb->user['uid'], 'username' => $mybb->user['username']));
         $default_page->show_lockedout();
     }
     $db->delete_query("adminsessions", "uid='{$mybb->user['uid']}'");
     $sid = md5(uniqid(microtime(true), true));
     $useragent = $_SERVER['HTTP_USER_AGENT'];
     if (my_strlen($useragent) > 200) {
         $useragent = my_substr($useragent, 0, 200);
     }
     // Create a new admin session for this user
Exemplo n.º 4
0
/**
 * The switch function deletes the mybbuser cookie, sets a new cookie for the selected account and starts a new session.
 * Function is called by ajax request and sends the new users post key.
 *
 */
function accountswitcher_switch()
{
    global $db, $mybb, $lang, $charset, $cache, $templates;
    if ($mybb->user['uid'] != 0 && isset($mybb->input['switchuser']) && $mybb->input['switchuser'] == 1 && $mybb->request_method == "post") {
        require_once MYBB_ROOT . "/inc/plugins/accountswitcher/class_accountswitcher.php";
        $eas = new AccountSwitcher($mybb, $db, $cache, $templates);
        // Get permissions for this user
        $userPermission = user_permissions($mybb->user['uid']);
        // Get permissions for the master. First get the master
        $master = get_user((int) $mybb->user['as_uid']);
        // Get his permissions
        $masterPermission = user_permissions($master['uid']);
        // If one of both has the permission allow to switch
        if ($userPermission['as_canswitch'] == 1 || $masterPermission['as_canswitch'] == 1) {
            if (!isset($lang->as_invaliduser)) {
                $lang->load("accountswitcher");
            }
            verify_post_check($mybb->get_input('my_post_key'));
            // Get user info
            $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
            // Check if user exists
            if (!$user) {
                error($lang->as_invaliduser);
            }
            // Can the new account be shared?
            if ($user['as_share'] != 0 && $mybb->settings['aj_shareuser'] == 1) {
                // Account already used by another user?
                if ($user['as_shareuid'] != 0) {
                    log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
                    return;
                }
                // Account only shared by buddies?
                if ($user['as_buddyshare'] != 0) {
                    // No buddy - no switch
                    if ($user['buddylist'] != '') {
                        $buddylist = explode(",", $user['buddylist']);
                    }
                    if (empty($buddylist) || !empty($buddylist) && !in_array($mybb->user['uid'], $buddylist)) {
                        log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
                        return;
                    }
                }
                // Shared account is free - set share uid
                if ($user['as_shareuid'] == 0) {
                    $updated_shareuid = array("as_shareuid" => (int) $mybb->user['uid']);
                    $db->update_query("users", $updated_shareuid, "uid='" . (int) $user['uid'] . "'");
                    $eas->update_accountswitcher_cache();
                    $user['as_shareuid'] = (int) $mybb->user['uid'];
                }
            }
            // Make sure you can switch to an attached account only
            if ($user['as_uid'] == $mybb->user['uid'] || $user['as_uid'] != 0 && $user['as_uid'] == $mybb->user['as_uid'] || $user['uid'] == $mybb->user['as_uid'] || $user['as_shareuid'] == $mybb->user['uid'] || $user['uid'] == $mybb->user['as_shareuid']) {
                // Is the current account shared?
                if ($mybb->user['as_share'] != 0) {
                    // Account used by another user?
                    if ($mybb->user['as_shareuid'] == 0) {
                        log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
                        return;
                    }
                    // Reset share uid
                    if ($mybb->user['as_shareuid'] != 0) {
                        $updated_shareuid = array("as_shareuid" => 0);
                        $db->update_query("users", $updated_shareuid, "uid='" . (int) $mybb->user['uid'] . "'");
                        $eas->update_accountswitcher_cache();
                    }
                }
                // Log the old user out
                my_unsetcookie("mybbuser");
                my_unsetcookie("sid");
                if ($mybb->user['uid']) {
                    $time = TIME_NOW;
                    // Run this after the shutdown query from session system
                    $db->shutdown_query("UPDATE " . TABLE_PREFIX . "users SET lastvisit='{$time}', lastactive='{$time}' WHERE uid='{$mybb->user['uid']}'");
                    $db->delete_query("sessions", "sid = '{$session->sid}'");
                }
                // Now let the login datahandler do the work
                require_once MYBB_ROOT . "inc/datahandlers/login.php";
                $loginhandler = new LoginDataHandler("get");
                $mybb->input['remember'] = "yes";
                $loginhandler->set_data($user);
                $validated = $loginhandler->validate_login();
                $loginhandler->complete_login();
                // Create session for this user
                require_once MYBB_ROOT . "inc/class_session.php";
                $session = new session();
                $session->init();
                $mybb->session =& $session;
                $mybb->post_code = generate_post_check();
                // Send new users post code
                header("Content-type: text/plain; charset={$charset}");
                echo $mybb->post_code;
                exit;
            } else {
                log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
                error($lang->as_notattacheduser);
            }
        }
    }
}