function mob_update_password($rpcmsg) { global $txt, $modSettings; global $cookiename, $context; global $sourcedir, $scripturl, $db_prefix; global $ID_MEMBER, $user_info; global $newpassemail, $user_profile, $validationCode; loadLanguage('Profile'); // Start with no updates and no errors. $profile_vars = array(); $post_errors = array(); $good_password = false; // reset directly with tapatalk id credential if ($rpcmsg->getParam(2)) { $_POST['passwrd1'] = $rpcmsg->getParam(0) ? $rpcmsg->getScalarValParam(0) : ''; $_POST['passwrd1'] = utf8ToAscii($_POST['passwrd1']); $token = $rpcmsg->getParam(1) ? $rpcmsg->getScalarValParam(1) : ''; $code = $rpcmsg->getParam(2) ? $rpcmsg->getScalarValParam(2) : ''; // verify Tapatalk Authorization if ($token && $code) { $ttid = TapatalkSsoVerification($token, $code); if ($ttid && $ttid->result) { $tapatalk_id_email = $ttid->email; if (empty($ID_MEMBER) && ($ID_MEMBER = emailExists($tapatalk_id_email))) { loadMemberData($ID_MEMBER, false, 'profile'); $user_info = $user_profile[$ID_MEMBER]; $user_info['is_guest'] = false; $user_info['is_admin'] = $user_info['id_group'] == 1 || in_array(1, explode(',', $user_info['additionalGroups'])); $user_info['id'] = $ID_MEMBER; if (empty($user_info['additionalGroups'])) { $user_info['groups'] = array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']); } else { $user_info['groups'] = array_merge(array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']), explode(',', $user_info['additionalGroups'])); } $user_info['groups'] = array_unique(array_map('intval', $user_info['groups'])); loadPermissions(); } if (strtolower($user_info['emailAddress']) == strtolower($tapatalk_id_email) && $user_info['ID_GROUP'] != 1) { $good_password = true; } } } if (!$good_password) { get_error('Failed to update password'); } } else { $_POST['oldpasswrd'] = $rpcmsg->getParam(0) ? $rpcmsg->getScalarValParam(0) : ''; $_POST['passwrd1'] = $rpcmsg->getParam(1) ? $rpcmsg->getScalarValParam(1) : ''; $_POST['passwrd1'] = utf8ToAscii($_POST['passwrd1']); } // Clean up the POST variables. $_POST = htmltrim__recursive($_POST); $_POST = stripslashes__recursive($_POST); $_POST = htmlspecialchars__recursive($_POST); $_POST = addslashes__recursive($_POST); $memberResult = loadMemberData($ID_MEMBER, false, 'profile'); if (!is_array($memberResult)) { fatal_lang_error(453, false); } $memID = $ID_MEMBER; $context['user']['is_owner'] = true; isAllowedTo(array('manage_membergroups', 'profile_identity_any', 'profile_identity_own')); // You didn't even enter a password! if (trim($_POST['oldpasswrd']) == '' && !$good_password) { fatal_error($txt['profile_error_no_password']); } // Since the password got modified due to all the $_POST cleaning, lets undo it so we can get the correct password $_POST['oldpasswrd'] = addslashes(un_htmlspecialchars(stripslashes($_POST['oldpasswrd']))); // Does the integration want to check passwords? if (isset($modSettings['integrate_verify_password']) && function_exists($modSettings['integrate_verify_password'])) { if (call_user_func($modSettings['integrate_verify_password'], $user_profile[$memID]['memberName'], $_POST['oldpasswrd'], false) === true) { $good_password = true; } } // Bad password!!! if (!$good_password && $user_info['passwd'] != sha1(strtolower($user_profile[$memID]['memberName']) . $_POST['oldpasswrd'])) { fatal_error($txt['profile_error_bad_password']); } // Let's get the validation function into play... require_once $sourcedir . '/Subs-Auth.php'; $passwordErrors = validatePassword($_POST['passwrd1'], $user_info['username'], array($user_info['name'], $user_info['email'])); // Were there errors? if ($passwordErrors != null) { fatal_error($txt['profile_error_password_' . $passwordErrors]); } // Set up the new password variable... ready for storage. $profile_vars['passwd'] = '\'' . sha1(strtolower($user_profile[$memID]['memberName']) . un_htmlspecialchars(stripslashes($_POST['passwrd1']))) . '\''; // If we've changed the password, notify any integration that may be listening in. if (isset($modSettings['integrate_reset_pass']) && function_exists($modSettings['integrate_reset_pass'])) { call_user_func($modSettings['integrate_reset_pass'], $user_profile[$memID]['memberName'], $user_profile[$memID]['memberName'], $_POST['passwrd1']); } updateMemberData($memID, $profile_vars); require_once $sourcedir . '/Subs-Auth.php'; setLoginCookie(60 * $modSettings['cookieTime'], $memID, sha1(sha1(strtolower($user_profile[$memID]['memberName']) . un_htmlspecialchars(stripslashes($_POST['passwrd1']))) . $user_profile[$memID]['passwordSalt'])); $response = array('result' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval('', 'base64')); return new xmlrpcresp(new xmlrpcval($response, 'struct')); }
function method_sign_in() { global $db_prefix, $context, $user_profile, $modSettings, $register, $sourcedir, $user_info, $boardurl, $txt; require_once $sourcedir . '/Register.php'; require_once $sourcedir . '/Subs-Members.php'; require_once $sourcedir . '/Subs-Auth.php'; $token = $context['mob_request']['params'][0][0]; $code = $context['mob_request']['params'][1][0]; $email = isset($context['mob_request']['params'][2][0]) ? base64_decode($context['mob_request']['params'][2][0]) : ''; $username = isset($context['mob_request']['params'][3][0]) ? base64_decode($context['mob_request']['params'][3][0]) : ''; $password = isset($context['mob_request']['params'][4][0]) ? base64_decode($context['mob_request']['params'][4][0]) : ''; // verify tapatalk token and code first $ttid = TapatalkSsoVerification($token, $code); if (empty($ttid)) { get_error('Tapatalk authorization verify failed, please login with your username and password.'); } $tapatalk_id_email = $ttid->email; $result_status = true; $register = false; $result_text = ''; if (!$ttid->result || empty($tapatalk_id_email)) { get_error($ttid->result_text ? $ttid->result_text : 'Tapatalk authorization verify failed, please login with your username and password'); } // sign in with email or register an account $login_id = emailExists($tapatalk_id_email); if (empty($login_id)) { if (empty($username)) { get_error('Invalid Parameters', 2); } else { if (isReservedName($username, 0, true, false)) { get_error($txt[473], 1); } else { if (empty($password)) { $password = tt_generatePassword(); } $_POST['user'] = $username; $_POST['email'] = $tapatalk_id_email; $_POST['passwrd1'] = $password; $_POST['passwrd2'] = $password; $_POST['regagree'] = 'on'; $_POST['regSubmit'] = 'Register'; $_POST['skip_coppa'] = 1; $_SESSION['old_url'] = $boardurl; $modSettings['disable_visual_verification'] = 1; $modSettings['recaptcha_enabled'] = 0; $modSettings['recaptcha_enable'] = 0; $modSettings['captchaenable'] = 0; // compatibility with old CAPTCHA Mod $modSettings['anti_spam_ver_enable'] = false; if ($modSettings['registration_method'] == 1) { $modSettings['registration_method'] = 0; } $login_id = Register2(); $register = true; $result_status = $modSettings['registration_method'] == 2 ? false : true; $result_text = $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : ''; if (empty($login_id)) { get_error('Register failed'); } } } } // do login if ($login_id) { $request = db_query("\n SELECT passwd, ID_MEMBER AS id_member, is_activated, ID_GROUP AS id_group, emailAddress AS email_address, additionalGroups AS additional_groups, memberName AS member_name,\n passwordSalt AS password_salt, ID_POST_GROUP\n FROM {$db_prefix}members\n WHERE ID_MEMBER = '{$login_id}'\n ", __FILE__, __LINE__); $user = mysql_fetch_assoc($request); if ($user['is_activated'] == 3 && !$register) { fatal_lang_error('still_awaiting_approval'); } // Set the login cookie setLoginCookie(60 * $modSettings['cookieTime'], $login_id, sha1($user['passwd'] . $user['password_salt'])); loadMemberData($user['id_member'], false, 'profile'); $user_info = $user_profile[$user['id_member']]; $user_info['is_guest'] = false; $user_info['is_admin'] = $user['id_group'] == 1 || in_array(1, explode(',', $user['additional_groups'])); $user_info['id'] = $user['id_member']; if (empty($user_info['additionalGroups'])) { $user_info['groups'] = array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']); } else { $user_info['groups'] = array_merge(array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']), explode(',', $user_info['additionalGroups'])); } $user_info['groups'] = array_unique(array_map('intval', $user_info['groups'])); // Banned? is_not_banned(true); // Don't stick the language or theme after this point. unset($_SESSION['language']); unset($_SESSION['ID_THEME']); // You've logged in, haven't you? updateMemberData($user_info['id'], array('lastLogin' => time(), 'memberIP' => '\'' . $user_info['ip'] . '\'', 'memberIP2' => '\'' . $_SERVER['BAN_CHECK_IP'] . '\'')); // Get rid of the online entry for that old guest.... db_query("\n DELETE FROM {$db_prefix}log_online\n WHERE session = 'ip{$user_info['ip']}'\n LIMIT 1", __FILE__, __LINE__); $_SESSION['log_time'] = 0; loadPermissions(); update_push(); // We got this far? return a positive response.... outputRPCLogin($result_status, $result_text); } else { get_error('Sign In Failed'); } }