/**
* Do a cookie login.
*
* @return MEMBER Logged in member (NULL: no login happened)
*/
function try_cookie_login()
{
$member = NULL;
// Preprocess if this is a serialized cookie
$member_cookie_name = get_member_cookie();
$bar_pos = strpos($member_cookie_name, '|');
$colon_pos = strpos($member_cookie_name, ':');
if ($colon_pos !== false) {
$base = substr($member_cookie_name, 0, $colon_pos);
if (array_key_exists($base, $_COOKIE) && $_COOKIE[$base] != '') {
$real_member_cookie = substr($member_cookie_name, $colon_pos + 1);
$real_pass_cookie = substr(get_pass_cookie(), $colon_pos + 1);
$the_cookie = $_COOKIE[$base];
if (get_magic_quotes_gpc()) {
$the_cookie = stripslashes($_COOKIE[$base]);
}
secure_serialized_data($the_cookie, array());
$unserialize = @unserialize($the_cookie);
if (is_array($unserialize)) {
if (array_key_exists($real_member_cookie, $unserialize)) {
$the_member = $unserialize[$real_member_cookie];
if (get_magic_quotes_gpc()) {
$the_member = addslashes(@strval($the_member));
}
$_COOKIE[get_member_cookie()] = $the_member;
}
if (array_key_exists($real_pass_cookie, $unserialize)) {
$the_pass = $unserialize[$real_pass_cookie];
if (get_magic_quotes_gpc()) {
$the_pass = addslashes($the_pass);
}
$_COOKIE[get_pass_cookie()] = $the_pass;
}
}
}
} elseif ($bar_pos !== false) {
$base = substr($member_cookie_name, 0, $bar_pos);
if (array_key_exists($base, $_COOKIE) && $_COOKIE[$base] != '') {
$real_member_cookie = substr($member_cookie_name, $bar_pos + 1);
$real_pass_cookie = substr(get_pass_cookie(), $bar_pos + 1);
$the_cookie = $_COOKIE[$base];
if (get_magic_quotes_gpc()) {
$the_cookie = stripslashes($_COOKIE[$base]);
}
$cookie_contents = explode('||', $the_cookie);
$the_member = $cookie_contents[intval($real_member_cookie)];
if (get_magic_quotes_gpc()) {
$the_member = addslashes($the_member);
}
$_COOKIE[get_member_cookie()] = $the_member;
$the_pass = $cookie_contents[intval($real_pass_cookie)];
if (get_magic_quotes_gpc()) {
$the_pass = addslashes($the_pass);
}
$_COOKIE[get_pass_cookie()] = $the_pass;
}
}
if (array_key_exists(get_member_cookie(), $_COOKIE) && array_key_exists(get_pass_cookie(), $_COOKIE)) {
$store = $_COOKIE[get_member_cookie()];
$pass = $_COOKIE[get_pass_cookie()];
if (get_magic_quotes_gpc()) {
$store = stripslashes($store);
$pass = stripslashes($pass);
}
if ($GLOBALS['FORUM_DRIVER']->is_cookie_login_name()) {
$username = $store;
$store = strval($GLOBALS['FORUM_DRIVER']->get_member_from_username($store));
} else {
$username = $GLOBALS['FORUM_DRIVER']->get_username(intval($store));
}
$member = intval($store);
if (!is_guest($member)) {
if ($GLOBALS['FORUM_DRIVER']->is_hashed()) {
// Test password hash
$login_array = $GLOBALS['FORUM_DRIVER']->forum_authorise_login(NULL, $member, $pass, $pass, true);
$member = $login_array['id'];
} else {
// Test password plain
$login_array = $GLOBALS['FORUM_DRIVER']->forum_authorise_login(NULL, $member, apply_forum_driver_md5_variant($pass, $username), $pass, true);
$member = $login_array['id'];
}
if (!is_null($member)) {
global $IS_A_COOKIE_LOGIN;
$IS_A_COOKIE_LOGIN = true;
create_session($member, 0, isset($_COOKIE[get_member_cookie() . '_invisible']) && $_COOKIE[get_member_cookie() . '_invisible'] == '1');
}
}
}
return $member;
}
/**
* The actualiser for logging in.
*
* @return tempcode The UI.
*/
function login_after()
{
breadcrumb_set_parents(array(array('_SELF:_SELF:misc', do_lang_tempcode('_LOGIN'))));
$username = trim(post_param('login_username'));
$feedback = $GLOBALS['FORUM_DRIVER']->forum_authorise_login($username, NULL, apply_forum_driver_md5_variant(trim(post_param('password')), $username), trim(post_param('password')));
$id = $feedback['id'];
if (!is_null($id)) {
$title = get_page_title('LOGGED_IN');
$url = enforce_sessioned_url(either_param('redirect'));
//set_session_id(get_session_id()); // Just in case something earlier set it to a pre-logged-in one Not needed
if (count($_POST) <= 4) {
require_code('site2');
assign_refresh($url, 0.0);
$post = new ocp_tempcode();
$refresh = new ocp_tempcode();
} else {
$post = build_keep_post_fields(array('redirect', 'redirect_passon'));
$redirect_passon = post_param('redirect_passon', NULL);
if (!is_null($redirect_passon)) {
$post->attach(form_input_hidden('redirect', $redirect_passon));
}
$refresh = do_template('JS_REFRESH', array('_GUID' => 'c7d2f9e7a2cc637f3cf9ac4d1cf97eca', 'FORM_NAME' => 'redir_form'));
}
decache('side_users_online');
return do_template('LOGIN_REDIRECT_SCREEN', array('_GUID' => '82e056de9150bbed185120eac3571f40', 'REFRESH' => $refresh, 'TITLE' => $title, 'TEXT' => do_lang_tempcode('_LOGIN_TEXT'), 'URL' => $url, 'POST' => $post));
} else {
get_page_title('USER_LOGIN_ERROR');
$text = $feedback['error'];
attach_message($text, 'warn');
if (get_forum_type() == 'ocf') {
require_lang('ocf');
$forgotten_link = build_url(array('page' => 'lostpassword'), get_module_zone('lostpassword'));
$extra = do_lang_tempcode('IF_FORGOTTEN_PASSWORD', escape_html($forgotten_link->evaluate()));
attach_message($extra, 'inform');
}
return $this->login_before();
}
}
/**
* Process a login.
*
* @param ID_TEXT Username
*/
function handle_active_login($username)
{
global $SESSION_CACHE;
$result = array();
$member_cookie_name = get_member_cookie();
$colon_pos = strpos($member_cookie_name, ':');
if ($colon_pos !== false) {
$base = substr($member_cookie_name, 0, $colon_pos);
$real_member_cookie = substr($member_cookie_name, $colon_pos + 1);
$real_pass_cookie = substr(get_pass_cookie(), $colon_pos + 1);
$serialized = true;
} else {
$real_member_cookie = get_member_cookie();
$base = $real_member_cookie;
$real_pass_cookie = get_pass_cookie();
$serialized = false;
}
$password = trim(post_param('password'));
$login_array = $GLOBALS['FORUM_DRIVER']->forum_authorise_login($username, NULL, apply_forum_driver_md5_variant($password, $username), $password);
$member = $login_array['id'];
// Run hooks, if any exist
$hooks = find_all_hooks('systems', 'upon_login');
foreach (array_keys($hooks) as $hook) {
require_code('hooks/systems/upon_login/' . filter_naughty($hook));
$ob = object_factory('upon_login' . filter_naughty($hook), true);
if (is_null($ob)) {
continue;
}
$ob->run(true, $username, $member);
// true means "a new login attempt"
}
if (!is_null($member)) {
$remember = post_param_integer('remember', 0);
// Create invisibility cookie
if (array_key_exists(get_member_cookie() . '_invisible', $_COOKIE) || $remember == 1) {
$invisible = post_param_integer('login_invisible', 0);
ocp_setcookie(get_member_cookie() . '_invisible', strval($invisible));
$_COOKIE[get_member_cookie() . '_invisible'] = strval($invisible);
}
// Store the cookies
if ($remember == 1) {
global $IS_A_COOKIE_LOGIN;
$IS_A_COOKIE_LOGIN = true;
// Create user cookie
if (method_exists($GLOBALS['FORUM_DRIVER'], 'forum_create_cookie')) {
$GLOBALS['FORUM_DRIVER']->forum_create_cookie($member, NULL, $password);
} else {
if ($GLOBALS['FORUM_DRIVER']->is_cookie_login_name()) {
$name = $GLOBALS['FORUM_DRIVER']->get_username($member);
if ($serialized) {
$result[$real_member_cookie] = $name;
} else {
ocp_setcookie(get_member_cookie(), $name, false, true);
$_COOKIE[get_member_cookie()] = $name;
}
} else {
if ($serialized) {
$result[$real_member_cookie] = $member;
} else {
ocp_setcookie(get_member_cookie(), strval($member), false, true);
$_COOKIE[get_member_cookie()] = strval($member);
}
}
// Create password cookie
if (!$serialized) {
if ($GLOBALS['FORUM_DRIVER']->is_hashed()) {
ocp_setcookie(get_pass_cookie(), apply_forum_driver_md5_variant($password, $username), false, true);
} else {
ocp_setcookie(get_pass_cookie(), $password, false, true);
}
} else {
if ($GLOBALS['FORUM_DRIVER']->is_hashed()) {
$result[$real_pass_cookie] = apply_forum_driver_md5_variant($password, $username);
} else {
$result[$real_pass_cookie] = $password;
}
$_result = serialize($result);
ocp_setcookie($base, $_result, false, true);
}
}
}
// Create session
require_code('users_inactive_occasionals');
create_session($member, 1, post_param_integer('login_invisible', 0) == 1);
} else {
$GLOBALS['SITE_DB']->query_insert('failedlogins', array('failed_account' => substr(trim(post_param('login_username')), 0, 80), 'date_and_time' => time(), 'ip' => get_ip_address()));
$count = $GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT COUNT(*) FROM ' . get_table_prefix() . 'failedlogins WHERE date_and_time>' . strval(time() - 60 * 15) . ' AND ' . db_string_equal_to('ip', get_ip_address()));
if ($count > 30) {
log_hack_attack_and_exit('BRUTEFORCE_LOGIN_HACK');
}
}
}
