/** * Find if the given member id and password is valid. If username is NULL, then the member id is used instead. * All authorisation, cookies, and form-logins, are passed through this function. * Some forums do cookie logins differently, so a Boolean is passed in to indicate whether it is a cookie login. * * @param ?SHORT_TEXT The member username (NULL: don't use this in the authentication - but look it up using the ID if needed) * @param MEMBER The member id * @param MD5 The md5-hashed password * @param string The raw password * @param boolean Whether this is a cookie login * @return array A map of 'id' and 'error'. If 'id' is NULL, an error occurred and 'error' is set */ function forum_authorise_login($username, $userid, $password_hashed, $password_raw, $cookie_login = false) { $out = array(); $out['id'] = NULL; if (is_null($userid)) { $rows = $this->connection->query_select('members', array('*'), array('name' => $this->ipb_escape($username)), '', 1); if (array_key_exists(0, $rows)) { $this->MEMBER_ROWS_CACHED[$rows[0]['member_id']] = $rows[0]; } else { $rows = $this->connection->query_select('members', array('*'), array('members_display_name' => $this->ipb_escape($username)), '', 1); if (array_key_exists(0, $rows)) { $this->MEMBER_ROWS_CACHED[$rows[0]['member_id']] = $rows[0]; } } } else { $rows[0] = $this->get_member_row($userid); } if (!array_key_exists(0, $rows)) { $out['error'] = do_lang_tempcode('_USER_NO_EXIST', $username); return $out; } $row = $rows[0]; if ($row['member_banned'] == 1) { $out['error'] = do_lang_tempcode('USER_BANNED'); return $out; } if ($cookie_login) { if ($password_hashed != $row['member_login_key']) { $out['error'] = do_lang_tempcode('USER_BAD_PASSWORD'); return $out; } // Check stronghold global $SITE_INFO; if (array_key_exists('stronghold_cookies', $SITE_INFO) && $SITE_INFO['stronghold_cookies'] == 1) { $ip_octets = explode('.', ocp_srv('REMOTE_ADDR')); $crypt_salt = md5(get_db_forums_password() . get_db_forums_user()); $a = get_member_cookie(); $b = get_pass_cookie(); for ($i = 0; $i < strlen($a) && $i < strlen($b); $i++) { if ($a[$i] != $b[$i]) { break; } } $cookie_prefix = substr($a, 0, $i); $cookie = ocp_admirecookie($cookie_prefix . 'ipb_stronghold'); $stronghold = md5(md5(strval($row['member_id']) . '-' . $ip_octets[0] . '-' . $ip_octets[1] . '-' . $row['member_login_key']) . $crypt_salt); if ($cookie != $stronghold) { $out['error'] = do_lang_tempcode('USER_BAD_STRONGHOLD'); return $out; } } } else { if (!$this->_auth_hashed($row['member_id'], $password_hashed)) { $out['error'] = do_lang_tempcode('USER_BAD_PASSWORD'); return $out; } } $pos = strpos(get_member_cookie(), 'member_id'); ocp_eatcookie(substr(get_member_cookie(), 0, $pos) . 'session_id'); $out['id'] = $row['member_id']; return $out; }
/** * Parts common to any modular installation step. */ function big_installation_common() { if (function_exists('set_time_limit')) { @set_time_limit(180); } if (count($_POST) == 0) { exit(do_lang('INST_POST_ERROR')); } $info_file = (file_exists('use_comp_name') ? array_key_exists('COMPUTERNAME', $_ENV) ? $_ENV['COMPUTERNAME'] : $_SERVER['SERVER_NAME'] : 'info') . '.php'; require_once get_file_base() . '/' . $info_file; require_code('database'); $forum_type = get_forum_type(); require_code('forum/' . $forum_type); $GLOBALS['FORUM_DRIVER'] = object_factory('forum_driver_' . filter_naughty_harsh($forum_type)); if ($forum_type != 'none') { $GLOBALS['FORUM_DRIVER']->connection = new database_driver(get_db_forums(), get_db_forums_host(), get_db_forums_user(), get_db_forums_password(), $GLOBALS['FORUM_DRIVER']->get_drivered_table_prefix()); } $GLOBALS['FORUM_DRIVER']->MEMBER_ROWS_CACHED = array(); $GLOBALS['FORUM_DB'] =& $GLOBALS['FORUM_DRIVER']->connection; if (method_exists($GLOBALS['FORUM_DRIVER'], 'check_db')) { if (!$GLOBALS['FORUM_DRIVER']->check_db()) { warn_exit(do_lang_tempcode('INVALID_FORUM_DATABASE')); } } require_code('database_action'); require_code('menus2'); require_code('config'); require_code('zones2'); }
/** * Load stuff that allows user code to work. */ function load_user_stuff() { if (!array_key_exists('FORUM_DRIVER', $GLOBALS) || $GLOBALS['FORUM_DRIVER'] === NULL) { global $SITE_INFO; require_code('forum_stub'); if (!array_key_exists('forum_type', $SITE_INFO)) { $SITE_INFO['forum_type'] = 'ocf'; } require_code('forum/' . $SITE_INFO['forum_type']); // So we can at least get user details $GLOBALS['FORUM_DRIVER'] = object_factory('forum_driver_' . filter_naughty_harsh($SITE_INFO['forum_type'])); if ($SITE_INFO['forum_type'] == 'ocf' && get_db_forums() == get_db_site() && $GLOBALS['FORUM_DRIVER']->get_drivered_table_prefix() == get_table_prefix() && !$GLOBALS['DEBUG_MODE']) { $GLOBALS['FORUM_DRIVER']->connection = $GLOBALS['SITE_DB']; } elseif ($SITE_INFO['forum_type'] != 'none') { $GLOBALS['FORUM_DRIVER']->connection = new database_driver(get_db_forums(), get_db_forums_host(), get_db_forums_user(), get_db_forums_password(), $GLOBALS['FORUM_DRIVER']->get_drivered_table_prefix()); } $GLOBALS['FORUM_DRIVER']->MEMBER_ROWS_CACHED = array(); $GLOBALS['FORUM_DB'] =& $GLOBALS['FORUM_DRIVER']->connection; } }