function authenticate_user($user, $password, $password_is_hash = false)
{
global $db, $panther_user;
$field = is_int($user) ? 'u.id' : 'u.username';
$ps = $db->run('SELECT u.*, g.*, o.logged, o.idle FROM ' . $db->prefix . 'users AS u INNER JOIN ' . $db->prefix . 'groups AS g ON g.g_id=u.group_id LEFT JOIN ' . $db->prefix . 'online AS o ON o.user_id=u.id WHERE ' . $field . '=?', array($user));
// Check if there's a user matching $user and $password
$panther_user = $ps->fetch();
if (!isset($panther_user['id']) || $password_is_hash && !panther_hash_equals($password, $panther_user['password']) || !$password_is_hash && !panther_hash_equals($password, $panther_user['password'])) {
set_default_user();
} else {
$panther_user['is_guest'] = false;
}
}
$insert = array('ip_address' => get_remote_address(), 'username' => $form_username);
$db->insert('login_queue', $insert) or message($lang_login['IP address in queue']);
$attempt = $db->lastInsertId($db->prefix . 'login_queue');
// This time, it's actually in our favour. Yes, I know!
while (!check_queue($form_username, $attempt, $db)) {
usleep(250 * 1000);
}
//Force delay between logins, remove dead attempts
usleep(ATTEMPT_DELAY * 1000);
$data = array(':id' => $attempt, ':timeout' => TIMEOUT * 1000);
$db->delete('login_queue', 'id=:id OR last_checked < NOW() - INTERVAL :timeout MICROSECOND', $data);
}
$data = array(':username' => $form_username);
$ps = $db->select('users', 'password, salt, group_id, id, login_key', $data, 'username=:username');
$cur_user = $ps->fetch();
if (!panther_hash_equals($cur_user['password'], panther_hash($form_password . $cur_user['salt']))) {
$errors[] = sprintf($lang_login['Wrong user/pass'], ' <a href="' . panther_link($panther_url['request_password']) . '">' . $lang_login['Forgotten pass'] . '</a>');
}
($hook = get_extensions('login_after_validation')) ? eval($hook) : null;
if (empty($errors)) {
// Update the status if this is the first time the user logged in
if ($cur_user['group_id'] == PANTHER_UNVERIFIED) {
$update = array('group_id' => $panther_config['o_default_user_group']);
$data = array(':id' => $cur_user['id']);
$db->update('users', $update, 'id=:id', $data);
// Regenerate the users info cache
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require PANTHER_ROOT . 'include/cache.php';
}
generate_users_info_cache();
}
function confirm_referrer($script, $use_ip = true)
{
global $lang_common, $panther_user;
// Yeah, pretty complex ternary =)
$sent_hash = isset($_POST['csrf_token']) ? panther_trim($_POST['csrf_token']) : (isset($_GET['csrf_token']) ? panther_trim($_GET['csrf_token']) : '');
if (!panther_hash_equals(generate_csrf_token($script, $use_ip), $sent_hash)) {
message($lang_common['Bad referrer']);
}
}
