$plugins->run_hooks("member_do_login_start"); // Is a fatal call if user has had too many tries $errors = array(); $logins = login_attempt_check(); require_once MYBB_ROOT . "inc/datahandlers/login.php"; $loginhandler = new LoginDataHandler("get"); if ($mybb->get_input('quick_password') && $mybb->get_input('quick_username')) { $mybb->input['password'] = $mybb->get_input('quick_password'); $mybb->input['username'] = $mybb->get_input('quick_username'); $mybb->input['remember'] = $mybb->get_input('quick_remember'); } $user = array('username' => $mybb->get_input('username'), 'password' => $mybb->get_input('password'), 'remember' => $mybb->get_input('remember'), 'imagestring' => $mybb->get_input('imagestring')); $options = array('fields' => 'loginattempts', 'username_method' => (int) $mybb->settings['username_method']); $user_loginattempts = get_user_by_username($user['username'], $options); $user['loginattempts'] = (int) $user_loginattempts['loginattempts']; $loginhandler->set_data($user); $validated = $loginhandler->validate_login(); if (!$validated) { $mybb->input['action'] = "login"; $mybb->request_method = "get"; my_setcookie('loginattempts', $logins + 1); $db->update_query("users", array('loginattempts' => 'loginattempts+1'), "uid='" . (int) $loginhandler->login_data['uid'] . "'", 1, true); $errors = $loginhandler->get_friendly_errors(); $user['loginattempts'] = (int) $loginhandler->login_data['loginattempts']; // If we need a captcha set it here if ($mybb->settings['failedcaptchalogincount'] > 0 && ($user['loginattempts'] > $mybb->settings['failedcaptchalogincount'] || (int) $mybb->cookies['loginattempts'] > $mybb->settings['failedcaptchalogincount'])) { $do_captcha = true; $correct = $loginhandler->captcha_verified; } } else { if ($validated && $loginhandler->captcha_verified == true) {
/** * Login procedure for a user + password * Possible ToDo: Return error messages / array / whatever * * @param string $username Username * @param string $password Password of User * @return boolean */ public function login($username, $password) { $this->plugins->run_hooks("member_do_login_start"); /** * If we are already logged in, we do not have to perform the login procedure */ if ($this->isLoggedIn()) { return true; } // Is a fatal call if user has had too many tries $errors = array(); $logins = login_attempt_check(); require_once MYBB_ROOT . "inc/datahandlers/login.php"; $loginhandler = new LoginDataHandler("get"); $user = array('username' => $username, 'password' => $password, 'remember' => "yes", 'imagestring' => $captcha_string); $options = array('fields' => 'loginattempts', 'username_method' => (int) $this->mybb->settings['username_method']); $user_loginattempts = get_user_by_username($user['username'], $options); $user['loginattempts'] = (int) $user_loginattempts['loginattempts']; $loginhandler->set_data($user); $validated = $loginhandler->validate_login(); if (!$validated) { $this->mybb->input['action'] = "login"; $this->mybb->request_method = "get"; my_setcookie('loginattempts', $logins + 1); $this->db->update_query("users", array('loginattempts' => 'loginattempts+1'), "uid='" . (int) $loginhandler->login_data['uid'] . "'", 1, true); $errors = $loginhandler->get_friendly_errors(); $user['loginattempts'] = (int) $loginhandler->login_data['loginattempts']; // TODO: Force Captchas return false; } else { if ($validated && $loginhandler->captcha_verified == true) { // Successful login but requires captcha if ($loginhandler->login_data['coppauser']) { //error($this->lang->error_awaitingcoppa); return false; } $loginhandler->complete_login(); $this->plugins->run_hooks("member_do_login_end"); $this->mybb->session->init(); // Saving login data in user, so isLoggedIn works without having to reload the page //$this->mybb->user = $loginhandler->login_data; //$this->mybb->user = get_user($loginhandler->login_data['uid']); // Required to be able to logout immediately after logging in // This line is located in class_session.php of mybb //$this->mybb->user['logoutkey'] = md5($this->mybb->user['loginkey']); } } $this->plugins->run_hooks("member_do_login_end"); return true; }
// Did we hit lockout for the first time? Send the unlock email to the administrator if ($loginattempts['loginattempts'] == $mybb->settings['maxloginattempts']) { $db->delete_query("awaitingactivation", "uid='" . (int) $login_user['uid'] . "' AND type='l'"); $lockout_array = array("uid" => $login_user['uid'], "dateline" => TIME_NOW, "code" => random_str(), "type" => "l"); $db->insert_query("awaitingactivation", $lockout_array); $subject = $lang->sprintf($lang->locked_out_subject, $mybb->settings['bbname']); $message = $lang->sprintf($lang->locked_out_message, htmlspecialchars_uni($mybb->input['username']), $mybb->settings['bbname'], $mybb->settings['maxloginattempts'], $mybb->settings['bburl'], $mybb->config['admin_dir'], $lockout_array['code'], $lockout_array['uid']); my_mail($login_user['email'], $subject, $message); } log_admin_action(array('type' => 'admin_locked_out', 'uid' => (int) $login_user['uid'], 'username' => $login_user['username'])); $default_page->show_lockedout(); } else { $default_page->show_login($lang->error_invalid_secret_pin, "error"); } } $loginhandler->set_data(array('username' => $mybb->input['username'], 'password' => $mybb->input['password'])); if ($loginhandler->validate_login() == true) { $mybb->user = get_user($loginhandler->login_data['uid']); } if ($mybb->user['uid']) { if (login_attempt_check_acp($mybb->user['uid']) == true) { log_admin_action(array('type' => 'admin_locked_out', 'uid' => (int) $mybb->user['uid'], 'username' => $mybb->user['username'])); $default_page->show_lockedout(); } $db->delete_query("adminsessions", "uid='{$mybb->user['uid']}'"); $sid = md5(uniqid(microtime(true), true)); $useragent = $_SERVER['HTTP_USER_AGENT']; if (my_strlen($useragent) > 200) { $useragent = my_substr($useragent, 0, 200); } // Create a new admin session for this user
/** * The switch function deletes the mybbuser cookie, sets a new cookie for the selected account and starts a new session. * Function is called by ajax request and sends the new users post key. * */ function accountswitcher_switch() { global $db, $mybb, $lang, $charset, $cache, $templates; if ($mybb->user['uid'] != 0 && isset($mybb->input['switchuser']) && $mybb->input['switchuser'] == 1 && $mybb->request_method == "post") { require_once MYBB_ROOT . "/inc/plugins/accountswitcher/class_accountswitcher.php"; $eas = new AccountSwitcher($mybb, $db, $cache, $templates); // Get permissions for this user $userPermission = user_permissions($mybb->user['uid']); // Get permissions for the master. First get the master $master = get_user((int) $mybb->user['as_uid']); // Get his permissions $masterPermission = user_permissions($master['uid']); // If one of both has the permission allow to switch if ($userPermission['as_canswitch'] == 1 || $masterPermission['as_canswitch'] == 1) { if (!isset($lang->as_invaliduser)) { $lang->load("accountswitcher"); } verify_post_check($mybb->get_input('my_post_key')); // Get user info $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT)); // Check if user exists if (!$user) { error($lang->as_invaliduser); } // Can the new account be shared? if ($user['as_share'] != 0 && $mybb->settings['aj_shareuser'] == 1) { // Account already used by another user? if ($user['as_shareuid'] != 0) { log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log); return; } // Account only shared by buddies? if ($user['as_buddyshare'] != 0) { // No buddy - no switch if ($user['buddylist'] != '') { $buddylist = explode(",", $user['buddylist']); } if (empty($buddylist) || !empty($buddylist) && !in_array($mybb->user['uid'], $buddylist)) { log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log); return; } } // Shared account is free - set share uid if ($user['as_shareuid'] == 0) { $updated_shareuid = array("as_shareuid" => (int) $mybb->user['uid']); $db->update_query("users", $updated_shareuid, "uid='" . (int) $user['uid'] . "'"); $eas->update_accountswitcher_cache(); $user['as_shareuid'] = (int) $mybb->user['uid']; } } // Make sure you can switch to an attached account only if ($user['as_uid'] == $mybb->user['uid'] || $user['as_uid'] != 0 && $user['as_uid'] == $mybb->user['as_uid'] || $user['uid'] == $mybb->user['as_uid'] || $user['as_shareuid'] == $mybb->user['uid'] || $user['uid'] == $mybb->user['as_shareuid']) { // Is the current account shared? if ($mybb->user['as_share'] != 0) { // Account used by another user? if ($mybb->user['as_shareuid'] == 0) { log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log); return; } // Reset share uid if ($mybb->user['as_shareuid'] != 0) { $updated_shareuid = array("as_shareuid" => 0); $db->update_query("users", $updated_shareuid, "uid='" . (int) $mybb->user['uid'] . "'"); $eas->update_accountswitcher_cache(); } } // Log the old user out my_unsetcookie("mybbuser"); my_unsetcookie("sid"); if ($mybb->user['uid']) { $time = TIME_NOW; // Run this after the shutdown query from session system $db->shutdown_query("UPDATE " . TABLE_PREFIX . "users SET lastvisit='{$time}', lastactive='{$time}' WHERE uid='{$mybb->user['uid']}'"); $db->delete_query("sessions", "sid = '{$session->sid}'"); } // Now let the login datahandler do the work require_once MYBB_ROOT . "inc/datahandlers/login.php"; $loginhandler = new LoginDataHandler("get"); $mybb->input['remember'] = "yes"; $loginhandler->set_data($user); $validated = $loginhandler->validate_login(); $loginhandler->complete_login(); // Create session for this user require_once MYBB_ROOT . "inc/class_session.php"; $session = new session(); $session->init(); $mybb->session =& $session; $mybb->post_code = generate_post_check(); // Send new users post code header("Content-type: text/plain; charset={$charset}"); echo $mybb->post_code; exit; } else { log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log); error($lang->as_notattacheduser); } } } }