$json = webservices_get_contact_group($c_uid, $kwd, $c); } else { $json['status'] = 'ERR'; $json['error'] = '100'; } $log_this = TRUE; break; case "GET_TOKEN": $user = array(); if (preg_match('/^(.+)@(.+)\\.(.+)$/', $u)) { if (auth_validate_email($u, $p)) { $u = user_email2username($u); $user = user_getdatabyusername($u); } } else { if (auth_validate_login($u, $p)) { $user = user_getdatabyusername($u); } } if ($user['uid']) { $continue = false; $json['status'] = 'ERR'; $json['error'] = '106'; $ip = explode(',', $user['webservices_ip']); if (is_array($ip)) { foreach ($ip as $key => $net) { if (core_net_match($net, $_SERVER['REMOTE_ADDR'])) { $continue = true; } } }
/** * Validate email and password * * @param string $email * Username * @param string $password * Password * @return boolean TRUE when validated or boolean FALSE when validation failed */ function auth_validate_email($email, $password) { $username = user_email2username($email); _log('login attempt email:' . $email . ' u:' . $username . ' p:' . md5($password) . ' ip:' . $_SERVER['REMOTE_ADDR'], 3, 'auth_validate_email'); return auth_validate_login($username, $password); }
<?php defined('_SECURE_') or die('Forbidden'); if (_OP_ == 'login') { $username_or_email = trim($_REQUEST['username']); $password = trim($_REQUEST['password']); if ($username_or_email && $password) { $username = ''; $validated = FALSE; if (preg_match('/^(.+)@(.+)\\.(.+)$/', $username_or_email)) { if (auth_validate_email($username_or_email, $password)) { $username = user_email2username($username_or_email); $validated = TRUE; } } else { if (auth_validate_login($username_or_email, $password)) { $username = $username_or_email; $validated = TRUE; } } if ($validated) { $uid = user_username2uid($username); auth_session_setup($uid); if (auth_isvalid()) { logger_print("u:" . $_SESSION['username'] . " uid:" . $uid . " status:" . $_SESSION['status'] . " sid:" . $_SESSION['sid'] . " ip:" . $_SERVER['REMOTE_ADDR'], 2, "login"); } else { logger_print("unable to setup session u:" . $_SESSION['username'] . " status:" . $_SESSION['status'] . " sid:" . $_SESSION['sid'] . " ip:" . $_SERVER['REMOTE_ADDR'], 2, "login"); $_SESSION['error_string'] = _('Unable to login'); } } else { $_SESSION['error_string'] = _('Invalid username or password');