checkFilePermissions(); // _upgradeToVersion1_04(); _upgradeToVersion1_06(); _upgradeToVersion1_07(); _upgradeToVersion1_08(); _upgradeToVersion1_10(); _upgradeSettings(); _upgradeAccounts(); _upgradeToVersion1_24(); _upgradeToVersion2_05(); _upgradeToVersion2_07(); _upgradeToVersion2_09(); // _removeOldCacheFiles(); encryptAllPasswords(); // force encryption of all plaintext passwords // _notifyUpgradeComplete(); // function showUpgradeErrors() { $upgradeErrors = ''; // check for accesslist schema $schemaPath = DATA_DIR . '/schema/_accesslist.ini.php'; if (!file_exists($schemaPath)) { $upgradeErrors .= "<b>Upgrade Notice:</b> You must upload the latest /data/schema/_accesslist.ini.php before upgrading!<br/>\n"; } // check for settings schema #$schemaPath = DATA_DIR.'/schema/_settings.ini.php'; #if (!file_exists($schemaPath)) {
function getCurrentUser(&$loginExpired = false) { $user = array(); $isValidLogin = false; $updateLastLogin = true; // check for cookie from last login session, and log user list($loginExpired, $username, $passwordHash) = loginCookie_get(); // disallow logins with plaintext password hash $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : ''; if ($action == 'loginSubmit' && !empty($_REQUEST['password']) && $passwordHash && $_REQUEST['password'] == $passwordHash) { $passwordHash = ''; // blank out password loginCookie_remove(); } // if ($username && $passwordHash) { $userFound = mysql_get(accountsTable(), null, array('username' => $username)); $isValidLogin = $userFound && $passwordHash == getPasswordDigest($userFound['password']); if ($isValidLogin) { $user = $userFound; } // if this database password wasn't encrypted then encrypt ALL unencrypted passwords in database) if (!isPasswordDigest($userFound['password'])) { encryptAllPasswords(); } } // Plugin filters list($isValidLogin, $user, $updateLastLogin) = applyFilters('login_isValidLogin', array($isValidLogin, $user, $updateLastLogin)); ### on valid login... if ($isValidLogin) { // add user meta-field $user['isExpired'] if (@$user['expiresDate']) { $expiresTime = strtotime($user['expiresDate']); $user['isExpired'] = !$user['neverExpires'] && $expiresTime && $expiresTime < time(); } // If in CMS: add user meta-field $user['accessList'] if (defined('IS_CMS_ADMIN')) { $records = mysql_select('_accesslist', array('userNum' => $user['num'])); foreach ($records as $record) { $user['accessList'][$record['tableName']]['accessLevel'] = $record['accessLevel']; $user['accessList'][$record['tableName']]['maxRecords'] = $record['maxRecords']; } } // update $user['lastLoginDate'] if ($updateLastLogin && array_key_exists('lastLoginDate', $user)) { $secondsSinceLastUpdate = time() - strtotime($user['lastLoginDate']); if ($secondsSinceLastUpdate >= 60) { // To reduce db load, only update once a minute mysql_update(accountsTable(), $user['num'], null, array('lastLoginDate=' => 'NOW()')); } } } ### on INVALID login... if ($username && !$isValidLogin) { // 2.50 encrypt un-encrypted passwords - do this here so it will be called for website membership as well if (!$isValidLogin) { encryptAllPasswords(); } // remove login cookie loginCookie_remove(); } // NOTE: You must check for 'isExpired' and 'disabled' in the code that calls this function! return $isValidLogin ? $user : false; }