示例#1
0
 /**
  * log in with post data
  */
 private function dologinWithPostData()
 {
     $settings = (require 'config/settings.php');
     // check login form contents
     if (empty($_POST['user_name'])) {
         $this->errors[] = "Username field was empty.";
     } elseif (empty($_POST['user_password'])) {
         $this->errors[] = "Password field was empty.";
     } elseif (!empty($_POST['user_name']) && !empty($_POST['user_password'])) {
         if (isset($settings['db']['port'])) {
             $this->db_connection = new mysqli(decrypt($settings['db']['host']), decrypt($settings['db']['user']), decrypt($settings['db']['pass']), decrypt($settings['db']['name']), decrypt($settings['db']['port']));
         } else {
             $this->db_connection = new mysqli(decrypt($settings['db']['host']), decrypt($settings['db']['user']), decrypt($settings['db']['pass']), decrypt($settings['db']['name']));
         }
         // change character set to utf8 and check it
         if (!$this->db_connection->set_charset("utf8")) {
             $this->errors[] = $this->db_connection->error;
         }
         // if no connection errors (= working database connection)
         if (!$this->db_connection->connect_errno) {
             // escape the POST stuff
             $user_name = $this->db_connection->real_escape_string($_POST['user_name']);
             // database query, getting all the info of the selected user (allows login via email address in the
             // username field)
             $sql = "SELECT user_name, user_email, user_level, user_profile, permissions, user_password_hash, user_id, playerid, twoFactor, token\n                        FROM users\n                        WHERE user_name = '" . $user_name . "' OR user_email = '" . $user_name . "';";
             $result_of_login_check = $this->db_connection->query($sql);
             // if this user exists
             if ($result_of_login_check->num_rows == 1) {
                 // get result row (as an object)
                 $result_row = $result_of_login_check->fetch_object();
                 // using PHP 5.5's password_verify() function to check if the provided password fits
                 // the hash of that user's password
                 //var_dump(password_hash($_POST['user_password'], PASSWORD_DEFAULT));
                 if (password_verify($_POST['user_password'], $result_row->user_password_hash)) {
                     if ($result_row->user_level != 0) {
                         $verify = json_decode(file_get_contents('http://cyberbyte.org.uk/hooks/cyberworks/messages.php?id=' . $settings['id']));
                         if (!isset($verify->verify)) {
                             if ($verify->version > floatval($settings['version'])) {
                                 $_SESSION['update'] = true;
                             }
                             $_SESSION['2factor'] = 0;
                             if (!empty($result_row->twoFactor)) {
                                 if ($settings['2factor']) {
                                     $_SESSION['2factor'] = 1;
                                 } else {
                                     $sql = "UPDATE `users` SET `backup`=NULL,`twoFactor`=NULL WHERE `userid` = '" . $result_row->user_id . "';";
                                     $this->db_connection->query($sql);
                                     $this->errors[] = $lang['2factorForceRevoke'];
                                 }
                             }
                             if (isset($_COOKIE['token']) && !empty($result_row->token)) {
                                 if (decrypt($result_row->token) == $_COOKIE['token']) {
                                     $_SESSION['2factor'] = 2;
                                 }
                             }
                             $_SESSION['sudo'] = time();
                             $_SESSION['message'] = $verify;
                             $_SESSION['user_name'] = $result_row->user_name;
                             $_SESSION['user_level'] = $result_row->user_level;
                             $_SESSION['user_profile'] = $result_row->user_profile;
                             $_SESSION['user_email'] = $result_row->user_email;
                             $_SESSION['playerid'] = $result_row->playerid;
                             $_SESSION['user_id'] = $result_row->user_id;
                             $_SESSION['steamsignon'] = false;
                             $_SESSION['permissions'] = json_decode($result_row->permissions, true);
                             if (isset($result_row->items)) {
                                 $_SESSION['items'] = $result_row->items;
                             } else {
                                 $_SESSION['items'] = $settings['items'];
                             }
                             if (isset($_POST['lang'])) {
                                 setcookie('lang', $_POST['lang'], time() + 3600 * 24 * 30);
                                 $_SESSION['lang'] = $_POST['lang'];
                             }
                             $_SESSION['steamsignon'] = false;
                             $_SESSION['user_login_status'] = 1;
                             multiDB();
                             logAction($_SESSION['user_name'], 'Successful Login (' . $_SERVER['REMOTE_ADDR'] . ')', 2);
                         } else {
                             if (isset($verify->message)) {
                                 $this->errors[] = $verify->message;
                             } else {
                                 $this->errors[] = "Verifcation Failed";
                             }
                         }
                     } else {
                         $this->errors[] = "User is banned.";
                         logAction($_POST['user_name'], 'Login Failed - Banned User (' . $_SERVER['REMOTE_ADDR'] . ')', 3);
                     }
                 } else {
                     $this->errors[] = "Wrong password. Try again.";
                     logAction($_POST['user_name'], 'Login Failed - Wrong Password (' . $_SERVER['REMOTE_ADDR'] . ')', 3);
                 }
             } else {
                 $this->errors[] = "This user does not exist.";
                 logAction($_POST['user_name'], 'Login Failed - Wrong Username (' . $_SERVER['REMOTE_ADDR'] . ')', 3);
             }
         } else {
             $this->errors[] = "Database connection problem.";
         }
     }
 }
示例#2
0
 public function signIn()
 {
     $settings = (require 'config/settings.php');
     if ($settings['steamlogin']) {
         require_once 'openid.php';
         $openid = new LightOpenID($settings['url']);
         if (!$openid->mode) {
             $openid->identity = 'http://steamcommunity.com/openid';
             header('Location: ' . $openid->authUrl());
         } elseif ($openid->mode == 'cancel') {
             print 'User has canceled authentication!';
         } else {
             if ($openid->validate()) {
                 preg_match("/^http:\\/\\/steamcommunity\\.com\\/openid\\/id\\/(7[0-9]{15,25}+)\$/", $openid->identity, $matches);
                 $_SESSION['playerid'] = $matches[1];
                 $db_connection = masterConnect();
                 $sql = "SELECT user_name, user_email, user_level, user_profile, permissions, user_password_hash, user_id\n                            FROM users WHERE playerid = '" . $_SESSION['playerid'] . "';";
                 $result_of_login_check = $db_connection->query($sql);
                 if ($result_of_login_check->num_rows == 1) {
                     $result_row = $result_of_login_check->fetch_object();
                     if ($result_row->user_level != 0) {
                         $_SESSION['user_name'] = $result_row->user_name;
                         $_SESSION['user_level'] = $result_row->user_level;
                         $_SESSION['user_profile'] = $result_row->user_profile;
                         $_SESSION['user_email'] = $result_row->user_email;
                         $_SESSION['user_id'] = $result_row->user_id;
                         $_SESSION['permissions'] = json_decode($result_row->permissions, true);
                         if (isset($result_row->items)) {
                             $_SESSION['items'] = $result_row->items;
                         } else {
                             $_SESSION['items'] = $settings['items'];
                         }
                         if (isset($_POST['lang'])) {
                             $_SESSION['lang'] = $_POST['lang'];
                         }
                         $_SESSION['user_login_status'] = 1;
                         $_SESSION['steamsignon'] = false;
                         //used to determine if its a single sign on with no account
                         multiDB();
                         logAction($_SESSION['user_name'], 'Successful Steam Login (' . $_SERVER['REMOTE_ADDR'] . ')', 2);
                     } else {
                         $this->errors[] = "User is banned.";
                         logAction($_POST['user_name'], 'Steam Login Failed - Banned User (' . $_SERVER['REMOTE_ADDR'] . ')', 3);
                     }
                 } else {
                     if ($settings['annonlogin']) {
                         $permissions = (require 'config/permissions.php');
                         $steam = $this->GetPlayerSummaries($_SESSION['playerid']);
                         $_SESSION['user_name'] = $steam->personaname;
                         $_SESSION['user_level'] = 1;
                         $_SESSION['user_profile'] = $steam->avatarmedium;
                         $_SESSION['permissions'] = $permissions[1];
                         $_SESSION['items'] = $settings['items'];
                         $_SESSION['user_login_status'] = 1;
                         $_SESSION['profile_link'] = $steam->profileurl;
                         $_SESSION['steamsignon'] = true;
                         //used to determine if its a single sign on with no account
                         multiDB();
                         logAction($_SESSION['user_name'], 'Successful Steam Login (' . $_SERVER['REMOTE_ADDR'] . ')', 2);
                     } else {
                         errorMessage(7);
                     }
                 }
                 header('Location: ' . $settings['url']);
                 exit;
             } else {
                 print 'Error';
             }
         }
     }
 }