public function ok_f()
{
$_back = $this->get("_back");
if (!$_back) {
$_back = $this->url;
$error_url = $this->url('login');
} else {
$error_url = $this->url('login', '', '_back=' . rawurlencode($_back));
}
if ($_SESSION["user_id"]) {
error(P_Lang('您已是本站会员,不需要再次登录'), $_back);
}
if ($this->config['is_vcode'] && function_exists('imagecreate')) {
$code = $this->get('_chkcode');
if (!$code) {
error(P_Lang('验证码不能为空'), $error_url, 'error');
}
$code = md5(strtolower($code));
if ($code != $_SESSION['vcode']) {
error(P_Lang('验证码填写不正确'), $error_url, 'error');
}
unset($_SESSION['vcode']);
}
//获取登录信息
$user = $this->get("user");
if (!$user) {
error(P_Lang('账号不能为空'), $error_url, 'error');
}
$pass = $this->get("pass");
if (!$pass) {
error(P_Lang('会员密码不能为空'), $error_url, 'error');
}
//多种登录方式
$user_rs = $this->model('user')->get_one($user, 'user');
if (!$user_rs) {
$user_rs = $this->model('user')->get_one($user, 'email');
if (!$user_rs) {
$user_rs = $this->model('user')->get_one($user, 'mobile');
if (!$user_rs) {
error(P_Lang('会员信息不存在'), $error_url, 'error');
}
}
}
if (!$user_rs['status']) {
error(P_Lang('会员审核中,暂时不能登录'), $error_url, 'error');
}
if ($user_rs['status'] == '2') {
error(P_Lang('会员被管理员锁定,请联系管理员解锁'), $error_url, 'error');
}
if (!password_check($pass, $user_rs["pass"])) {
error(P_Lang('登录密码不正确'), $error_url, 'error');
}
$_SESSION["user_id"] = $user_rs['id'];
$_SESSION["user_gid"] = $user_rs['group_id'];
$_SESSION["user_name"] = $user_rs["user"];
error(P_Lang('会员登录成功'), $_back, 'ok');
}
function check_f()
{
if ($_SESSION['admin_id']) {
$this->json(P_Lang('您已成功登录,无需再次验证'));
}
$user = $this->get('user');
if (!$user) {
$this->json(P_Lang('管理员账号不能为空'));
}
$pass = $this->get('pass');
if (!$pass) {
$this->json(P_Lang('密码不能为空'));
}
//验证码检测
if ($this->config['is_vcode'] && function_exists('imagecreate')) {
$code = $this->get("_code");
if (!$code) {
$this->json(P_Lang('验证码不能为空'));
}
$code = md5(strtolower($code));
if ($code != $_SESSION['vcode_admin']) {
$this->json(P_Lang('验证码填写不正确'));
}
}
$rs = $this->model('admin')->get_one_from_name($user);
if (!$rs) {
$this->json(P_Lang('管理员信息不存在'));
}
if (!password_check($pass, $rs["pass"])) {
$this->json(P_Lang('管理员密码输入不正确'));
}
if (!$rs["status"]) {
$this->json(P_Lang("管理员账号已被锁定,请联系超管!"));
}
//获取管理员的权限
if (!$rs["if_system"]) {
$popedom_list = $this->model('admin')->get_popedom_list($rs["id"]);
if (!$popedom_list) {
$this->json(P_Lang('你的管理权限未设置好,请联系超级管理员进行设置'));
}
$_SESSION["admin_popedom"] = $popedom_list;
//非系统管理员,判断都有哪些站点权限
$site_id = $this->model('popedom')->get_site_id($popedom_list);
if (!$site_id) {
$this->json(P_Lang('你的管理权限未设置好,请联系超级管理员进行设置'));
}
$_SESSION["admin_site_id"] = $site_id;
} else {
$_SESSION["admin_site_id"] = $this->site['id'];
}
$_SESSION["admin_id"] = $rs["id"];
$_SESSION["admin_account"] = $rs["account"];
$_SESSION["admin_rs"] = $rs;
unset($_SESSION['vcode_admin']);
$this->json(true);
}
public function save_f()
{
if ($_SESSION['user_id']) {
$this->json(P_Lang('您已是本站会员,不需要再次登录'));
}
if ($this->config['is_vcode'] && function_exists('imagecreate')) {
$code = $this->get('_chkcode');
if (!$code) {
$this->json(P_Lang('验证码不能为空'));
}
$code = md5(strtolower($code));
if ($code != $_SESSION['vcode']) {
$this->json(P_Lang('验证码填写不正确'));
}
unset($_SESSION['vcode']);
}
$user = $this->get("user");
if (!$user) {
$this->json(P_Lang('账号不能为空'));
}
$pass = $this->get("pass");
if (!$pass) {
$this->json(P_Lang('会员密码不能为空'));
}
//多种登录方式
$user_rs = $this->model('user')->get_one($user, 'user');
if (!$user_rs) {
$user_rs = $this->model('user')->get_one($user, 'email');
if (!$user_rs) {
$user_rs = $this->model('user')->get_one($user, 'mobile');
if (!$user_rs) {
$this->json(P_Lang('会员信息不存在'));
}
}
}
if (!$user_rs['status']) {
$this->json(P_Lang('会员审核中,暂时不能登录'));
}
if ($user_rs['status'] == '2') {
$this->json(P_Lang('会员被管理员锁定,请联系管理员解锁'));
}
if (!password_check($pass, $user_rs["pass"])) {
$this->json(P_Lang('登录密码不正确'));
}
$_SESSION["user_id"] = $user_rs['id'];
$_SESSION["user_gid"] = $user_rs['group_id'];
$_SESSION["user_name"] = $user_rs["user"];
$this->json(true);
}
function attempt_login($username, $password)
{
$find_user = find_user_by_username($username);
$user = $find_user[0];
if (isset($user)) {
if (password_check($password, $user['password'])) {
// password matches
return $user;
} else {
// password does not match
return false;
}
} else {
// user not found
return false;
}
}
function attempt_login($username, $hashed_password)
{
$admin = find_admin_by_username($username);
if ($admin_set) {
// found admin, now check password
if (password_check($hashed_password, $admin_set["hashed_password"])) {
// password matches
return $admin_set;
} else {
// password does not match
return false;
}
} else {
// admin not found
return false;
}
}
function submit_f()
{
$oldpass = $this->get("oldpass");
if (!$oldpass) {
error(P_Lang('管理员密码验证不能为空'), $this->url("me", "setting"), "error");
}
$rs = $this->model('admin')->get_one($_SESSION["admin_id"]);
if (!password_check($oldpass, $rs["pass"])) {
error(P_Lang("管理员密码不正确"), $this->url("me", "setting"), "error");
}
$name = $this->get('name');
$array = array('email' => $this->get('email'));
$update_login = false;
$admin = $this->model('admin')->get_one($_SESSION['admin_id'], 'id');
$tip = P_Lang('信息修改成功');
if ($name && $name != $admin['account']) {
//修改管理员账号
$check = $this->model('admin')->check_account($name, $_SESSION['admin_id']);
if ($check) {
error(P_Lang('管理员账号已经存在,请重新设置'), $this->url('me', 'setting'), 'error');
}
$array['account'] = $name;
$update_login = true;
$tip = P_Lang('管理员账号信息变更成功,请重新登录');
}
$newpass = $this->get("newpass");
if ($newpass) {
$chkpass = $this->get("chkpass");
if ($newpass != $chkpass) {
error(P_Lang("两次输入的新密码不一致"), $this->url("me", "setting"), "error");
}
$array['pass'] = password_create($newpass);
$tip = P_Lang('密码修改成功,请下次登录后使用新密码登录!');
}
$array['fullname'] = $this->get('fullname');
$array['close_tip'] = $this->get('close_tip');
$this->model('admin')->save($array, $_SESSION['admin_id']);
if ($update_login) {
error($tip, $this->url('logout'), 'ok');
} else {
$info = $this->model('admin')->get_one($_SESSION['admin_id'], 'id');
$_SESSION['admin_rs'] = $info;
$html = '<input type="button" value=" ' . P_Lang('确定') . ' " class="submit" onclick="$.dialog.close();" />';
error_open($tip, "ok", $html);
}
}
function attempt_login($username, $password)
{
$admin = find_user_by_username($username);
if ($admin) {
if (password_check($password, $admin)) {
return $admin;
} else {
echo "<div id=\"error\">";
echo " password does not match";
echo "</div>";
return false;
}
} else {
// user not found
return false;
}
}
function validate_user($username, $password)
{
global $connection;
$safe_username = mysql_prep($username);
$query = "SELECT password FROM user_auth WHERE user_id = '{$username}' LIMIT 1";
$password_set = mysqli_query($connection, $query);
$fetched_password = mysqli_fetch_assoc($password_set);
if (isset($fetched_password)) {
if (password_check($password, $fetched_password['password'])) {
return true;
} else {
return false;
}
} else {
return false;
}
}
public static function authenticate($username = "", $password = "")
{
global $database;
if ($result_set = self::find_by_field("username", $username)) {
$user = array_shift($result_set);
} else {
$user = false;
}
$password = $database->escape_value($password);
if ($user) {
if (password_check($password, $user->password)) {
return $user;
} else {
return false;
}
} else {
return false;
}
}
function user_authenticate($Username, $Password)
{
lib('Passwords');
global $pdo;
$stmt = $pdo->prepare('
SELECT `password`
FROM `users`
WHERE `username` = :username
');
$stmt->bindValue(':username', $Username);
$stmt->execute();
if (!($row = $stmt->fetch())) {
return false;
}
if (password_check($Password, $row['password'])) {
$GLOBALS['user'] = new User($Username);
return true;
} else {
return false;
}
}
function attempt_login($username, $pword)
{
//echo 'attempt_login ' . $password . ' — ' . $username . '<br/>';
//var_dump($password);
//hash password
$password = crypt($pword, CRYPT_BLOWFISH);
$find_user = find_user_by_username($username);
$user = $find_user[0];
//echo '<br/><br/>$user: '******'<br/>password_check called';
if (password_check($password, $user['password'])) {
// password matches
return $user;
} else {
// password does not match
return false;
}
} else {
// user not found
return false;
}
}
function attempt_login_user($username, $password)
{
$user = find_user_by_username($username);
if ($user) {
if (password_check($password, $user["hashed_password"])) {
return $user;
} else {
return false;
}
} else {
return false;
}
}
printf('<input type="hidden" name="attr" value="%s" />', $request['attribute']);
echo '<table class="forminput" width="100%" border="0">';
echo '<tr>';
printf('<td class="heading">%s</td>', _('Compare'));
printf('<td><input type="%s" name="hash" id="hash" value="%s" /></td>', obfuscate_password_display($request['enc_type']) ? 'password' : 'text', htmlspecialchars($request['hash']));
echo '</tr>';
echo '<tr>';
printf('<td class="heading">%s</td>', _('To'));
printf('<td><input type="password" name="check_password" value="%s" /></td>', htmlspecialchars($request['password']));
echo '</tr>';
echo '<tr>';
echo '<td> </td>';
echo '<td><input type="submit" value="Compare" />';
if ($request['action'] == 'compare') {
echo ' <b>';
if (password_check($request['hash'], $request['password'], $request['attribute'])) {
printf('<span class="good">%s</span>', _('Passwords match!'));
} else {
printf('<span class="bad">%s</span>', _('Passwords do not match!'));
}
echo '</b>';
}
echo '</td>';
echo '</tr>';
echo '</table>';
echo '</form>';
# Pull our password from the form that opened this window.
if ($request['componentid']) {
echo '<script type="text/javascript">';
printf('var c = window.opener.document.getElementById("%s");', $request['componentid']);
printf('var h = document.getElementById("%s");', 'hash');
var_dump(get_container("dc=com"));
echo "<br>\n";
echo "Should be null: ";
var_dump(get_container("Fred"));
echo "<br>\n";
}
// tests pla_explode_dn()
if (false) {
var_dump(pla_explode_dn("cn=<stuff>,dc=example,dc=<com>"));
}
if (false) {
$password = '******';
foreach (array('md5', 'md5crypt', 'sha', 'ssha', 'smd5', 'crypt', 'clear') as $enc_type) {
$crypted_password = password_hash($password, $enc_type);
print "[" . $enc_type . "] " . $crypted_password . "<br />";
print " Test: " . (password_check($crypted_password, $password) ? "passed" : "failed");
print "\n";
//unset($crypted_password);
flush();
}
}
if (true) {
$secret = "foobar";
$passwords = array('fun!244A', 'asdf', 'dc=stuff,ou=things', 'y()ikes');
$passwords_encrypted = array();
foreach ($passwords as $password) {
$passwords_encrypted[] = pla_blowfish_encrypt($password, $secret);
}
$passwords_decrypted = array();
foreach ($passwords_encrypted as $password) {
$passwords_decrypted[] = pla_blowfish_decrypt($password, $secret);
function attempt_login($username, $password)
{
$user = find_user($username);
if ($user) {
/* user found, now verify password */
if (password_check($password, $user["user_pass"])) {
/* password matches */
return $user;
} else {
/* password does not match */
return false;
}
} else {
/* user not verified */
return false;
}
}
break;
}
$redirect .= $post_reportid ? '&post_reportid=$post_reportid' : '';
redirect(append_sid("login.{$phpEx}?redirect=posting.{$phpEx}&" . $redirect, true));
}
//
// Password check
//
if (!$is_auth['auth_mod'] && $userdata['user_level'] != ADMIN) {
$redirect = str_replace("&", "&", preg_replace('#.*?([a-z]+?\\.' . $phpEx . '.*?)$#i', '\\1', htmlspecialchars($HTTP_SERVER_VARS['REQUEST_URI'])));
if ($HTTP_POST_VARS['cancel']) {
redirect(append_sid("index.{$phpEx}"));
} else {
if ($HTTP_POST_VARS['pass_login']) {
if ($post_info['forum_password'] != '') {
password_check('forum', $forum_id, $HTTP_POST_VARS['password'], $redirect);
}
}
}
if ($post_info['forum_password'] != '') {
$passdata = isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_fpass']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_fpass'])) : '';
if ($passdata[$forum_id] != md5($post_info['forum_password'])) {
password_box('forum', $redirect);
}
}
}
//
// END: Password check
//
//
// Set toggles for various options
<h4 class="text-center"><mark><a href="<?php
echo $_SERVER["PHP_SELF"];
?>
">my modele</a> </mark></h4>
<?php
$admin = find_admin_by_username("kamy");
//foreach($admin as $key=>$val){
// echo $key." :".$val."<br>";
//}
echo " database hashed :<br>" . $admin["hashed_password"] . "<br>";
$existing_password = $admin["hashed_password"];
$password = "******";
$existing_password = password_encrypt($password);
echo " password encrypt :<br>" . $existing_password . "<br>";
$existing_password = password_encrypt($password);
echo " password encrypt :<br>" . $existing_password . "<br>";
$check = password_check($password, $existing_password);
echo "<br>";
if ($check) {
echo "password match";
} else {
echo "password did not match";
}
//var_dump($admin);
?>
<?php
include "../includes/layouts/footer_2.php";
function attempt_login($username, $password)
{
$admin = find_admin_by_username($username);
if ($admin) {
//admin found,check password
if (password_check($password, $admin['password'])) {
//password matches
return $admin;
} else {
return false;
}
} else {
///return false, admin not found
return false;
}
}
function phpok_user_login($id, $pass = "", $field = 'id')
{
if (!$id) {
return P_Lang('未指定会员账号或Email或手机号或ID号');
}
$rs = $GLOBALS['app']->model('user')->get_one($id, $field);
if (!$rs) {
return P_Lang('会员信息不存在');
}
if (!$rs["status"]) {
return P_Lang('会员账号未审核');
}
if ($rs['status'] == '2') {
return P_Lang('会员账号被锁定,请联系管理员');
}
if ($pass && !password_check($pass, $rs["pass"])) {
return P_Lang('会员账号验证不通过,密码不正确');
}
$_SESSION["user_id"] = $id;
$_SESSION["user_gid"] = $rs['group_id'];
$_SESSION["user_name"] = $rs["user"];
return 'ok';
}
function attempt_login($username, $password)
{
//used in login page...provided the username and password from user
$admin = find_admin_by_username($username);
if ($admin) {
// found admin, now check password
if (password_check($password, $admin["hashed_password"])) {
// password matches
return $admin;
} else {
// password does not match
return false;
}
} else {
// admin not found
return false;
}
}
/**
* This will attempt login with given credentials
* @param password & email as entered by user on form
*/
function attempt_login($username, $password)
{
$user = find_user_by_username($username);
if ($user) {
// found admin, now check password
if (password_check($password, $user["hashed_password"])) {
// password matches
return $user;
} else {
// password does not match
return false;
}
} else {
// admin not found
return false;
}
}
function attempt_employee_login($user, $password)
{
$user1 = find_employee_by_email($user);
if ($user1) {
// found user, now check password
if (password_check($password, $user1["Password"])) {
// password matches
return $user1;
} else {
// password does not match
return false;
}
} else {
// user not found
return false;
}
}
function attempt_student_login($student_username, $student_password)
{
$student = find_student_by_username($student_username);
if ($student) {
//found admin, now check password
if (password_check($student_password, $student["hashed_password"])) {
// password matches
return $student;
} else {
// password does not match
return false;
}
} else {
// admin not found
return false;
}
}
function attempt_login($username, $password)
{
$admin = find_admin_by_username($username);
if ($admin) {
if (password_check($password, $admin["hashed_password"])) {
return $admin;
} else {
return false;
}
} else {
return false;
}
}
/**
* Generates passwords till 5th level of strength, 6-7 - only for humans:)
*
* @param int $length
* @param int $strength In range [1..5], but it must be smaller, than $length<br><br>
* <b>1</b> - numbers<br>
* <b>2</b> - numbers + letters<br>
* <b>3</b> - numbers + letters in different registers<br>
* <b>4</b> - numbers + letters in different registers + special symbol<br>
* <b>5</b> - numbers + letters in different registers + special symbols (more than one)
*
* @return string
*/
function password_generate($length = 10, $strength = 5)
{
static $special = ['~', '!', '@', '#', '$', '%', '^', '&', '*', '(', ')', '-', '_', '=', '+', '|', '\\', '/', ';', ':', ',', '.', '?', '[', ']', '{', '}'];
static $small, $capital;
if ($length < 4) {
$length = 4;
}
if ($strength < 1) {
$strength = 1;
} elseif ($strength > $length) {
$strength = $length;
}
if ($strength > 5) {
$strength = 5;
}
if (!isset($small)) {
$small = range('a', 'z');
}
if (!isset($capital)) {
$capital = range('A', 'Z');
}
$password = [];
$symbols = range(0, 9);
if ($strength > 5) {
$strength = 5;
}
if ($strength > $length) {
$strength = $length;
}
if ($strength > 3) {
$symbols = array_merge($symbols, $special);
}
if ($strength > 2) {
$symbols = array_merge($symbols, $capital);
}
if ($strength > 1) {
$symbols = array_merge($symbols, $small);
}
$size = count($symbols) - 1;
while (true) {
for ($i = 0; $i < $length; ++$i) {
$password[] = $symbols[mt_rand(0, $size)];
}
shuffle($password);
if (password_check(implode('', $password)) == $strength) {
return implode('', $password);
}
$password = [];
}
return '';
}
}
unset($item, $value, $columns);
if ($_POST['user']['block_until'] > TIME) {
$block_until = $user_data['block_until'];
$block_until = explode('T', $block_until);
$block_until[0] = explode('-', $block_until[0]);
$block_until[1] = explode(':', $block_until[1]);
$user_data['block_until'] = mktime($block_until[1][0], $block_until[1][1], 0, $block_until[0][1], $block_until[0][2], $block_until[0][0]);
unset($block_until);
} else {
$user_data['block_until'] = 0;
}
if ($user_data['password']) {
if (strlen($user_data['password']) < $Config->core['password_min_length']) {
$Page->warning($L->password_too_short);
} elseif (password_check($user_data['password'], $Config->core['password_min_length']) < $Config->core['password_min_strength']) {
$Page->warning($L->password_too_easy);
} else {
$user_data['password_hash'] = hash('sha512', hash('sha512', $user_data['password']) . Core::instance()->public_key);
}
}
unset($user_data['password']);
if ($user_data['login'] && $user_data['login'] != $User->get('login', $id) && (!filter_var($user_data['login'], FILTER_VALIDATE_EMAIL) && $User->get_id(hash('sha224', $user_data['login'])) === false || $user_data['login'] == $user_data['email'])) {
$user_data['login_hash'] = hash('sha224', $user_data['login']);
} else {
if ($user_data['login'] != $User->get('login', $id)) {
$Page->warning($L->login_occupied_or_is_not_valid);
}
unset($user_data['login']);
}
if ($user_data['email']) {
function attempt_login($username, $password)
{
$admin = find_admin_by_username($username);
if ($admin) {
// found admin in database
if (password_check($password, $admin["hashed_password"])) {
// password matches
return $admin;
} else {
return false;
}
} else {
return false;
}
}
function phpraid_login()
{
global $db_raid, $phpraid_config;
global $db_user_id, $db_user_name, $db_user_email, $db_user_password, $table_prefix, $db_table_user_name;
$username = $password = "";
if (isset($_POST['username'])) {
// User is logging in, set encryption flag to 0 to identify login with plain text password.
$pwdencrypt = FALSE;
$username = mb_strtolower(scrub_input($_POST['username']), "UTF-8");
$password = $_POST['password'];
} elseif (isset($_COOKIE['username']) && isset($_COOKIE['password'])) {
// User is not logging in but processing cooking, set encryption flag to 1 to identify login with encrypted password.
$pwdencrypt = TRUE;
$username = mb_strtolower(scrub_input($_COOKIE['username']), "UTF-8");
$password = $_COOKIE['password'];
} else {
phpraid_logout();
}
$sql = "SELECT * FROM " . $phpraid_config['db_prefix'] . "profile";
$sql = sprintf("SELECT " . $db_user_id . " , " . $db_user_name . " , " . $db_user_email . " , " . $db_user_password . " FROM " . $table_prefix . $db_table_user_name . " WHERE " . $db_user_name . " = %s", quote_smart($username));
$result = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
while ($data = $db_raid->sql_fetchrow($result, true)) {
if ($username == mb_strtolower($data[$db_user_name], "UTF-8") && ($cmspass = password_check($password, $data[$db_user_id], $pwdencrypt))) {
// User is properly logged in and is allowed to use WRM, go ahead and process his login.
$autologin = scrub_input($_POST['autologin']);
if (isset($autologin)) {
// they want automatic logins so set the cookie
// set to expire in one month
setcookie('username', $data[$db_user_name], time() + 2629743);
setcookie('password', $cmspass, time() + 2629743);
}
// set user profile variables
$_SESSION['username'] = mb_strtolower($data[$db_user_name], "UTF-8");
$_SESSION['session_logged_in'] = 1;
$_SESSION['profile_id'] = $data[$db_user_id];
$_SESSION['email'] = $data[$db_user_email];
// get user permissions
get_permissions();
// ********************
// * NOTE * IUMS Auth does not do profile checking like external bridges do.
// ********************
/* if($phpraid_config['default_group'] != 'nil')
$user_priv = $phpraid_config['default_group'];
else
$user_priv = '0'; */
// User is all logged in and setup, the session is initialized properly. Now we need to create the users
// profile in the WRM database if it does not already exist.
/* $sql = sprintf("SELECT * FROM " . $phpraid_config['db_prefix'] . "profile WHERE profile_id = %s",
quote_smart($_SESSION['profile_id'])
);
$result = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
if ($data = $db_raid->sql_fetchrow($result))
{*/
//We found the profile in the database, update.
/* $sql = sprintf( "UPDATE " . $phpraid_config['db_prefix'] . "profile ".
" SET email = %s, password = %s, last_login_time = %s WHERE profile_id = %s",
quote_smart($_SESSION['email']),quote_smart($wrmuserpassword),
quote_smart(time()),quote_smart($_SESSION['profile_id'])
);
$db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
}
else
{
//Profile not found in the database or DB Error, insert.
$sql = sprintf("INSERT INTO " . $phpraid_config['db_prefix'] . "profile VALUES (%s, %s, %s, %s, %s, %s)",
quote_smart($_SESSION['profile_id']), quote_smart($_SESSION['email']), quote_smart($wrmuserpassword),
quote_smart($user_priv), quote_smart(strtolower($_SESSION['username'])), quote_smart(time())
);
$db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
}*/
$sql = sprintf("UPDATE " . $phpraid_config['db_prefix'] . "profile SET last_login_time=%s WHERE profile_id=%s", quote_smart(time()), quote_smart($_SESSION['profile_id']));
$db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
//security fix
unset($username);
unset($password);
unset($cmspass);
return 1;
}
}
return 0;
}
function phpraid_login()
{
global $db_user_id, $db_group_id, $db_user_name, $db_user_email, $db_user_password, $db_table_user_name;
global $db_table_group_name, $auth_user_class, $auth_alt_user_class, $table_prefix, $db_raid, $phpraid_config;
$username = $password = "";
if (isset($_POST['username'])) {
// User is logging in, set encryption flag to 0 to identify login with plain text password.
$pwdencrypt = FALSE;
$username = mb_strtolower(scrub_input($_POST['username']), "UTF-8");
$password = $_POST['password'];
$wrmpass = md5($_POST['password']);
} elseif (isset($_COOKIE['username']) && isset($_COOKIE['password'])) {
// User is not logging in but processing cooking, set encryption flag to 1 to identify login with encrypted password.
$pwdencrypt = TRUE;
$username = mb_strtolower(scrub_input($_COOKIE['username']), "UTF-8");
$password = $_COOKIE['password'];
$wrmpass = '';
} else {
phpraid_logout();
}
// from site/page/.. change pwd (testing)
//if(isset($_POST['username2'])){
// $username = scrub_input(strtolower($_POST['username2']));
//$password = $pwd_hasher->HashPassword($_POST['password2']);
// $password = md5($_POST['password2']);
//}
//database
$sql = sprintf("SELECT " . $db_user_id . "," . $db_user_name . "," . $db_user_email . "," . $db_user_password . " FROM " . $table_prefix . $db_table_user_name . " WHERE " . $db_user_name . " = %s", quote_smart($username));
$result = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
//WRM database
//$sql = sprintf("SELECT username, password FROM " . $phpraid_config['db_prefix'] . "profile WHERE username = %s",
// quote_smart($username)
// );
//$result2 = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
//if ($data2 = $db_raid->sql_fetchrow($result2))
//{
// $wrmuserpassword = $data2['password'];
//}
while ($data = $db_raid->sql_fetchrow($result, true)) {
//$testVal = password_check($password, $data[$db_user_id]);
//echo "<br>Processing: " . $data[$db_user_name] . " : Password Check: " . $testVal;
if ($username == mb_strtolower($data[$db_user_name], "UTF-8") && ($cmspass = password_check($password, $data[$db_user_id], $pwdencrypt))) {
// The user has a matching username and proper password in the phpbb database.
// We need to validate the users group. If it does not contain the user group that has been set as
// authorized to use WRM, we need to fail the login with a proper message.
if ($auth_user_class != 0) {
$FoundUserInGroup = FALSE;
$sql = sprintf("SELECT " . $db_user_id . "," . $db_group_id . " FROM " . $table_prefix . $db_table_group_name . " WHERE " . $db_user_id . " = %s", quote_smart($data[$db_user_id]));
$resultgroup = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
while ($datagroup = $db_raid->sql_fetchrow($resultgroup, true)) {
if ($datagroup[$db_group_id] == $auth_user_class or $datagroup[$db_group_id] == $auth_alt_user_class) {
$FoundUserInGroup = TRUE;
}
}
if ($FoundUserInGroup == FALSE) {
phpraid_logout();
return -1;
}
}
// User is properly logged in and is allowed to use WRM, go ahead and process his login.
$autologin = scrub_input($_POST['autologin']);
if (isset($autologin)) {
// they want automatic logins so set the cookie
// set to expire in one month
setcookie('username', $data[$db_user_name], time() + 2629743);
setcookie('password', $cmspass, time() + 2629743);
}
// set user profile variables
$_SESSION['username'] = mb_strtolower($data[$db_user_name], "UTF-8");
$_SESSION['session_logged_in'] = 1;
$_SESSION['profile_id'] = $data[$db_user_id];
$_SESSION['email'] = $data[$db_user_email];
if ($phpraid_config['default_group'] != 'nil') {
$user_priv = $phpraid_config['default_group'];
} else {
$user_priv = '0';
}
// User is all logged in and setup, the session is initialized properly. Now we need to create the users
// profile in the WRM database if it does not already exist.
$sql = sprintf("SELECT * FROM " . $phpraid_config['db_prefix'] . "profile WHERE profile_id = %s", quote_smart($_SESSION['profile_id']));
$result = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
if ($data = $db_raid->sql_fetchrow($result)) {
//We found the profile in the database, update.
if ($wrmpass != '') {
$sql = sprintf("UPDATE " . $phpraid_config['db_prefix'] . "profile SET email = %s, password = %s, last_login_time = %s WHERE profile_id = %s", quote_smart($_SESSION['email']), quote_smart($wrmpass), quote_smart(time()), quote_smart($_SESSION['profile_id']));
} else {
$sql = sprintf("UPDATE " . $phpraid_config['db_prefix'] . "profile SET email = %s, last_login_time = %s WHERE profile_id = %s", quote_smart($_SESSION['email']), quote_smart(time()), quote_smart($_SESSION['profile_id']));
}
$db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
} else {
//Profile not found in the database or DB Error, insert.
$sql = sprintf("INSERT INTO " . $phpraid_config['db_prefix'] . "profile VALUES (%s, %s, %s, %s, %s, %s)", quote_smart($_SESSION['profile_id']), quote_smart($_SESSION['email']), quote_smart($wrmpass), quote_smart($user_priv), quote_smart(mb_strtolower($_SESSION['username'], "UTF-8")), quote_smart(time()));
$db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1);
}
get_permissions();
//security fix
unset($username);
unset($password);
unset($cmspass);
unset($wrmpass);
return 1;
}
}
return 0;
}
function attempt_login($username, $password)
{
$admin = find_admin_by_username($username);
if ($admin) {
// found admin, now check password.
if (password_check($password, $admin['hashed_password'])) {
// Password matches.
return $admin;
} else {
// Password does not match.
return false;
}
} else {
// admin not found.
return false;
}
}
