/** * Process Login * * @param string Identifier - may be 'id', 'email' or 'username' * @param string Value for identifier (for example, the user's ID number) * @param string The password, md5 encoded * @param string md5( IPS Connect Key (see login method) . Identifier Value ) * @param string Redirect URL, Base64 encoded * @param string md5( IPS Connect Key . $redirect ) * @return mixed If the redirect URL is provided, this function should redirect the user to that URL with additional paramaters: * connect_status value from below * connect_id the ID number in this app * connect_username the username * connect_displayname the display name * connect_email the email address * connect_unlock If the account is locked, the time that it was locked * connect_unlock_period The number of minutes until the account is unlocked (will be 0 if account does not automatically unlock) * If blank, will output to screen a JSON object with the same parameters * Values: * SUCCESS login successful * WRONG_AUTH Password incorrect * NO_USER Identifier did not match member account * MISSING_DATA Identifier or password was blank * ACCOUNT_LOCKED Account has been locked by brute-force prevention */ public function login($identifier, $identifierValue, $md5Password, $key, $redirect, $redirectHash) { $member = NULL; $statusCode = 'MISSING_DATA'; $secondsUntilUnlock = 0; $revalidateUrl = ''; /* Check */ if (in_array($identifier, array('id', 'email', 'username'))) { $member = IPSMember::load($identifierValue, 'none', $identifier); if ($member['member_id']) { /* Check we're not blocked */ if ($this->settings['ipb_bruteforce_attempts'] > 0) { $failed_attempts = explode(",", IPSText::cleanPermString($member['failed_logins'])); $failed_count = 0; $total_failed = 0; $thisip_failed = 0; $non_expired_att = array(); if (is_array($failed_attempts) and count($failed_attempts)) { foreach ($failed_attempts as $entry) { if (!strpos($entry, "-")) { continue; } list($timestamp, $ipaddress) = explode("-", $entry); if (!$timestamp) { continue; } $total_failed++; if ($ipaddress != $this->member->ip_address) { continue; } $thisip_failed++; if ($this->settings['ipb_bruteforce_period'] and $timestamp < time() - $this->settings['ipb_bruteforce_period'] * 60) { continue; } $non_expired_att[] = $entry; $failed_count++; } sort($non_expired_att); $oldest_entry = array_shift($non_expired_att); list($oldest, ) = explode("-", $oldest_entry); } if ($thisip_failed >= $this->settings['ipb_bruteforce_attempts']) { if ($this->settings['ipb_bruteforce_unlock']) { if ($failed_count >= $this->settings['ipb_bruteforce_attempts']) { $secondsUntilUnlock = $oldest; $statusCode = 'ACCOUNT_LOCKED'; } } else { $statusCode = 'ACCOUNT_LOCKED'; } } } /* Check the password is valid */ if ($statusCode != 'ACCOUNT_LOCKED') { if (IPSMember::authenticateMember($member['member_id'], $md5Password)) { /* Are we validating? */ if ($member['ipsconnect_revalidate_url']) { $statusCode = 'VALIDATING'; $revalidateUrl = $member['ipsconnect_revalidate_url']; } else { $validating = ipsRegistry::DB()->buildAndFetch(array('select' => '*', 'from' => 'validating', 'where' => "member_id={$member['member_id']} AND new_reg=1")); if ($validating['vid']) { $statusCode = 'VALIDATING'; if ($validating['user_verified'] == 1 or $this->settings['reg_auth_type'] == 'admin') { $revalidateUrl = 'ADMIN_VALIDATION'; } else { $revalidateUrl = ipsRegistry::getClass('output')->buildUrl('app=core&module=global&section=register&do=reval', 'public'); } } } if ($statusCode != 'VALIDATING') { /* Login Successful */ $statusCode = 'SUCCESS'; /* Log us in locally */ $this->han_login->loginWithoutCheckingCredentials($member['member_id'], TRUE); /* Run memberSync */ IPSLib::runMemberSync('onLogin', $member); } } else { /* Login Failed */ $statusCode = 'WRONG_AUTH'; /* Append failed login */ if ($this->settings['ipb_bruteforce_attempts'] > 0) { $failed_logins = explode(",", $member['failed_logins']); $failed_logins[] = time() . '-' . $this->member->ip_address; $failed_count = 0; $total_failed = 0; $non_expired_att = array(); foreach ($failed_logins as $entry) { list($timestamp, $ipaddress) = explode("-", $entry); if (!$timestamp) { continue; } $total_failed++; if ($ipaddress != $this->member->ip_address) { continue; } if ($this->settings['ipb_bruteforce_period'] > 0 and $timestamp < time() - $this->settings['ipb_bruteforce_period'] * 60) { continue; } $failed_count++; $non_expired_att[] = $entry; } if ($member['member_id'] and !$this->settings['failed_done']) { IPSMember::save($member['email'], array('core' => array('failed_logins' => implode(",", $non_expired_att), 'failed_login_count' => $total_failed))); } } } } } else { $statusCode = 'NO_USER'; } } /* Run any custom code */ $this->_runCustom('login', array($member, $statusCode)); /* Hide the email if necessary */ if ($statusCode != 'SUCCESS' and $identifier != 'email') { $member['email'] = ''; } /* Return */ if ($redirect) { $redirect = ($key == md5($this->masterKey . $identifierValue) and $redirectHash == md5($this->masterKey . $redirect)) ? $redirect : base64_encode($this->settings['board_url']); } $this->_return($redirect, array('connect_status' => $statusCode, 'connect_id' => $member['member_id'], 'connect_username' => $member['name'], 'connect_displayname' => $member['members_display_name'], 'connect_email' => $member['email'], 'connect_unlock' => $secondsUntilUnlock, 'connect_revalidate_url' => $revalidateUrl, 'connect_unlock_period' => $this->settings['ipb_bruteforce_period'])); }
/** * handshake_server::handshake_start() * * Returns all data... * * @access public * @param integer $reg_id Converge reg ID * @param string $reg_code Converge API Code (MUST BE PRESENT IN ALL RETURNED API REQUESTS). * @param integer $reg_date Unix stamp of converge request start time * @param integer $reg_product_id Converge product ID (MUST BE PRESENT IN ALL RETURNED API REQUESTS) * @param string $converge_url Converge application base url (no slashes or paths) * @return mixed xml / boolean false **/ public function handshakeStart($reg_id = '', $reg_code = '', $reg_date = '', $reg_product_id = '', $converge_url = '', $acp_email = '', $acp_md5_password = '', $http_user = '', $http_pass = '') { //----------------------------------------- // INIT //----------------------------------------- $reg_id = intval($reg_id); $reg_code = IPSText::md5Clean($reg_code); $reg_date = intval($reg_date); $reg_product_id = intval($reg_product_id); $converge_url = IPSText::parseCleanValue($converge_url); $acp_email = IPSText::parseCleanValue($acp_email); $acp_md5_password = IPSText::md5Clean($acp_md5_password); $this->registry->getClass('class_localization')->loadLanguageFile(array('api_langbits'), 'core'); //----------------------------------------- // Check ACP user //----------------------------------------- if (!$acp_email and !$acp_md5_password) { $this->classApiServer->apiSendError(500, $this->lang->words['missing_email']); return false; } else { $member = IPSMember::load($acp_email, 'extendedProfile,groups'); if (!$member['member_id']) { $this->classApiServer->apiSendError(501, $this->lang->words['bad_email']); return false; } else { //----------------------------------------- // Are we an admin? //----------------------------------------- if ($member['g_access_cp'] != 1) { $this->classApiServer->apiSendError(501, $this->lang->words['no_acp_access']); return false; } //----------------------------------------- // Check password... //----------------------------------------- if (IPSMember::authenticateMember($member['member_id'], $acp_md5_password) != true) { $this->classApiServer->apiSendError(501, $this->lang->words['bad_email']); return false; } } } //----------------------------------------- // Just send it all back and start // A row in the converge_local table with // the info, but don't flag as active... //----------------------------------------- $reply = array('master_response' => 1, 'reg_id' => $reg_id, 'reg_code' => $reg_code, 'reg_date' => $reg_date, 'reg_product_id' => $reg_product_id, 'converge_url' => $converge_url); //----------------------------------------- // Add into DB //----------------------------------------- $this->registry->DB()->insert('converge_local', array('converge_api_code' => $reg_code, 'converge_product_id' => $reg_product_id, 'converge_added' => $reg_date, 'converge_ip_address' => my_getenv('REMOTE_ADDR'), 'converge_url' => $converge_url, 'converge_active' => 0, 'converge_http_user' => $http_user, 'converge_http_pass' => $http_pass)); //----------------------------------------- // Send reply... //----------------------------------------- $this->classApiServer->apiSendReply($reply); }
/** * Local authentication * * @access public * @param string Username * @param string Email Address * @param string Password * @return boolean Authentication successful */ public function authLocal($username, $email_address, $password) { $password = md5($password); //----------------------------------------- // Type of login //----------------------------------------- $type = 'username'; if (is_array($this->method_config) and $this->method_config['login_folder_name'] == 'internal') { $type = $this->method_config['login_user_id']; } /* Forcing email? */ if ($this->_forceEmailCheck) { $type = 'email'; } /* If any other method accepts the other type, we need to as well, otherwise form will indicate you can submit it but you can't */ foreach ($this->cache->getCache('login_methods') as $method) { if ($method['login_user_id'] == 'username' or $method['login_user_id'] == 'either') { $uses_name = true; } if ($method['login_user_id'] == 'email' or $method['login_user_id'] == 'either') { $uses_email = true; } } if ($uses_name and $uses_email) { $type = 'either'; } /* If we only have one, just take it and run with it */ $input = NULL; if ($email_address xor $username) { $input = $email_address ? $email_address : $username; } switch ($type) { case 'username': $this->member_data = IPSMember::load($input ? $input : $username, 'groups', 'username'); break; case 'email': $this->member_data = IPSMember::load($input ? $input : $email_address, 'groups', 'email'); break; case 'either': $_username = IPSMember::load($input ? $input : $username, 'groups', 'username'); if (!$_username['member_id']) { $this->member_data = IPSMember::load($input ? $input : $email_address, 'groups', 'email'); } else { $this->member_data = $_username; } break; } //----------------------------------------- // Got an account //----------------------------------------- if (!$this->member_data['member_id']) { $this->return_code = 'NO_USER'; return false; } //----------------------------------------- // Verify it is not blocked //----------------------------------------- if (!$this->_checkFailedLogins()) { return false; } //----------------------------------------- // Check password... //----------------------------------------- if (IPSMember::authenticateMember($this->member_data['member_id'], $password) != true) { if (!$this->_appendFailedLogin()) { return false; } $this->return_code = 'WRONG_AUTH'; return false; } else { $this->return_code = 'SUCCESS'; return true; } }
/** * Local authentication * * @access public * @param string Username * @param string Email Address * @param string Password * @return boolean Authentication successful */ public function authLocal($username, $email_address, $password) { $password = md5($password); //----------------------------------------- // Type of login //----------------------------------------- $type = 'username'; if (is_array($this->method_config) and $this->method_config['login_folder_name'] == 'internal') { $type = $this->method_config['login_user_id']; } if ($this->_forceEmailCheck === TRUE or $email_address and !$username) { $type = 'email'; } switch ($type) { case 'username': if (IPSText::mbstrlen($username) > 32) { $this->return_code = 'NO_USER'; return false; } $this->member_data = IPSMember::load($username, 'groups', 'username'); break; case 'email': $this->member_data = IPSMember::load($email_address, 'groups', 'email'); break; } //----------------------------------------- // Got an account //----------------------------------------- if (!$this->member_data['member_id']) { $this->return_code = 'NO_USER'; return false; } //----------------------------------------- // Verify it is not blocked //----------------------------------------- if (!$this->_checkFailedLogins()) { return false; } //----------------------------------------- // Check password... //----------------------------------------- if (IPSMember::authenticateMember($this->member_data['member_id'], $password) != true) { if (!$this->_appendFailedLogin()) { return false; } $this->return_code = 'WRONG_AUTH'; return false; } else { $this->return_code = 'SUCCESS'; return false; } }
function __construct(ipsRegistry $registry) { $this->registry = $registry; $this->DB = $this->registry->DB(); $this->settings =& $this->registry->fetchSettings(); $this->request =& $this->registry->fetchRequest(); $this->cache = $this->registry->cache(); $this->caches =& $this->registry->cache()->fetchCaches(); /* Set require path to include sabre directory */ @set_include_path(IPS_KERNEL_PATH . 'sabre/'); /*noLibHook*/ ipsRegistry::$settings['use_friendly_urls'] = 0; /* Fetch authentication library */ $classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login'); $login = new $classToLoad($registry); /* Require spl for sabre */ require_once 'Sabre.autoload.php'; /*noLibHook*/ /* Attempt authentication */ $auth = new Sabre_HTTP_BasicAuth(); $auth->setRealm("IP.Board WebDav"); /* Enabled? */ if (!$this->settings['webdav_on']) { $auth->requireLogin(); echo "Please visit your Admin CP - Look and Feel - Externally Edit Templates and CSS to enable this functionality"; exit; } /* Fetch details */ $authDetails = $auth->getUserPass(); /* Check auth */ $member = IPSMember::load(IPSText::parseCleanValue($authDetails[0]), 'all', 'username'); if (!$member['member_id']) { $auth->requireLogin(); print "Authentication Required (User doesn't exist)"; exit; } /* Internal auth only */ $result = IPSMember::authenticateMember($member['member_id'], md5(IPSText::parseCleanValue($authDetails[1]))); if ($result === false) { $auth->requireLogin(); print "Authentication Required (Username or password incorrect)"; exit; } /* Load permissions class */ $classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/classes/class_permissions.php', 'class_permissions'); $this->registry->setClass('class_permissions', new $classToLoad($this->registry)); if (!$member['g_access_cp']) { $auth->requireLogin(); print "Authentication Required (You are not an admin)"; exit; } if (!$this->registry->getClass('class_permissions')->checkPermission('settemplates_external_edit')) { $auth->requireLogin(); print "You are not permitted to edit skins externally"; exit; } /* Require some files for our sabre implementation */ require_once IPS_ROOT_PATH . 'sources/classes/sabre/root/skins.php'; /*noLibHook*/ require_once IPS_ROOT_PATH . 'sources/classes/sabre/directory/templates.php'; /*noLibHook*/ require_once IPS_ROOT_PATH . 'sources/classes/sabre/directory/groups.php'; /*noLibHook*/ require_once IPS_ROOT_PATH . 'sources/classes/sabre/files/templates.php'; /*noLibHook*/ require_once IPS_ROOT_PATH . 'sources/classes/sabre/lock/nolocks.php'; /*noLibHook*/ $tree = new Sabre_DAV_ObjectTree(new sabre_root_skins()); $server = new Sabre_DAV_Server($tree); $server->setBaseUri($this->getBaseUrl() . '/'); //$server->addPlugin( new Sabre_DAV_Browser_Plugin() ); $server->addPlugin(new Sabre_DAV_Locks_Plugin(new sabre_lock_nolocks())); /* Process */ $server->exec(); }
<?php header("Content-Type: text/plain; charset=UTF-8"); // Verify login and password $login = $_GET['login']; $password = $_GET['password']; if (empty($login) || empty($password)) { exit('Empty login or password'); } // Load IPB core define('IPB_THIS_SCRIPT', 'public'); require_once 'initdata.php'; require_once IPS_ROOT_PATH . 'sources/base/ipsRegistry.php'; $reg = ipsRegistry::instance(); $reg->init(); // Resolve member by login $member = IPSMember::load(IPSText::parseCleanValue($login), 'all', 'username'); $member_id = $member['member_id']; if (!$member_id) { exit('Incorrect login'); } // Try authenticate $success = IPSMember::authenticateMember($member_id, md5(IPSText::parseCleanValue($password))); echo $success ? 'OK:' . $member['name'] : 'Incorrect login or password';