public function execute() { $template_processor = SJB_System::getTemplateProcessor(); $username = SJB_Request::getVar('username', null); $verification_key = SJB_Request::getVar('verification_key', null); $ERRORS = array(); $password_was_changed = false; $user_info = SJB_UserManager::getUserInfoByUserName($username); if (empty($user_info)) { $ERRORS['EMPTY_USERNAME'] = 1; } elseif (empty($verification_key)) { $ERRORS['EMPTY_VERIFICATION_KEY'] = 1; } elseif ($user_info['verification_key'] != $verification_key) { $ERRORS['WRONG_VERIFICATION_KEY'] = 1; } elseif ($_SERVER['REQUEST_METHOD'] == 'POST') { if (!empty($_REQUEST['password']) && $_REQUEST['password'] == $_REQUEST['confirm_password']) { $password_was_changed = SJB_UserManager::changeUserPassword($user_info['sid'], $_REQUEST['password']); } else { $ERRORS['PASSWORD_NOT_CONFIRMED'] = 1; } } if ($password_was_changed) { $template_processor->display('successful_password_change.tpl'); } else { $template_processor->assign('username', $username); $template_processor->assign('verification_key', $verification_key); $template_processor->assign('errors', $ERRORS); $template_processor->display('change_password.tpl'); } }
function login_sjb(&$username, &$user_data) { global $phpbb_root_path, $db, $user, $config, $cache, $phpEx; define('LOGIN_PHPBB', true); //set define to allow to check for recursivity $password = is_array($user_data) ? $user_data['password'] : $user_data; $status = null; if (!$password) { return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'NO_PASSWORD_SUPPLIED', 'user_row' => array('user_id' => ANONYMOUS)); } if (!$username) { return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS)); } $sql = 'DESCRIBE ' . USERS_TABLE . ' login_name'; $result = $db->sql_query($sql); $has_login_name = $db->sql_fetchrow(); $db->sql_freeresult($result); if (!empty($has_login_name)) { $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, login_name FROM ' . USERS_TABLE . "\n\t\t\tWHERE login_name = '" . $db->sql_escape($username) . "'"; } else { $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type FROM ' . USERS_TABLE . "\n\t\t\tWHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; } $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($row) { // User inactive... if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) { return array('status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row); } $status = LOGIN_SUCCESS; } $dir = getcwd(); loadSJB(); //get the sjb user $errors = array(); $logged_in = SJB_Authorization::login($username, $password, false, $errors, false); // user not in phpbb3 db, but is in sjb $userInfo = SJB_UserDBManager::getUserInfoByUserName($username); chdir($dir); if ($row && $userInfo) { if (!$logged_in && phpbb_check_hash($password, $row['user_password'])) { if (SJB_UserManager::changeUserPassword($userInfo['sid'], $password)) { $errors = array(); } $logged_in = SJB_Authorization::login($username, $password, false, $errors, false); } elseif ($logged_in && !phpbb_check_hash($password, $row['user_password'])) { $sql_ary = array('user_actkey' => '', 'user_password' => phpbb_hash($password), 'user_newpasswd' => '', 'user_pass_convert' => 0, 'user_login_attempts' => 0); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); } } elseif (!$row && $userInfo) { // retrieve default group id $sql = 'SELECT group_id FROM ' . GROUPS_TABLE . "\n\t\t\t\tWHERE group_name = '" . $db->sql_escape('REGISTERED') . "'\n\t\t\t\tAND group_type = " . GROUP_SPECIAL; $result = $db->sql_query($sql); $group = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$group) { trigger_error('NO_GROUP'); } // generate user account data $row = array('username' => $username, 'user_password' => phpbb_hash($password), 'user_email' => $userInfo['email'], 'group_id' => $group['group_id'], 'user_type' => (string) USER_NORMAL); if (!empty($has_login_name)) { $row['username'] = $userInfo['username']; $row['login_name'] = $username; } $status = LOGIN_SUCCESS_CREATE_PROFILE; } elseif ($row && !$userInfo && isset($errors['NO_SUCH_USER'])) { if (phpbb_check_hash($password, $row['user_password'])) { $errors = array(); } } if (isset($errors['INVALID_PASSWORD'])) { return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'LOGIN_ERROR_PASSWORD', 'user_row' => array('user_id' => ANONYMOUS)); } elseif (isset($errors['USER_NOT_ACTIVE'])) { return array('status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row); } elseif (isset($errors['BANNED_USER'])) { define('IN_CHECK_BAN', 1); return array('status' => BAN_TRIGGERED_BY_IP, 'error_msg' => 'BAN_TRIGGERED_BY_IP', 'user_row' => $row); } elseif ($errors) { return array('status' => $errors, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row); } // Successful login... set user_login_attempts to zero... return array('status' => $status, 'error_msg' => false, 'user_row' => $row); }