/** * @deprecated CB 1.2.2 (backwards compatibility: obsolete): * use $user->verifyPassword() and $user->hashAndSaltPassword() * * Generate the hashed/salted/encoded password for the database * and to check the password at login: * if $row provided, it is checking the existing password (and update if needed) * if not provided, it will generate a new hashed password * * @param string $passwd cleartext * @param moscomprofilerUser $row * @return string|boolean salted/hashed password if $row not provided, otherwise TRUE/FALSE on password check */ function cbHashPassword($passwd, $row = null) { if ($row) { return $row->verifyPassword($passwd); } else { global $_CB_database; cbimport('cb.tables'); $row = new moscomprofilerUser($_CB_database); return $row->hashAndSaltPassword($passwd); } }
/** * Logins on host CMS using any allowed authentication methods * * @param string $username The username * @param string|boolean $password Well, The password OR strictly boolean false for login without password * @param boolean $rememberMe If login should be remembered in a cookie to be sent back to user's browser * @param boolean $message If an alert message should be prepared on successful login * @param string $return IN & OUT: IN: return URL NOT SEFED for normal login completition (unless an event says different), OUT: redirection url (no htmlspecialchars) NOT SEFED * @param array $messagesToUser OUT: messages to display to user (html) * @param array $alertmessages OUT: messages to alert to user (text) * @param int $loginType 0: username, 1: email, 2: username or email, 3: username, email or CMS authentication */ function login( $username, $password, $rememberMe, $message, &$return, &$messagesToUser, &$alertmessages, $loginType = 0 ) { global $_CB_database, $_CB_framework, $ueConfig, $_PLUGINS; $returnURL = null; if ( ( ! $username ) || ( ( ! $password ) && ( $password !== false ) ) ) { $resultError = _LOGIN_INCOMPLETE; } else { $_PLUGINS->loadPluginGroup('user'); $_PLUGINS->trigger( 'onBeforeLogin', array( &$username, &$password ) ); $resultError = null; $showSysMessage = true; $stopLogin = false; $loggedIn = false; if($_PLUGINS->is_errors()) { $resultError = $_PLUGINS->getErrorMSG(); } else { $row = new moscomprofilerUser( $_CB_database ); $foundUser = false; // Try login by CB authentication trigger: $_PLUGINS->trigger( 'onLoginAuthentication', array( &$username, &$password, &$row, $loginType, &$foundUser, &$stopLogin, &$resultError, &$messagesToUser, &$alertmessages, &$return ) ); if ( ! $foundUser ) { if ( $loginType != 2 ) { // login by username: $foundUser = $row->loadByUsername( stripslashes( $username ) ) && ( ( $password === false ) || $row->verifyPassword( $password ) ); } if ( ( ! $foundUser ) && ( $loginType >= 1 ) ) { // login by email: $foundUser = $row->loadByEmail( stripslashes( $username ) ) && ( ( $password === false ) || $row->verifyPassword( $password ) ); if ( $foundUser ) { $username = $row->username; } } if ( ( ! $foundUser ) && ( $loginType > 2 ) ) { // If no result, try login by CMS authentication: if ( $_CB_framework->login( $username, $password, $rememberMe ) ) { $foundUser = $row->loadByUsername( stripslashes( $username ) ); cbSplitSingleName( $row ); $row->confirmed = 1; $row->approved = 1; $row->store(); // synchronizes with comprofiler table $loggedIn = true; } } } if ( $foundUser ) { $returnPluginsOverrides = null; $pluginResults = $_PLUGINS->trigger( 'onDuringLogin', array( &$row, 1, &$returnPluginsOverrides ) ); if ( $returnPluginsOverrides ) { $return = $returnPluginsOverrides; } if ( is_array( $pluginResults ) && count( $pluginResults ) ) { foreach ( $pluginResults as $res ) { if ( is_array( $res ) ) { if ( isset( $res['messagesToUser'] ) ) { $messagesToUser[] = $res['messagesToUser']; } if ( isset( $res['alertMessage'] ) ) { $alertmessages[] = $res['alertMessage']; } if ( isset( $res['showSysMessage'] ) ) { $showSysMessage = $showSysMessage && $res['showSysMessage']; } if ( isset( $res['stopLogin'] ) ) { $stopLogin = $stopLogin || $res['stopLogin']; } } } } if($_PLUGINS->is_errors()) { $resultError = $_PLUGINS->getErrorMSG(); } elseif ( $stopLogin ) { // login stopped: don't even check for errors... } elseif ($row->approved == 2){ $resultError = _LOGIN_REJECTED; } elseif ($row->confirmed != 1){ if ( $row->cbactivation == '' ) { $row->store(); // just in case the activation code was missing } $cbNotification = new cbNotification(); $cbNotification->sendFromSystem($row->id,getLangDefinition(stripslashes($ueConfig['reg_pend_appr_sub'])),getLangDefinition(stripslashes($ueConfig['reg_pend_appr_msg']))); $resultError = _LOGIN_NOT_CONFIRMED; } elseif ($row->approved == 0){ $resultError = _LOGIN_NOT_APPROVED; } elseif ($row->block == 1) { $resultError = _UE_LOGIN_BLOCKED; } elseif ($row->lastvisitDate == '0000-00-00 00:00:00') { if (isset($ueConfig['reg_first_visit_url']) and ($ueConfig['reg_first_visit_url'] != "")) { $return = $ueConfig['reg_first_visit_url']; } else { $return = $returnPluginsOverrides; // by default return to homepage on first login (or on page overridden by plugin). } $_PLUGINS->trigger( 'onBeforeFirstLogin', array( &$row, $username, $password, &$return )); if ($_PLUGINS->is_errors()) { $resultError = $_PLUGINS->getErrorMSG( "<br />" ); } } } else { if ( $loginType < 2 ) { $resultError = _LOGIN_INCORRECT; } else { $resultError = _UE_INCORRECT_EMAIL_OR_PASSWORD; } } } if ( $resultError ) { if ( $showSysMessage ) { $alertmessages[] = $resultError; } } elseif ( ! $stopLogin ) { if ( ! $loggedIn ) { $_PLUGINS->trigger( 'onDoLoginNow', array( $username, $password, $rememberMe, &$row, &$loggedIn, &$resultError, &$messagesToUser, &$alertmessages, &$return ) ); } if ( ! $loggedIn ) { $_CB_framework->login( $username, $password, $rememberMe ); $loggedIn = true; } $_PLUGINS->trigger( 'onAfterLogin', array( &$row, $loggedIn ) ); if ( $loggedIn && $message && $showSysMessage ) { $alertmessages[] = _LOGIN_SUCCESS; } if ( ! $loggedIn ) { $resultError = _LOGIN_INCORRECT; } // changing com_comprofiler to comprofiler is a quick-fix for SEF ON on return path... if ( $return && !( strpos( $return, 'comprofiler' /* 'com_comprofiler' */ ) && ( strpos( $return, 'login') || strpos( $return, 'logout') || strpos( $return, 'registers' ) || strpos( strtolower( $return ), 'lostpassword' ) ) ) ) { // checks for the presence of a return url // and ensures that this url is not the registration or login pages $returnURL = $return; } elseif ( ! $returnURL ) { $returnURL = 'index.php'; } } } $return = $returnURL; return $resultError; }