Vergleich member.php - 1.6.8 - 1.6.9

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 6Zeile 6
 * Website: http://mybb.com
 * License: http://mybb.com/about/license
 *

 
 * Website: http://mybb.com
 * License: http://mybb.com/about/license
 *

 * $Id: member.php 5784 2012-04-19 12:57:48Z Tomm $

 * $Id$

 */

define("IN_MYBB", 1);

 */

define("IN_MYBB", 1);

Zeile 1151Zeile 1151
				break;
		}
	}

 
				break;
		}
	}

	



	$query = $db->simple_select("users", "loginattempts", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['username']))."' OR LOWER(email)='".$db->escape_string(my_strtolower($mybb->input['username']))."'", array('limit' => 1));
	$loginattempts = $db->fetch_field($query, "loginattempts");

 
	$query = $db->simple_select("users", "loginattempts", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['username']))."' OR LOWER(email)='".$db->escape_string(my_strtolower($mybb->input['username']))."'", array('limit' => 1));
	$loginattempts = $db->fetch_field($query, "loginattempts");

	



	$errors = array();

 
	$errors = array();

	
	$user = validate_password_from_username($mybb->input['username'], $mybb->input['password']);
	if(!$user['uid'])
	{
		my_setcookie('loginattempts', $logins + 1);
		$db->update_query("users", array('loginattempts' => 'loginattempts+1'), "LOWER(username) = '".$db->escape_string(my_strtolower($mybb->input['username']))."'", 1, true);
		
		$mybb->input['action'] = "login";
		$mybb->input['request_method'] = "get";
		
		if($mybb->settings['failedlogincount'] != 0 && $mybb->settings['failedlogintext'] == 1)
		{
			$login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);
		}
		
		switch($mybb->settings['username_method'])
		{
			case 0:
				$errors[] = $lang->error_invalidpworusername.$login_text;
				break;
			case 1:
				$errors[] = $lang->error_invalidpworusername1.$login_text;
				break;
			case 2:
				$errors[] = $lang->error_invalidpworusername2.$login_text;
				break;
			default:
				$errors[] = $lang->error_invalidpworusername.$login_text;
				break;
		}
	}
	else

	if($mybb->settings['failedcaptchalogincount'] > 0 && ($loginattempts > $mybb->settings['failedcaptchalogincount'] || intval($mybb->cookies['loginattempts']) > $mybb->settings['failedcaptchalogincount']))
































	{

 
	{

		$correct = true;
	}
	
	if($mybb->settings['failedcaptchalogincount'] > 0 && ($loginattempts > $mybb->settings['failedcaptchalogincount'] || intval($mybb->cookies['loginattempts']) > $mybb->settings['failedcaptchalogincount']))
	{

 
		// Show captcha image if enabled

 
		// Show captcha image if enabled

		if($mybb->settings['captchaimage'] == 1 && function_exists("imagepng"))

		if($mybb->settings['captchaimage'])

		{

 
		{

 
			$do_captcha = false;


			// Check their current captcha input - if correct, hide the captcha input area

 
			// Check their current captcha input - if correct, hide the captcha input area

			if($mybb->input['imagestring'])
			{
				$imagehash = $db->escape_string($mybb->input['imagehash']);
				$imagestring = $db->escape_string($mybb->input['imagestring']);
				$query = $db->simple_select("captcha", "*", "imagehash='{$imagehash}' AND imagestring='{$imagestring}'");
				$imgcheck = $db->fetch_array($query);
				if($imgcheck['dateline'] > 0)




			require_once MYBB_ROOT.'inc/class_captcha.php';
			$login_captcha = new captcha;

			if($login_captcha->validate_captcha() == false)
			{
				$correct = true;
				$do_captcha = true;

				// CAPTCHA validation failed
				foreach($login_captcha->get_errors() as $error)

				{

 
				{

					$correct = true;
				}
				else
				{
					$db->delete_query("captcha", "imagehash='{$imagehash}'");
					$errors[] = $lang->error_regimageinvalid;

					$errors[] = $error;






				}
			}

 
				}
			}

			else if($mybb->input['quick_login'] == 1 && $mybb->input['quick_password'] && $mybb->input['quick_username'])





















		}
	}

	// Don't check password when captcha isn't solved
	if(empty($errors))
	{
		$user = validate_password_from_username($mybb->input['username'], $mybb->input['password']);
		if(!$user['uid'])
		{
			my_setcookie('loginattempts', $logins + 1);
			$db->update_query("users", array('loginattempts' => 'loginattempts+1'), "LOWER(username) = '".$db->escape_string(my_strtolower($mybb->input['username']))."'", 1, true);

			$mybb->input['action'] = "login";
			$mybb->input['request_method'] = "get";

			if($mybb->settings['failedlogincount'] != 0 && $mybb->settings['failedlogintext'] == 1)
			{
				$login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);
			}

			switch($mybb->settings['username_method'])

			{

 
			{

				$errors[] = $lang->error_regimagerequired;
			}
			else
			{
				$errors[] = $lang->error_regimagerequired;








				case 0:
					$errors[] = $lang->error_invalidpworusername.$login_text;
					break;
				case 1:
					$errors[] = $lang->error_invalidpworusername1.$login_text;
					break;
				case 2:
					$errors[] = $lang->error_invalidpworusername2.$login_text;
					break;
				default:
					$errors[] = $lang->error_invalidpworusername.$login_text;
					break;

			}
		}

 
			}
		}

		
		$do_captcha = true;



		else
		{
			$correct = true;
		}

	}

 
	}

	



	if(!empty($errors))

 
	if(!empty($errors))

	{
		$mybb->input['action'] = "login";

	{
		$mybb->input['action'] = "login";

		$mybb->input['request_method'] = "get";
		
		$inline_errors = inline_error($errors);

		$mybb->input['request_method'] = "get";
		
		$inline_errors = inline_error($errors);

Zeile 1247Zeile 1240
			"uid" => $user['uid'],
		);
		$db->update_query("sessions", $newsession, "sid='".$session->sid."'");

 
			"uid" => $user['uid'],
		);
		$db->update_query("sessions", $newsession, "sid='".$session->sid."'");

		

		

		$db->update_query("users", array("loginattempts" => 1), "uid='{$user['uid']}'");
		
		if($mybb->input['remember'] != "yes")

		$db->update_query("users", array("loginattempts" => 1), "uid='{$user['uid']}'");
		
		if($mybb->input['remember'] != "yes")

Zeile 1283Zeile 1276
	else
	{
		$mybb->input['action'] = "login";

 
	else
	{
		$mybb->input['action'] = "login";

		$mybb->input['request_method'] = "get";

		$mybb->input['request_method'] = "get";

	}
	
	$plugins->run_hooks("member_do_login_end");

	}
	
	$plugins->run_hooks("member_do_login_end");

Zeile 1316Zeile 1309

	$captcha = "";
	// Show captcha image for guests if enabled

 

	$captcha = "";
	// Show captcha image for guests if enabled

	if($mybb->settings['captchaimage'] == 1 && function_exists("imagepng") && $do_captcha == true)

	if($mybb->settings['captchaimage'])

	{

 
	{

		$randomstr = random_str(5);
		$imagehash = md5(random_str(12));
		$imagearray = array(
			"imagehash" => $imagehash,
			"imagestring" => $randomstr,
			"dateline" => TIME_NOW
		);
		$db->insert_query("captcha", $imagearray);
		eval("\$captcha = \"".$templates->get("post_captcha")."\";");








		require_once MYBB_ROOT.'inc/class_captcha.php';

		if($do_captcha == true)
		{
			$login_captcha = new captcha(true, "post_captcha");

			if($login_captcha->html)
			{
				$captcha = $login_captcha->html;
			}
		}
		else
		{
			$login_captcha = new captcha;
			$captcha = $login_captcha->build_hidden_captcha();
		}

	}

 
	}

	
	$username = "";
	$password = "";


	$username = '';
	$password = '';

	if($mybb->input['username'] && $mybb->request_method == "post")
	{
		$username = htmlspecialchars_uni($mybb->input['username']);

	if($mybb->input['username'] && $mybb->request_method == "post")
	{
		$username = htmlspecialchars_uni($mybb->input['username']);