Vergleich inc/datahandlers/login.php - 1.8.0 - 1.8.13

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 41Zeile 41
	 */
	public $login_data = array();


 
	 */
	public $login_data = array();


 
	/**
	 * @var bool
	 */

	public $captcha_verified = true;

 
	public $captcha_verified = true;

	





	/**
	 * @var bool|captcha
	 */

	private $captcha = false;


 
	private $captcha = false;


 
	/**
	 * @var int
	 */
	public $username_method = null;

	/**
	 * @param int $check_captcha
	 */

	function verify_attempts($check_captcha = 0)
	{
		global $db, $mybb;

 
	function verify_attempts($check_captcha = 0)
	{
		global $db, $mybb;





		$user = &$this->data;

 
		$user = &$this->data;





		if($check_captcha)
		{
			if(!isset($mybb->cookies['loginattempts']))

		if($check_captcha)
		{
			if(!isset($mybb->cookies['loginattempts']))

Zeile 61Zeile 75
			{
				$this->captcha_verified = false;
				$this->verify_captcha();

 
			{
				$this->captcha_verified = false;
				$this->verify_captcha();

			}
		}
	}





			}
		}
	}

	/**
	 * @return bool
	 */

	function verify_captcha()
	{
		global $db, $mybb;

		$user = &$this->data;

 
	function verify_captcha()
	{
		global $db, $mybb;

		$user = &$this->data;





		if($user['imagestring'] || $mybb->settings['captchaimage'] != 1)
		{
			// Check their current captcha input - if correct, hide the captcha input area

		if($user['imagestring'] || $mybb->settings['captchaimage'] != 1)
		{
			// Check their current captcha input - if correct, hide the captcha input area

Zeile 85Zeile 102
					$this->set_error($error);
				}
				return false;

 
					$this->set_error($error);
				}
				return false;

			}

			}

			else
			{
				$this->captcha_verified = true;

			else
			{
				$this->captcha_verified = true;

Zeile 104Zeile 121
		}
	}


 
		}
	}


 
	/**
	 * @return bool
	 */

	function verify_username()

 
	function verify_username()

	{
		global $db, $mybb;

		$user = &$this->data;
		$username = $db->escape_string(my_strtolower($user['username']));

		$query = $db->simple_select("users", "COUNT(*) as user", "LOWER(username) = '{$username}' OR LOWER(email) = '{$username}'", array('limit' => 1));

		if($db->fetch_field($query, 'user') != 1)
		{
			$this->invalid_combination();
			return false;
		}

		// Add username to data
		$this->login_data['username'] = $username;
	}

	{
		$this->get_login_data();

		if(!$this->login_data['uid'])
		{
			$this->invalid_combination();
			return false;
		}

		return true;
	}


 
	/**
	 * @param bool $strict
	 *
	 * @return bool
	 */

	function verify_password($strict = true)
	{

 
	function verify_password($strict = true)
	{

		global $db, $mybb;



		global $db, $mybb, $plugins;

		$this->get_login_data();


		if(empty($this->login_data['username']))
		{
			// Username must be validated to apply a password to

 

		if(empty($this->login_data['username']))
		{
			// Username must be validated to apply a password to

			$this->invalid_combination();
			return false;
		}









			$this->invalid_combination();
			return false;
		}

		$args = array(
			'this' => &$this,
			'strict' => &$strict,
		);

		$plugins->run_hooks('datahandler_login_verify_password_start', $args);


		$user = &$this->data;

 
		$user = &$this->data;

		$password = md5($user['password']);
		$username = $this->login_data['username'];

		$options = array(
			'fields' => array('username', 'password', 'salt', 'loginkey', 'coppauser', 'usergroup')
		);

		$this->login_data = get_user_by_username($username, $options);












		if(!$this->login_data['uid'] || $this->login_data['uid'] && !$this->login_data['salt'] && $strict == false)

 
		if(!$this->login_data['uid'] || $this->login_data['uid'] && !$this->login_data['salt'] && $strict == false)

		{

		{

			$this->invalid_combination();
		}

		if($strict == true)
		{
			if(!$this->login_data['salt'])

 
			$this->invalid_combination();
		}

		if($strict == true)
		{
			if(!$this->login_data['salt'])

			{
				// Generate a salt for this user and assume the password stored in db is a plain md5 password
				$this->login_data['salt'] = generate_salt();
				$this->login_data['password'] = salt_password($this->login_data['password'], $this->login_data['salt']);

				$sql_array = array(
					"salt" => $this->login_data['salt'],
					"password" => $this->login_data['password']
				);

				$db->update_query("users", $sql_array, "uid = '{$this->login_data['uid']}'");
			}

			{
				// Generate a salt for this user and assume the password stored in db is a plain md5 password
				$password_fields = create_password($this->login_data['password']);
				$this->login_data = array_merge($this->login_data, $password_fields);
				$db->update_query("users", $password_fields, "uid = '{$this->login_data['uid']}'");
			}








			if(!$this->login_data['loginkey'])
			{
				$this->login_data['loginkey'] = generate_loginkey();

 

			if(!$this->login_data['loginkey'])
			{
				$this->login_data['loginkey'] = generate_loginkey();





				$sql_array = array(
					"loginkey" => $this->login_data['loginkey']
				);

				$db->update_query("users", $sql_array, "uid = '{$this->login_data['uid']}'");
			}

 
				$sql_array = array(
					"loginkey" => $this->login_data['loginkey']
				);

				$db->update_query("users", $sql_array, "uid = '{$this->login_data['uid']}'");
			}

		}

		}



 


		$salted_password = md5(md5($this->login_data['salt']).$password);

		$plugins->run_hooks('datahandler_login_verify_password_end', $args);



 


		if($salted_password != $this->login_data['password'])

		if(!verify_user_password($this->login_data, $user['password']))

		{
			$this->invalid_combination(true);
			return false;

 
		{
			$this->invalid_combination(true);
			return false;

		}
	}







		}

		return true;
	}

	/**
	 * @param bool $show_login_attempts
	 */

	function invalid_combination($show_login_attempts = false)
	{
		global $db, $lang, $mybb;

	function invalid_combination($show_login_attempts = false)
	{
		global $db, $lang, $mybb;

Zeile 220Zeile 239
		}
	}


 
		}
	}


 
	function get_login_data()
	{
		global $db, $settings;

		$user = &$this->data;

		$options = array(
			'fields' => '*',
			'username_method' => (int)$settings['username_method']
		);

		if($this->username_method !== null)
		{
			$options['username_method'] = (int)$this->username_method;
		}

		$this->login_data = get_user_by_username($user['username'], $options);
	}

	/**
	 * @return bool
	 */

	function validate_login()
	{
		global $plugins, $mybb;

 
	function validate_login()
	{
		global $plugins, $mybb;





		$user = &$this->data;

 
		$user = &$this->data;





		$plugins->run_hooks('datahandler_login_validate_start', $this);


 
		$plugins->run_hooks('datahandler_login_validate_start', $this);


		$this->verify_attempts($mybb->settings['captchaimage']);




		if(!defined('IN_ADMINCP'))
		{
			$this->verify_attempts($mybb->settings['captchaimage']);
		}


		if(array_key_exists('username', $user))
		{


		if(array_key_exists('username', $user))
		{

Zeile 251Zeile 295
		return true;
	}


 
		return true;
	}


 
	/**
	 * @return bool true
	 */

	function complete_login()
	{
		global $plugins, $db, $mybb, $session;

	function complete_login()
	{
		global $plugins, $db, $mybb, $session;