Vergleich inc/datahandlers/login.php - 1.8.2 - 1.8.20

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 41Zeile 41
	 */
	public $login_data = array();


 
	 */
	public $login_data = array();


 
	/**
	 * @var bool
	 */

	public $captcha_verified = true;

 
	public $captcha_verified = true;

	





	/**
	 * @var bool|captcha
	 */

	private $captcha = false;


 
	private $captcha = false;


 
	/**
	 * @var int
	 */

	public $username_method = null;


 
	public $username_method = null;


 
	/**
	 * @param int $check_captcha
	 */

	function verify_attempts($check_captcha = 0)

 
	function verify_attempts($check_captcha = 0)

	{
		global $db, $mybb;

		$user = &$this->data;


	{
		global $db, $mybb;

		$user = &$this->data;


		if($check_captcha)
		{
			if(!isset($mybb->cookies['loginattempts']))

		if($check_captcha)
		{
			if(!isset($mybb->cookies['loginattempts']))

Zeile 66Zeile 78
			}
		}
	}

 
			}
		}
	}







	/**
	 * @return bool
	 */

	function verify_captcha()
	{
		global $db, $mybb;

 
	function verify_captcha()
	{
		global $db, $mybb;


		$user = &$this->data;



		$user = &$this->data;


		if($user['imagestring'] || $mybb->settings['captchaimage'] != 1)
		{
			// Check their current captcha input - if correct, hide the captcha input area

		if($user['imagestring'] || $mybb->settings['captchaimage'] != 1)
		{
			// Check their current captcha input - if correct, hide the captcha input area

Zeile 106Zeile 121
		}
	}


 
		}
	}


 
	/**
	 * @return bool
	 */

	function verify_username()
	{
		$this->get_login_data();

	function verify_username()
	{
		$this->get_login_data();

Zeile 115Zeile 133
			$this->invalid_combination();
			return false;
		}

 
			$this->invalid_combination();
			return false;
		}

 

		return true;

	}


 
	}


 
	/**
	 * @param bool $strict
	 *
	 * @return bool
	 */

	function verify_password($strict = true)
	{

 
	function verify_password($strict = true)
	{

		global $db, $mybb;

		global $db, $mybb, $plugins;


		$this->get_login_data();

 

		$this->get_login_data();





		if(empty($this->login_data['username']))
		{
			// Username must be validated to apply a password to

 
		if(empty($this->login_data['username']))
		{
			// Username must be validated to apply a password to

			$this->invalid_combination();
			return false;
		}

		$user = &$this->data;

		$password = md5($user['password']);






			$this->invalid_combination();
			return false;
		}

		$args = array(
			'this' => &$this,
			'strict' => &$strict,
		);

		$plugins->run_hooks('datahandler_login_verify_password_start', $args);

		$user = &$this->data;


		if(!$this->login_data['uid'] || $this->login_data['uid'] && !$this->login_data['salt'] && $strict == false)

 

		if(!$this->login_data['uid'] || $this->login_data['uid'] && !$this->login_data['salt'] && $strict == false)

		{

		{

			$this->invalid_combination();
		}

		if($strict == true)
		{
			if(!$this->login_data['salt'])

 
			$this->invalid_combination();
		}

		if($strict == true)
		{
			if(!$this->login_data['salt'])

			{

			{

				// Generate a salt for this user and assume the password stored in db is a plain md5 password

 
				// Generate a salt for this user and assume the password stored in db is a plain md5 password

				$this->login_data['salt'] = generate_salt();
				$this->login_data['password'] = salt_password($this->login_data['password'], $this->login_data['salt']);

				$sql_array = array(
					"salt" => $this->login_data['salt'],
					"password" => $this->login_data['password']
				);

				$db->update_query("users", $sql_array, "uid = '{$this->login_data['uid']}'");
			}


				$password_fields = create_password($this->login_data['password']);
				$this->login_data = array_merge($this->login_data, $password_fields);
				$db->update_query("users", $password_fields, "uid = '{$this->login_data['uid']}'");
			}








			if(!$this->login_data['loginkey'])
			{
				$this->login_data['loginkey'] = generate_loginkey();

			if(!$this->login_data['loginkey'])
			{
				$this->login_data['loginkey'] = generate_loginkey();

Zeile 164Zeile 188
				);

				$db->update_query("users", $sql_array, "uid = '{$this->login_data['uid']}'");

 
				);

				$db->update_query("users", $sql_array, "uid = '{$this->login_data['uid']}'");

			}
		}

		$salted_password = md5(md5($this->login_data['salt']).$password);

		if($salted_password != $this->login_data['password'])
		{

			}
		}

		$plugins->run_hooks('datahandler_login_verify_password_end', $args);

		if(!verify_user_password($this->login_data, $user['password']))
		{

			$this->invalid_combination(true);
			return false;
		}

 
			$this->invalid_combination(true);
			return false;
		}

 

		return true;

	}


 
	}


 
	/**
	 * @param bool $show_login_attempts
	 */

	function invalid_combination($show_login_attempts = false)
	{
		global $db, $lang, $mybb;

	function invalid_combination($show_login_attempts = false)
	{
		global $db, $lang, $mybb;

Zeile 184Zeile 213
		if(!$this->captcha_verified)
		{
			return;

 
		if(!$this->captcha_verified)
		{
			return;

		}


		}


		$login_text = '';
		if($show_login_attempts)
		{

 
		$login_text = '';
		if($show_login_attempts)
		{

			if($mybb->settings['failedlogincount'] != 0 && $mybb->settings['failedlogintext'] == 1)

			if($mybb->settings['failedlogincount'] != 0 && $mybb->settings['failedlogintext'] == 1 && $this->login_data['uid'] != 0)

			{

 
			{

				$logins = login_attempt_check(false) + 1;

				$logins = login_attempt_check($this->login_data['uid'], false) + 1;

				$login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);
			}
		}

		switch($mybb->settings['username_method'])

 
				$login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);
			}
		}

		switch($mybb->settings['username_method'])

		{

		{

			case 1:
				$this->set_error('invalidpwordusernameemail', $login_text);
				break;

			case 1:
				$this->set_error('invalidpwordusernameemail', $login_text);
				break;

Zeile 217Zeile 246
		$user = &$this->data;

		$options = array(

 
		$user = &$this->data;

		$options = array(

			'fields' => array('uid', 'username', 'password', 'salt', 'loginkey', 'coppauser', 'usergroup', 'loginattempts'),

			'fields' => '*',

			'username_method' => (int)$settings['username_method']
		);

 
			'username_method' => (int)$settings['username_method']
		);





		if($this->username_method !== null)
		{
			$options['username_method'] = (int)$this->username_method;
		}

		$this->login_data = get_user_by_username($user['username'], $options);

 
		if($this->username_method !== null)
		{
			$options['username_method'] = (int)$this->username_method;
		}

		$this->login_data = get_user_by_username($user['username'], $options);

	}

	}


 
	/**
	 * @return bool
	 */

	function validate_login()
	{
		global $plugins, $mybb;

 
	function validate_login()
	{
		global $plugins, $mybb;





		$user = &$this->data;

 
		$user = &$this->data;





		$plugins->run_hooks('datahandler_login_validate_start', $this);


 
		$plugins->run_hooks('datahandler_login_validate_start', $this);


		$this->verify_attempts($mybb->settings['captchaimage']);




		if(!defined('IN_ADMINCP'))
		{
			$this->verify_attempts($mybb->settings['captchaimage']);
		}


		if(array_key_exists('username', $user))
		{


		if(array_key_exists('username', $user))
		{

Zeile 260Zeile 295
		return true;
	}


 
		return true;
	}


 
	/**
	 * @return bool true
	 */

	function complete_login()
	{
		global $plugins, $db, $mybb, $session;

	function complete_login()
	{
		global $plugins, $db, $mybb, $session;

Zeile 288Zeile 326
			$remember = -1;
		}


 
			$remember = -1;
		}


		my_setcookie("mybbuser", $user['uid']."_".$user['loginkey'], $remember, true);
		

		my_setcookie("mybbuser", $user['uid']."_".$user['loginkey'], $remember, true, "lax");


		if($this->captcha !== false)
		{
			$this->captcha->invalidate_captcha();

		if($this->captcha !== false)
		{
			$this->captcha->invalidate_captcha();