Vergleich inc/datahandlers/login.php - 1.8.0 - 1.8.26

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 41Zeile 41
	 */
public $login_data = array();


	 */
public $login_data = array();


 
	/**
* @var bool
*/

	public $captcha_verified = true;

	public $captcha_verified = true;

	





/**
* @var bool|captcha
*/

	private $captcha = false;


	private $captcha = false;


 
	/**
* @var int
*/
public $username_method = null;

/**
* @param int $check_captcha
*/

	function verify_attempts($check_captcha = 0)

	function verify_attempts($check_captcha = 0)

	{

	{

		global $db, $mybb;

$user = &$this->data;

		global $db, $mybb;

$user = &$this->data;

Zeile 56Zeile 70
			if(!isset($mybb->cookies['loginattempts']))
{
$mybb->cookies['loginattempts'] = 0;

			if(!isset($mybb->cookies['loginattempts']))
{
$mybb->cookies['loginattempts'] = 0;

			}

			}

			if($mybb->settings['failedcaptchalogincount'] > 0 && ($user['loginattempts'] > $mybb->settings['failedcaptchalogincount'] || (int)$mybb->cookies['loginattempts'] > $mybb->settings['failedcaptchalogincount']))
{
$this->captcha_verified = false;

			if($mybb->settings['failedcaptchalogincount'] > 0 && ($user['loginattempts'] > $mybb->settings['failedcaptchalogincount'] || (int)$mybb->cookies['loginattempts'] > $mybb->settings['failedcaptchalogincount']))
{
$this->captcha_verified = false;

Zeile 65Zeile 79
		}
}


		}
}


 
	/**
* @return bool
*/

	function verify_captcha()
{
global $db, $mybb;


	function verify_captcha()
{
global $db, $mybb;


		$user = &$this->data;


		$user = &$this->data;


		if($user['imagestring'] || $mybb->settings['captchaimage'] != 1)
{
// Check their current captcha input - if correct, hide the captcha input area

		if($user['imagestring'] || $mybb->settings['captchaimage'] != 1)
{
// Check their current captcha input - if correct, hide the captcha input area

Zeile 95Zeile 112
		else if($mybb->input['quick_login'] == 1 && $mybb->input['quick_password'] && $mybb->input['quick_username'])
{
$this->set_error('regimagerequired');

		else if($mybb->input['quick_login'] == 1 && $mybb->input['quick_password'] && $mybb->input['quick_username'])
{
$this->set_error('regimagerequired');

			return false;
}

			return false;
}

		else

		else

		{

		{

			$this->set_error('regimageinvalid');

			$this->set_error('regimageinvalid');

			return false;
}

			return false;
}

	}


	}


 
	/**
* @return bool
*/

	function verify_username()

	function verify_username()

	{
global $db, $mybb;

$user = &$this->data;
$username = $db->escape_string(my_strtolower($user['username']));

$query = $db->simple_select("users", "COUNT(*) as user", "LOWER(username) = '{$username}' OR LOWER(email) = '{$username}'", array('limit' => 1));

if($db->fetch_field($query, 'user') != 1)
{

	{
$this->get_login_data();

if(!$this->login_data['uid'])
{






			$this->invalid_combination();
return false;

			$this->invalid_combination();
return false;

		}

		}





		// Add username to data
$this->login_data['username'] = $username;

		return true;


	}


	}


 
	/**
* @param bool $strict
*
* @return bool
*/

	function verify_password($strict = true)
{

	function verify_password($strict = true)
{

		global $db, $mybb;



		global $db, $mybb, $plugins;

$this->get_login_data();


if(empty($this->login_data['username']))


if(empty($this->login_data['username']))

		{

		{

			// Username must be validated to apply a password to

			// Username must be validated to apply a password to

			$this->invalid_combination();

			$this->invalid_combination();

			return false;

			return false;

		}

$user = &$this->data;
$password = md5($user['password']);
$username = $this->login_data['username'];

$options = array(
'fields' => array('username', 'password', 'salt', 'loginkey', 'coppauser', 'usergroup')
);

$this->login_data = get_user_by_username($username, $options);

		}

$args = array(
'this' => &$this,
'strict' => &$strict,
);

$plugins->run_hooks('datahandler_login_verify_password_start', $args);

$user = &$this->data;



if(!$this->login_data['uid'] || $this->login_data['uid'] && !$this->login_data['salt'] && $strict == false)
{


if(!$this->login_data['uid'] || $this->login_data['uid'] && !$this->login_data['salt'] && $strict == false)
{

Zeile 152Zeile 172
		if($strict == true)
{
if(!$this->login_data['salt'])

		if($strict == true)
{
if(!$this->login_data['salt'])

			{
// Generate a salt for this user and assume the password stored in db is a plain md5 password
$this->login_data['salt'] = generate_salt();
$this->login_data['password'] = salt_password($this->login_data['password'], $this->login_data['salt']);

$sql_array = array(
"salt" => $this->login_data['salt'],
"password" => $this->login_data['password']
);

$db->update_query("users", $sql_array, "uid = '{$this->login_data['uid']}'");
}

			{
// Generate a salt for this user and assume the password stored in db is a plain md5 password
$password_fields = create_password($this->login_data['password']);
$this->login_data = array_merge($this->login_data, $password_fields);
$db->update_query("users", $password_fields, "uid = '{$this->login_data['uid']}'");
}








if(!$this->login_data['loginkey'])
{


if(!$this->login_data['loginkey'])
{

Zeile 175Zeile 189

$db->update_query("users", $sql_array, "uid = '{$this->login_data['uid']}'");
}


$db->update_query("users", $sql_array, "uid = '{$this->login_data['uid']}'");
}

		}

$salted_password = md5(md5($this->login_data['salt']).$password);

if($salted_password != $this->login_data['password'])

		}

$plugins->run_hooks('datahandler_login_verify_password_end', $args);

if(!verify_user_password($this->login_data, $user['password']))

		{
$this->invalid_combination(true);
return false;
}

		{
$this->invalid_combination(true);
return false;
}

 

return true;

	}


	}


 
	/**
* @param bool $show_login_attempts
*/

	function invalid_combination($show_login_attempts = false)
{
global $db, $lang, $mybb;

// Don't show an error when the captcha was wrong!
if(!$this->captcha_verified)

	function invalid_combination($show_login_attempts = false)
{
global $db, $lang, $mybb;

// Don't show an error when the captcha was wrong!
if(!$this->captcha_verified)

		{

		{

			return;
}

$login_text = '';
if($show_login_attempts)
{

			return;
}

$login_text = '';
if($show_login_attempts)
{

			if($mybb->settings['failedlogincount'] != 0 && $mybb->settings['failedlogintext'] == 1)

			if($mybb->settings['failedlogincount'] != 0 && $mybb->settings['failedlogintext'] == 1 && $this->login_data['uid'] != 0)

			{

			{

				$logins = login_attempt_check(false) + 1;

				$logins = login_attempt_check($this->login_data['uid'], false) + 1;

				$login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);
}

				$login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);
}

		}


		}


		switch($mybb->settings['username_method'])
{
case 1:

		switch($mybb->settings['username_method'])
{
case 1:

Zeile 220Zeile 239
		}
}


		}
}


 
	function get_login_data()
{
global $db, $settings;

$user = &$this->data;

$options = array(
'fields' => '*',
'username_method' => (int)$settings['username_method']
);

if($this->username_method !== null)
{
$options['username_method'] = (int)$this->username_method;
}

$this->login_data = get_user_by_username($user['username'], $options);
}

/**
* @return bool
*/

	function validate_login()

	function validate_login()

	{

	{

		global $plugins, $mybb;

		global $plugins, $mybb;





		$user = &$this->data;

		$user = &$this->data;





		$plugins->run_hooks('datahandler_login_validate_start', $this);


		$plugins->run_hooks('datahandler_login_validate_start', $this);


		$this->verify_attempts($mybb->settings['captchaimage']);




		if(!defined('IN_ADMINCP'))
{
$this->verify_attempts($mybb->settings['captchaimage']);
}


if(array_key_exists('username', $user))
{


if(array_key_exists('username', $user))
{

Zeile 251Zeile 295
		return true;
}


		return true;
}


 
	/**
* @return bool true
*/

	function complete_login()
{
global $plugins, $db, $mybb, $session;

	function complete_login()
{
global $plugins, $db, $mybb, $session;

Zeile 262Zeile 309
		// Login to MyBB
my_setcookie('loginattempts', 1);
my_setcookie("sid", $session->sid, -1, true);

		// Login to MyBB
my_setcookie('loginattempts', 1);
my_setcookie("sid", $session->sid, -1, true);


$ip_address = $db->escape_binary($session->packedip);
$db->delete_query("sessions", "ip = {$ip_address} AND sid != '{$session->sid}'");

 

$newsession = array(
"uid" => $user['uid'],
);


$newsession = array(
"uid" => $user['uid'],
);





		$db->update_query("sessions", $newsession, "sid = '{$session->sid}'");
$db->update_query("users", array("loginattempts" => 1), "uid = '{$user['uid']}'");


		$db->update_query("sessions", $newsession, "sid = '{$session->sid}'");
$db->update_query("users", array("loginattempts" => 1), "uid = '{$user['uid']}'");


Zeile 279Zeile 323
			$remember = -1;
}


			$remember = -1;
}


		my_setcookie("mybbuser", $user['uid']."_".$user['loginkey'], $remember, true);


		my_setcookie("mybbuser", $user['uid']."_".$user['loginkey'], $remember, true, "lax");


		if($this->captcha !== false)
{
$this->captcha->invalidate_captcha();

		if($this->captcha !== false)
{
$this->captcha->invalidate_captcha();