Zeile 41 | Zeile 41 |
---|
*/ public $login_data = array();
|
*/ public $login_data = array();
|
| /** * @var bool */
|
public $captcha_verified = true;
|
public $captcha_verified = true;
|
| /** * @var bool|captcha */
|
private $captcha = false;
|
private $captcha = false;
|
| /** * @var int */ public $username_method = null;
/** * @param int $check_captcha */
|
function verify_attempts($check_captcha = 0)
|
function verify_attempts($check_captcha = 0)
|
{
| {
|
global $db, $mybb;
$user = &$this->data;
| global $db, $mybb;
$user = &$this->data;
|
Zeile 56 | Zeile 70 |
---|
if(!isset($mybb->cookies['loginattempts'])) { $mybb->cookies['loginattempts'] = 0;
|
if(!isset($mybb->cookies['loginattempts'])) { $mybb->cookies['loginattempts'] = 0;
|
}
| }
|
if($mybb->settings['failedcaptchalogincount'] > 0 && ($user['loginattempts'] > $mybb->settings['failedcaptchalogincount'] || (int)$mybb->cookies['loginattempts'] > $mybb->settings['failedcaptchalogincount'])) { $this->captcha_verified = false;
| if($mybb->settings['failedcaptchalogincount'] > 0 && ($user['loginattempts'] > $mybb->settings['failedcaptchalogincount'] || (int)$mybb->cookies['loginattempts'] > $mybb->settings['failedcaptchalogincount'])) { $this->captcha_verified = false;
|
Zeile 65 | Zeile 79 |
---|
} }
|
} }
|
| /** * @return bool */
|
function verify_captcha() { global $db, $mybb;
|
function verify_captcha() { global $db, $mybb;
|
$user = &$this->data;
| $user = &$this->data;
|
if($user['imagestring'] || $mybb->settings['captchaimage'] != 1) { // Check their current captcha input - if correct, hide the captcha input area
| if($user['imagestring'] || $mybb->settings['captchaimage'] != 1) { // Check their current captcha input - if correct, hide the captcha input area
|
Zeile 95 | Zeile 112 |
---|
else if($mybb->input['quick_login'] == 1 && $mybb->input['quick_password'] && $mybb->input['quick_username']) { $this->set_error('regimagerequired');
|
else if($mybb->input['quick_login'] == 1 && $mybb->input['quick_password'] && $mybb->input['quick_username']) { $this->set_error('regimagerequired');
|
return false; }
| return false; }
|
else
|
else
|
{
| {
|
$this->set_error('regimageinvalid');
|
$this->set_error('regimageinvalid');
|
return false; }
| return false; }
|
}
|
}
|
| /** * @return bool */
|
function verify_username()
|
function verify_username()
|
{ global $db, $mybb;
$user = &$this->data; $username = $db->escape_string(my_strtolower($user['username']));
$query = $db->simple_select("users", "COUNT(*) as user", "LOWER(username) = '{$username}' OR LOWER(email) = '{$username}'", array('limit' => 1));
if($db->fetch_field($query, 'user') != 1) {
| { $this->get_login_data();
if(!$this->login_data['uid']) {
|
$this->invalid_combination(); return false;
|
$this->invalid_combination(); return false;
|
}
| }
|
|
|
// Add username to data $this->login_data['username'] = $username;
| return true;
|
}
|
}
|
| /** * @param bool $strict * * @return bool */
|
function verify_password($strict = true) {
|
function verify_password($strict = true) {
|
global $db, $mybb;
| global $db, $mybb, $plugins;
$this->get_login_data();
|
if(empty($this->login_data['username']))
|
if(empty($this->login_data['username']))
|
{
| {
|
// Username must be validated to apply a password to
|
// Username must be validated to apply a password to
|
$this->invalid_combination();
| $this->invalid_combination();
|
return false;
|
return false;
|
}
$user = &$this->data; $password = md5($user['password']); $username = $this->login_data['username'];
$options = array( 'fields' => array('username', 'password', 'salt', 'loginkey', 'coppauser', 'usergroup') );
$this->login_data = get_user_by_username($username, $options);
| }
$args = array( 'this' => &$this, 'strict' => &$strict, );
$plugins->run_hooks('datahandler_login_verify_password_start', $args);
$user = &$this->data;
|
if(!$this->login_data['uid'] || $this->login_data['uid'] && !$this->login_data['salt'] && $strict == false) {
| if(!$this->login_data['uid'] || $this->login_data['uid'] && !$this->login_data['salt'] && $strict == false) {
|
Zeile 152 | Zeile 172 |
---|
if($strict == true) { if(!$this->login_data['salt'])
|
if($strict == true) { if(!$this->login_data['salt'])
|
{ // Generate a salt for this user and assume the password stored in db is a plain md5 password $this->login_data['salt'] = generate_salt(); $this->login_data['password'] = salt_password($this->login_data['password'], $this->login_data['salt']);
$sql_array = array( "salt" => $this->login_data['salt'], "password" => $this->login_data['password'] );
$db->update_query("users", $sql_array, "uid = '{$this->login_data['uid']}'"); }
| { // Generate a salt for this user and assume the password stored in db is a plain md5 password $password_fields = create_password($this->login_data['password']); $this->login_data = array_merge($this->login_data, $password_fields); $db->update_query("users", $password_fields, "uid = '{$this->login_data['uid']}'"); }
|
if(!$this->login_data['loginkey']) {
| if(!$this->login_data['loginkey']) {
|
Zeile 175 | Zeile 189 |
---|
$db->update_query("users", $sql_array, "uid = '{$this->login_data['uid']}'"); }
|
$db->update_query("users", $sql_array, "uid = '{$this->login_data['uid']}'"); }
|
}
$salted_password = md5(md5($this->login_data['salt']).$password);
if($salted_password != $this->login_data['password'])
| }
$plugins->run_hooks('datahandler_login_verify_password_end', $args);
if(!verify_user_password($this->login_data, $user['password']))
|
{ $this->invalid_combination(true); return false; }
|
{ $this->invalid_combination(true); return false; }
|
| return true;
|
}
|
}
|
| /** * @param bool $show_login_attempts */
|
function invalid_combination($show_login_attempts = false) { global $db, $lang, $mybb;
// Don't show an error when the captcha was wrong! if(!$this->captcha_verified)
|
function invalid_combination($show_login_attempts = false) { global $db, $lang, $mybb;
// Don't show an error when the captcha was wrong! if(!$this->captcha_verified)
|
{
| {
|
return; }
$login_text = ''; if($show_login_attempts) {
|
return; }
$login_text = ''; if($show_login_attempts) {
|
if($mybb->settings['failedlogincount'] != 0 && $mybb->settings['failedlogintext'] == 1)
| if($mybb->settings['failedlogincount'] != 0 && $mybb->settings['failedlogintext'] == 1 && $this->login_data['uid'] != 0)
|
{
|
{
|
$logins = login_attempt_check(false) + 1;
| $logins = login_attempt_check($this->login_data['uid'], false) + 1;
|
$login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins); }
|
$login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins); }
|
}
| }
|
switch($mybb->settings['username_method']) { case 1:
| switch($mybb->settings['username_method']) { case 1:
|
Zeile 220 | Zeile 239 |
---|
} }
|
} }
|
| function get_login_data() { global $db, $settings;
$user = &$this->data;
$options = array( 'fields' => '*', 'username_method' => (int)$settings['username_method'] );
if($this->username_method !== null) { $options['username_method'] = (int)$this->username_method; }
$this->login_data = get_user_by_username($user['username'], $options); }
/** * @return bool */
|
function validate_login()
|
function validate_login()
|
{
| {
|
global $plugins, $mybb;
|
global $plugins, $mybb;
|
|
|
$user = &$this->data;
|
$user = &$this->data;
|
|
|
$plugins->run_hooks('datahandler_login_validate_start', $this);
|
$plugins->run_hooks('datahandler_login_validate_start', $this);
|
$this->verify_attempts($mybb->settings['captchaimage']);
| if(!defined('IN_ADMINCP')) { $this->verify_attempts($mybb->settings['captchaimage']); }
|
if(array_key_exists('username', $user)) {
| if(array_key_exists('username', $user)) {
|
Zeile 251 | Zeile 295 |
---|
return true; }
|
return true; }
|
| /** * @return bool true */
|
function complete_login() { global $plugins, $db, $mybb, $session;
| function complete_login() { global $plugins, $db, $mybb, $session;
|
Zeile 262 | Zeile 309 |
---|
// Login to MyBB my_setcookie('loginattempts', 1); my_setcookie("sid", $session->sid, -1, true);
|
// Login to MyBB my_setcookie('loginattempts', 1); my_setcookie("sid", $session->sid, -1, true);
|
$ip_address = $db->escape_binary($session->packedip); $db->delete_query("sessions", "ip = {$ip_address} AND sid != '{$session->sid}'");
| |
$newsession = array( "uid" => $user['uid'], );
|
$newsession = array( "uid" => $user['uid'], );
|
|
|
$db->update_query("sessions", $newsession, "sid = '{$session->sid}'"); $db->update_query("users", array("loginattempts" => 1), "uid = '{$user['uid']}'");
| $db->update_query("sessions", $newsession, "sid = '{$session->sid}'"); $db->update_query("users", array("loginattempts" => 1), "uid = '{$user['uid']}'");
|
Zeile 279 | Zeile 323 |
---|
$remember = -1; }
|
$remember = -1; }
|
my_setcookie("mybbuser", $user['uid']."_".$user['loginkey'], $remember, true);
| my_setcookie("mybbuser", $user['uid']."_".$user['loginkey'], $remember, true, "lax");
|
if($this->captcha !== false) { $this->captcha->invalidate_captcha();
| if($this->captcha !== false) { $this->captcha->invalidate_captcha();
|