| [ Index ] |
|
Code source de e107 0.7.8 |
1 <?php 2 3 /* 4 + ----------------------------------------------------------------------------+ 5 | e107 website system 6 | 7 | ?Steve Dunstan 2001-2002 8 | http://e107.org 9 | jalist@e107.org 10 | 11 | Released under the terms and conditions of the 12 | GNU General Public License (http://gnu.org). 13 | 14 | $Source: /cvsroot/e107/e107_0.7/e107_handlers/login.php,v $ 15 | $Revision: 1.39 $ 16 | $Date: 2007/01/11 18:35:06 $ 17 | $Author: mcfly_e107 $ 18 +----------------------------------------------------------------------------+ 19 */ 20 21 if (!defined('e107_INIT')) { exit; } 22 23 include_lan(e_LANGUAGEDIR.e_LANGUAGE."/lan_login.php"); 24 25 class userlogin { 26 function userlogin($username, $userpass, $autologin) { 27 /* Constructor 28 # Class called when user attempts to log in 29 # 30 # - parameters #1: string $username, $_POSTED user name 31 # - parameters #2: string $userpass, $_POSTED user password 32 # - return boolean 33 # - scope public 34 */ 35 global $pref, $e_event, $sql, $e107, $tp; 36 37 $username = trim($username); 38 $userpass = trim($userpass); 39 if($username == "" || $userpass == "") 40 { 41 define("LOGINMESSAGE", LAN_27."<br /><br />"); 42 return FALSE; 43 } 44 45 if(!is_object($sql)){ 46 $sql = new db; 47 } 48 49 $fip = $e107->getip(); 50 if($sql -> db_Select("banlist", "*", "banlist_ip='{$fip}' ")) { 51 exit; 52 } 53 54 $autologin = intval($autologin); 55 56 if ($pref['auth_method'] && $pref['auth_method'] != "e107") { 57 $auth_file = e_PLUGIN."alt_auth/".$pref['auth_method']."_auth.php"; 58 if (file_exists($auth_file)) { 59 require_once(e_PLUGIN."alt_auth/alt_auth_login_class.php"); 60 $result = new alt_login($pref['auth_method'], $username, $userpass); 61 } 62 } 63 64 if ($pref['logcode'] && extension_loaded("gd")) { 65 require_once(e_HANDLER."secure_img_handler.php"); 66 $sec_img = new secure_image; 67 if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) { 68 define("LOGINMESSAGE", LAN_303."<br /><br />"); 69 return FALSE; 70 } 71 } 72 $username = preg_replace("/\sOR\s|\=|\#/", "", $username); 73 $username = substr($username, 0, 30); 74 $ouserpass = $userpass; 75 $userpass = md5($ouserpass); 76 77 // This is only required for upgrades and only for those not using utf-8 to begin with.. 78 if(isset($pref['utf-compatmode']) && (CHARSET == "utf-8" || CHARSET == "UTF-8")){ 79 $username = utf8_decode($username); 80 $userpass = md5(utf8_decode($ouserpass)); 81 } 82 83 if (!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."'")) { 84 define("LOGINMESSAGE", LAN_300."<br /><br />"); 85 $sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '{$fip}', 0, '".LAN_LOGIN_14." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username)."'"); 86 $this -> checkibr($fip); 87 return FALSE; 88 } 89 else if(!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."' AND user_password = '{$userpass}'")) { 90 define("LOGINMESSAGE", LAN_300."<br /><br />"); 91 return FALSE; 92 } 93 else if(!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."' AND user_password = '{$userpass}' AND user_ban!=2 ")) { 94 define("LOGINMESSAGE", LAN_302."<br /><br />"); 95 $sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '{$fip}', 0, '".LAN_LOGIN_15." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username)."'"); 96 $this -> checkibr($fip); 97 return FALSE; 98 } else { 99 $ret = $e_event->trigger("preuserlogin", $username); 100 if ($ret!='') { 101 define("LOGINMESSAGE", $ret."<br /><br />"); 102 return FALSE; 103 } else { 104 $lode = $sql -> db_Fetch(); 105 $user_id = $lode['user_id']; 106 $user_name = $lode['user_name']; 107 $user_xup = $lode['user_xup']; 108 109 /* restrict more than one person logging in using same us/pw */ 110 if($pref['disallowMultiLogin']) { 111 if($sql -> db_Select("online", "online_ip", "online_user_id='".$user_id.".".$user_name."'")) { 112 define("LOGINMESSAGE", LAN_304."<br /><br />"); 113 $sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '$fip', '$user_id', '".LAN_LOGIN_16." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' "); 114 $this -> checkibr($fip); 115 return FALSE; 116 } 117 } 118 119 $cookieval = $user_id.".".md5($userpass); 120 if($user_xup) { 121 $this->update_xup($user_id, $user_xup); 122 } 123 124 if ($pref['user_tracking'] == "session") { 125 $_SESSION[$pref['cookie_name']] = $cookieval; 126 } else { 127 if ($autologin == 1) { 128 cookie($pref['cookie_name'], $cookieval, (time() + 3600 * 24 * 30)); 129 } else { 130 cookie($pref['cookie_name'], $cookieval); 131 } 132 } 133 $edata_li = array("user_id" => $user_id, "user_name" => $username); 134 $e_event->trigger("login", $edata_li); 135 $redir = (e_QUERY ? e_SELF."?".e_QUERY : e_SELF); 136 if (strstr($_SERVER['SERVER_SOFTWARE'], "Apache")) { 137 header("Location: ".$redir); 138 exit; 139 } else { 140 echo "<script type='text/javascript'>document.location.href='{$redir}'</script>\n"; 141 } 142 } 143 } 144 } 145 146 function checkibr($fip) { 147 global $sql, $pref, $tp; 148 if($pref['autoban'] == 1 || $pref['autoban'] == 3){ // Flood + Login or Login Only. 149 $fails = $sql -> db_Count("generic", "(*)", "WHERE gen_ip='$fip' AND gen_type='failed_login' "); 150 if($fails > 10) { 151 $sql -> db_Insert("banlist", "'$fip', '1', '".LAN_LOGIN_18."' "); 152 $sql -> db_Insert("generic", "0, 'auto_banned', '".time()."', 0, '$fip', '$user_id', '".LAN_LOGIN_20.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' "); 153 } 154 } 155 } 156 157 function update_xup($user_id, $user_xup = "") { 158 global $sql, $tp; 159 if($user_xup) { 160 require_once(e_HANDLER."xml_class.php"); 161 $xml = new parseXml; 162 if($rawData = $xml -> getRemoteXmlFile($user_xup)) { 163 preg_match_all("#\<meta name=\"(.*?)\" content=\"(.*?)\" \/\>#si", $rawData, $match); 164 $count = 0; 165 foreach($match[1] as $value) { 166 $$value = $tp -> toDB($match[2][$count]); 167 $count++; 168 } 169 170 $sql -> db_Update("user", "user_login='{$FN}', user_hideemail='{EMAILHIDE}', user_signature='{$SIG}', user_sess='{$PHOTO}', user_image='{$AV}', user_timezone='{$TZ}' WHERE user_id='".intval($user_id)."'"); 171 172 $ue_fields = ""; 173 $fields = array("URL" => "homepage", 174 "ICQ" => "icq", 175 "AIM" => "aim", 176 "MSN" => "msn", 177 "YAHOO" => "yahoo", 178 "GEO" => "location", 179 "BDAY" => "birthday"); 180 include_once(e_HANDLER."user_extended_class.php"); 181 $usere = new e107_user_extended; 182 $extList = $usere->user_extended_get_fieldList(); 183 $extName = array(); 184 foreach($extList as $ext) 185 { 186 $extName[] = $ext['user_extended_struct_name']; 187 } 188 foreach($fields as $keyxup => $keydb) 189 { 190 if (in_array($keydb, $extName)) 191 { 192 $key = "user_".$keydb; 193 $key = $tp->toDB($key); 194 $val = $tp->toDB($$keyxup); 195 $ue_fields .= ($ue_fields) ? ", " : ""; 196 $ue_fields .= $key."='".$val."'"; 197 } 198 } 199 $sql -> db_Select_gen("INSERT INTO #user_extended (user_extended_id) values ('".intval($user_id)."')"); 200 $sql -> db_Update("user_extended", $ue_fields." WHERE user_extended_id = '".intval($user_id)."'"); 201 } 202 } 203 } 204 } 205 206 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Apr 1 01:23:32 2007 | par Balluche grâce à PHPXref 0.7 |