PageRenderTime 26ms CodeModel.GetById 20ms RepoModel.GetById 0ms app.codeStats 0ms

/functions/func.login.php

http://avecms.googlecode.com/
PHP | 216 lines | 159 code | 43 blank | 14 comment | 23 complexity | 7b95812090b86659a327b8ad9457e207 MD5 | raw file
Possible License(s): GPL-3.0, BSD-3-Clause, BSD-2-Clause, Apache-2.0, LGPL-2.1 
    

  1. <?php
    2. 

  2. 

  3. function user_login($login, $password, $attach_ip = 0, $keep_in = 0, $sleep = 0)
    4. 

  4. {
    5. 

  5. 	global $AVE_DB, $cookie_domain;
    6. 

  6. 

  7. 	sleep($sleep);
    8. 

  8. 

  9. 	if (empty($login)) return 1;
    10. 

  10. 

  11. 	$row = $AVE_DB->Query("
    12. 

  12. 		SELECT
    13. 

  13. 			usr.Id,
    14. 

  14. 			usr.user_group,
    15. 

  15. 			usr.user_name,
    16. 

  16. 			usr.firstname,
    17. 

  17. 			usr.lastname,
    18. 

  18. 			usr.email,
    19. 

  19. 			usr.country,
    20. 

  20. 			usr.password,
    21. 

  21. 			usr.salt,
    22. 

  22. 			usr.status,
    23. 

  23. 			grp.user_group_permission
    24. 

  24. 		FROM
    25. 

  25. 			" . PREFIX . "_users AS usr
    26. 

  26. 		LEFT JOIN
    27. 

  27. 			" . PREFIX . "_user_groups AS grp
    28. 

  28. 				ON grp.user_group = usr.user_group
    29. 

  29. 		WHERE email = '" . $login . "'
    30. 

  30. 		OR user_name = '" . $login . "'
    31. 

  31. 		LIMIT 1
    32. 

  32. 	")->FetchRow();
    33. 

    34. 

  34. 

  35. 	if (! (isset($row->password) && $row->password == md5(md5($password . $row->salt)))) return 2;
    36. 

  36. 	if ($row->status != '1') return 3;
    37. 

  37. 

  38. 	$salt = make_random_string();
    39. 

  39. 

  40. 	$hash = md5(md5($password . $salt));
    41. 

  41. 

  42. 	$time = time();
    43. 

  43. 

  44. 	$u_ip = ($attach_ip==1) ? "INET_ATON('" . $_SERVER['REMOTE_ADDR'] . "')" : 0;
    45. 

  45. 

  46. 	$AVE_DB->Query("
    47. 

  47. 		UPDATE " . PREFIX . "_users
    48. 

  48. 		SET
    49. 

  49. 			last_visit = '" . $time . "',
    50. 

  50. 			password   = '" . $hash . "',
    51. 

  51. 			salt       = '" . $salt . "',
    52. 

  52. 			user_ip    =  " . $u_ip . "
    53. 

  53. 		WHERE
    54. 

  54. 			Id = '" . $row->Id . "'
    55. 

  55. 	");
    56. 

    57. 

  57. 	$_SESSION['user_id']       = $row->Id;
    58. 

  58. 	$_SESSION['user_name']     = get_username($row->user_name, $row->firstname, $row->lastname);
    59. 

  59. 	$_SESSION['user_pass']     = $hash;
    60. 

  60. 	$_SESSION['user_group']    = $row->user_group;
    61. 

  61. 	$_SESSION['user_email']    = $row->email;
    62. 

  62. 	$_SESSION['user_country']  = strtoupper($row->country);
    63. 

  63. 	$_SESSION['user_language'] = strtolower($row->country);
    64. 

  64. 	$_SESSION['user_ip']       = addslashes($_SERVER['REMOTE_ADDR']);
    65. 

  65. 

  66. 	$user_group_permissions = explode('|', preg_replace('/\s+/', '', $row->user_group_permission));
    67. 

  67. 	foreach ($user_group_permissions as $user_group_permission) $_SESSION[$user_group_permission] = 1;
    68. 

  68. 

  69. //	$_SESSION['admin_theme'] = DEFAULT_ADMIN_THEME_FOLDER;
    70. 

  70. //	$_SESSION['admin_language']  = DEFAULT_LANGUAGE;
    71. 

  71. 

  72. 	if ($keep_in == 1)
    73. 

  73. 	{
    74. 

  74. 		$expire = $time + COOKIE_LIFETIME;
    75. 

  75. 		$auth = base64_encode( serialize( array('id'=>$row->Id, 'hash'=>$hash)));
    76. 

  76. 		@setcookie('auth', $auth, $expire, ABS_PATH, $cookie_domain);
    77. 

  77. 	}
    78. 

  78. 

  79. 	return true;
    80. 

  80. }
    81. 

  81. 

  82. function user_logout()
    83. 

  83. {
    84. 

  84. 	global $cookie_domain;
    85. 

  85. 

  86. 	// ?????????? ????
    87. 

  87. 	@setcookie('auth', '', 0, ABS_PATH, $cookie_domain);
    88. 

  88. 

  89. 	// ?????????? ??????
    90. 

  90. 	@session_destroy();
    91. 

  91. 	session_unset();
    92. 

  92. 	$_SESSION = array();
    93. 

  93. }
    94. 

  94. 

  95. function auth_sessions()
    96. 

  96. {
    97. 

  97. 	global $AVE_DB;
    98. 

  98. 

  99. 	if (empty($_SESSION['user_id']) || empty($_SESSION['user_pass'])) return false;
    100. 

  100. 

  101. 	$referer = false;
    102. 

  102. 	if (isset($_SERVER['HTTP_REFERER']))
    103. 

  103. 	{
    104. 

  104. 		$referer = parse_url($_SERVER['HTTP_REFERER']);
    105. 

  105. 		$referer = (trim($referer['host']) === $_SERVER['SERVER_NAME']);
    106. 

  106. 	}
    107. 

  107. 

  108. 	// ???? ?? ??? REFERER ??? ????????? IP-?????
    109. 

  109. 	// ??????? ?????? ?????? ? ??????? ???? ??????
    110. 

  110. 	if ($referer === false || $_SESSION['user_ip'] != $_SERVER['REMOTE_ADDR'])
    111. 

  111. 	{
    112. 

  112. 		$verified = $AVE_DB->Query("
    113. 

  113. 			SELECT 1
    114. 

  114. 			FROM " . PREFIX . "_users
    115. 

  115. 			WHERE Id = '" . (int)$_SESSION['user_id'] . "'
    116. 

  116. 			AND password = '" . addslashes($_SESSION['user_pass']) . "'
    117. 

  117. 			LIMIT 1
    118. 

  118. 		")->NumRows();
    119. 

    120. 

  120. 		if (!$verified) return false;
    121. 

  121. 

  122. 		$_SESSION['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']);
    123. 

  123. 	}
    124. 

  124. 

  125. 	define('UID',    $_SESSION['user_id']);
    126. 

  126. 	define('UGROUP', $_SESSION['user_group']);
    127. 

  127. 	define('UNAME',  $_SESSION['user_name']);
    128. 

  128. 

  129. 	return true;
    130. 

  130. }
    131. 

  131. 

  132. function auth_cookie()
    133. 

  133. {
    134. 

  134. 	global $AVE_DB, $cookie_domain;
    135. 

  135. 

  136. 	if (empty($_COOKIE['auth'])) return false;
    137. 

  137. 

  138. 	$auth = unserialize( base64_decode($_COOKIE['auth']));
    139. 

  139. 

  140. 	if (! (isset($auth['id']) && is_numeric($auth['id'])))
    141. 

  141. 	{
    142. 

  142. 		// ?????????? ????
    143. 

  143. 		@setcookie('auth', '', 0, ABS_PATH, $cookie_domain);
    144. 

  144. 

  145. 		return false;
    146. 

  146. 	}
    147. 

  147. 

  148. 	$row = $AVE_DB->Query("
    149. 

  149. 		SELECT
    150. 

  150. 			usr.user_group,
    151. 

  151. 			usr.user_name,
    152. 

  152. 			usr.firstname,
    153. 

  153. 			usr.lastname,
    154. 

  154. 			usr.email,
    155. 

  155. 			usr.country,
    156. 

  156. 			usr.password,
    157. 

  157. 			usr.status,
    158. 

  158. 			INET_NTOA(usr.user_ip) AS ip,
    159. 

  159. 			grp.user_group_permission
    160. 

  160. 		FROM
    161. 

  161. 			" . PREFIX . "_users AS usr
    162. 

  162. 		LEFT JOIN
    163. 

  163. 			" . PREFIX . "_user_groups AS grp
    164. 

  164. 				ON grp.user_group = usr.user_group
    165. 

  165. 		WHERE usr.Id = '" . $auth['id'] . "'
    166. 

  166. 		LIMIT 1
    167. 

  167. 	")->FetchRow();
    168. 

    169. 

  169. 	if (empty($row)) return false;
    170. 

  170. 	if ( ($row->ip !== '0.0.0.0' && $row->ip !== $_SERVER['REMOTE_ADDR']) || !($row->status === '1' && $row->password === $auth['hash']) ) return false;
    171. 

  171. 

  172. 	$_SESSION['user_id']       = (int)$auth['id'];
    173. 

  173. 	$_SESSION['user_name']     = get_username($row->user_name, $row->firstname, $row->lastname);
    174. 

  174. 	$_SESSION['user_pass']     = $auth['hash'];
    175. 

  175. 	$_SESSION['user_group']    = (int)$row->user_group;
    176. 

  176. 	$_SESSION['user_email']    = $row->email;
    177. 

  177. 	$_SESSION['user_country']  = strtoupper($row->country);
    178. 

  178. 	$_SESSION['user_language'] = strtolower($row->country);
    179. 

  179. 	$_SESSION['user_ip']       = addslashes($_SERVER['REMOTE_ADDR']);
    180. 

  180. 

  181. 	$user_group_permissions = explode('|', preg_replace('/\s+/', '', $row->user_group_permission));
    182. 

  182. 	foreach ($user_group_permissions as $user_group_permission) $_SESSION[$user_group_permission] = 1;
    183. 

  183. 

  184. //	$_SESSION['admin_theme'] = DEFAULT_ADMIN_THEME_FOLDER;
    185. 

  185. //	$_SESSION['admin_language']  = DEFAULT_LANGUAGE;
    186. 

  186. 

  187. 	define('UID',    $_SESSION['user_id']);
    188. 

  188. 	define('UGROUP', $_SESSION['user_group']);
    189. 

  189. 	define('UNAME',  $_SESSION['user_name']);
    190. 

  190. 

  191. 	return true;
    192. 

  192. }
    193. 

  193. 

  194. /**
    195. 

  195.  * ???????? ??????? ???????????? ?? ????? ? ?? ??????
    196. 

  196.  *
    197. 

  197.  * @param string $user_id ????????????? ????????????
    198. 

  198.  */
    199. 

  199. function user_delete($user_id)
    200. 

  200. {
    201. 

  201. 	global $AVE_DB;
    202. 

  202. 

  203. 	$AVE_DB->Query("
    204. 

  204. 		DELETE
    205. 

  205. 		FROM " . PREFIX . "_users
    206. 

  206. 		WHERE Id = '" . $user_id . "'
    207. 

  207. 	");
    208. 

    209. 

  209. 	$AVE_DB->Query("
    210. 

  210. 		DELETE
    211. 

  211. 		FROM " . PREFIX . "_modul_forum_userprofile
    212. 

  212. 		WHERE BenutzerId = '" . $user_id . "'
    213. 

  213. 	");
    214. 

  214. }
    215. 

  215. 

  216. ?>
    217.