PageRenderTime 58ms CodeModel.GetById 23ms RepoModel.GetById 0ms app.codeStats 1ms

/wap/login.php

https://github.com/flyinghail/MolyX
PHP | 310 lines | 287 code | 14 blank | 9 comment | 38 complexity | 870cd4ab1a380fecd9b930216a71eccb MD5 | raw file
  1. <?php
  2. # **************************************************************************#
  3. # MolyX2
  4. # ------------------------------------------------------
  5. # @copyright (c) 2009-2010 MolyX Group..
  6. # @official forum http://molyx.com
  7. # @license http://opensource.org/licenses/gpl-2.0.php GNU Public License 2.0
  8. #
  9. # $Id$
  10. # **************************************************************************#
  11. define('THIS_SCRIPT', 'login');
  12. require_once('./global.php');
  13. class login
  14. {
  15. function show($message = '')
  16. {
  17. global $_INPUT, $forums;
  18. if ($bboptions['forcelogin'] == 1)
  19. {
  20. $this->message = $forums->lang['forcelogin'];
  21. }
  22. switch ($_INPUT['do'])
  23. {
  24. case 'login':
  25. $this->dologin();
  26. break;
  27. case 'logout':
  28. $this->dologout();
  29. break;
  30. case 'autologin':
  31. $this->autologin();
  32. break;
  33. default:
  34. $this->loginpage();
  35. break;
  36. }
  37. }
  38. function loginpage()
  39. {
  40. global $forums, $_INPUT, $bboptions, $bbuserinfo;
  41. if ($bbuserinfo['id'])
  42. {
  43. $forums->func->standard_redirect($bboptions['bburl'] . "/wap/index.php{$forums->sessionurl}");
  44. }
  45. $forums->lang['login'] = convert($forums->lang['login']);
  46. $forums->lang['username'] = convert($forums->lang['username']);
  47. $forums->lang['password'] = convert($forums->lang['password']);
  48. $forums->lang['boardlogin'] = convert($forums->lang['boardlogin']);
  49. $forums->lang['newregister'] = convert($forums->lang['newregister']);
  50. $forums->lang['invisible'] = convert($forums->lang['invisible']);
  51. $forums->lang['yes'] = convert($forums->lang['yes']);
  52. $forums->lang['no'] = convert($forums->lang['no']);
  53. $forums->lang['logintype'] = convert($forums->lang['logintype']);
  54. $forums->lang['type_username'] = convert($forums->lang['type_username']);
  55. $forums->lang['type_userid'] = convert($forums->lang['type_userid']);
  56. $forums->lang['type_email'] = convert($forums->lang['type_email']);
  57. if ($this->message != "")
  58. {
  59. $message = convert($this->message);
  60. $show['errors'] = true;
  61. }
  62. $referer = $forums->url;
  63. include $forums->func->load_template('wap_login');
  64. exit;
  65. }
  66. function dologin()
  67. {
  68. global $DB, $_INPUT, $forums, $bboptions;
  69. if ($_INPUT['username'] == "" OR $_INPUT['password'] == "")
  70. {
  71. $forums->func->standard_error("plzinputallform");
  72. }
  73. $username = trim($_INPUT['username']);
  74. $password = trim($_INPUT['password']);
  75. if ($_INPUT['logintype'] == 2)
  76. {
  77. $where = "id=" . intval($username) . "";
  78. }
  79. else if ($_INPUT['logintype'] == 3)
  80. {
  81. if (strlen($username) < 6)
  82. {
  83. $forums->func->standard_error('erroremail');
  84. }
  85. $username = clean_email($username);
  86. if (! $username)
  87. {
  88. $forums->func->standard_error('erroremail');
  89. }
  90. $where = "email='" . strtolower($username) . "'";
  91. }
  92. else
  93. {
  94. $check_name = preg_replace("/&#([0-9]+);/", "-", $username);
  95. if (strlen($check_name) > 32)
  96. {
  97. $forums->func->standard_error("nametoolong");
  98. }
  99. $username = addslashes(str_replace('|', '&#124;', $username));
  100. $where = "LOWER(name)='" . strtolower($username) . "' OR name='" . $username . "'";
  101. }
  102. $check_password = preg_replace("/&#([0-9]+);/", "-", $password);
  103. if (strlen($check_password) > 32)
  104. {
  105. $forums->func->standard_error("passwordtoolong");
  106. }
  107. $password = md5($password);
  108. $this->verify_strike_status($username);
  109. $user = $DB->query_first("SELECT id, name, email, usergroupid, password, host, options, salt, avatar from " . TABLE_PREFIX . "user WHERE $where");
  110. if (empty($user['id']) OR ($user['id'] == ""))
  111. {
  112. $this->message = $forums->lang['nouser'];
  113. $this->exec_strike_user($username);
  114. }
  115. if ($user['password'] != md5($password . $user['salt']))
  116. {
  117. $this->message = $forums->lang['errorpassword'];
  118. $this->exec_strike_user($username);
  119. }
  120. if ($user['usergroupid'] == 1)
  121. {
  122. $this->message = $forums->lang['activation'];
  123. return $this->loginpage();
  124. }
  125. $forums->func->convert_bits_to_array($user, $user['options']);
  126. $sessionid = "";
  127. if ($_INPUT['s'])
  128. {
  129. $sessionid = $_INPUT['s'];
  130. }
  131. else if ($forums->func->get_cookie('sessionid'))
  132. {
  133. $sessionid = $forums->func->get_cookie('sessionid');
  134. }
  135. $invisible = $_INPUT['invisible'] ? 1 : 0;
  136. if ($sessionid)
  137. {
  138. $DB->query_unbuffered("UPDATE " . TABLE_PREFIX . "session SET username='" . $user['name'] . "', userid=" . $user['id'] . ", avatar=" . $user['avatar'] . ", lastactivity=" . TIMENOW . ", usergroupid=" . $user['usergroupid'] . ", invisible=" . $invisible . " WHERE sessionhash='" . $sessionid . "'");
  139. }
  140. else
  141. {
  142. $sessionid = substr(md5(uniqid(microtime())), 0, 16);
  143. $sql_array = array(
  144. 'sessionhash' => $sessionid,
  145. 'username' => $user['name'],
  146. 'userid' => $user['id'],
  147. 'avatar' => $user['avatar'],
  148. 'lastactivity' => TIMENOW,
  149. 'usergroupid' => $user['usergroupid'],
  150. 'host' => IPADDRESS,
  151. 'useragent' => USER_AGENT,
  152. 'invisible' => $invisible
  153. );
  154. $DB->insert(TABLE_PREFIX . 'session', $sql_array);
  155. }
  156. $bbuserinfo = $user;
  157. $forums->sessionid = $sessionid;
  158. $bbuserinfo['options'] = $forums->func->convert_array_to_bits(array_merge($bbuserinfo , array('invisible' => $_INPUT['invisible'], 'loggedin' => 1)));
  159. $DB->shutdown_query("UPDATE " . TABLE_PREFIX . "user SET " . $style . "options=" . $bbuserinfo['options'] . " WHERE id='" . $bbuserinfo['id'] . "'");
  160. $DB->shutdown_query("DELETE FROM " . TABLE_PREFIX . "useractivation WHERE userid='" . $bbuserinfo['id'] . "' AND type=1");
  161. $DB->shutdown_delete(TABLE_PREFIX . 'strikes', 'strikeip = ' . $DB->validate(IPADDRESS) . ' AND username = ' . $DB->validate($username));
  162. $forums->func->set_cookie("userid", $user['id'], 31536000);
  163. $forums->func->set_cookie("password", $user['password'], 31536000);
  164. $forums->func->set_cookie("sessionid", $forums->sessionid, 31536000);
  165. redirect("index.php?s=" . $forums->sessionid . "&amp;bbuid=" . $user['id'] . "&amp;bbpwd=" . $user['password'] . "", $forums->lang['loginsucess']);
  166. }
  167. function dologout()
  168. {
  169. global $forums, $DB, $_INPUT, $bbuserinfo, $bboptions;
  170. $bbuserinfo['loggedin'] = 0;
  171. $bbuserinfo['options'] = $forums->func->convert_array_to_bits($bbuserinfo);
  172. $DB->query_unbuffered("UPDATE " . TABLE_PREFIX . "session SET username='', userid='0', invisible='0', avatar=0 WHERE sessionhash='" . $forums->sessionid . "'");
  173. $DB->shutdown_query("UPDATE " . TABLE_PREFIX . "user SET options=" . $bbuserinfo['options'] . ", lastvisit=" . TIMENOW . ", lastactivity=" . TIMENOW . " WHERE id='" . $bbuserinfo['id'] . "'");
  174. $forums->func->set_cookie('password' , '-1');
  175. $forums->func->set_cookie('userid' , '-1');
  176. $forums->func->set_cookie('sessionid', '-1');
  177. $forums->func->set_cookie('threadread', '-1');
  178. $forums->func->set_cookie('invisible' , '-1');
  179. $forums->func->set_cookie('forumread', '-1');
  180. if (is_array($_COOKIE))
  181. {
  182. foreach($_COOKIE AS $cookie => $value)
  183. {
  184. if (preg_match("/^(" . $bboptions['cookieprefix'] . ".*$)/i", $cookie, $match))
  185. {
  186. $forums->func->set_cookie(str_replace($bboptions['cookieprefix'], "", $match[0]) , '-', -1);
  187. }
  188. }
  189. }
  190. redirect("index.php{$forums->sessionurl}", $forums->lang['logoutsucess']);
  191. }
  192. function autologin()
  193. {
  194. global $forums, $DB, $bboptions, $bbuserinfo, $_INPUT;
  195. if (! $bbuserinfo['id'])
  196. {
  197. $userid = intval($forums->func->get_cookie('userid'));
  198. $password = $forums->func->get_cookie('password');
  199. If ($userid AND $password)
  200. {
  201. $DB->query("SELECT * FROM " . TABLE_PREFIX . "user WHERE id='$userid' AND password='$password'");
  202. if ($user = $DB->fetch_array())
  203. {
  204. $bbuserinfo = $user;
  205. $forums->func->load_style();
  206. $forums->sessionid = "";
  207. $forums->func->set_cookie('sessionid', '-1');
  208. }
  209. }
  210. }
  211. $login_success = $forums->lang['loginsuccess'];
  212. $login_failed = $forums->lang['loginfailed'];
  213. $show = false;
  214. switch ($_INPUT['logintype'])
  215. {
  216. case 'fromreg':
  217. $login_success = $forums->lang['regsuccess'];
  218. $login_failed = $forums->lang['regfailed'];
  219. $show = true;
  220. break;
  221. case 'fromemail':
  222. $login_success = $forums->lang['mailsuccess'];
  223. $login_failed = $forums->lang['mailfailed'];
  224. $show = true;
  225. break;
  226. case 'frompass':
  227. $login_success = $forums->lang['passsuccess'];
  228. $login_failed = $forums->lang['passfailed'];
  229. $show = true;
  230. break;
  231. }
  232. if ($bbuserinfo['id'])
  233. {
  234. $redirect = $_INPUT['referer'] ? trim($_INPUT['referer']) : "";
  235. if ($show)
  236. {
  237. $forums->func->redirect_screen($login_success, $redirect);
  238. }
  239. else
  240. {
  241. $forums->func->standard_redirect($redirect);
  242. }
  243. }
  244. else
  245. {
  246. if ($show)
  247. {
  248. $forums->func->redirect_screen($login_failed, 'login.php');
  249. }
  250. else
  251. {
  252. $forums->func->standard_redirect('login.php' . $forums->sessionurl);
  253. }
  254. }
  255. }
  256. function verify_strike_status($username = '')
  257. {
  258. global $DB, $_INPUT, $forums;
  259. $DB->query_unbuffered("DELETE FROM " . TABLE_PREFIX . "strikes WHERE striketime < " . (TIMENOW - 3600));
  260. $strikes = $DB->query_first('SELECT COUNT(*) AS strikes, MAX(striketime) AS lasttime
  261. FROM ' . TABLE_PREFIX . 'strikes
  262. WHERE strikeip = ' . $DB->validate(IPADDRESS) . '
  263. AND username = ' . $DB->validate($username));
  264. $this->strikes = $strikes['strikes'];
  265. if ($this->strikes >= 5 AND $strikes['lasttime'] > TIMENOW - 900)
  266. {
  267. $this->message = $forums->lang['strikefailed1'];
  268. return $this->loginpage();
  269. }
  270. $maxstrikes = $DB->query_first("SELECT COUNT(*) AS strikes
  271. FROM " . TABLE_PREFIX . 'strikes
  272. WHERE strikeip = ' . $DB->validate(IPADDRESS));
  273. if ($this->strikes >= 30 AND $strikes['lasttime'] > TIMENOW - 1800)
  274. {
  275. $this->message = $forums->lang['strikefailed2'];
  276. return $this->loginpage();
  277. }
  278. }
  279. function exec_strike_user($username = '')
  280. {
  281. global $DB, $forums;
  282. $DB->shutdown_insert(TABLE_PREFIX . 'strikes', array(
  283. 'striketime' => TIMENOW,
  284. 'strikeip' => IPADDRESS,
  285. 'username' => $username
  286. ));
  287. $this->strikes++;
  288. $times = $this->strikes;
  289. $forums->lang['striketimes'] = sprintf($forums->lang['striketimes'], $times);
  290. $this->message .= "<br />" . $forums->lang['striketimes'];
  291. return $this->loginpage();
  292. }
  293. }
  294. $output = new login();
  295. $output->show();
  296. ?>