Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // Login
- if (isset($_POST['form_sent']) && $action == 'in')
- {
- $form_username = trim($_POST['req_username']);
- $form_password = trim($_POST['req_password']);
- ($hook = get_hook('li_login_form_submitted')) ? eval($hook) : null;
- // Get user info matching login attempt
- $query = array(
- 'SELECT' => 'u.id, u.group_id, u.password, u.save_pass, u.salt',
- 'FROM' => 'users AS u'
- );
- if ($db_type == 'mysql' || $db_type == 'mysqli')
- $query['WHERE'] = 'username=\''.$forum_db->escape($form_username).'\'';
- else
- $query['WHERE'] = 'LOWER(username)=LOWER(\''.$forum_db->escape($form_username).'\')';
- ($hook = get_hook('li_qr_get_login_data')) ? eval($hook) : null;
- $result = $forum_db->query_build($query) or error(__FILE__, __LINE__);
- list($user_id, $group_id, $db_password_hash, $save_pass, $salt) = $forum_db->fetch_row($result);
- $authorized = false;
- if (!empty($db_password_hash))
- {
- $sha1_in_db = (strlen($db_password_hash) == 40) ? true : false;
- $form_password_hash = sha1($salt.sha1($form_password));
- if ($sha1_in_db && $db_password_hash == $form_password_hash)
- $authorized = true;
- else if ((!$sha1_in_db && $db_password_hash == md5($form_password)) || ($sha1_in_db && $db_password_hash == sha1($form_password)))
- {
- $authorized = true;
- $salt = random_key(12);
- $form_password_hash = sha1($salt.sha1($form_password));
- // There's an old MD5 hash or an unsalted SHA1 hash in the database, so we replace it
- // with a randomly generated salt and a new, salted SHA1 hash
- $query = array(
- 'UPDATE' => 'users',
- 'SET' => 'password=\''.$form_password_hash.'\', salt=\''.$forum_db->escape($salt).'\'',
- 'WHERE' => 'id='.$user_id
- );
- ($hook = get_hook('li_qr_update_user_hash')) ? eval($hook) : null;
- $forum_db->query_build($query) or error(__FILE__, __LINE__);
- }
- }
- ($hook = get_hook('li_login_pre_auth_message')) ? eval($hook) : null;
- if (!$authorized)
- $errors[] = sprintf($lang_login['Wrong user/pass']);
- // Did everything go according to plan?
- if (empty($errors))
- {
- // Update the status if this is the first time the user logged in
- if ($group_id == FORUM_UNVERIFIED)
- {
- $query = array(
- 'UPDATE' => 'users',
- 'SET' => 'group_id='.$forum_config['o_default_user_group'],
- 'WHERE' => 'id='.$user_id
- );
- ($hook = get_hook('li_qr_update_user_group')) ? eval($hook) : null;
- $forum_db->query_build($query) or error(__FILE__, __LINE__);
- }
- // Remove this user's guest entry from the online list
- $query = array(
- 'DELETE' => 'online',
- 'WHERE' => 'ident=\''.$forum_db->escape(get_remote_address()).'\''
- );
- ($hook = get_hook('li_qr_delete_online_user')) ? eval($hook) : null;
- $forum_db->query_build($query) or error(__FILE__, __LINE__);
- $expire = ($save_pass == '1') ? time() + 31536000 : 0;
- forum_setcookie($cookie_name, base64_encode($user_id.'|'.$form_password_hash), $expire);
- redirect(forum_htmlencode($_POST['redirect_url']).((substr_count($_POST['redirect_url'], '?') == 1) ? '&' : '?').'login=1', $lang_login['Login redirect']);
- }
- }
Add Comment
Please, Sign In to add comment