本文整理汇总了PHP中phpbb_check_hash函数的典型用法代码示例。如果您正苦于以下问题:PHP phpbb_check_hash函数的具体用法?PHP phpbb_check_hash怎么用?PHP phpbb_check_hash使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了phpbb_check_hash函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: CheckPassword
/**
* Check a password against a stored password.
*
* The stored password can be plain, a md5 hash or a phpass hash.
* If the password wasn't a phppass hash, the Weak property is set to True.
*
* @param string $Password
* @param string $StoredHash
* @param string $Method
* @param string $Username
* @return boolean
*/
function CheckPassword($Password, $StoredHash, $Method = FALSE, $Username = NULL) {
$Result = FALSE;
switch(strtolower($Method)) {
case 'django':
$Result = $this->CheckDjango($Password, $StoredHash);
break;
case 'phpbb':
require_once(PATH_LIBRARY.'/vendors/phpbb/phpbbhash.php');
$Result = phpbb_check_hash($Password, $StoredHash);
break;
case 'reset':
throw new Gdn_UserException(sprintf(T('You need to reset your password.', 'You need to reset your password. This is most likely because an administrator recently changed your account information. Click <a href="%s">here</a> to reset your password.'), Url('entry/passwordrequest')));
break;
case 'smf':
$Result = (sha1(strtolower($Username).$Password) == $StoredHash);
break;
case 'vbulletin':
// assume vbulletin's password hash has a fixed length of 32, the salt length will vary between version 3 and 4
$SaltLength = strlen($StoredHash) - 32;
$Salt = trim(substr($StoredHash, -$SaltLength, $SaltLength));
$VbStoredHash = substr($StoredHash, 0, strlen($StoredHash) - $SaltLength);
$VbHash = md5(md5($Password).$Salt);
$Result = $VbHash == $VbStoredHash;
break;
case 'vanilla':
default:
$Result = $this->CheckVanilla($Password, $StoredHash);
}
return $Result;
}示例2: test_check_hash_with_large_input
public function test_check_hash_with_large_input()
{
// 16 MB password, should be rejected quite fast
$start_time = time();
$this->assertFalse(phpbb_check_hash(str_repeat('a', 1024 * 1024 * 16), '$H$9isfrtKXWqrz8PvztXlL3.daw4U0zI1'));
$this->assertLessThanOrEqual(5, time() - $start_time);
}示例3: chatLogin
function chatLogin($userName, $userPass)
{
$userid = 0;
if (filter_var($userName, FILTER_VALIDATE_EMAIL)) {
$sql = "SELECT * FROM " . TABLE_PREFIX . DB_USERTABLE . " WHERE user_email ='" . $userName . "'";
} else {
$sql = "SELECT * FROM " . TABLE_PREFIX . DB_USERTABLE . " WHERE username_clean ='" . $userName . "'";
}
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
$check = phpbb_check_hash($userPass, $row['user_password']);
if ($check) {
$userid = $row['user_id'];
}
return $userid;
}示例4: processPHPBB
/**
* Verify a login using a PHPBB3 database.
*
* @param array user - The userdata array.
* @param string password - The submitted password (usually via a form).
* @return bool - Whether or not the user is valid.
* @author Joseph Todd Parsons <josephtparsons@gmail.com>
*/
function processPHPBB($user, $password)
{
if (!$user['userId']) {
// The user does not exist
define('LOGIN_FLAG', 'BAD_USERNAME');
return false;
} elseif (strlen($user['password']) === 0) {
// PHPBB often stores passwords empty when the user shouldn't be able to login.'
return false;
} elseif (phpbb_check_hash($password, $user['password'])) {
// The password matches.
return true;
} else {
// The pasword does not match.
define('LOGIN_FLAG', 'BAD_PASSWORD');
return false;
}
}示例5: CheckPassword
/**
* Chech a password against a stored password
*
* The stored password can be plain, a md5 hash or a phpass hash.
*
* If the password wasn't a phppass hash,
* the Weak property is set to True.
*
* @param string $Password
* @param string $StoredHash
* @return boolean
*/
function CheckPassword($Password, $StoredHash, $Method = FALSE)
{
$Result = FALSE;
switch (strtolower($Method)) {
case 'phpbb':
require_once PATH_LIBRARY . '/vendors/phpbb/phpbbhash.php';
$Result = phpbb_check_hash($Password, $StoredHash);
break;
case 'reset':
throw new Gdn_UserException(sprintf(T('You need to reset your password.', 'You need to reset your password. This is most likely because an administrator recently changed your account information. Click <a href="%s">here</a> to reset your password.'), Url('entry/passwordrequest')));
break;
case 'vbulletin':
$Salt = trim(substr($StoredHash, -3, 3));
$VbStoredHash = substr($StoredHash, 0, strlen($StoredHash) - 3);
$VbHash = md5(md5($Password) . $Salt);
$Result = $VbHash == $VbStoredHash;
break;
case 'vanilla':
default:
$Result = $this->CheckVanilla($Password, $StoredHash);
}
return $Result;
}示例6: login_mybb16
//.........这里部分代码省略.........
}
$result = $db->sql_query($sql);
$attempts = (int) $db->sql_fetchfield('attempts');
$db->sql_freeresult($result);
$attempt_data = array('attempt_ip' => $ip, 'attempt_browser' => trim(substr($browser, 0, 149)), 'attempt_forwarded_for' => $forwarded_for, 'attempt_time' => time(), 'user_id' => $row ? (int) $row['user_id'] : 0, 'username' => $username, 'username_clean' => $username_clean);
$sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data);
$result = $db->sql_query($sql);
} else {
$attempts = 0;
}
if (!$row) {
if ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']) {
return array('status' => LOGIN_ERROR_ATTEMPTS, 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', 'user_row' => array('user_id' => ANONYMOUS));
}
return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS));
}
$show_captcha = $config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts'] || $config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max'];
// If there are too much login attempts, we need to check for an confirm image
// Every auth module is able to define what to do by itself...
if ($show_captcha) {
// Visual Confirmation handling
if (!class_exists('phpbb_captcha_factory')) {
global $phpbb_root_path, $phpEx;
include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx;
}
$captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
$captcha->init(CONFIRM_LOGIN);
$vc_response = $captcha->validate($row);
if ($vc_response) {
return array('status' => LOGIN_ERROR_ATTEMPTS, 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', 'user_row' => $row);
} else {
$captcha->reset();
}
}
// If the password convert flag is set we need to convert it
if ($row['user_pass_convert']) {
// in phpBB2 passwords were used exactly as they were sent, with addslashes applied
$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
$password_old_format = !STRIP ? addslashes($password_old_format) : $password_old_format;
$password_new_format = '';
set_var($password_new_format, stripslashes($password_old_format), 'string', true);
if ($password == $password_new_format) {
if (md5(md5($row['user_passwd_salt']) . md5($password_old_format)) === $row['user_password']) {
$hash = phpbb_hash($password_new_format);
// Update the password in the users table to the new format and remove user_pass_convert flag
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_password = \'' . $db->sql_escape($hash) . '\',
user_pass_convert = 0
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
$row['user_pass_convert'] = 0;
$row['user_password'] = $hash;
} else {
// Although we weren't able to convert this password we have to
// increase login attempt count to make sure this cannot be exploited
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . (int) $row['user_id'] . '
AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
$db->sql_query($sql);
return array('status' => LOGIN_ERROR_PASSWORD_CONVERT, 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT', 'user_row' => $row);
}
}
}
// Check password ...
if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password'])) {
// Check for old password hash...
if (strlen($row['user_password']) == 32) {
$hash = phpbb_hash($password);
// Update the password in the users table to the new format
$sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\tSET user_password = '" . $db->sql_escape($hash) . "',\n\t\t\t\t\tuser_pass_convert = 0\n\t\t\t\tWHERE user_id = {$row['user_id']}";
$db->sql_query($sql);
$row['user_password'] = $hash;
}
$sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
if ($row['user_login_attempts'] != 0) {
// Successful, reset login attempts (the user passed all stages)
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = 0
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
}
// User inactive...
if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) {
return array('status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row);
}
// Successful login... set user_login_attempts to zero...
return array('status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $row);
}
// Password incorrect - increase login attempts
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . (int) $row['user_id'] . '
AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
$db->sql_query($sql);
// Give status about wrong password...
return array('status' => $show_captcha ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD, 'error_msg' => $show_captcha ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD', 'user_row' => $row);
}示例7: checkAuth
function checkAuth($username, $password)
{
global $db, $config;
// do not allow empty password
if (!$password) {
return false;
}
if (!$username) {
return false;
}
$username_clean = utf8_clean_string($username);
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "\n\t\tWHERE username_clean = '" . $db->sql_escape($username_clean) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row) {
return false;
}
if ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) {
return false;
}
// Check password ...
if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password'])) {
$sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
if ($row['user_login_attempts'] != 0) {
// Successful, reset login attempts (the user passed all stages)
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = 0
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
}
// User inactive...
if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) {
return false;
}
// Successful login... set user_login_attempts to zero...
// Now search the Jabber table to determine access
$sql = 'SELECT userID
FROM eveapi_jabber
WHERE userID = ' . $row['user_id'];
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
// Row found, we are allowed to use Jabber
if (count($row) == 1) {
return true;
}
return false;
}
// Password incorrect - increase login attempts
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . (int) $row['user_id'] . '
AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
$db->sql_query($sql);
// Give status about wrong password...
return false;
}示例8: login_forum_func
function login_forum_func($xmlrpc_params)
{
global $db, $auth, $user, $config;
$params = php_xmlrpc_decode($xmlrpc_params);
$forum_id = intval($params[0]);
$password = $params[1];
if (!$forum_id) {
return get_error(1);
}
$sql_from = FORUMS_TABLE . ' f';
$lastread_select = '';
// Grab appropriate forum data
if ($config['load_db_lastread'] && $user->data['is_registered']) {
$sql_from .= ' LEFT JOIN ' . FORUMS_TRACK_TABLE . ' ft ON (ft.user_id = ' . $user->data['user_id'] . '
AND ft.forum_id = f.forum_id)';
$lastread_select .= ', ft.mark_time';
}
if ($user->data['is_registered']) {
$sql_from .= ' LEFT JOIN ' . FORUMS_WATCH_TABLE . ' fw ON (fw.forum_id = f.forum_id AND fw.user_id = ' . $user->data['user_id'] . ')';
$lastread_select .= ', fw.notify_status';
}
$sql = "SELECT f.* {$lastread_select}\r\n FROM {$sql_from}\r\n WHERE f.forum_id = {$forum_id}";
$result = $db->sql_query($sql);
$forum_data = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$forum_data) {
return get_error(3);
}
// Configure style, language, etc.
//$user->setup('viewforum', $forum_data['forum_style']);
// Permissions check
if (!$auth->acl_gets('f_list', 'f_read', $forum_id) || $forum_data['forum_type'] == FORUM_LINK && $forum_data['forum_link'] && !$auth->acl_get('f_read', $forum_id)) {
if ($user->data['user_id'] != ANONYMOUS) {
return get_error(2);
}
return get_error(9);
}
$login_status = false;
// Forum is passworded ... check whether access has been granted to this
// user this session, if not show login box
if ($forum_data['forum_password']) {
$sql = 'SELECT forum_id
FROM ' . FORUMS_ACCESS_TABLE . '
WHERE forum_id = ' . $forum_data['forum_id'] . '
AND user_id = ' . $user->data['user_id'] . "\r\n AND session_id = '" . $db->sql_escape($user->session_id) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row) {
$login_status = true;
} elseif ($password) {
// Remove expired authorised sessions
$sql = 'SELECT f.session_id
FROM ' . FORUMS_ACCESS_TABLE . ' f
LEFT JOIN ' . SESSIONS_TABLE . ' s ON (f.session_id = s.session_id)
WHERE s.session_id IS NULL';
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result)) {
$sql_in = array();
do {
$sql_in[] = (string) $row['session_id'];
} while ($row = $db->sql_fetchrow($result));
// Remove expired sessions
$sql = 'DELETE FROM ' . FORUMS_ACCESS_TABLE . '
WHERE ' . $db->sql_in_set('session_id', $sql_in);
$db->sql_query($sql);
}
$db->sql_freeresult($result);
if (phpbb_check_hash($password, $forum_data['forum_password'])) {
$sql_ary = array('forum_id' => (int) $forum_data['forum_id'], 'user_id' => (int) $user->data['user_id'], 'session_id' => (string) $user->session_id);
$db->sql_query('INSERT INTO ' . FORUMS_ACCESS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
$login_status = true;
}
}
}
$response = new xmlrpcval(array('result' => new xmlrpcval($login_status, 'boolean'), 'result_text' => new xmlrpcval($login_status ? '' : 'Password is wrong', 'base64')), 'struct');
return new xmlrpcresp($response);
}示例9: action_webvalidate
function action_webvalidate()
{
global $bbdbname, $dbname, $link;
if (array_key_exists("url", $_REQUEST)) {
$URL = $_REQUEST['url'];
} else {
die('ERROR, you must pass in a URL value');
}
if (array_key_exists("username", $_REQUEST)) {
$username = utf8_clean_string($_REQUEST['username']);
} else {
die('ERROR, you must pass in a USERNAME value');
}
if (array_key_exists("password", $_REQUEST)) {
$password = $_REQUEST['password'];
} else {
die('ERROR, you must pass in a PASSWORD value');
}
if (!mysql_select_db($bbdbname)) {
die('Could not open db:' . $bbdbname . ' ' . mysql_error());
}
$result = mysql_query("SELECT user_id, user_password FROM bzbb3_users " . "WHERE username_clean='{$username}' " . "AND user_inactive_reason=0", $link) or die("Invalid query: " . mysql_error());
$row = mysql_fetch_row($result);
$playerid = $row[0];
if (!$playerid || !phpbb_check_hash($password, $row[1])) {
dumpPageHeader();
print '
<tr>
<td valign="top">
<b>The username or password you entered was invalid.</b>
</td>
</tr>
';
dumpPageFooter();
} else {
srand(microtime() * 100000000);
$token = rand(0, 2147483647);
$result = mysql_query("UPDATE bzbb3_users SET " . "user_token='{$token}', " . "user_tokendate='" . time() . "', " . "user_tokenip='" . $_SERVER['REMOTE_ADDR'] . "' " . "WHERE user_id='{$playerid}'", $link) or die("Invalid query: " . mysql_error());
// $redirURL = $URL . '?username=' . $username . '&token=' . $token;
// let them specify the paramaters, we'll just replace them with real info
$redirURL = str_replace(array('%TOKEN%', '%USERNAME%'), array($token, urlencode($username)), $URL);
header('location: ' . $redirURL);
}
if (!mysql_select_db($dbname)) {
die('Could not open db: ' . mysql_error());
}
}示例10: onAuthenticate
/**
* This method should handle any authentication and report back to the subject
*
* @access public
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object $response Authentication response object
* @return boolean
* @since 1.5
*/
function onAuthenticate($credentials, $options, &$response)
{
global $dbhost, $dbname, $dbuser, $dbpasswd, $table_prefix;
// Joomla does not like blank passwords
if (empty($credentials['password'])) {
$response->status = JAUTHENTICATE_STATUS_FAILURE;
$response->error_message = 'Empty password not allowed';
return false;
}
if (!defined('IN_PHPBB')) {
define('IN_PHPBB', true);
}
$table =& JTable::getInstance('component');
$table->loadByOption('com_rokbridge');
$params = new JParameter($table->params, JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_rokbridge' . DS . 'config.xml');
if (!file_exists(JPATH_ROOT . DS . $params->get('bridge_path') . DS . 'configuration.php')) {
return;
}
//Include the bridge configuration
require_once JPATH_ROOT . DS . $params->get('bridge_path') . DS . 'configuration.php';
if (!class_exists('JConfigForum')) {
return;
}
//Create a bridge configration object
$config = new JConfigForum();
if (!file_exists(JPATH_ROOT . DS . $config->phpbb_path . DS . 'config.php')) {
return;
}
//Include the PHPBB3 configuration
require JPATH_ROOT . DS . $config->phpbb_path . DS . 'config.php';
// Config is incomplete
if (!isset($dbhost, $dbuser, $dbpasswd, $dbname, $table_prefix)) {
return;
}
//Include the PHPBB3 helper functions
if (!defined('LOGIN_PHPBB')) {
//Include the bridge configuration
$path = JPATH_ROOT . DS . $params->get('bridge_path');
require_once $path . DS . 'includes' . DS . 'helper.php';
JForumHelper::loadPHPBB3($path);
}
// Get a database object
$options = array('driver' => $dbms, 'host' => $dbhost, 'user' => $dbuser, 'password' => $dbpasswd, 'database' => $dbname, 'prefix' => $table_prefix);
$db =& JDatabase::getInstance($options);
/*
* Check if the login_name field exists if so use it to get the user data
* Note : this fields is getting added by the SMF to phpBB3 convertor.
*/
$fields = $db->getTableFields('#__users');
if (isset($fields['#__users']['login_name'])) {
$query = "SELECT user_id, username, user_email, user_type, user_password, login_name, user_type" . "\n FROM #__users" . "\n WHERE login_name = " . $db->Quote(utf8_clean_string($credentials['username']));
} else {
$query = "SELECT user_id, username, user_email, user_type, user_password, user_type" . "\n FROM #__users" . "\n WHERE username_clean = " . $db->Quote(utf8_clean_string($credentials['username']));
}
$db->setQuery($query);
$result = $db->loadObject();
if ($result && phpbb_check_hash($credentials['password'], $result->user_password)) {
$response->status = JAUTHENTICATE_STATUS_SUCCESS;
$response->error_message = '';
$response->email = $result->user_email;
$response->fullname = $result->username;
} else {
$response->status = JAUTHENTICATE_STATUS_FAILURE;
$response->error_message = 'Invalid response from database';
}
}示例11: main
function main($id, $mode)
{
global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx;
$user->add_lang('posting');
$preview = !empty($_POST['preview']) ? true : false;
$submit = !empty($_POST['submit']) ? true : false;
$delete = !empty($_POST['delete']) ? true : false;
$error = $data = array();
$s_hidden_fields = '';
switch ($mode) {
case 'reg_details':
$data = array('username' => utf8_normalize_nfc(request_var('username', $user->data['username'], true)), 'email' => strtolower(request_var('email', $user->data['user_email'])), 'email_confirm' => strtolower(request_var('email_confirm', '')), 'new_password' => request_var('new_password', '', true), 'cur_password' => request_var('cur_password', '', true), 'password_confirm' => request_var('password_confirm', '', true));
add_form_key('ucp_reg_details');
if ($submit) {
// Do not check cur_password, it is the old one.
$check_ary = array('new_password' => array(array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), array('password')), 'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), 'email' => array(array('string', false, 6, 60), array('email')), 'email_confirm' => array('string', true, 6, 60));
if ($auth->acl_get('u_chgname') && $config['allow_namechange']) {
$check_ary['username'] = array(array('string', false, $config['min_name_chars'], $config['max_name_chars']), array('username'));
}
$error = validate_data($data, $check_ary);
if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'] && $data['email_confirm'] != $data['email']) {
$error[] = $data['email_confirm'] ? 'NEW_EMAIL_ERROR' : 'NEW_EMAIL_CONFIRM_EMPTY';
}
if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && $data['password_confirm'] != $data['new_password']) {
$error[] = $data['password_confirm'] ? 'NEW_PASSWORD_ERROR' : 'NEW_PASSWORD_CONFIRM_EMPTY';
}
// Only check the new password against the previous password if there have been no errors
if (!sizeof($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && phpbb_check_hash($data['new_password'], $user->data['user_password'])) {
$error[] = 'SAME_PASSWORD_ERROR';
}
if (!phpbb_check_hash($data['cur_password'], $user->data['user_password'])) {
$error[] = $data['cur_password'] ? 'CUR_PASSWORD_ERROR' : 'CUR_PASSWORD_EMPTY';
}
if (!check_form_key('ucp_reg_details')) {
$error[] = 'FORM_INVALID';
}
if (!sizeof($error)) {
$sql_ary = array('username' => $auth->acl_get('u_chgname') && $config['allow_namechange'] ? $data['username'] : $user->data['username'], 'username_clean' => $auth->acl_get('u_chgname') && $config['allow_namechange'] ? utf8_clean_string($data['username']) : $user->data['username_clean'], 'user_email' => $auth->acl_get('u_chgemail') ? $data['email'] : $user->data['user_email'], 'user_email_hash' => $auth->acl_get('u_chgemail') ? phpbb_email_hash($data['email']) : $user->data['user_email_hash'], 'user_password' => $auth->acl_get('u_chgpasswd') && $data['new_password'] ? phpbb_hash($data['new_password']) : $user->data['user_password'], 'user_passchg' => $auth->acl_get('u_chgpasswd') && $data['new_password'] ? time() : 0);
if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username']) {
add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_NAME', $user->data['username'], $data['username']);
}
if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !phpbb_check_hash($data['new_password'], $user->data['user_password'])) {
$user->reset_login_keys();
add_log('user', $user->data['user_id'], 'LOG_USER_NEW_PASSWORD', $data['username']);
}
if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email']) {
add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_EMAIL', $data['username'], $user->data['user_email'], $data['email']);
}
$message = 'PROFILE_UPDATED';
if ($auth->acl_get('u_chgemail') && $config['email_enable'] && $data['email'] != $user->data['user_email'] && $user->data['user_type'] != USER_FOUNDER && ($config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN)) {
$message = $config['require_activation'] == USER_ACTIVATION_SELF ? 'ACCOUNT_EMAIL_CHANGED' : 'ACCOUNT_EMAIL_CHANGED_ADMIN';
include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx;
$server_url = generate_board_url();
$user_actkey = gen_rand_string(mt_rand(6, 10));
$messenger = new messenger(false);
$template_file = $config['require_activation'] == USER_ACTIVATION_ADMIN ? 'user_activate_inactive' : 'user_activate';
$messenger->template($template_file, $user->data['user_lang']);
$messenger->to($data['email'], $data['username']);
$messenger->anti_abuse_headers($config, $user);
$messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($data['username']), 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user->data['user_id']}&k={$user_actkey}"));
$messenger->send(NOTIFY_EMAIL);
if ($config['require_activation'] == USER_ACTIVATION_ADMIN) {
// Grab an array of user_id's with a_user permissions ... these users can activate a user
$admin_ary = $auth->acl_get_list(false, 'a_user', false);
$admin_ary = !empty($admin_ary[0]['a_user']) ? $admin_ary[0]['a_user'] : array();
// Also include founders
$where_sql = ' WHERE user_type = ' . USER_FOUNDER;
if (sizeof($admin_ary)) {
$where_sql .= ' OR ' . $db->sql_in_set('user_id', $admin_ary);
}
$sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type
FROM ' . USERS_TABLE . ' ' . $where_sql;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$messenger->template('admin_activate', $row['user_lang']);
$messenger->to($row['user_email'], $row['username']);
$messenger->im($row['user_jabber'], $row['username']);
$messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($data['username']), 'U_USER_DETAILS' => "{$server_url}/memberlist.{$phpEx}?mode=viewprofile&u={$user->data['user_id']}", 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user->data['user_id']}&k={$user_actkey}"));
$messenger->send($row['user_notify_type']);
}
$db->sql_freeresult($result);
}
user_active_flip('deactivate', $user->data['user_id'], INACTIVE_PROFILE);
// Because we want the profile to be reactivated we set user_newpasswd to empty (else the reactivation will fail)
$sql_ary['user_actkey'] = $user_actkey;
$sql_ary['user_newpasswd'] = '';
}
if (sizeof($sql_ary)) {
$sql = 'UPDATE ' . USERS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
WHERE user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
}
// Need to update config, forum, topic, posting, messages, etc.
if ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange']) {
user_update_name($user->data['username'], $data['username']);
}
// Now, we can remove the user completely (kill the session) - NOT BEFORE!!!
if (!empty($sql_ary['user_actkey'])) {
meta_refresh(5, append_sid($phpbb_root_path . 'index.' . $phpEx));
//.........这里部分代码省略.........
示例12: login
function login($username, $password) {
$username_clean = utf8_clean_string($username);
$u = $this->core->db->fetch_first("SELECT * FROM `sustc_user` WHERE `username_clean` = \"$username_clean\";");
$errcode = 1;
if ($u) {
if (phpbb_check_hash($password, $u['password'])) {
$this->setlogin($u);
$errcode = 0;
} else {
$errcode = 2;
}
unset($u);
}
return $errcode;
}示例13: action_gettoken
function action_gettoken()
{
global $bbdbname, $dbname, $link, $callsign, $password, $version, $local, $alternateServers;
header('Content-type: text/plain');
debug('Fetching TOKEN', 2);
if ($callsign && $password) {
if (!mysql_select_db($bbdbname)) {
debug("Database {$bbdbname} did not exist", 1);
die('Could not open db: ' . mysql_error());
}
$clean_callsign = utf8_clean_string($callsign);
$result = mysql_query("SELECT user_id, user_password FROM bzbb3_users " . "WHERE username_clean='{$clean_callsign}' " . "AND user_inactive_reason=0", $link) or die("Invalid query: " . mysql_error());
$row = mysql_fetch_row($result);
$playerid = $row[0];
if (!$playerid || !phpbb_check_hash($password, $row[1])) {
print "NOTOK: invalid callsign or password ({$callsign}:{$password})\n";
} else {
srand(microtime() * 100000000);
$token = rand(0, 2147483647);
$result = mysql_query("UPDATE bzbb3_users SET " . "user_token='{$token}', " . "user_tokendate='" . time() . "', " . "user_tokenip='" . $_SERVER['REMOTE_ADDR'] . "' " . "WHERE user_id='{$playerid}'", $link) or die("Invalid query: " . mysql_error());
print "TOKEN: {$token}\n";
}
}
}示例14: if
$userfield = $_POST['user'];
if (!isset($userfield['password']) || !$userfield['password']) {
$err['code'] = 1;
} else if ((isset($userfield['password']) && $userfield['password'])
&& ((isset($userfield['email']) && $userfield['email'])
|| (isset($userfield['new_password']) && $userfield['new_password']))) {
if (isset($userfield['new_password'])
&& $userfield['new_password']
&& ($userfield['new_password'] != $userfield['new_password2'])) {
$err['code'] = 2;
} else {
$u = DB::fetch_first(
'SELECT * FROM '.DB::table('user')
.' WHERE '.DB::implode(array('uid' => $sustc->user->uid)));
if ($u) {
if (phpbb_check_hash($userfield['password'], $u['password'])) {
$updata = array();
$err['changed'] = array(
'password' => false,
'email' => false,
);
if (isset($userfield['email']) && $userfield['email'] && $userfield['email'] != $u['email']) {
$updata['email'] = strtolower(trim($userfield['email']));
$_SESSION['user']['email'] = $updata['email'];
$err['changed']['email'] = true;
}
if (isset($userfield['new_password']) && $userfield['new_password']) {
global $_G;
$_G['config'] = array(
'rand_seed' => rand(),
'rand_seed_last_update' => TIMESTAMP示例15: login_sjb
function login_sjb(&$username, &$user_data)
{
global $phpbb_root_path, $db, $user, $config, $cache, $phpEx;
define('LOGIN_PHPBB', true);
//set define to allow to check for recursivity
$password = is_array($user_data) ? $user_data['password'] : $user_data;
$status = null;
if (!$password) {
return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'NO_PASSWORD_SUPPLIED', 'user_row' => array('user_id' => ANONYMOUS));
}
if (!$username) {
return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS));
}
$sql = 'DESCRIBE ' . USERS_TABLE . ' login_name';
$result = $db->sql_query($sql);
$has_login_name = $db->sql_fetchrow();
$db->sql_freeresult($result);
if (!empty($has_login_name)) {
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, login_name
FROM ' . USERS_TABLE . "\n\t\t\tWHERE login_name = '" . $db->sql_escape($username) . "'";
} else {
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "\n\t\t\tWHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
}
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row) {
// User inactive...
if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) {
return array('status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row);
}
$status = LOGIN_SUCCESS;
}
$dir = getcwd();
loadSJB();
//get the sjb user
$errors = array();
$logged_in = SJB_Authorization::login($username, $password, false, $errors, false);
// user not in phpbb3 db, but is in sjb
$userInfo = SJB_UserDBManager::getUserInfoByUserName($username);
chdir($dir);
if ($row && $userInfo) {
if (!$logged_in && phpbb_check_hash($password, $row['user_password'])) {
if (SJB_UserManager::changeUserPassword($userInfo['sid'], $password)) {
$errors = array();
}
$logged_in = SJB_Authorization::login($username, $password, false, $errors, false);
} elseif ($logged_in && !phpbb_check_hash($password, $row['user_password'])) {
$sql_ary = array('user_actkey' => '', 'user_password' => phpbb_hash($password), 'user_newpasswd' => '', 'user_pass_convert' => 0, 'user_login_attempts' => 0);
$sql = 'UPDATE ' . USERS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
}
} elseif (!$row && $userInfo) {
// retrieve default group id
$sql = 'SELECT group_id
FROM ' . GROUPS_TABLE . "\n\t\t\t\tWHERE group_name = '" . $db->sql_escape('REGISTERED') . "'\n\t\t\t\tAND group_type = " . GROUP_SPECIAL;
$result = $db->sql_query($sql);
$group = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$group) {
trigger_error('NO_GROUP');
}
// generate user account data
$row = array('username' => $username, 'user_password' => phpbb_hash($password), 'user_email' => $userInfo['email'], 'group_id' => $group['group_id'], 'user_type' => (string) USER_NORMAL);
if (!empty($has_login_name)) {
$row['username'] = $userInfo['username'];
$row['login_name'] = $username;
}
$status = LOGIN_SUCCESS_CREATE_PROFILE;
} elseif ($row && !$userInfo && isset($errors['NO_SUCH_USER'])) {
if (phpbb_check_hash($password, $row['user_password'])) {
$errors = array();
}
}
if (isset($errors['INVALID_PASSWORD'])) {
return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'LOGIN_ERROR_PASSWORD', 'user_row' => array('user_id' => ANONYMOUS));
} elseif (isset($errors['USER_NOT_ACTIVE'])) {
return array('status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row);
} elseif (isset($errors['BANNED_USER'])) {
define('IN_CHECK_BAN', 1);
return array('status' => BAN_TRIGGERED_BY_IP, 'error_msg' => 'BAN_TRIGGERED_BY_IP', 'user_row' => $row);
} elseif ($errors) {
return array('status' => $errors, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row);
}
// Successful login... set user_login_attempts to zero...
return array('status' => $status, 'error_msg' => false, 'user_row' => $row);
}