Menu
▾
▴
[mxbb-commits] core login.php,1.7,1.8
|
From: Markus P. <mar...@us...> - 2005-04-28 14:26:39
|
Update of /cvsroot/mxbb/core In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv426 Modified Files: login.php Log Message: Fixed our login.php to match the original phpBB... AGAIN !!! :-( Index: login.php =================================================================== RCS file: /cvsroot/mxbb/core/login.php,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** login.php 9 Jan 2005 21:55:44 -0000 1.7 --- login.php 28 Apr 2005 14:26:26 -0000 1.8 *************** *** 22,46 **** */ // Allow people to reach login page if // board is shut down ! define( "IN_LOGIN", true ); ! ! define( 'IN_PORTAL', true ); $mx_root_path = './'; ! include( $mx_root_path . 'extension.inc' ); ! include( $mx_root_path . 'common.' . $phpEx ); // Set page ID for session management ! ! $userdata = session_pagestart( $user_ip, PAGE_LOGIN ); ! mx_init_userprefs( $userdata ); ! // End session management // session id check ! if ( !empty( $HTTP_POST_VARS['sid'] ) || !empty( $HTTP_GET_VARS['sid'] ) ) { ! $sid = ( !empty( $HTTP_POST_VARS['sid'] ) ) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid']; } else --- 22,49 ---- */ + // // Allow people to reach login page if // board is shut down + // + define("IN_LOGIN", true); ! define('IN_PORTAL', true); $mx_root_path = './'; ! include($mx_root_path . 'extension.inc'); ! include($mx_root_path . 'common.'.$phpEx); + // // Set page ID for session management ! // ! $userdata = session_pagestart($user_ip, PAGE_LOGIN); ! mx_init_userprefs($userdata); ! // // End session management + // // session id check ! if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid'])) { ! $sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid']; } else *************** *** 49,114 **** } ! if ( isset( $HTTP_POST_VARS['login'] ) || isset( $HTTP_GET_VARS['login'] ) || isset( $HTTP_POST_VARS['logout'] ) || isset( $HTTP_GET_VARS['logout'] ) ) { ! // mx fix for tracking newssuite pagination ! setcookie( 'cat_start', serialize( array() ), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure'] ); ! ! if ( ( isset( $HTTP_POST_VARS['login'] ) || isset( $HTTP_GET_VARS['login'] ) ) && !$userdata['session_logged_in'] ) { $username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; ! ! $password = isset( $HTTP_POST_VARS['password'] ) ? $HTTP_POST_VARS['password'] : ''; $sql = "SELECT user_id, username, user_password, user_active, user_level FROM " . USERS_TABLE . " ! WHERE username = '" . str_replace( "\\'", "''", $username ) . "'"; ! if ( !( $result = $db->sql_query( $sql ) ) ) { ! mx_message_die( GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql ); } ! if ( $row = $db->sql_fetchrow( $result ) ) { ! if ( $row['user_level'] != ADMIN && $board_config['board_disable'] ) { ! mx_redirect( append_sid( "index.$phpEx", true ) ); } else { ! if ( md5( $password ) == $row['user_password'] && $row['user_active'] ) { ! $autologin = ( isset( $HTTP_POST_VARS['autologin'] ) ) ? true : 0; ! $session_id = session_begin( $row['user_id'], $user_ip, PAGE_INDEX, false, $autologin ); ! if ( $session_id ) { ! $url = ( !empty( $HTTP_POST_VARS['redirect'] ) ) ? str_replace( '&', '&', htmlspecialchars( $HTTP_POST_VARS['redirect'] ) ) : "index.$phpEx"; ! $url = str_replace( ".php", ".php?", $url ); ! mx_redirect( append_sid( $url, true ) ); } else { ! mx_message_die( CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__ ); } } else { ! $redirect = ( !empty( $HTTP_POST_VARS['redirect'] ) ) ? str_replace( '&', '&', htmlspecialchars( $HTTP_POST_VARS['redirect'] ) ) : ''; ! $redirect = str_replace( "?", "&", $redirect ); ! if ( strstr( urldecode( $redirect ), "\n" ) || strstr( urldecode( $redirect ), "\r" ) ) { ! mx_message_die( GENERAL_ERROR, 'Tried to redirect to potentially insecure url.' ); } ! $template->assign_vars( array( 'META' => '<meta http-equiv="refresh" content="3;url=' . "login.$phpEx?redirect=$redirect&sid=" . $userdata['session_id'] . '">' ) ! ); ! $url = "login.$phpEx?redirect=$redirect&sid=" . $userdata['session_id']; ! $url = str_replace( "&&", "&", $url ); ! $message = $lang['Error_login'] . '<br /><br />' . sprintf( $lang['Click_return_login'], '<a href="' . $url . '">', '</a>' ) . '<br /><br />' . sprintf( $lang['Click_return_index'], '<a href="' . append_sid( "index.$phpEx" ) . '">', '</a>' ); ! mx_message_die( GENERAL_MESSAGE, $message ); } } --- 52,111 ---- } ! if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) ) { ! if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] ) { $username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; ! $password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : ''; $sql = "SELECT user_id, username, user_password, user_active, user_level FROM " . USERS_TABLE . " ! WHERE username = '" . str_replace("\\'", "''", $username) . "'"; ! if ( !($result = $db->sql_query($sql) ) ) { ! mx_message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql); } ! if( $row = $db->sql_fetchrow($result) ) { ! if( $row['user_level'] != ADMIN && $board_config['board_disable'] ) { ! mx_redirect(append_sid("index.$phpEx", true)); } else { ! if( md5($password) == $row['user_password'] && $row['user_active'] ) { ! $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0; ! $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin); ! if( $session_id ) { ! $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx"; ! mx_redirect(append_sid($url, true)); } else { ! mx_message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__); } } else { ! $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ''; ! $redirect = str_replace('?', '&', $redirect); ! if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) { ! mx_message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); } ! $template->assign_vars(array( ! 'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">") ! ); ! $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>'); ! mx_message_die(GENERAL_MESSAGE, $message); } } *************** *** 116,198 **** else { ! $redirect = ( !empty( $HTTP_POST_VARS['redirect'] ) ) ? str_replace( '&', '&', htmlspecialchars( $HTTP_POST_VARS['redirect'] ) ) : ""; ! $redirect = str_replace( "?", "&", $redirect ); ! if ( strstr( urldecode( $redirect ), "\n" ) || strstr( urldecode( $redirect ), "\r" ) ) { ! message_die( GENERAL_ERROR, 'Tried to redirect to potentially insecure url.' ); } ! $template->assign_vars( array( 'META' => '<meta http-equiv="refresh" content="3;url=' . "login.$phpEx?redirect=$redirect&sid=" . $userdata['session_id'] . '">' ) ! ); ! $url = "login.$phpEx?redirect=$redirect&sid=" . $userdata['session_id']; ! $url = str_replace( "&&", "&", $url ); ! $message = $lang['Error_login'] . '<br /><br />' . sprintf( $lang['Click_return_login'], '<a href="' . $url . '">', '</a>' ) . '<br /><br />' . sprintf( $lang['Click_return_index'], '<a href="' . append_sid( "index.$phpEx" ) . '">', '</a>' ); ! mx_message_die( GENERAL_MESSAGE, $message ); } } ! else if ( ( isset( $HTTP_GET_VARS['logout'] ) || isset( $HTTP_POST_VARS['logout'] ) ) && $userdata['session_logged_in'] ) { ! // session id check ! if ( $sid == '' || $sid != $userdata['session_id'] ) ! { ! mx_message_die( GENERAL_ERROR, 'Invalid_session' ); ! } ! ! if ( $userdata['session_logged_in'] ) { ! session_end( $userdata['session_id'], $userdata['user_id'] ); } ! if ( !empty( $HTTP_POST_VARS['redirect'] ) || !empty( $HTTP_GET_VARS['redirect'] ) ) { ! $url = ( !empty( $HTTP_POST_VARS['redirect'] ) ) ? $HTTP_POST_VARS['redirect'] : $HTTP_GET_VARS['redirect']; ! mx_redirect( append_sid( $url, true ) ); } else { ! mx_redirect( append_sid( "index.$phpEx", true ) ); } } else { ! $url = ( !empty( $HTTP_POST_VARS['redirect'] ) ) ? $HTTP_POST_VARS['redirect'] : "index.$phpEx"; ! mx_redirect( append_sid( $url, true ) ); } } else { ! // Do a full login page dohickey if // user not already logged in ! ! if ( !$userdata['session_logged_in'] ) { $page_title = $lang['Login']; ! include( $mx_root_path . 'includes/page_header.' . $phpEx ); ! $template->set_filenames( array( 'body' => 'login_body.tpl' ) ! ); ! if ( isset( $HTTP_POST_VARS['redirect'] ) || isset( $HTTP_GET_VARS['redirect'] ) ) { $forward_to = $HTTP_SERVER_VARS['QUERY_STRING']; ! if ( preg_match( "/^redirect=([a-z0-9\.#\/\?&=\+\-_]+)/si", $forward_to, $forward_matches ) ) { ! $forward_to = ( !empty( $forward_matches[3] ) ) ? $forward_matches[3] : $forward_matches[1]; ! $forward_match = explode( '&', $forward_to ); ! if ( count( $forward_match ) > 1 ) { $forward_page = ''; ! for( $i = 1; $i < count( $forward_match ); $i++ ) { ! if ( !ereg( "sid=", $forward_match[$i] ) ) { ! if ( $forward_page != '' ) { $forward_page .= '&'; --- 113,190 ---- else { ! $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ""; ! $redirect = str_replace("?", "&", $redirect); ! if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) { ! mx_message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); } ! $template->assign_vars(array( ! 'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">") ! ); ! $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>'); ! mx_message_die(GENERAL_MESSAGE, $message); } } ! else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] ) { ! if( $userdata['session_logged_in'] ) { ! session_end($userdata['session_id'], $userdata['user_id']); } ! if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect'])) { ! $url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']); ! $url = str_replace('&', '&', $url); ! mx_redirect(append_sid($url, true)); } else { ! mx_redirect(append_sid("index.$phpEx", true)); } } else { ! $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx"; ! mx_redirect(append_sid($url, true)); } } else { ! // // Do a full login page dohickey if // user not already logged in ! // ! if( !$userdata['session_logged_in'] ) { $page_title = $lang['Login']; ! include($mx_root_path . 'includes/page_header.'.$phpEx); ! $template->set_filenames(array( ! 'body' => 'login_body.tpl') ! ); ! if( isset($HTTP_POST_VARS['redirect']) || isset($HTTP_GET_VARS['redirect']) ) { $forward_to = $HTTP_SERVER_VARS['QUERY_STRING']; ! if( preg_match("/^redirect=([a-z0-9\.#\/\?&=\+\-_]+)/si", $forward_to, $forward_matches) ) { ! $forward_to = ( !empty($forward_matches[3]) ) ? $forward_matches[3] : $forward_matches[1]; ! $forward_match = explode('&', $forward_to); ! if(count($forward_match) > 1) { $forward_page = ''; ! for($i = 1; $i < count($forward_match); $i++) { ! if( !ereg("sid=", $forward_match[$i]) ) { ! if( $forward_page != '' ) { $forward_page .= '&'; *************** *** 216,238 **** $username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : ''; ! $forward_page = str_replace( "?", "", $forward_page ); ! $s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="redirect" value="' . $forward_page . '" />'; ! make_jumpbox( 'viewforum.' . $phpEx, $forum_id ); ! $template->assign_vars( array( 'USERNAME' => $username, ! 'L_ENTER_PASSWORD' => $lang['Enter_password'], ! 'L_SEND_PASSWORD' => $lang['Forgotten_password'], ! 'U_SEND_PASSWORD' => append_sid( $phpbb_root_path . "profile.$phpEx?mode=sendpassword" ), ! 'S_HIDDEN_FIELDS' => $s_hidden_fields ! ) ); ! $template->pparse( 'body' ); ! include( $mx_root_path . 'includes/page_tail.' . $phpEx ); } else { ! mx_redirect( append_sid( "index.$phpEx", true ) ); } } --- 208,234 ---- $username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : ''; ! $s_hidden_fields = '<input type="hidden" name="redirect" value="' . $forward_page . '" />'; ! make_jumpbox($phpbb_root_path . 'viewforum.'.$phpEx, $forum_id); ! $template->assign_vars(array( ! 'USERNAME' => $username, ! 'L_ENTER_PASSWORD' => $lang['Enter_password'], ! 'L_SEND_PASSWORD' => $lang['Forgotten_password'], ! 'U_SEND_PASSWORD' => append_sid($phpbb_root_path . "profile.$phpEx?mode=sendpassword"), ! ! 'S_HIDDEN_FIELDS' => $s_hidden_fields) ! ); ! ! $template->pparse('body'); ! ! include($mx_root_path . 'includes/page_tail.'.$phpEx); } else { ! mx_redirect(append_sid("index.$phpEx", true)); } + } |
