SimpleMachines /
SMF2.1
@@ -28,15 +28,17 @@ discard block |
||
| 28 | 28 | <form class="login" action="', $context['login_url'], '" name="frmLogin" id="frmLogin" method="post" accept-charset="', $context['character_set'], '">'; |
| 29 | 29 | |
| 30 | 30 | // Did they make a mistake last time? |
| 31 | - if (!empty($context['login_errors'])) |
|
| 32 | - echo ' |
|
| 31 | + if (!empty($context['login_errors'])) { |
|
| 32 | + echo ' |
|
| 33 | 33 | <div class="errorbox">', implode('<br>', $context['login_errors']), '</div> |
| 34 | 34 | <br>'; |
| 35 | + } |
|
| 35 | 36 | |
| 36 | 37 | // Or perhaps there's some special description for this time? |
| 37 | - if (isset($context['description'])) |
|
| 38 | - echo ' |
|
| 38 | + if (isset($context['description'])) { |
|
| 39 | + echo ' |
|
| 39 | 40 | <div class="information">', $context['description'], '</div>'; |
| 41 | + } |
|
| 40 | 42 | |
| 41 | 43 | // Now just get the basic information - username, password, etc. |
| 42 | 44 | echo ' |
@@ -55,19 +57,21 @@ discard block |
||
| 55 | 57 | <dd> |
| 56 | 58 | <select name="cookielength" id="cookielength">'; |
| 57 | 59 | |
| 58 | - foreach ($context['login_cookie_times'] as $cookie_time => $cookie_txt) |
|
| 59 | - echo ' |
|
| 60 | + foreach ($context['login_cookie_times'] as $cookie_time => $cookie_txt) { |
|
| 61 | + echo ' |
|
| 60 | 62 | <option value="', $cookie_time, '"', $modSettings['cookieTime'] == $cookie_time ? ' selected' : '', '>', $txt[$cookie_txt], '</option>'; |
| 63 | + } |
|
| 61 | 64 | |
| 62 | 65 | echo ' |
| 63 | 66 | </select> |
| 64 | 67 | </dd>'; |
| 65 | 68 | |
| 66 | 69 | // If they have deleted their account, give them a chance to change their mind. |
| 67 | - if (isset($context['login_show_undelete'])) |
|
| 68 | - echo ' |
|
| 70 | + if (isset($context['login_show_undelete'])) { |
|
| 71 | + echo ' |
|
| 69 | 72 | <dt class="alert">', $txt['undelete_account'], ':</dt> |
| 70 | 73 | <dd><input type="checkbox" name="undelete"></dd>'; |
| 74 | + } |
|
| 71 | 75 | |
| 72 | 76 | echo ' |
| 73 | 77 | </dl> |
@@ -85,8 +89,8 @@ discard block |
||
| 85 | 89 | document.getElementById("', !empty($context['from_ajax']) ? 'ajax_' : '', isset($context['default_username']) && $context['default_username'] != '' ? 'loginpass' : 'loginuser', '").focus(); |
| 86 | 90 | }, 150);'; |
| 87 | 91 | |
| 88 | - if (!empty($context['from_ajax'])) |
|
| 89 | - echo ' |
|
| 92 | + if (!empty($context['from_ajax'])) { |
|
| 93 | + echo ' |
|
| 90 | 94 | form = $("#frmLogin"); |
| 91 | 95 | form.submit(function(e) { |
| 92 | 96 | e.preventDefault(); |
@@ -119,16 +123,18 @@ discard block |
||
| 119 | 123 | |
| 120 | 124 | return false; |
| 121 | 125 | });'; |
| 126 | + } |
|
| 122 | 127 | |
| 123 | 128 | echo ' |
| 124 | 129 | </script> |
| 125 | 130 | </form>'; |
| 126 | 131 | |
| 127 | 132 | // It is a long story as to why we have this when we're clearly not going to use it. |
| 128 | - if (!empty($context['from_ajax'])) |
|
| 129 | - echo ' |
|
| 133 | + if (!empty($context['from_ajax'])) { |
|
| 134 | + echo ' |
|
| 130 | 135 | <br> |
| 131 | 136 | <a href="javascript:self.close();"></a>'; |
| 137 | + } |
|
| 132 | 138 | |
| 133 | 139 | echo ' |
| 134 | 140 | </div><!-- .roundframe --> |
@@ -151,11 +157,12 @@ discard block |
||
| 151 | 157 | </div> |
| 152 | 158 | <div class="roundframe">'; |
| 153 | 159 | |
| 154 | - if (!empty($context['tfa_error']) || !empty($context['tfa_backup_error'])) |
|
| 155 | - echo ' |
|
| 160 | + if (!empty($context['tfa_error']) || !empty($context['tfa_backup_error'])) { |
|
| 161 | + echo ' |
|
| 156 | 162 | <div class="error"> |
| 157 | 163 | ', $txt['tfa_' . (!empty($context['tfa_error']) ? 'code_' : 'backup_') . 'invalid'], ' |
| 158 | 164 | </div>'; |
| 165 | + } |
|
| 159 | 166 | |
| 160 | 167 | echo ' |
| 161 | 168 | <form action="', $context['tfa_url'], '" method="post" id="frmTfa"> |
@@ -183,8 +190,8 @@ discard block |
||
| 183 | 190 | <script> |
| 184 | 191 | form = $("#frmTfa");'; |
| 185 | 192 | |
| 186 | - if (!empty($context['from_ajax'])) |
|
| 187 | - echo ' |
|
| 193 | + if (!empty($context['from_ajax'])) { |
|
| 194 | + echo ' |
|
| 188 | 195 | form.submit(function(e) { |
| 189 | 196 | // If we are submitting backup code, let normal workflow follow since it redirects a couple times into a different page |
| 190 | 197 | if (form.find("input[name=tfa_backup]:first").val().length > 0) |
@@ -203,6 +210,7 @@ discard block |
||
| 203 | 210 | |
| 204 | 211 | return false; |
| 205 | 212 | });'; |
| 213 | + } |
|
| 206 | 214 | |
| 207 | 215 | echo ' |
| 208 | 216 | form.find("input[name=backup]").click(function(e) { |
@@ -234,10 +242,11 @@ discard block |
||
| 234 | 242 | <p class="information centertext"> |
| 235 | 243 | ', empty($context['kick_message']) ? $txt['only_members_can_access'] : $context['kick_message'], '<br>'; |
| 236 | 244 | |
| 237 | - if ($context['can_register']) |
|
| 238 | - echo sprintf($txt['login_below_or_register'], $scripturl . '?action=signup', $context['forum_name_html_safe']); |
|
| 239 | - else |
|
| 240 | - echo $txt['login_below']; |
|
| 245 | + if ($context['can_register']) { |
|
| 246 | + echo sprintf($txt['login_below_or_register'], $scripturl . '?action=signup', $context['forum_name_html_safe']); |
|
| 247 | + } else { |
|
| 248 | + echo $txt['login_below']; |
|
| 249 | + } |
|
| 241 | 250 | |
| 242 | 251 | // And now the login information. |
| 243 | 252 | echo ' |
@@ -256,9 +265,10 @@ discard block |
||
| 256 | 265 | <dd> |
| 257 | 266 | <select name="cookielength" id="cookielength">'; |
| 258 | 267 | |
| 259 | - foreach ($context['login_cookie_times'] as $cookie_time => $cookie_txt) |
|
| 260 | - echo ' |
|
| 268 | + foreach ($context['login_cookie_times'] as $cookie_time => $cookie_txt) { |
|
| 269 | + echo ' |
|
| 261 | 270 | <option value="', $cookie_time, '"', $modSettings['cookieTime'] == $cookie_time ? ' selected' : '', '>', $txt[$cookie_txt], '</option>'; |
| 271 | + } |
|
| 262 | 272 | |
| 263 | 273 | echo ' |
| 264 | 274 | </select> |
@@ -315,9 +325,10 @@ discard block |
||
| 315 | 325 | <dd> |
| 316 | 326 | <select name="cookielength" id="cookielength">'; |
| 317 | 327 | |
| 318 | - foreach ($context['login_cookie_times'] as $cookie_time => $cookie_txt) |
|
| 319 | - echo ' |
|
| 328 | + foreach ($context['login_cookie_times'] as $cookie_time => $cookie_txt) { |
|
| 329 | + echo ' |
|
| 320 | 330 | <option value="', $cookie_time, '"', $modSettings['cookieTime'] == $cookie_time ? ' selected' : '', '>', $txt[$cookie_txt], '</option>'; |
| 331 | + } |
|
| 321 | 332 | |
| 322 | 333 | echo ' |
| 323 | 334 | </select> |
@@ -351,9 +362,10 @@ discard block |
||
| 351 | 362 | </div> |
| 352 | 363 | <div class="roundframe centertext">'; |
| 353 | 364 | |
| 354 | - if (!empty($context['incorrect_password'])) |
|
| 355 | - echo ' |
|
| 365 | + if (!empty($context['incorrect_password'])) { |
|
| 366 | + echo ' |
|
| 356 | 367 | <div class="error">', $txt['admin_incorrect_password'], '</div>'; |
| 368 | + } |
|
| 357 | 369 | |
| 358 | 370 | echo ' |
| 359 | 371 | <strong>', $txt['password'], ':</strong> |
@@ -394,10 +406,11 @@ discard block |
||
| 394 | 406 | <dl>'; |
| 395 | 407 | |
| 396 | 408 | // You didn't even have an ID? |
| 397 | - if (empty($context['member_id'])) |
|
| 398 | - echo ' |
|
| 409 | + if (empty($context['member_id'])) { |
|
| 410 | + echo ' |
|
| 399 | 411 | <dt>', $txt['invalid_activation_username'], ':</dt> |
| 400 | 412 | <dd><input type="text" name="user" size="30"></dd>'; |
| 413 | + } |
|
| 401 | 414 | |
| 402 | 415 | echo ' |
| 403 | 416 | <dt>', $txt['invalid_activation_retry'], ':</dt> |
@@ -434,13 +447,14 @@ discard block |
||
| 434 | 447 | <dd><input type="password" name="passwd" size="30"></dd> |
| 435 | 448 | </dl>'; |
| 436 | 449 | |
| 437 | - if ($context['can_activate']) |
|
| 438 | - echo ' |
|
| 450 | + if ($context['can_activate']) { |
|
| 451 | + echo ' |
|
| 439 | 452 | <p>', $txt['invalid_activation_known'], '</p> |
| 440 | 453 | <dl> |
| 441 | 454 | <dt>', $txt['invalid_activation_retry'], ':</dt> |
| 442 | 455 | <dd><input type="text" name="code" size="30"></dd> |
| 443 | 456 | </dl>'; |
| 457 | + } |
|
| 444 | 458 | |
| 445 | 459 | echo ' |
| 446 | 460 | <p><input type="submit" value="', $txt['invalid_activation_resend'], '" class="button"></p> |
@@ -14,8 +14,9 @@ discard block |
||
| 14 | 14 | * @version 2.1 Beta 4 |
| 15 | 15 | */ |
| 16 | 16 | |
| 17 | -if (!defined('SMF')) |
|
| 17 | +if (!defined('SMF')) { |
|
| 18 | 18 | die('No direct access...'); |
| 19 | +} |
|
| 19 | 20 | |
| 20 | 21 | /** |
| 21 | 22 | * Ask them for their login information. (shows a page for the user to type |
@@ -29,8 +30,9 @@ discard block |
||
| 29 | 30 | global $txt, $context, $scripturl, $user_info; |
| 30 | 31 | |
| 31 | 32 | // You are already logged in, go take a tour of the boards |
| 32 | - if (!empty($user_info['id'])) |
|
| 33 | - redirectexit(); |
|
| 33 | + if (!empty($user_info['id'])) { |
|
| 34 | + redirectexit(); |
|
| 35 | + } |
|
| 34 | 36 | |
| 35 | 37 | // We need to load the Login template/language file. |
| 36 | 38 | loadLanguage('Login'); |
@@ -57,10 +59,11 @@ discard block |
||
| 57 | 59 | ); |
| 58 | 60 | |
| 59 | 61 | // Set the login URL - will be used when the login process is done (but careful not to send us to an attachment). |
| 60 | - if (isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) |
|
| 61 | - $_SESSION['login_url'] = $_SESSION['old_url']; |
|
| 62 | - elseif (isset($_SESSION['login_url']) && strpos($_SESSION['login_url'], 'dlattach') !== false) |
|
| 63 | - unset($_SESSION['login_url']); |
|
| 62 | + if (isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) { |
|
| 63 | + $_SESSION['login_url'] = $_SESSION['old_url']; |
|
| 64 | + } elseif (isset($_SESSION['login_url']) && strpos($_SESSION['login_url'], 'dlattach') !== false) { |
|
| 65 | + unset($_SESSION['login_url']); |
|
| 66 | + } |
|
| 64 | 67 | |
| 65 | 68 | // Create a one time token. |
| 66 | 69 | createToken('login'); |
@@ -92,8 +95,9 @@ discard block |
||
| 92 | 95 | global $cookiename, $modSettings, $context, $sourcedir, $maintenance; |
| 93 | 96 | |
| 94 | 97 | // Check to ensure we're forcing SSL for authentication |
| 95 | - if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn()) |
|
| 96 | - fatal_lang_error('login_ssl_required'); |
|
| 98 | + if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn()) { |
|
| 99 | + fatal_lang_error('login_ssl_required'); |
|
| 100 | + } |
|
| 97 | 101 | |
| 98 | 102 | // Load cookie authentication stuff. |
| 99 | 103 | require_once($sourcedir . '/Subs-Auth.php'); |
@@ -107,23 +111,26 @@ discard block |
||
| 107 | 111 | if (isset($_GET['sa']) && $_GET['sa'] == 'salt' && !$user_info['is_guest']) |
| 108 | 112 | { |
| 109 | 113 | // First check for 2.1 json-format cookie in $_COOKIE |
| 110 | - if (isset($_COOKIE[$cookiename]) && preg_match('~^{"0":\d+,"1":"[0-9a-f]*","2":\d+~', $_COOKIE[$cookiename]) === 1) |
|
| 111 | - list (,, $timeout) = $smcFunc['json_decode']($_COOKIE[$cookiename], true); |
|
| 114 | + if (isset($_COOKIE[$cookiename]) && preg_match('~^{"0":\d+,"1":"[0-9a-f]*","2":\d+~', $_COOKIE[$cookiename]) === 1) { |
|
| 115 | + list (,, $timeout) = $smcFunc['json_decode']($_COOKIE[$cookiename], true); |
|
| 116 | + } |
|
| 112 | 117 | |
| 113 | 118 | // Try checking for 2.1 json-format cookie in $_SESSION |
| 114 | - elseif (isset($_SESSION['login_' . $cookiename]) && preg_match('~^{"0":\d+,"1":"[0-9a-f]*","2":\d+~', $_SESSION['login_' . $cookiename]) === 1) |
|
| 115 | - list (,, $timeout) = $smcFunc['json_decode']($_SESSION['login_' . $cookiename]); |
|
| 119 | + elseif (isset($_SESSION['login_' . $cookiename]) && preg_match('~^{"0":\d+,"1":"[0-9a-f]*","2":\d+~', $_SESSION['login_' . $cookiename]) === 1) { |
|
| 120 | + list (,, $timeout) = $smcFunc['json_decode']($_SESSION['login_' . $cookiename]); |
|
| 121 | + } |
|
| 116 | 122 | |
| 117 | 123 | // Next, try checking for 2.0 serialized string cookie in $_COOKIE |
| 118 | - elseif (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\{i:0;i:\d+;i:1;s:(0|128):"([a-fA-F0-9]{128})?";i:2;[id]:\d+;~', $_COOKIE[$cookiename]) === 1) |
|
| 119 | - list (,, $timeout) = safe_unserialize($_COOKIE[$cookiename]); |
|
| 124 | + elseif (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\{i:0;i:\d+;i:1;s:(0|128):"([a-fA-F0-9]{128})?";i:2;[id]:\d+;~', $_COOKIE[$cookiename]) === 1) { |
|
| 125 | + list (,, $timeout) = safe_unserialize($_COOKIE[$cookiename]); |
|
| 126 | + } |
|
| 120 | 127 | |
| 121 | 128 | // Last, see if you need to fall back on checking for 2.0 serialized string cookie in $_SESSION |
| 122 | - elseif (isset($_SESSION['login_' . $cookiename]) && preg_match('~^a:[34]:\{i:0;i:\d+;i:1;s:(0|128):"([a-fA-F0-9]{128})?";i:2;[id]:\d+;~', $_SESSION['login_' . $cookiename]) === 1) |
|
| 123 | - list (,, $timeout) = safe_unserialize($_SESSION['login_' . $cookiename]); |
|
| 124 | - |
|
| 125 | - else |
|
| 126 | - trigger_error('Login2(): Cannot be logged in without a session or cookie', E_USER_ERROR); |
|
| 129 | + elseif (isset($_SESSION['login_' . $cookiename]) && preg_match('~^a:[34]:\{i:0;i:\d+;i:1;s:(0|128):"([a-fA-F0-9]{128})?";i:2;[id]:\d+;~', $_SESSION['login_' . $cookiename]) === 1) { |
|
| 130 | + list (,, $timeout) = safe_unserialize($_SESSION['login_' . $cookiename]); |
|
| 131 | + } else { |
|
| 132 | + trigger_error('Login2(): Cannot be logged in without a session or cookie', E_USER_ERROR); |
|
| 133 | + } |
|
| 127 | 134 | |
| 128 | 135 | $user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4); |
| 129 | 136 | updateMemberData($user_info['id'], array('password_salt' => $user_settings['password_salt'])); |
@@ -143,24 +150,23 @@ discard block |
||
| 143 | 150 | elseif (isset($_GET['sa']) && $_GET['sa'] == 'check') |
| 144 | 151 | { |
| 145 | 152 | // Strike! You're outta there! |
| 146 | - if ($_GET['member'] != $user_info['id']) |
|
| 147 | - fatal_lang_error('login_cookie_error', false); |
|
| 153 | + if ($_GET['member'] != $user_info['id']) { |
|
| 154 | + fatal_lang_error('login_cookie_error', false); |
|
| 155 | + } |
|
| 148 | 156 | |
| 149 | 157 | $user_info['can_mod'] = allowedTo('access_mod_center') || (!$user_info['is_guest'] && ($user_info['mod_cache']['gq'] != '0=1' || $user_info['mod_cache']['bq'] != '0=1' || ($modSettings['postmod_active'] && !empty($user_info['mod_cache']['ap'])))); |
| 150 | 158 | |
| 151 | 159 | // Some whitelisting for login_url... |
| 152 | - if (empty($_SESSION['login_url'])) |
|
| 153 | - redirectexit(empty($user_settings['tfa_secret']) ? '' : 'action=logintfa'); |
|
| 154 | - elseif (!empty($_SESSION['login_url']) && (strpos($_SESSION['login_url'], 'http://') === false && strpos($_SESSION['login_url'], 'https://') === false)) |
|
| 160 | + if (empty($_SESSION['login_url'])) { |
|
| 161 | + redirectexit(empty($user_settings['tfa_secret']) ? '' : 'action=logintfa'); |
|
| 162 | + } elseif (!empty($_SESSION['login_url']) && (strpos($_SESSION['login_url'], 'http://') === false && strpos($_SESSION['login_url'], 'https://') === false)) |
|
| 155 | 163 | { |
| 156 | 164 | unset ($_SESSION['login_url']); |
| 157 | 165 | redirectexit(empty($user_settings['tfa_secret']) ? '' : 'action=logintfa'); |
| 158 | - } |
|
| 159 | - elseif (!empty($user_settings['tfa_secret'])) |
|
| 166 | + } elseif (!empty($user_settings['tfa_secret'])) |
|
| 160 | 167 | { |
| 161 | 168 | redirectexit('action=logintfa'); |
| 162 | - } |
|
| 163 | - else |
|
| 169 | + } else |
|
| 164 | 170 | { |
| 165 | 171 | // Best not to clutter the session data too much... |
| 166 | 172 | $temp = $_SESSION['login_url']; |
@@ -171,8 +177,9 @@ discard block |
||
| 171 | 177 | } |
| 172 | 178 | |
| 173 | 179 | // Beyond this point you are assumed to be a guest trying to login. |
| 174 | - if (!$user_info['is_guest']) |
|
| 175 | - redirectexit(); |
|
| 180 | + if (!$user_info['is_guest']) { |
|
| 181 | + redirectexit(); |
|
| 182 | + } |
|
| 176 | 183 | |
| 177 | 184 | // Are you guessing with a script? |
| 178 | 185 | checkSession(); |
@@ -180,18 +187,21 @@ discard block |
||
| 180 | 187 | spamProtection('login'); |
| 181 | 188 | |
| 182 | 189 | // Set the login_url if it's not already set (but careful not to send us to an attachment). |
| 183 | - if ((empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) || (isset($_GET['quicklogin']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'login') === false)) |
|
| 184 | - $_SESSION['login_url'] = $_SESSION['old_url']; |
|
| 190 | + if ((empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) || (isset($_GET['quicklogin']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'login') === false)) { |
|
| 191 | + $_SESSION['login_url'] = $_SESSION['old_url']; |
|
| 192 | + } |
|
| 185 | 193 | |
| 186 | 194 | // Been guessing a lot, haven't we? |
| 187 | - if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3) |
|
| 188 | - fatal_lang_error('login_threshold_fail', 'login'); |
|
| 195 | + if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3) { |
|
| 196 | + fatal_lang_error('login_threshold_fail', 'login'); |
|
| 197 | + } |
|
| 189 | 198 | |
| 190 | 199 | // Set up the cookie length. (if it's invalid, just fall through and use the default.) |
| 191 | - if (isset($_POST['cookieneverexp']) || (!empty($_POST['cookielength']) && $_POST['cookielength'] == -1)) |
|
| 192 | - $modSettings['cookieTime'] = 3153600; |
|
| 193 | - elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 && $_POST['cookielength'] <= 3153600)) |
|
| 194 | - $modSettings['cookieTime'] = (int) $_POST['cookielength']; |
|
| 200 | + if (isset($_POST['cookieneverexp']) || (!empty($_POST['cookielength']) && $_POST['cookielength'] == -1)) { |
|
| 201 | + $modSettings['cookieTime'] = 3153600; |
|
| 202 | + } elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 && $_POST['cookielength'] <= 3153600)) { |
|
| 203 | + $modSettings['cookieTime'] = (int) $_POST['cookielength']; |
|
| 204 | + } |
|
| 195 | 205 | |
| 196 | 206 | // Login Cookie times. Format: time => txt |
| 197 | 207 | $context['login_cookie_times'] = array( |
@@ -320,8 +330,9 @@ discard block |
||
| 320 | 330 | $other_passwords[] = crypt(md5($_POST['passwrd']), md5($_POST['passwrd'])); |
| 321 | 331 | |
| 322 | 332 | // Snitz style - SHA-256. Technically, this is a downgrade, but most PHP configurations don't support sha256 anyway. |
| 323 | - if (strlen($user_settings['passwd']) == 64 && function_exists('mhash') && defined('MHASH_SHA256')) |
|
| 324 | - $other_passwords[] = bin2hex(mhash(MHASH_SHA256, $_POST['passwrd'])); |
|
| 333 | + if (strlen($user_settings['passwd']) == 64 && function_exists('mhash') && defined('MHASH_SHA256')) { |
|
| 334 | + $other_passwords[] = bin2hex(mhash(MHASH_SHA256, $_POST['passwrd'])); |
|
| 335 | + } |
|
| 325 | 336 | |
| 326 | 337 | // phpBB3 users new hashing. We now support it as well ;). |
| 327 | 338 | $other_passwords[] = phpBB3_password_check($_POST['passwrd'], $user_settings['passwd']); |
@@ -341,27 +352,29 @@ discard block |
||
| 341 | 352 | // Some common md5 ones. |
| 342 | 353 | $other_passwords[] = md5($user_settings['password_salt'] . $_POST['passwrd']); |
| 343 | 354 | $other_passwords[] = md5($_POST['passwrd'] . $user_settings['password_salt']); |
| 344 | - } |
|
| 345 | - elseif (strlen($user_settings['passwd']) == 40) |
|
| 355 | + } elseif (strlen($user_settings['passwd']) == 40) |
|
| 346 | 356 | { |
| 347 | 357 | // Maybe they are using a hash from before the password fix. |
| 348 | 358 | // This is also valid for SMF 1.1 to 2.0 style of hashing, changed to bcrypt in SMF 2.1 |
| 349 | 359 | $other_passwords[] = sha1(strtolower($user_settings['member_name']) . un_htmlspecialchars($_POST['passwrd'])); |
| 350 | 360 | |
| 351 | 361 | // BurningBoard3 style of hashing. |
| 352 | - if (!empty($modSettings['enable_password_conversion'])) |
|
| 353 | - $other_passwords[] = sha1($user_settings['password_salt'] . sha1($user_settings['password_salt'] . sha1($_POST['passwrd']))); |
|
| 362 | + if (!empty($modSettings['enable_password_conversion'])) { |
|
| 363 | + $other_passwords[] = sha1($user_settings['password_salt'] . sha1($user_settings['password_salt'] . sha1($_POST['passwrd']))); |
|
| 364 | + } |
|
| 354 | 365 | |
| 355 | 366 | // Perhaps we converted to UTF-8 and have a valid password being hashed differently. |
| 356 | 367 | if ($context['character_set'] == 'UTF-8' && !empty($modSettings['previousCharacterSet']) && $modSettings['previousCharacterSet'] != 'utf8') |
| 357 | 368 | { |
| 358 | 369 | // Try iconv first, for no particular reason. |
| 359 | - if (function_exists('iconv')) |
|
| 360 | - $other_passwords['iconv'] = sha1(strtolower(iconv('UTF-8', $modSettings['previousCharacterSet'], $user_settings['member_name'])) . un_htmlspecialchars(iconv('UTF-8', $modSettings['previousCharacterSet'], $_POST['passwrd']))); |
|
| 370 | + if (function_exists('iconv')) { |
|
| 371 | + $other_passwords['iconv'] = sha1(strtolower(iconv('UTF-8', $modSettings['previousCharacterSet'], $user_settings['member_name'])) . un_htmlspecialchars(iconv('UTF-8', $modSettings['previousCharacterSet'], $_POST['passwrd']))); |
|
| 372 | + } |
|
| 361 | 373 | |
| 362 | 374 | // Say it aint so, iconv failed! |
| 363 | - if (empty($other_passwords['iconv']) && function_exists('mb_convert_encoding')) |
|
| 364 | - $other_passwords[] = sha1(strtolower(mb_convert_encoding($user_settings['member_name'], 'UTF-8', $modSettings['previousCharacterSet'])) . un_htmlspecialchars(mb_convert_encoding($_POST['passwrd'], 'UTF-8', $modSettings['previousCharacterSet']))); |
|
| 375 | + if (empty($other_passwords['iconv']) && function_exists('mb_convert_encoding')) { |
|
| 376 | + $other_passwords[] = sha1(strtolower(mb_convert_encoding($user_settings['member_name'], 'UTF-8', $modSettings['previousCharacterSet'])) . un_htmlspecialchars(mb_convert_encoding($_POST['passwrd'], 'UTF-8', $modSettings['previousCharacterSet']))); |
|
| 377 | + } |
|
| 365 | 378 | } |
| 366 | 379 | } |
| 367 | 380 | |
@@ -391,8 +404,9 @@ discard block |
||
| 391 | 404 | $_SESSION['failed_login'] = isset($_SESSION['failed_login']) ? ($_SESSION['failed_login'] + 1) : 1; |
| 392 | 405 | |
| 393 | 406 | // Hmm... don't remember it, do you? Here, try the password reminder ;). |
| 394 | - if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) |
|
| 395 | - redirectexit('action=reminder'); |
|
| 407 | + if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) { |
|
| 408 | + redirectexit('action=reminder'); |
|
| 409 | + } |
|
| 396 | 410 | // We'll give you another chance... |
| 397 | 411 | else |
| 398 | 412 | { |
@@ -403,8 +417,7 @@ discard block |
||
| 403 | 417 | return; |
| 404 | 418 | } |
| 405 | 419 | } |
| 406 | - } |
|
| 407 | - elseif (!empty($user_settings['passwd_flood'])) |
|
| 420 | + } elseif (!empty($user_settings['passwd_flood'])) |
|
| 408 | 421 | { |
| 409 | 422 | // Let's be sure they weren't a little hacker. |
| 410 | 423 | validatePasswordFlood($user_settings['id_member'], $user_settings['member_name'], $user_settings['passwd_flood'], true); |
@@ -421,8 +434,9 @@ discard block |
||
| 421 | 434 | } |
| 422 | 435 | |
| 423 | 436 | // Check their activation status. |
| 424 | - if (!checkActivation()) |
|
| 425 | - return; |
|
| 437 | + if (!checkActivation()) { |
|
| 438 | + return; |
|
| 439 | + } |
|
| 426 | 440 | |
| 427 | 441 | DoLogin(); |
| 428 | 442 | } |
@@ -434,8 +448,9 @@ discard block |
||
| 434 | 448 | { |
| 435 | 449 | global $sourcedir, $txt, $context, $user_info, $modSettings, $scripturl; |
| 436 | 450 | |
| 437 | - if (!$user_info['is_guest'] || empty($context['tfa_member']) || empty($modSettings['tfa_mode'])) |
|
| 438 | - fatal_lang_error('no_access', false); |
|
| 451 | + if (!$user_info['is_guest'] || empty($context['tfa_member']) || empty($modSettings['tfa_mode'])) { |
|
| 452 | + fatal_lang_error('no_access', false); |
|
| 453 | + } |
|
| 439 | 454 | |
| 440 | 455 | loadLanguage('Profile'); |
| 441 | 456 | require_once($sourcedir . '/Class-TOTP.php'); |
@@ -443,8 +458,9 @@ discard block |
||
| 443 | 458 | $member = $context['tfa_member']; |
| 444 | 459 | |
| 445 | 460 | // Prevent replay attacks by limiting at least 2 minutes before they can log in again via 2FA |
| 446 | - if (time() - $member['last_login'] < 120) |
|
| 447 | - fatal_lang_error('tfa_wait', false); |
|
| 461 | + if (time() - $member['last_login'] < 120) { |
|
| 462 | + fatal_lang_error('tfa_wait', false); |
|
| 463 | + } |
|
| 448 | 464 | |
| 449 | 465 | $totp = new \TOTP\Auth($member['tfa_secret']); |
| 450 | 466 | $totp->setRange(1); |
@@ -458,8 +474,9 @@ discard block |
||
| 458 | 474 | if (!empty($_POST['tfa_code']) && empty($_POST['tfa_backup'])) |
| 459 | 475 | { |
| 460 | 476 | // Check to ensure we're forcing SSL for authentication |
| 461 | - if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn()) |
|
| 462 | - fatal_lang_error('login_ssl_required'); |
|
| 477 | + if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn()) { |
|
| 478 | + fatal_lang_error('login_ssl_required'); |
|
| 479 | + } |
|
| 463 | 480 | |
| 464 | 481 | $code = $_POST['tfa_code']; |
| 465 | 482 | |
@@ -469,20 +486,19 @@ discard block |
||
| 469 | 486 | |
| 470 | 487 | setTFACookie(3153600, $member['id_member'], hash_salt($member['tfa_backup'], $member['password_salt'])); |
| 471 | 488 | redirectexit(); |
| 472 | - } |
|
| 473 | - else |
|
| 489 | + } else |
|
| 474 | 490 | { |
| 475 | 491 | validatePasswordFlood($member['id_member'], $member['member_name'], $member['passwd_flood'], false, true); |
| 476 | 492 | |
| 477 | 493 | $context['tfa_error'] = true; |
| 478 | 494 | $context['tfa_value'] = $_POST['tfa_code']; |
| 479 | 495 | } |
| 480 | - } |
|
| 481 | - elseif (!empty($_POST['tfa_backup'])) |
|
| 496 | + } elseif (!empty($_POST['tfa_backup'])) |
|
| 482 | 497 | { |
| 483 | 498 | // Check to ensure we're forcing SSL for authentication |
| 484 | - if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn()) |
|
| 485 | - fatal_lang_error('login_ssl_required'); |
|
| 499 | + if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn()) { |
|
| 500 | + fatal_lang_error('login_ssl_required'); |
|
| 501 | + } |
|
| 486 | 502 | |
| 487 | 503 | $backup = $_POST['tfa_backup']; |
| 488 | 504 | |
@@ -496,8 +512,7 @@ discard block |
||
| 496 | 512 | )); |
| 497 | 513 | setTFACookie(3153600, $member['id_member'], hash_salt($member['tfa_backup'], $member['password_salt'])); |
| 498 | 514 | redirectexit('action=profile;area=tfasetup;backup'); |
| 499 | - } |
|
| 500 | - else |
|
| 515 | + } else |
|
| 501 | 516 | { |
| 502 | 517 | validatePasswordFlood($member['id_member'], $member['member_name'], $member['passwd_flood'], false, true); |
| 503 | 518 | |
@@ -520,8 +535,9 @@ discard block |
||
| 520 | 535 | { |
| 521 | 536 | global $context, $txt, $scripturl, $user_settings, $modSettings; |
| 522 | 537 | |
| 523 | - if (!isset($context['login_errors'])) |
|
| 524 | - $context['login_errors'] = array(); |
|
| 538 | + if (!isset($context['login_errors'])) { |
|
| 539 | + $context['login_errors'] = array(); |
|
| 540 | + } |
|
| 525 | 541 | |
| 526 | 542 | // What is the true activation status of this account? |
| 527 | 543 | $activation_status = $user_settings['is_activated'] > 10 ? $user_settings['is_activated'] - 10 : $user_settings['is_activated']; |
@@ -533,8 +549,9 @@ discard block |
||
| 533 | 549 | return false; |
| 534 | 550 | } |
| 535 | 551 | // Awaiting approval still? |
| 536 | - elseif ($activation_status == 3) |
|
| 537 | - fatal_lang_error('still_awaiting_approval', 'user'); |
|
| 552 | + elseif ($activation_status == 3) { |
|
| 553 | + fatal_lang_error('still_awaiting_approval', 'user'); |
|
| 554 | + } |
|
| 538 | 555 | // Awaiting deletion, changed their mind? |
| 539 | 556 | elseif ($activation_status == 4) |
| 540 | 557 | { |
@@ -542,8 +559,7 @@ discard block |
||
| 542 | 559 | { |
| 543 | 560 | updateMemberData($user_settings['id_member'], array('is_activated' => 1)); |
| 544 | 561 | updateSettings(array('unapprovedMembers' => ($modSettings['unapprovedMembers'] > 0 ? $modSettings['unapprovedMembers'] - 1 : 0))); |
| 545 | - } |
|
| 546 | - else |
|
| 562 | + } else |
|
| 547 | 563 | { |
| 548 | 564 | $context['disable_login_hashing'] = true; |
| 549 | 565 | $context['login_errors'][] = $txt['awaiting_delete_account']; |
@@ -583,8 +599,9 @@ discard block |
||
| 583 | 599 | setLoginCookie(60 * $modSettings['cookieTime'], $user_settings['id_member'], hash_salt($user_settings['passwd'], $user_settings['password_salt'])); |
| 584 | 600 | |
| 585 | 601 | // Reset the login threshold. |
| 586 | - if (isset($_SESSION['failed_login'])) |
|
| 587 | - unset($_SESSION['failed_login']); |
|
| 602 | + if (isset($_SESSION['failed_login'])) { |
|
| 603 | + unset($_SESSION['failed_login']); |
|
| 604 | + } |
|
| 588 | 605 | |
| 589 | 606 | $user_info['is_guest'] = false; |
| 590 | 607 | $user_settings['additional_groups'] = explode(',', $user_settings['additional_groups']); |
@@ -606,16 +623,18 @@ discard block |
||
| 606 | 623 | 'id_member' => $user_info['id'], |
| 607 | 624 | ) |
| 608 | 625 | ); |
| 609 | - if ($smcFunc['db_num_rows']($request) == 1) |
|
| 610 | - $_SESSION['first_login'] = true; |
|
| 611 | - else |
|
| 612 | - unset($_SESSION['first_login']); |
|
| 626 | + if ($smcFunc['db_num_rows']($request) == 1) { |
|
| 627 | + $_SESSION['first_login'] = true; |
|
| 628 | + } else { |
|
| 629 | + unset($_SESSION['first_login']); |
|
| 630 | + } |
|
| 613 | 631 | $smcFunc['db_free_result']($request); |
| 614 | 632 | |
| 615 | 633 | // You've logged in, haven't you? |
| 616 | 634 | $update = array('member_ip' => $user_info['ip'], 'member_ip2' => $_SERVER['BAN_CHECK_IP']); |
| 617 | - if (empty($user_settings['tfa_secret'])) |
|
| 618 | - $update['last_login'] = time(); |
|
| 635 | + if (empty($user_settings['tfa_secret'])) { |
|
| 636 | + $update['last_login'] = time(); |
|
| 637 | + } |
|
| 619 | 638 | updateMemberData($user_info['id'], $update); |
| 620 | 639 | |
| 621 | 640 | // Get rid of the online entry for that old guest.... |
@@ -629,8 +648,8 @@ discard block |
||
| 629 | 648 | $_SESSION['log_time'] = 0; |
| 630 | 649 | |
| 631 | 650 | // Log this entry, only if we have it enabled. |
| 632 | - if (!empty($modSettings['loginHistoryDays'])) |
|
| 633 | - $smcFunc['db_insert']('insert', |
|
| 651 | + if (!empty($modSettings['loginHistoryDays'])) { |
|
| 652 | + $smcFunc['db_insert']('insert', |
|
| 634 | 653 | '{db_prefix}member_logins', |
| 635 | 654 | array( |
| 636 | 655 | 'id_member' => 'int', 'time' => 'int', 'ip' => 'inet', 'ip2' => 'inet', |
@@ -642,13 +661,15 @@ discard block |
||
| 642 | 661 | 'id_member', 'time' |
| 643 | 662 | ) |
| 644 | 663 | ); |
| 664 | + } |
|
| 645 | 665 | |
| 646 | 666 | // Just log you back out if it's in maintenance mode and you AREN'T an admin. |
| 647 | - if (empty($maintenance) || allowedTo('admin_forum')) |
|
| 648 | - redirectexit('action=login2;sa=check;member=' . $user_info['id'], $context['server']['needs_login_fix']); |
|
| 649 | - else |
|
| 650 | - redirectexit('action=logout;' . $context['session_var'] . '=' . $context['session_id'], $context['server']['needs_login_fix']); |
|
| 651 | -} |
|
| 667 | + if (empty($maintenance) || allowedTo('admin_forum')) { |
|
| 668 | + redirectexit('action=login2;sa=check;member=' . $user_info['id'], $context['server']['needs_login_fix']); |
|
| 669 | + } else { |
|
| 670 | + redirectexit('action=logout;' . $context['session_var'] . '=' . $context['session_id'], $context['server']['needs_login_fix']); |
|
| 671 | + } |
|
| 672 | + } |
|
| 652 | 673 | |
| 653 | 674 | /** |
| 654 | 675 | * Logs the current user out of their account. |
@@ -664,13 +685,15 @@ discard block |
||
| 664 | 685 | global $sourcedir, $user_info, $user_settings, $context, $smcFunc, $cookiename, $modSettings; |
| 665 | 686 | |
| 666 | 687 | // Make sure they aren't being auto-logged out. |
| 667 | - if (!$internal) |
|
| 668 | - checkSession('get'); |
|
| 688 | + if (!$internal) { |
|
| 689 | + checkSession('get'); |
|
| 690 | + } |
|
| 669 | 691 | |
| 670 | 692 | require_once($sourcedir . '/Subs-Auth.php'); |
| 671 | 693 | |
| 672 | - if (isset($_SESSION['pack_ftp'])) |
|
| 673 | - $_SESSION['pack_ftp'] = null; |
|
| 694 | + if (isset($_SESSION['pack_ftp'])) { |
|
| 695 | + $_SESSION['pack_ftp'] = null; |
|
| 696 | + } |
|
| 674 | 697 | |
| 675 | 698 | // It won't be first login anymore. |
| 676 | 699 | unset($_SESSION['first_login']); |
@@ -698,8 +721,9 @@ discard block |
||
| 698 | 721 | |
| 699 | 722 | // And some other housekeeping while we're at it. |
| 700 | 723 | $salt = substr(md5(mt_rand()), 0, 4); |
| 701 | - if (!empty($user_info['id'])) |
|
| 702 | - updateMemberData($user_info['id'], array('password_salt' => $salt)); |
|
| 724 | + if (!empty($user_info['id'])) { |
|
| 725 | + updateMemberData($user_info['id'], array('password_salt' => $salt)); |
|
| 726 | + } |
|
| 703 | 727 | |
| 704 | 728 | if (!empty($modSettings['tfa_mode']) && !empty($user_info['id']) && !empty($_COOKIE[$cookiename . '_tfa'])) |
| 705 | 729 | { |
@@ -712,14 +736,13 @@ discard block |
||
| 712 | 736 | // Off to the merry board index we go! |
| 713 | 737 | if ($redirect) |
| 714 | 738 | { |
| 715 | - if (empty($_SESSION['logout_url'])) |
|
| 716 | - redirectexit('', $context['server']['needs_login_fix']); |
|
| 717 | - elseif (!empty($_SESSION['logout_url']) && (strpos($_SESSION['logout_url'], 'http://') === false && strpos($_SESSION['logout_url'], 'https://') === false)) |
|
| 739 | + if (empty($_SESSION['logout_url'])) { |
|
| 740 | + redirectexit('', $context['server']['needs_login_fix']); |
|
| 741 | + } elseif (!empty($_SESSION['logout_url']) && (strpos($_SESSION['logout_url'], 'http://') === false && strpos($_SESSION['logout_url'], 'https://') === false)) |
|
| 718 | 742 | { |
| 719 | 743 | unset ($_SESSION['logout_url']); |
| 720 | 744 | redirectexit(); |
| 721 | - } |
|
| 722 | - else |
|
| 745 | + } else |
|
| 723 | 746 | { |
| 724 | 747 | $temp = $_SESSION['logout_url']; |
| 725 | 748 | unset($_SESSION['logout_url']); |
@@ -752,8 +775,9 @@ discard block |
||
| 752 | 775 | function phpBB3_password_check($passwd, $passwd_hash) |
| 753 | 776 | { |
| 754 | 777 | // Too long or too short? |
| 755 | - if (strlen($passwd_hash) != 34) |
|
| 756 | - return; |
|
| 778 | + if (strlen($passwd_hash) != 34) { |
|
| 779 | + return; |
|
| 780 | + } |
|
| 757 | 781 | |
| 758 | 782 | // Range of characters allowed. |
| 759 | 783 | $range = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; |
@@ -764,8 +788,9 @@ discard block |
||
| 764 | 788 | $salt = substr($passwd_hash, 4, 8); |
| 765 | 789 | |
| 766 | 790 | $hash = md5($salt . $passwd, true); |
| 767 | - for (; $count != 0; --$count) |
|
| 768 | - $hash = md5($hash . $passwd, true); |
|
| 791 | + for (; $count != 0; --$count) { |
|
| 792 | + $hash = md5($hash . $passwd, true); |
|
| 793 | + } |
|
| 769 | 794 | |
| 770 | 795 | $output = substr($passwd_hash, 0, 12); |
| 771 | 796 | $i = 0; |
@@ -774,21 +799,25 @@ discard block |
||
| 774 | 799 | $value = ord($hash[$i++]); |
| 775 | 800 | $output .= $range[$value & 0x3f]; |
| 776 | 801 | |
| 777 | - if ($i < 16) |
|
| 778 | - $value |= ord($hash[$i]) << 8; |
|
| 802 | + if ($i < 16) { |
|
| 803 | + $value |= ord($hash[$i]) << 8; |
|
| 804 | + } |
|
| 779 | 805 | |
| 780 | 806 | $output .= $range[($value >> 6) & 0x3f]; |
| 781 | 807 | |
| 782 | - if ($i++ >= 16) |
|
| 783 | - break; |
|
| 808 | + if ($i++ >= 16) { |
|
| 809 | + break; |
|
| 810 | + } |
|
| 784 | 811 | |
| 785 | - if ($i < 16) |
|
| 786 | - $value |= ord($hash[$i]) << 16; |
|
| 812 | + if ($i < 16) { |
|
| 813 | + $value |= ord($hash[$i]) << 16; |
|
| 814 | + } |
|
| 787 | 815 | |
| 788 | 816 | $output .= $range[($value >> 12) & 0x3f]; |
| 789 | 817 | |
| 790 | - if ($i++ >= 16) |
|
| 791 | - break; |
|
| 818 | + if ($i++ >= 16) { |
|
| 819 | + break; |
|
| 820 | + } |
|
| 792 | 821 | |
| 793 | 822 | $output .= $range[($value >> 18) & 0x3f]; |
| 794 | 823 | } |
@@ -820,8 +849,9 @@ discard block |
||
| 820 | 849 | require_once($sourcedir . '/Subs-Auth.php'); |
| 821 | 850 | setLoginCookie(-3600, 0); |
| 822 | 851 | |
| 823 | - if (isset($_SESSION['login_' . $cookiename])) |
|
| 824 | - unset($_SESSION['login_' . $cookiename]); |
|
| 852 | + if (isset($_SESSION['login_' . $cookiename])) { |
|
| 853 | + unset($_SESSION['login_' . $cookiename]); |
|
| 854 | + } |
|
| 825 | 855 | } |
| 826 | 856 | |
| 827 | 857 | // We need a member! |
@@ -835,8 +865,9 @@ discard block |
||
| 835 | 865 | } |
| 836 | 866 | |
| 837 | 867 | // Right, have we got a flood value? |
| 838 | - if ($password_flood_value !== false) |
|
| 839 | - @list ($time_stamp, $number_tries) = explode('|', $password_flood_value); |
|
| 868 | + if ($password_flood_value !== false) { |
|
| 869 | + @list ($time_stamp, $number_tries) = explode('|', $password_flood_value); |
|
| 870 | + } |
|
| 840 | 871 | |
| 841 | 872 | // Timestamp or number of tries invalid? |
| 842 | 873 | if (empty($number_tries) || empty($time_stamp)) |
@@ -852,15 +883,17 @@ discard block |
||
| 852 | 883 | $number_tries = $time_stamp < time() - 20 ? 2 : $number_tries; |
| 853 | 884 | |
| 854 | 885 | // They are trying too fast, make them wait longer |
| 855 | - if ($time_stamp < time() - 10) |
|
| 856 | - $time_stamp = time(); |
|
| 886 | + if ($time_stamp < time() - 10) { |
|
| 887 | + $time_stamp = time(); |
|
| 888 | + } |
|
| 857 | 889 | } |
| 858 | 890 | |
| 859 | 891 | $number_tries++; |
| 860 | 892 | |
| 861 | 893 | // Broken the law? |
| 862 | - if ($number_tries > 5) |
|
| 863 | - fatal_lang_error('login_threshold_brute_fail', 'login', [$member_name]); |
|
| 894 | + if ($number_tries > 5) { |
|
| 895 | + fatal_lang_error('login_threshold_brute_fail', 'login', [$member_name]); |
|
| 896 | + } |
|
| 864 | 897 | |
| 865 | 898 | // Otherwise set the members data. If they correct on their first attempt then we actually clear it, otherwise we set it! |
| 866 | 899 | updateMemberData($id_member, array('passwd_flood' => $was_correct && $number_tries == 1 ? '' : $time_stamp . '|' . $number_tries)); |
