1 | <?php |
||
2 | /** |
||
3 | * XOOPS authentication/authorization |
||
4 | * |
||
5 | * You may not change or alter any portion of this comment or credits |
||
6 | * of supporting developers from this source code or any supporting source code |
||
7 | * which is considered copyrighted (c) material of the original comment or credit authors. |
||
8 | * This program is distributed in the hope that it will be useful, |
||
9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||
11 | * |
||
12 | * @copyright (c) 2000-2016 XOOPS Project (www.xoops.org) |
||
13 | * @license GNU GPL 2 (https://www.gnu.org/licenses/gpl-2.0.html) |
||
14 | * @package core |
||
15 | * @since 2.0.0 |
||
16 | */ |
||
17 | defined('XOOPS_ROOT_PATH') || exit('Restricted access'); |
||
18 | |||
19 | xoops_loadLanguage('user'); |
||
20 | |||
21 | // from $_POST we use keys: uname, pass, rememberme, xoops_redirect |
||
22 | XoopsLoad::load('XoopsRequest'); |
||
23 | $uname = XoopsRequest::getString('uname', '', 'POST'); |
||
24 | $pass = XoopsRequest::getString('pass', '', 'POST'); |
||
25 | $rememberme = XoopsRequest::getString('rememberme', '', 'POST'); |
||
26 | $redirect = XoopsRequest::getUrl('xoops_redirect', '', 'POST'); |
||
27 | |||
28 | if ($uname == '' || $pass == '') { |
||
29 | redirect_header(XOOPS_URL . '/user.php', 1, _US_INCORRECTLOGIN); |
||
30 | } |
||
31 | |||
32 | /* @var XoopsMemberHandler $member_handler */ |
||
33 | $member_handler = xoops_getHandler('member'); |
||
34 | $myts = MyTextSanitizer::getInstance(); |
||
35 | |||
36 | include_once $GLOBALS['xoops']->path('class/auth/authfactory.php'); |
||
37 | |||
38 | xoops_loadLanguage('auth'); |
||
39 | |||
40 | $xoopsAuth = XoopsAuthFactory::getAuthConnection($myts->addSlashes($uname)); |
||
41 | $user = $xoopsAuth->authenticate($uname, $pass); |
||
42 | |||
43 | if (false !== $user) { |
||
44 | if (0 == $user->getVar('level')) { |
||
45 | redirect_header(XOOPS_URL . '/index.php', 5, _US_NOACTTPADM); |
||
46 | } |
||
47 | if ($xoopsConfig['closesite'] == 1) { |
||
48 | $allowed = false; |
||
49 | foreach ($user->getGroups() as $group) { |
||
50 | if (in_array($group, $xoopsConfig['closesite_okgrp']) || XOOPS_GROUP_ADMIN == $group) { |
||
51 | $allowed = true; |
||
52 | break; |
||
53 | } |
||
54 | } |
||
55 | if (!$allowed) { |
||
56 | redirect_header(XOOPS_URL . '/index.php', 1, _NOPERM); |
||
57 | } |
||
58 | } |
||
59 | $user->setVar('last_login', time()); |
||
60 | if (!$member_handler->insertUser($user)) { |
||
61 | } |
||
62 | // Regenrate a new session id and destroy old session |
||
63 | $GLOBALS['sess_handler']->regenerate_id(true); |
||
64 | $_SESSION = array(); |
||
65 | $_SESSION['xoopsUserId'] = $user->getVar('uid'); |
||
66 | $_SESSION['xoopsUserGroups'] = $user->getGroups(); |
||
67 | $user_theme = $user->getVar('theme'); |
||
68 | if (in_array($user_theme, $xoopsConfig['theme_set_allowed'])) { |
||
69 | $_SESSION['xoopsUserTheme'] = $user_theme; |
||
70 | } |
||
71 | $xoopsPreload = XoopsPreload::getInstance(); |
||
72 | $xoopsPreload->triggerEvent('core.behavior.user.login', $user); |
||
73 | // Set cookie for rememberme |
||
74 | if (!empty($GLOBALS['xoopsConfig']['usercookie'])) { |
||
75 | if (!empty($rememberme)) { |
||
76 | $claims = array( |
||
77 | 'uid' => $_SESSION['xoopsUserId'], |
||
78 | ); |
||
79 | $rememberTime = 60*60*24*30; |
||
80 | $token = \Xmf\Jwt\TokenFactory::build('rememberme', $claims, $rememberTime); |
||
81 | setcookie( |
||
82 | $GLOBALS['xoopsConfig']['usercookie'], |
||
83 | $token, |
||
84 | time() + $rememberTime, |
||
85 | '/', |
||
86 | XOOPS_COOKIE_DOMAIN, XOOPS_PROT === 'https://', |
||
87 | true |
||
88 | ); |
||
89 | } else { |
||
90 | setcookie($GLOBALS['xoopsConfig']['usercookie'], null, time() - 3600, '/', XOOPS_COOKIE_DOMAIN, 0, true); |
||
91 | setcookie($GLOBALS['xoopsConfig']['usercookie'], null, time() - 3600); |
||
92 | } |
||
93 | } |
||
94 | |||
95 | if (!empty($redirect) && !strpos($redirect, 'register')) { |
||
96 | $xoops_redirect = rawurldecode($redirect); |
||
97 | $parsed = parse_url(XOOPS_URL); |
||
98 | $url = isset($parsed['scheme']) ? $parsed['scheme'] . '://' : 'http://'; |
||
99 | if (isset($parsed['host'])) { |
||
100 | $url .= $parsed['host']; |
||
101 | if (isset($parsed['port'])) { |
||
102 | $url .= ':' . $parsed['port']; |
||
103 | } |
||
104 | } else { |
||
105 | $url .= $_SERVER['HTTP_HOST']; |
||
106 | } |
||
107 | if (@$parsed['path']) { |
||
108 | if (strncmp($parsed['path'], $xoops_redirect, strlen($parsed['path']))) { |
||
109 | $url .= $parsed['path']; |
||
110 | } |
||
111 | } |
||
112 | $url .= $xoops_redirect; |
||
113 | } else { |
||
114 | $url = XOOPS_URL . '/index.php'; |
||
115 | } |
||
116 | |||
117 | // RMV-NOTIFY |
||
118 | // Perform some maintenance of notification records |
||
119 | $notification_handler = xoops_getHandler('notification'); |
||
120 | $notification_handler->doLoginMaintenance($user->getVar('uid')); |
||
0 ignored issues
–
show
Bug
introduced
by
Loading history...
|
|||
121 | |||
122 | redirect_header($url, 1, sprintf(_US_LOGGINGU, $user->getVar('uname')), false); |
||
123 | } elseif (empty($redirect)) { |
||
124 | redirect_header(XOOPS_URL . '/user.php', 5, $xoopsAuth->getHtmlErrors()); |
||
125 | } else { |
||
126 | redirect_header(XOOPS_URL . '/user.php?xoops_redirect=' . urlencode($redirect), 5, $xoopsAuth->getHtmlErrors(), false); |
||
127 | } |
||
128 | exit(); |
||
129 |