Issues in Auth.subs.php (development) - Issues in development - elkarte/Elkarte - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1696)

sources/subs/Auth.subs.php (13 issues)

Labels

Severity

<?php

/**
 * This file has functions in it to do with authentication, user handling, and the like.
 *
 * @package   ElkArte Forum
 * @copyright ElkArte Forum contributors
 * @license   BSD http://opensource.org/licenses/BSD-3-Clause (see accompanying LICENSE.txt file)
 *
 * This file contains code covered by:
 * copyright: 2011 Simple Machines (http://www.simplemachines.org)
 *
 * @version 2.0 dev
 *
 */

use ElkArte\Errors\ErrorContext;
use ElkArte\Helper\TokenHash;
use ElkArte\Helper\Util;
use ElkArte\Languages\Txt;
use ElkArte\Request;
use ElkArte\User;

/**
 * Sets the login cookie and session based on the id_member and password passed.
 *
 * What it does:
 *
 * - password should be already encrypted with the cookie salt.
 * - logs the user out if id_member is zero.
 * - sets the cookie and session to last the number of seconds specified by cookie_length.
 * - when logging out, if the globalCookies setting is enabled, attempts to clear the subdomain's cookie too.
 *
 * @param int $cookie_length
 * @param int $id The id of the member
 * @param string $password = ''
 * @package Authorization
 */
function setLoginCookie($cookie_length, $id, $password = '')
{
	global $cookiename, $boardurl, $modSettings;

	// If changing state force them to re-address some permission caching.
	$_SESSION['mc']['time'] = 0;

	// Let's be sure it is an int to simplify the regexp used to validate the cookie
	$id = (int) $id;

	// The cookie may already exist, and have been set with different options.
	$cookie_state = (empty($modSettings['localCookies']) ? 0 : 1) | (empty($modSettings['globalCookies']) ? 0 : 2);

	if (isset($_COOKIE[$cookiename]))
	{
		$array = serializeToJson($_COOKIE[$cookiename], static function ($array_from) use ($cookiename) {
			global $modSettings;

			require_once(SUBSDIR . '/Auth.subs.php');
			$_COOKIE[$cookiename] = json_encode($array_from);
			setLoginCookie(60 * $modSettings['cookieTime'], $array_from[0], $array_from[1]);
		});

		// Out with the old, in with the new!
		if (isset($array[3]) && $array[3] != $cookie_state)
		{
			$cookie_url = url_parts($array[3] & 1 > 0, $array[3] & 2 > 0);
			$cookie_url = url_parts(/** @scrutinizer ignore-type */ $array[3] & 1 > 0, $array[3] & 2 > 0);
			elk_setcookie($cookiename, json_encode([0, '', 0]), time() - 3600, $cookie_url[1], $cookie_url[0]);
		}
	}

	// Get the data and path to set it on.
	$data = json_encode(empty($id) ? [0, '', 0] : [$id, $password, time() + $cookie_length, $cookie_state]);
	$cookie_url = url_parts(!empty($modSettings['localCookies']), !empty($modSettings['globalCookies']));

	// Set the cookie, $_COOKIE, and session variable.
	elk_setcookie($cookiename, $data, time() + $cookie_length, $cookie_url[1], $cookie_url[0]);

	// If subdomain-independent cookies are on, unset the subdomain-dependent cookie too.
	if (empty($id) && !empty($modSettings['globalCookies']))
	{
		elk_setcookie($cookiename, $data, time() + $cookie_length, $cookie_url[1]);
	}

	// Any alias URLs?  This is mainly for use with frames, etc.
	if (!empty($modSettings['forum_alias_urls']))
	{
		$aliases = explode(',', $modSettings['forum_alias_urls']);

		$temp = $boardurl;
		foreach ($aliases as $alias)
		{
			// Fake the $boardurl so we can set a different cookie.
			$alias = strtr(trim($alias), ['http://' => '', 'https://' => '']);
			$boardurl = 'http://' . $alias;

			$cookie_url = url_parts(!empty($modSettings['localCookies']), !empty($modSettings['globalCookies']));

			if ($cookie_url[0] == '')
			{
				$cookie_url[0] = strtok($alias, '/');
			}

			elk_setcookie($cookiename, $data, time() + $cookie_length, $cookie_url[1], $cookie_url[0]);
		}

		$boardurl = $temp;
	}

	$_COOKIE[$cookiename] = $data;

	// Make sure the user logs in with a new session ID.
	if (!isset($_SESSION['login_' . $cookiename]) || $_SESSION['login_' . $cookiename] !== $data)
	{
		// We need to meddle with the session.
		require_once(SOURCEDIR . '/Session.php');

		// Backup the old session.
		$oldSessionData = $_SESSION;

		// Remove the old session data and file / db entry
		$_SESSION = [];
		session_destroy();

		// Recreate and restore the new session.
		loadSession();

		// Get a new session id, and load it with the data
		session_regenerate_id();

		// If we generated new session values, be sure to use them as well
		$oldSessionData['session_value'] = $_SESSION['session_value'] ?? $oldSessionData['session_value'];
		$oldSessionData['session_var'] = $_SESSION['session_var'] ?? $oldSessionData['session_var'];
		$_SESSION = $oldSessionData;

		$_SESSION['login_' . $cookiename] = $data;
	}
}

/**
 * Get the domain and path for the cookie
 *
 * What it does:
 *
 * - normally, local and global should be the localCookies and globalCookies settings, respectively.
 * - uses boardurl to determine these two things.
 *
 * @param bool $local
 * @param bool $global
 *
 * @return array
 * @package Authorization
 *
 */
function url_parts($local, $global)
{
	global $boardurl, $modSettings;

	// Parse the URL with PHP to make life easier.
	$parsed_url = parse_url($boardurl);

	// Is local cookies off?
	if (empty($parsed_url['path']) || !$local)
	{
		$parsed_url['path'] = '';
	}

	if (!empty($modSettings['globalCookiesDomain']) && str_contains($boardurl, $modSettings['globalCookiesDomain']))
	{
		$parsed_url['host'] = $modSettings['globalCookiesDomain'];
	}

	// Globalize cookies across domains (filter out IP-addresses)?
	elseif ($global && preg_match('~^\d{1,3}(\.\d{1,3}){3}$~', $parsed_url['host']) == 0 && preg_match('~(?:[^\.]+\.)?([^\.]{2,}\..+)\z~i', $parsed_url['host'], $parts) == 1)
	{
		$parsed_url['host'] = '.' . $parts[1];
	}

	// We shouldn't use a host at all if both options are off.
	elseif (!$local && !$global)
	{
		$parsed_url['host'] = '';
	}

	// The host also shouldn't be set if there aren't any dots in it.
	elseif (!isset($parsed_url['host']) || !str_contains($parsed_url['host'], '.'))
	{
		$parsed_url['host'] = '';
	}

	return [$parsed_url['host'], $parsed_url['path'] . '/'];
}

/**
 * Question the verity of the admin by asking for his or her password.
 *
 * What it does:
 *
 * - loads Login.template.php and uses the admin_login sub template.
 * - sends data to template so the admin is sent on to the page they
 *   wanted if their password is correct, otherwise they can try again.
 *
 * @param string $type = 'admin'
 * @package Authorization
 */
function adminLogin($type = 'admin'): never
{
	global $context, $txt;

	Txt::load('Admin');
	theme()->getTemplates()->load('Login');

	// Validate what type of session check this is.
	$types = [];
	call_integration_hook('integrate_validateSession', [&$types]);
	$type = in_array($type, $types) || $type === 'moderate' ? $type : 'admin';

	// They used a wrong password, log it and unset that.
	if (isset($_POST[$type . '_hash_pass']) || isset($_POST[$type . '_pass']))
	{
		// log some info along with it! referer, user agent
		$req = Request::instance();
		$txt['security_wrong'] = sprintf($txt['security_wrong'], $_SERVER['HTTP_REFERER'] ?? $txt['unknown'], $req->user_agent(), User::$info->ip);

		\ElkArte\Errors\Errors::instance()->log_error($txt['security_wrong'], 'critical');
filter:
    dependency_paths: ["lib/*"]

		if (isset($_POST[$type . '_hash_pass']))
		{
			unset($_POST[$type . '_hash_pass']);
		}

		if (isset($_POST[$type . '_pass']))
		{
			unset($_POST[$type . '_pass']);
		}

		$context['incorrect_password'] = true;
	}

	createToken('admin-login');

	// Figure out the get data and post data.
	$context['get_data'] = '?' . construct_query_string($_GET);
	$context['post_data'] = '';

	// Now go through $_POST.  Make sure the session hash is sent.
	$_POST[$context['session_var']] = $context['session_id'];
	foreach ($_POST as $k => $v)
	{
		$context['post_data'] .= adminLogin_outputPostVars($k, $v);
	}

	// Now we'll use the admin_login sub template of the Login template.
	$context['sub_template'] = 'admin_login';

	// And title the page something like "Login".
	if (!isset($context['page_title']))
	{
		$context['page_title'] = $txt['admin_login'];
	}

	// The type of action.
	$context['sessionCheckType'] = $type;

	obExit();

	// We MUST exit at this point, because otherwise we CANNOT KNOW that the user is privileged.
	trigger_error('Hacking attempt...', E_USER_ERROR);
}

/**
 * Used by the adminLogin() function.
 *
 * What it does:
 *  - if 'value' is an array, the function is called recursively.
 *
 * @param string $k key
 * @param string|bool $v value
 * @return string 'hidden' HTML form fields, containing key-value-pairs
 * @package Authorization
 */
function adminLogin_outputPostVars($k, $v)
{
	if (!is_array($v))

	{
		return '
<input type="hidden" name="' . htmlspecialchars($k, ENT_COMPAT, 'UTF-8') . '" value="' . strtr($v, ['"' => '&quot;', '<' => '&lt;', '>' => '&gt;']) . '" />';
<input type="hidden" name="' . htmlspecialchars($k, ENT_COMPAT, 'UTF-8') . '" value="' . strtr(/** @scrutinizer ignore-type */ $v, ['"' => '&quot;', '<' => '&lt;', '>' => '&gt;']) . '" />';
	}

	$ret = '';
	foreach ($v as $k2 => $v2)
	{
		$ret .= adminLogin_outputPostVars($k . '[' . $k2 . ']', $v2);
	}

	return $ret;
}

/**
 * Properly urlencodes a string to be used in a query
 *
 * @param array $get associative array from $_GET
 * @return string query string
 * @package Authorization
 */
function construct_query_string($get)
{
	global $scripturl;

	$query_string = '';

	// Awww, darn.  The $scripturl contains GET stuff!
	$q = strpos($scripturl, '?');
	if ($q !== false)
	{
		parse_str(preg_replace('/&(\w+)(?=&|$)/', '&$1=', str_replace(';', '&', substr($scripturl, $q + 1))), $temp);

		foreach ($get as $k => $v)
		{
			// Only if it's not already in the $scripturl!
			if (!isset($temp[$k]))
			{
				$query_string .= urlencode($k) . '=' . urlencode($v) . ';';
			}
			// If it changed, put it out there, but with an ampersand.
			elseif ($temp[$k] != $v)
			{
				$query_string .= urlencode($k) . '=' . urlencode($v) . '&amp;';
			}
		}
	}
	else
	{
		// Add up all the data from $_GET into get_data.
		foreach ($get as $k => $v)
		{
			$query_string .= urlencode($k) . '=' . urlencode($v) . ';';
		}
	}

	return substr($query_string, 0, -1);
}

/**
 * Finds members by email address, username, or real name.
 *
 * What it does:
 *
 * - searches for members whose username, display name, or e-mail address match the given pattern of array names.
 * - searches only buddies if buddies_only is set.
 *
 * @param string[]|string $names
 * @param bool $use_wildcards = false, accepts wildcards ? and * in the pattern if true
 * @param bool $buddies_only = false,
 * @param int $max = 500 retrieves a maximum of max members, if passed
 * @return array containing information about the matching members
 * @package Authorization
 */
function findMembers($names, $use_wildcards = false, $buddies_only = false, $max = 500)
{
	global $scripturl;

	$db = database();

	// If it's not already an array, make it one.
	if (!is_array($names))
	{
		$names = explode(',', $names);
	}

	$maybe_email = false;
	foreach ($names as $i => $name)
	{
		// Trim, and fix wildcards for each name.
		$names[$i] = trim(Util::strtolower($name));

		$maybe_email |= str_contains($name, '@');

		// Make it so standard wildcards will work. (* and ?)
		if ($use_wildcards)
		{
			$names[$i] = strtr($names[$i], ['%' => '\%', '_' => '\_', '*' => '%', '?' => '_', '\'' => '&#039;']);
		}
		else
		{
			$names[$i] = strtr($names[$i], ['\'' => '&#039;']);
		}

		$names[$i] = $db->quote('{string:name}', ['name' => $names[$i]]);
	}

	// What are we using to compare?
	$comparison = $use_wildcards ? 'LIKE' : '=';

	// Nothing found yet.
	$results = [];

	// This ensures you can't search someones email address if you can't see it.
	$email_condition = allowedTo('moderate_forum') ? '' : '1=0 AND ';

	if ($use_wildcards || $maybe_email)
0   == false // true
0   == null  // true
123 == false // false
123 == null  // false

// It is often better to use strict comparison
0 === false // false
0 === null  // false
	{
		$email_condition = '
			OR (' . $email_condition . 'email_address ' . $comparison . ' ' . implode(') OR (' . $email_condition . ' email_address ' . $comparison . ' ', $names) . ')';
	}

	// Get the case of the columns right - but only if we need to as things like MySQL will go slow needlessly otherwise.
	$member_name = '{column_case_insensitive:member_name}';
	$real_name = '{column_case_insensitive:real_name}';

	// Search by username, display name, and email address.
	$db->fetchQuery('
		SELECT 
			id_member, member_name, real_name, email_address
		FROM {db_prefix}members
		WHERE ({raw:member_name_search}
			OR {raw:real_name_search} {raw:email_condition})
			' . ($buddies_only ? 'AND id_member IN ({array_int:buddy_list})' : '') . '
			AND is_activated IN (1, 11)
		LIMIT {int:limit}',
		[
			'buddy_list' => User::$info->buddies,

			'member_name_search' => $member_name . ' ' . $comparison . ' ' . implode(' OR ' . $member_name . ' ' . $comparison . ' ', $names),
			'real_name_search' => $real_name . ' ' . $comparison . ' ' . implode(' OR ' . $real_name . ' ' . $comparison . ' ', $names),
			'email_condition' => $email_condition,
			'limit' => $max,
			'recursive' => true,
		]
	)->fetch_callback(
		function ($row) use (&$results, $scripturl) {
			$results[$row['id_member']] = [
				'id' => (int) $row['id_member'],
				'name' => $row['real_name'],
				'username' => $row['member_name'],
				'email' => showEmailAddress($row['id_member']) ? $row['email_address'] : '',
				'href' => $scripturl . '?action=profile;u=' . $row['id_member'],
				'link' => '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['real_name'] . '</a>'
			];
		}
	);

	// Return all the results.
	return $results;
}

/**
 * Generates a random password for a user and emails it to them.
 *
 * What it does:
 *
 * - called by ProfileOptions controller when changing someone's username.
 * - checks the validity of the new username.
 * - generates and sets a new password for the given user.
 * - mails the new password to the email address of the user.
 * - if username is not set, only a new password is generated and sent.
 *
 * @param int $memID
 * @param string|null $username = null
 *
 * @throws \ElkArte\Exceptions\Exception
 * @package Authorization
 *
 */
function resetPassword($memID, $username = null)
{
	global $modSettings, $language;

	// Language... and a required file.
	Txt::load('Login');
	require_once(SUBSDIR . '/Mail.subs.php');

	// Get some important details.
	require_once(SUBSDIR . '/Members.subs.php');
	$result = getBasicMemberData($memID, ['preferences' => true]);
	$user = $result['member_name'];
	$email = $result['email_address'];
	$lngfile = $result['lngfile'];
	$old_user = '';

	if ($username !== null)
	{
		$old_user = $user;
		$user = trim($username);
	}

	// Generate a random password.
	$tokenizer = new TokenHash();
	$newPassword = $tokenizer->generate_hash(14);

	// Create a db hash for the generated password
	$newPassword_sha256 = hash('sha256', strtolower($user) . $newPassword);
	$db_hash = password_hash($newPassword_sha256, PASSWORD_BCRYPT, ['cost' => 8]);

	// Do some checks on the username if needed.
	require_once(SUBSDIR . '/Members.subs.php');
	if ($username !== null)
	{
		$errors = ErrorContext::context('reset_pwd', 0);
		validateUsername($memID, $user, 'reset_pwd');

		// If there are "important" errors and you are not an admin: log the first error
		// Otherwise grab all of them and don't log anything
		$error_severity = $errors->hasErrors(1) && User::$info->is_admin === false ? 1 : null;

		foreach ($errors->prepareErrors($error_severity) as $error)
		{
			throw new \ElkArte\Exceptions\Exception($error, $error_severity === null ? false : 'general');
		}

		// Update the database...
		updateMemberData($memID, ['member_name' => $user, 'passwd' => $db_hash]);
	}
	else
	{
		updateMemberData($memID, ['passwd' => $db_hash]);
	}

	call_integration_hook('integrate_reset_pass', [$old_user, $user, $newPassword]);

	$replacements = [
		'USERNAME' => $user,
		'PASSWORD' => $newPassword,
	];

	$emaildata = loadEmailTemplate('change_password', $replacements, empty($lngfile) || empty($modSettings['userLanguage']) ? $language : $lngfile);

	// Send them the email informing them of the change - then we're done!
	sendmail($email, $emaildata['subject'], $emaildata['body'], null, null, false, 0);
}

/**
 * Checks a username obeys a load of rules
 *
 * - Returns null if fine
 *
 * @param int $memID
 * @param string $username
 * @param string $ErrorContext
 * @param bool $check_reserved_name
 * @param bool $fatal pass through to isReservedName
 * @return string
 * @package Authorization
 */
function validateUsername($memID, $username, $ErrorContext = 'register', $check_reserved_name = true, $fatal = true)
{
	global $txt;

	$errors = ErrorContext::context($ErrorContext, 0);

	// Don't use too long a name.
	if (Util::strlen($username) > 25)
	{
		$errors->addError('error_long_name');
	}

	// No name?!  How can you register with no name?
	if ($username === '')
	{
		$errors->addError('need_username');
	}

	// Only these characters are permitted.
	if (in_array($username, ['_', '|']) || preg_match('~[<>&"\'=\\\\]~', preg_replace('~&#(?:\\d{1,7}|x[0-9a-fA-F]{1,6});~', '', $username)) != 0 || str_contains($username, '[code') || str_contains($username, '[/code'))
	{
		$errors->addError('error_invalid_characters_username');
	}

	if (stripos($username, $txt['guest_title']) !== false)
	{
		$errors->addError(['username_reserved', [$txt['guest_title']]], 1);
	}

	if ($check_reserved_name)
	{
		require_once(SUBSDIR . '/Members.subs.php');
		if (isReservedName($username, $memID, false, $fatal))
		{
			$errors->addError(['name_in_use', [htmlspecialchars($username, ENT_COMPAT, 'UTF-8')]]);
		}
	}
}

/**
 * Checks whether a password meets the current forum rules
 *
 * What it does:
 *
 * - called when registering/choosing a password.
 * - checks the password obeys the current forum settings for password strength.
 * - if password checking is enabled, will check that none of the words in restrict_in appear in the password.
 * - returns an error identifier if the password is invalid, or null.
 *
 * @param string $password
 * @param string $username
 * @param string[] $restrict_in = array()
 * @return string an error identifier if the password is invalid
 * @package Authorization
 */
function validatePassword($password, $username, $restrict_in = [])
{
	global $modSettings, $txt;

	// Perform basic requirements first.
	if (Util::strlen($password) < (empty($modSettings['password_strength']) ? 4 : 8))
	{
		Txt::load('Errors');
		$txt['profile_error_password_short'] = sprintf($txt['profile_error_password_short'], empty($modSettings['password_strength']) ? 4 : 8);

		return 'short';
	}

	if (Util::strlen($password) > 64)
	{
		Txt::load('Errors');
		$txt['profile_error_password_long'] = sprintf($txt['profile_error_password_long'], 64);
		return 'short';
	}

	// Is this enough?
	if (empty($modSettings['password_strength']))
	{
		return null;
	}

	// Otherwise, perform the medium strength test - checking if password appears in the restricted string.
	if (preg_match('~\b' . preg_quote($password, '~') . '\b~', implode(' ', $restrict_in)) != 0)
	{
		return 'restricted_words';
	}

	if (Util::strpos($password, $username) !== false)
	{
		return 'restricted_words';
	}

	// If just medium, we're done.
	if ($modSettings['password_strength'] == 1)
	{
		return null;
	}

	// Otherwise, hard test next, check for numbers and letters, uppercase too.
	$good = preg_match('~(\D\d|\d\D)~', $password) === 1;
	$good = $good && Util::strtolower($password) !== $password;

	return $good ? null : 'chars';
}

/**
 * Checks whether an entered password is correct for the user
 *
 * What it does:
 *
 * - called when logging in or whenever a password needs to be validated for a user
 * - used to generate a new hash for the db, used during registration or any password changes
 * - if a non SHA256 password is sent, will generate one with SHA256(user + password) and return it in password
 *
 * @param string $password user password if not already 64 characters long will be SHA256 with the user name
 * @param string $hash hash as generated from a SHA256 password
 * @param string $user user name only required if creating a SHA-256 password
 * @param bool $returnhash flag to determine if we are returning a hash suitable for the database
 *
 * @return bool|string
 * @package Authorization
 *
 */
function validateLoginPassword(&$password, $hash, $user = '', $returnhash = false)
{
	// If the password is not 64 characters, lets make it a (SHA-256)
	if (strlen($password) !== 64)
	{
		$password = hash('sha256', Util::strtolower($user) . un_htmlspecialchars($password));
	}

	// They need a password hash, something to save in the db?
	if ($returnhash)
	{
		return password_hash($password, PASSWORD_BCRYPT, ['cost' => 10]);
	}

	// Doing a password check?
	return password_verify($password, $hash);
}

/**
 * Quickly find out what moderation authority this user has
 *
 * What it does:
 *
 * - builds the moderator, group and board level querys for the user
 * - stores the information on the current users moderation powers in User::$info->mod_cache and $_SESSION['mc']
 *
 * @package Authorization
 */
function rebuildModCache()
{
	$db = database();

	// What groups can they moderate?
	$group_query = allowedTo('manage_membergroups') ? '1=1' : '0=1';

	if ($group_query === '0=1')
	{
		$groups = $db->fetchQuery('
			SELECT 
				id_group
			FROM {db_prefix}group_moderators
			WHERE id_member = {int:current_member}',
			[
				'current_member' => User::$info->id,

			]
		)->fetch_callback(
			function ($row) {
				return $row['id_group'];
			}
		);

		$group_query = empty($groups) ? '0=1' : 'id_group IN (' . implode(',', $groups) . ')';
	}

	// Then, same again, just the boards this time!
	$board_query = allowedTo('moderate_forum') ? '1=1' : '0=1';

	if ($board_query === '0=1')
	{
		$boards = boardsAllowedTo('moderate_board');

		$board_query = empty($boards) ? '0=1' : 'id_board IN (' . implode(',', $boards) . ')';
	}

	// What boards are they the moderator of?
	$boards_mod = [];
	if (User::$info->is_guest === false)

	{
		require_once(SUBSDIR . '/Boards.subs.php');
		$boards_mod = boardsModerated(User::$info->id);
	}

	$mod_query = empty($boards_mod) ? '0=1' : 'b.id_board IN (' . implode(',', $boards_mod) . ')';

	$_SESSION['mc'] = [
		'time' => time(),
		// This looks a bit funny but protects against the login redirect.
		'id' => User::$info->id && User::$info->name ? User::$info->id : 0,

		// If you change the format of 'gq' and/or 'bq' make sure to adjust 'can_mod' in Load.php.
		'gq' => $group_query,
		'bq' => $board_query,
		'ap' => boardsAllowedTo('approve_posts'),
		'mb' => $boards_mod,
		'mq' => $mod_query,
	];
	call_integration_hook('integrate_mod_cache');

	User::$info->mod_cache = $_SESSION['mc'];


	// Might as well clean up some tokens while we are at it.
	cleanTokens();
}

/**
 * The same thing as setcookie but allows for integration hook
 *
 * @param string $name
 * @param string $value = ''
 * @param int $expire = 0
 * @param string $path = ''
 * @param string $domain = ''
 * @param bool|null $secure = false
 * @param bool|null $httponly = null
 * @param string|null $samesite = null
 *
 * @return bool
 * @package Authorization
 *
 */
function elk_setcookie($name, $value = '', $expire = 0, $path = '', $domain = '', $secure = null, $httponly = null, $samesite = null)
{
	global $modSettings;

	// In case a customization wants to override the default settings
	if ($httponly === null)
	{
		$httponly = !empty($modSettings['httponlyCookies']);
	}

	if ($secure === null)
	{
		$secure = !empty($modSettings['secureCookies']);
	}

	// Default value in modern browsers is Lax
	// @todo admin panel setting?
	$samesite = empty($samesite) ? 'Lax' : $samesite;

	// Using SameSite=None requires Secure attribute in latest browser versions.
	$samesite = (!$secure && $samesite === 'None') ? 'Lax' : $samesite;

	// Intercept cookie?
	call_integration_hook('integrate_cookie', [$name, $value, $expire, $path, $domain, $secure, $httponly, $samesite]);

	if (PHP_VERSION_ID < 70300)
	{
		return setcookie($name, $value, $expire, $path, $domain, $secure, $httponly);
	}

	return setcookie($name, $value, [
		'expires' => $expire,
		'path' => $path,
		'domain' => $domain,
		'secure' => $secure,
		'httponly' => $httponly,
		'samesite' => $samesite]);
}

/**
 * This functions determines whether this is the first login of the given user.
 *
 * @param int $id_member the id of the member to check for
 * @return bool
 * @deprecated replaced by \ElkArte\User::$info->isFirstLogin()
 *
 * @package Authorization
 *
 */
function isFirstLogin($id_member)
{
	// First login?
	require_once(SUBSDIR . '/Members.subs.php');
	$member = getBasicMemberData($id_member, ['moderation' => true]);

	return !empty($member) && $member['last_login'] == 0;
}

/**
 * Search for a member by given criteria
 *
 * @param string $where
 * @param array $where_params array of values to used in the where statement
 * @param bool $fatal
 *
 * @return array|bool array of members data or false on failure
 * @throws \ElkArte\Exceptions\Exception no_user_with_email
 * @package Authorization
 *
 */
function findUser($where, $where_params, $fatal = true)
{
	$db = database();

	// Find the user!
	$request = $db->fetchQuery('
		SELECT 
			id_member, real_name, member_name, email_address, is_activated, validation_code, 
			lngfile, secret_question, passwd
		FROM {db_prefix}members
		WHERE ' . $where . '
		LIMIT 1',
		array_merge($where_params, [])
	);

	// Maybe email?
	if ($request->num_rows() === 0 && empty($_REQUEST['uid']) && isset($where_params['email_address']))
	{
		$request->free_result();

		$request = $db->fetchQuery('
			SELECT 
				id_member, real_name, member_name, email_address, is_activated, validation_code, 
				lngfile, secret_question
			FROM {db_prefix}members
			WHERE email_address = {string:email_address}
			LIMIT 1',
			array_merge($where_params, [])
		);
		if ($request->num_rows() === 0)
		{
			if ($fatal)
			{
				throw new \ElkArte\Exceptions\Exception('no_user_with_email', false);
			}

			return false;
		}
	}

	$member = $request->fetch_assoc();
	$member['id_member'] = (int) $member['id_member'];
	$member['is_activated'] = (int) $member['is_activated'];

	$request->free_result();

	return $member;
}

/**
 * Find users by their email address.
 *
 * @param string $email
 * @param string|null $username
 * @return false|int on failure, int of member on success
 * @package Authorization
 */
function userByEmail($email, $username = null)
{
	$db = database();

	$return = false;
	$db->fetchQuery('
		SELECT 
			id_member
		FROM {db_prefix}members
		WHERE email_address = {string:email_address}' . ($username === null ? '' : '
			OR email_address = {string:username}') . '
		LIMIT 1',
		[
			'email_address' => $email,
			'username' => $username,
		]
	)->fetch_callback(
		function ($row) use (&$return) {
			$return = (int) $row['id_member'];
		}
	);

	return $return;
}

/**
 * Generate a random validation code.
 *
 * @param int $length the number of characters to return
 *
 * @return string
 * @package Authorization
 *
 */
function generateValidationCode($length = 10)
{
	$tokenizer = new TokenHash();

	return $tokenizer->generate_hash((int) $length);
}

/**
 * This function loads many settings of a user given by name or email.
 *
 * @param string $name
 * @param bool $is_id if true it treats $name as a member ID and try to load the data for that ID
 * @return array|false false if nothing is found
 * @package Authorization
 */
function loadExistingMember($name, $is_id = false)
{
	$db = database();

	if ($is_id)
	{
		$request = $db->fetchQuery('
			SELECT 
				passwd, id_member, id_group, lngfile, is_activated, email_address, additional_groups, member_name, password_salt,
				passwd_flood, otp_secret, enable_otp, otp_used
			FROM {db_prefix}members
			WHERE id_member = {int:id_member}
			LIMIT 1',
			[
				'id_member' => (int) $name,
			]
		);
	}
	else
	{
		// Try to find the user, assuming a member_name was passed...
		$request = $db->fetchQuery('
			SELECT 
				passwd, id_member, id_group, lngfile, is_activated, email_address, additional_groups, member_name, password_salt,
				passwd_flood, otp_secret, enable_otp, otp_used
			FROM {db_prefix}members
			WHERE {column_case_insensitive:member_name} = {string_case_insensitive:user_name}
			LIMIT 1',
			[
				'user_name' => $name,
			]
		);
		// Didn't work. Try it as an email address.
		if ($request->num_rows() === 0 && str_contains($name, '@'))
		{
			$request->free_result();

			$request = $db->fetchQuery('
				SELECT 
					passwd, id_member, id_group, lngfile, is_activated, email_address, additional_groups, member_name, password_salt,
					passwd_flood, otp_secret, enable_otp, otp_used
				FROM {db_prefix}members
				WHERE email_address = {string:user_name}
				LIMIT 1',
				[
					'user_name' => $name,
				]
			);
		}
	}

	// Nothing? Ah the horror...
	if ($request->num_rows() === 0)
	{
		$user_auth_data = false;
	}
	else
	{
		$user_auth_data = $request->fetch_assoc();
		$user_auth_data['id_member'] = (int) $user_auth_data['id_member'];
	}

	$request->free_result();

	return $user_auth_data;
}

elkarte / Elkarte

Issues (1696)

sources/subs/Auth.subs.php (13 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like
