evolution-cms /
evolution
@@ -1,7 +1,7 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | if(!isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { |
| 3 | - header('HTTP/1.0 404 Not Found'); |
|
| 4 | - exit('error'); |
|
| 3 | + header('HTTP/1.0 404 Not Found'); |
|
| 4 | + exit('error'); |
|
| 5 | 5 | } |
| 6 | 6 | define('IN_MANAGER_MODE', true); // we use this to make sure files are accessed through |
| 7 | 7 | define('MODX_API_MODE', true); |
@@ -18,7 +18,7 @@ discard block |
||
| 18 | 18 | include_once("{$core_path}lang/english.inc.php"); |
| 19 | 19 | |
| 20 | 20 | if($manager_language !== 'english' && is_file("{$core_path}lang/{$manager_language}.inc.php")) { |
| 21 | - include_once("{$core_path}lang/{$manager_language}.inc.php"); |
|
| 21 | + include_once("{$core_path}lang/{$manager_language}.inc.php"); |
|
| 22 | 22 | } |
| 23 | 23 | |
| 24 | 24 | // include the logger |
@@ -26,7 +26,7 @@ discard block |
||
| 26 | 26 | |
| 27 | 27 | // Initialize System Alert Message Queque |
| 28 | 28 | if(!isset($_SESSION['SystemAlertMsgQueque'])) { |
| 29 | - $_SESSION['SystemAlertMsgQueque'] = array(); |
|
| 29 | + $_SESSION['SystemAlertMsgQueque'] = array(); |
|
| 30 | 30 | } |
| 31 | 31 | $SystemAlertMsgQueque = &$_SESSION['SystemAlertMsgQueque']; |
| 32 | 32 | |
@@ -41,10 +41,10 @@ discard block |
||
| 41 | 41 | |
| 42 | 42 | // invoke OnBeforeManagerLogin event |
| 43 | 43 | $modx->invokeEvent('OnBeforeManagerLogin', array( |
| 44 | - 'username' => $username, |
|
| 45 | - 'userpassword' => $givenPassword, |
|
| 46 | - 'rememberme' => $rememberme |
|
| 47 | - )); |
|
| 44 | + 'username' => $username, |
|
| 45 | + 'userpassword' => $givenPassword, |
|
| 46 | + 'rememberme' => $rememberme |
|
| 47 | + )); |
|
| 48 | 48 | $fields = 'mu.*, ua.*'; |
| 49 | 49 | $from = '[+prefix+]manager_users AS mu, [+prefix+]user_attributes AS ua'; |
| 50 | 50 | $where = "BINARY mu.username='{$username}' and ua.internalKey=mu.id"; |
@@ -52,8 +52,8 @@ discard block |
||
| 52 | 52 | $limit = $modx->db->getRecordCount($rs); |
| 53 | 53 | |
| 54 | 54 | if($limit == 0 || $limit > 1) { |
| 55 | - jsAlert($_lang['login_processor_unknown_user']); |
|
| 56 | - return; |
|
| 55 | + jsAlert($_lang['login_processor_unknown_user']); |
|
| 56 | + return; |
|
| 57 | 57 | } |
| 58 | 58 | |
| 59 | 59 | $row = $modx->db->getRow($rs); |
@@ -74,127 +74,127 @@ discard block |
||
| 74 | 74 | // get the user settings from the database |
| 75 | 75 | $rs = $modx->db->select('setting_name, setting_value', '[+prefix+]user_settings', "user='{$internalKey}' AND setting_value!=''"); |
| 76 | 76 | while($row = $modx->db->getRow($rs)) { |
| 77 | - extract($row); |
|
| 78 | - ${$setting_name} = $setting_value; |
|
| 77 | + extract($row); |
|
| 78 | + ${$setting_name} = $setting_value; |
|
| 79 | 79 | } |
| 80 | 80 | |
| 81 | 81 | // blocked due to number of login errors. |
| 82 | 82 | if($failedlogins >= $failed_allowed && $blockeduntildate > time()) { |
| 83 | - @session_destroy(); |
|
| 84 | - session_unset(); |
|
| 85 | - if($cip = getenv("HTTP_CLIENT_IP")) { |
|
| 86 | - $ip = $cip; |
|
| 87 | - } elseif($cip = getenv("HTTP_X_FORWARDED_FOR")) { |
|
| 88 | - $ip = $cip; |
|
| 89 | - } elseif($cip = getenv("REMOTE_ADDR")) { |
|
| 90 | - $ip = $cip; |
|
| 91 | - } else { |
|
| 92 | - $ip = "UNKNOWN"; |
|
| 93 | - } |
|
| 94 | - $log = new logHandler; |
|
| 95 | - $log->initAndWriteLog("Login Fail (Temporary Block)", $internalKey, $username, "119", $internalKey, "IP: " . $ip); |
|
| 96 | - jsAlert($_lang['login_processor_many_failed_logins']); |
|
| 97 | - return; |
|
| 83 | + @session_destroy(); |
|
| 84 | + session_unset(); |
|
| 85 | + if($cip = getenv("HTTP_CLIENT_IP")) { |
|
| 86 | + $ip = $cip; |
|
| 87 | + } elseif($cip = getenv("HTTP_X_FORWARDED_FOR")) { |
|
| 88 | + $ip = $cip; |
|
| 89 | + } elseif($cip = getenv("REMOTE_ADDR")) { |
|
| 90 | + $ip = $cip; |
|
| 91 | + } else { |
|
| 92 | + $ip = "UNKNOWN"; |
|
| 93 | + } |
|
| 94 | + $log = new logHandler; |
|
| 95 | + $log->initAndWriteLog("Login Fail (Temporary Block)", $internalKey, $username, "119", $internalKey, "IP: " . $ip); |
|
| 96 | + jsAlert($_lang['login_processor_many_failed_logins']); |
|
| 97 | + return; |
|
| 98 | 98 | } |
| 99 | 99 | |
| 100 | 100 | // blocked due to number of login errors, but get to try again |
| 101 | 101 | if($failedlogins >= $failed_allowed && $blockeduntildate < time()) { |
| 102 | - $fields = array(); |
|
| 103 | - $fields['failedlogincount'] = '0'; |
|
| 104 | - $fields['blockeduntil'] = time() - 1; |
|
| 105 | - $modx->db->update($fields, '[+prefix+]user_attributes', "internalKey='{$internalKey}'"); |
|
| 102 | + $fields = array(); |
|
| 103 | + $fields['failedlogincount'] = '0'; |
|
| 104 | + $fields['blockeduntil'] = time() - 1; |
|
| 105 | + $modx->db->update($fields, '[+prefix+]user_attributes', "internalKey='{$internalKey}'"); |
|
| 106 | 106 | } |
| 107 | 107 | |
| 108 | 108 | // this user has been blocked by an admin, so no way he's loggin in! |
| 109 | 109 | if($blocked == '1') { |
| 110 | - @session_destroy(); |
|
| 111 | - session_unset(); |
|
| 112 | - jsAlert($_lang['login_processor_blocked1']); |
|
| 113 | - return; |
|
| 110 | + @session_destroy(); |
|
| 111 | + session_unset(); |
|
| 112 | + jsAlert($_lang['login_processor_blocked1']); |
|
| 113 | + return; |
|
| 114 | 114 | } |
| 115 | 115 | |
| 116 | 116 | // blockuntil: this user has a block until date |
| 117 | 117 | if($blockeduntildate > time()) { |
| 118 | - @session_destroy(); |
|
| 119 | - session_unset(); |
|
| 120 | - jsAlert($_lang['login_processor_blocked2']); |
|
| 121 | - return; |
|
| 118 | + @session_destroy(); |
|
| 119 | + session_unset(); |
|
| 120 | + jsAlert($_lang['login_processor_blocked2']); |
|
| 121 | + return; |
|
| 122 | 122 | } |
| 123 | 123 | |
| 124 | 124 | // blockafter: this user has a block after date |
| 125 | 125 | if($blockedafterdate > 0 && $blockedafterdate < time()) { |
| 126 | - @session_destroy(); |
|
| 127 | - session_unset(); |
|
| 128 | - jsAlert($_lang['login_processor_blocked3']); |
|
| 129 | - return; |
|
| 126 | + @session_destroy(); |
|
| 127 | + session_unset(); |
|
| 128 | + jsAlert($_lang['login_processor_blocked3']); |
|
| 129 | + return; |
|
| 130 | 130 | } |
| 131 | 131 | |
| 132 | 132 | // allowed ip |
| 133 | 133 | if($allowed_ip) { |
| 134 | - if(($hostname = gethostbyaddr($_SERVER['REMOTE_ADDR'])) && ($hostname != $_SERVER['REMOTE_ADDR'])) { |
|
| 135 | - if(gethostbyname($hostname) != $_SERVER['REMOTE_ADDR']) { |
|
| 136 | - jsAlert($_lang['login_processor_remotehost_ip']); |
|
| 137 | - return; |
|
| 138 | - } |
|
| 139 | - } |
|
| 140 | - if(!in_array($_SERVER['REMOTE_ADDR'], array_filter(array_map('trim', explode(',', $allowed_ip))))) { |
|
| 141 | - jsAlert($_lang['login_processor_remote_ip']); |
|
| 142 | - return; |
|
| 143 | - } |
|
| 134 | + if(($hostname = gethostbyaddr($_SERVER['REMOTE_ADDR'])) && ($hostname != $_SERVER['REMOTE_ADDR'])) { |
|
| 135 | + if(gethostbyname($hostname) != $_SERVER['REMOTE_ADDR']) { |
|
| 136 | + jsAlert($_lang['login_processor_remotehost_ip']); |
|
| 137 | + return; |
|
| 138 | + } |
|
| 139 | + } |
|
| 140 | + if(!in_array($_SERVER['REMOTE_ADDR'], array_filter(array_map('trim', explode(',', $allowed_ip))))) { |
|
| 141 | + jsAlert($_lang['login_processor_remote_ip']); |
|
| 142 | + return; |
|
| 143 | + } |
|
| 144 | 144 | } |
| 145 | 145 | |
| 146 | 146 | // allowed days |
| 147 | 147 | if($allowed_days) { |
| 148 | - $date = getdate(); |
|
| 149 | - $day = $date['wday'] + 1; |
|
| 150 | - if(!in_array($day,explode(',',$allowed_days))) { |
|
| 151 | - jsAlert($_lang['login_processor_date']); |
|
| 152 | - return; |
|
| 153 | - } |
|
| 148 | + $date = getdate(); |
|
| 149 | + $day = $date['wday'] + 1; |
|
| 150 | + if(!in_array($day,explode(',',$allowed_days))) { |
|
| 151 | + jsAlert($_lang['login_processor_date']); |
|
| 152 | + return; |
|
| 153 | + } |
|
| 154 | 154 | } |
| 155 | 155 | |
| 156 | 156 | // invoke OnManagerAuthentication event |
| 157 | 157 | $rt = $modx->invokeEvent('OnManagerAuthentication', array( |
| 158 | - 'userid' => $internalKey, |
|
| 159 | - 'username' => $username, |
|
| 160 | - 'userpassword' => $givenPassword, |
|
| 161 | - 'savedpassword' => $dbasePassword, |
|
| 162 | - 'rememberme' => $rememberme |
|
| 163 | - )); |
|
| 158 | + 'userid' => $internalKey, |
|
| 159 | + 'username' => $username, |
|
| 160 | + 'userpassword' => $givenPassword, |
|
| 161 | + 'savedpassword' => $dbasePassword, |
|
| 162 | + 'rememberme' => $rememberme |
|
| 163 | + )); |
|
| 164 | 164 | |
| 165 | 165 | // check if plugin authenticated the user |
| 166 | 166 | $matchPassword = false; |
| 167 | 167 | if(!isset($rt) || !$rt || (is_array($rt) && !in_array(true, $rt))) { |
| 168 | - // check user password - local authentication |
|
| 169 | - $hashType = $modx->manager->getHashType($dbasePassword); |
|
| 170 | - if($hashType == 'phpass') { |
|
| 171 | - $matchPassword = login($username, $_REQUEST['password'], $dbasePassword); |
|
| 172 | - } elseif($hashType == 'md5') { |
|
| 173 | - $matchPassword = loginMD5($internalKey, $_REQUEST['password'], $dbasePassword, $username); |
|
| 174 | - } elseif($hashType == 'v1') { |
|
| 175 | - $matchPassword = loginV1($internalKey, $_REQUEST['password'], $dbasePassword, $username); |
|
| 176 | - } else { |
|
| 177 | - $matchPassword = false; |
|
| 178 | - } |
|
| 168 | + // check user password - local authentication |
|
| 169 | + $hashType = $modx->manager->getHashType($dbasePassword); |
|
| 170 | + if($hashType == 'phpass') { |
|
| 171 | + $matchPassword = login($username, $_REQUEST['password'], $dbasePassword); |
|
| 172 | + } elseif($hashType == 'md5') { |
|
| 173 | + $matchPassword = loginMD5($internalKey, $_REQUEST['password'], $dbasePassword, $username); |
|
| 174 | + } elseif($hashType == 'v1') { |
|
| 175 | + $matchPassword = loginV1($internalKey, $_REQUEST['password'], $dbasePassword, $username); |
|
| 176 | + } else { |
|
| 177 | + $matchPassword = false; |
|
| 178 | + } |
|
| 179 | 179 | } else if($rt === true || (is_array($rt) && in_array(true, $rt))) { |
| 180 | - $matchPassword = true; |
|
| 180 | + $matchPassword = true; |
|
| 181 | 181 | } |
| 182 | 182 | |
| 183 | 183 | if(!$matchPassword) { |
| 184 | - jsAlert($_lang['login_processor_wrong_password']); |
|
| 185 | - incrementFailedLoginCount($internalKey, $failedlogins, $failed_allowed, $blocked_minutes); |
|
| 186 | - return; |
|
| 184 | + jsAlert($_lang['login_processor_wrong_password']); |
|
| 185 | + incrementFailedLoginCount($internalKey, $failedlogins, $failed_allowed, $blocked_minutes); |
|
| 186 | + return; |
|
| 187 | 187 | } |
| 188 | 188 | |
| 189 | 189 | if($modx->config['use_captcha'] == 1) { |
| 190 | - if(!isset ($_SESSION['veriword'])) { |
|
| 191 | - jsAlert($_lang['login_processor_captcha_config']); |
|
| 192 | - return; |
|
| 193 | - } elseif($_SESSION['veriword'] != $captcha_code) { |
|
| 194 | - jsAlert($_lang['login_processor_bad_code']); |
|
| 195 | - incrementFailedLoginCount($internalKey, $failedlogins, $failed_allowed, $blocked_minutes); |
|
| 196 | - return; |
|
| 197 | - } |
|
| 190 | + if(!isset ($_SESSION['veriword'])) { |
|
| 191 | + jsAlert($_lang['login_processor_captcha_config']); |
|
| 192 | + return; |
|
| 193 | + } elseif($_SESSION['veriword'] != $captcha_code) { |
|
| 194 | + jsAlert($_lang['login_processor_bad_code']); |
|
| 195 | + incrementFailedLoginCount($internalKey, $failedlogins, $failed_allowed, $blocked_minutes); |
|
| 196 | + return; |
|
| 197 | + } |
|
| 198 | 198 | } |
| 199 | 199 | |
| 200 | 200 | $modx->cleanupExpiredLocks(); |
@@ -229,36 +229,36 @@ discard block |
||
| 229 | 229 | $_SESSION['mgrToken'] = md5($currentsessionid); |
| 230 | 230 | |
| 231 | 231 | if($rememberme == '1') { |
| 232 | - $_SESSION['modx.mgr.session.cookie.lifetime'] = (int)$modx->config['session.cookie.lifetime']; |
|
| 233 | - |
|
| 234 | - // Set a cookie separate from the session cookie with the username in it. |
|
| 235 | - // Are we using secure connection? If so, make sure the cookie is secure |
|
| 236 | - global $https_port; |
|
| 237 | - |
|
| 238 | - $secure = ((isset ($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') || $_SERVER['SERVER_PORT'] == $https_port); |
|
| 239 | - if(version_compare(PHP_VERSION, '5.2', '<')) { |
|
| 240 | - setcookie('modx_remember_manager', $_SESSION['mgrShortname'], time() + 60 * 60 * 24 * 365, MODX_BASE_URL, '; HttpOnly', $secure); |
|
| 241 | - } else { |
|
| 242 | - setcookie('modx_remember_manager', $_SESSION['mgrShortname'], time() + 60 * 60 * 24 * 365, MODX_BASE_URL, NULL, $secure, true); |
|
| 243 | - } |
|
| 232 | + $_SESSION['modx.mgr.session.cookie.lifetime'] = (int)$modx->config['session.cookie.lifetime']; |
|
| 233 | + |
|
| 234 | + // Set a cookie separate from the session cookie with the username in it. |
|
| 235 | + // Are we using secure connection? If so, make sure the cookie is secure |
|
| 236 | + global $https_port; |
|
| 237 | + |
|
| 238 | + $secure = ((isset ($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') || $_SERVER['SERVER_PORT'] == $https_port); |
|
| 239 | + if(version_compare(PHP_VERSION, '5.2', '<')) { |
|
| 240 | + setcookie('modx_remember_manager', $_SESSION['mgrShortname'], time() + 60 * 60 * 24 * 365, MODX_BASE_URL, '; HttpOnly', $secure); |
|
| 241 | + } else { |
|
| 242 | + setcookie('modx_remember_manager', $_SESSION['mgrShortname'], time() + 60 * 60 * 24 * 365, MODX_BASE_URL, NULL, $secure, true); |
|
| 243 | + } |
|
| 244 | 244 | } else { |
| 245 | - $_SESSION['modx.mgr.session.cookie.lifetime'] = 0; |
|
| 245 | + $_SESSION['modx.mgr.session.cookie.lifetime'] = 0; |
|
| 246 | 246 | |
| 247 | - // Remove the Remember Me cookie |
|
| 248 | - setcookie('modx_remember_manager', '', time() - 3600, MODX_BASE_URL); |
|
| 247 | + // Remove the Remember Me cookie |
|
| 248 | + setcookie('modx_remember_manager', '', time() - 3600, MODX_BASE_URL); |
|
| 249 | 249 | } |
| 250 | 250 | |
| 251 | 251 | // Check if user already has an active session, if not check if user pressed logout end of last session |
| 252 | 252 | $rs = $modx->db->select('lasthit', $modx->getFullTableName('active_user_sessions'), "internalKey='{$internalKey}'"); |
| 253 | 253 | $activeSession = $modx->db->getValue($rs); |
| 254 | 254 | if(!$activeSession) { |
| 255 | - $rs = $modx->db->select('lasthit', $modx->getFullTableName('active_users'), "internalKey='{$internalKey}' AND action != 8"); |
|
| 256 | - if($lastHit = $modx->db->getValue($rs)) { |
|
| 257 | - $_SESSION['show_logout_reminder'] = array( |
|
| 258 | - 'type' => 'logout_reminder', |
|
| 259 | - 'lastHit' => $lastHit |
|
| 260 | - ); |
|
| 261 | - } |
|
| 255 | + $rs = $modx->db->select('lasthit', $modx->getFullTableName('active_users'), "internalKey='{$internalKey}' AND action != 8"); |
|
| 256 | + if($lastHit = $modx->db->getValue($rs)) { |
|
| 257 | + $_SESSION['show_logout_reminder'] = array( |
|
| 258 | + 'type' => 'logout_reminder', |
|
| 259 | + 'lastHit' => $lastHit |
|
| 260 | + ); |
|
| 261 | + } |
|
| 262 | 262 | } |
| 263 | 263 | |
| 264 | 264 | $log = new logHandler; |
@@ -266,29 +266,29 @@ discard block |
||
| 266 | 266 | |
| 267 | 267 | // invoke OnManagerLogin event |
| 268 | 268 | $modx->invokeEvent('OnManagerLogin', array( |
| 269 | - 'userid' => $internalKey, |
|
| 270 | - 'username' => $username, |
|
| 271 | - 'userpassword' => $givenPassword, |
|
| 272 | - 'rememberme' => $rememberme |
|
| 273 | - )); |
|
| 269 | + 'userid' => $internalKey, |
|
| 270 | + 'username' => $username, |
|
| 271 | + 'userpassword' => $givenPassword, |
|
| 272 | + 'rememberme' => $rememberme |
|
| 273 | + )); |
|
| 274 | 274 | |
| 275 | 275 | // check if we should redirect user to a web page |
| 276 | 276 | $rs = $modx->db->select('setting_value', '[+prefix+]user_settings', "user='{$internalKey}' AND setting_name='manager_login_startup'"); |
| 277 | 277 | $id = (int)$modx->db->getValue($rs); |
| 278 | 278 | if($id > 0) { |
| 279 | - $header = 'Location: ' . $modx->makeUrl($id, '', '', 'full'); |
|
| 280 | - if($_POST['ajax'] == 1) { |
|
| 281 | - echo $header; |
|
| 282 | - } else { |
|
| 283 | - header($header); |
|
| 284 | - } |
|
| 279 | + $header = 'Location: ' . $modx->makeUrl($id, '', '', 'full'); |
|
| 280 | + if($_POST['ajax'] == 1) { |
|
| 281 | + echo $header; |
|
| 282 | + } else { |
|
| 283 | + header($header); |
|
| 284 | + } |
|
| 285 | 285 | } else { |
| 286 | - $header = 'Location: ' . MODX_MANAGER_URL; |
|
| 287 | - if($_POST['ajax'] == 1) { |
|
| 288 | - echo $header; |
|
| 289 | - } else { |
|
| 290 | - header($header); |
|
| 291 | - } |
|
| 286 | + $header = 'Location: ' . MODX_MANAGER_URL; |
|
| 287 | + if($_POST['ajax'] == 1) { |
|
| 288 | + echo $header; |
|
| 289 | + } else { |
|
| 290 | + header($header); |
|
| 291 | + } |
|
| 292 | 292 | } |
| 293 | 293 | |
| 294 | 294 | /** |
@@ -297,12 +297,12 @@ discard block |
||
| 297 | 297 | * @param string $msg |
| 298 | 298 | */ |
| 299 | 299 | function jsAlert($msg) { |
| 300 | - global $modx; |
|
| 301 | - if($_POST['ajax'] != 1) { |
|
| 302 | - echo "<script>window.setTimeout(\"alert('" . addslashes($modx->db->escape($msg)) . "')\",10);history.go(-1)</script>"; |
|
| 303 | - } else { |
|
| 304 | - echo $msg . "\n"; |
|
| 305 | - } |
|
| 300 | + global $modx; |
|
| 301 | + if($_POST['ajax'] != 1) { |
|
| 302 | + echo "<script>window.setTimeout(\"alert('" . addslashes($modx->db->escape($msg)) . "')\",10);history.go(-1)</script>"; |
|
| 303 | + } else { |
|
| 304 | + echo $msg . "\n"; |
|
| 305 | + } |
|
| 306 | 306 | } |
| 307 | 307 | |
| 308 | 308 | /** |
@@ -312,8 +312,8 @@ discard block |
||
| 312 | 312 | * @return bool |
| 313 | 313 | */ |
| 314 | 314 | function login($username, $givenPassword, $dbasePassword) { |
| 315 | - global $modx; |
|
| 316 | - return $modx->phpass->CheckPassword($givenPassword, $dbasePassword); |
|
| 315 | + global $modx; |
|
| 316 | + return $modx->phpass->CheckPassword($givenPassword, $dbasePassword); |
|
| 317 | 317 | } |
| 318 | 318 | |
| 319 | 319 | /** |
@@ -324,26 +324,26 @@ discard block |
||
| 324 | 324 | * @return bool |
| 325 | 325 | */ |
| 326 | 326 | function loginV1($internalKey, $givenPassword, $dbasePassword, $username) { |
| 327 | - global $modx; |
|
| 327 | + global $modx; |
|
| 328 | 328 | |
| 329 | - $user_algo = $modx->manager->getV1UserHashAlgorithm($internalKey); |
|
| 329 | + $user_algo = $modx->manager->getV1UserHashAlgorithm($internalKey); |
|
| 330 | 330 | |
| 331 | - if(!isset($modx->config['pwd_hash_algo']) || empty($modx->config['pwd_hash_algo'])) { |
|
| 332 | - $modx->config['pwd_hash_algo'] = 'UNCRYPT'; |
|
| 333 | - } |
|
| 331 | + if(!isset($modx->config['pwd_hash_algo']) || empty($modx->config['pwd_hash_algo'])) { |
|
| 332 | + $modx->config['pwd_hash_algo'] = 'UNCRYPT'; |
|
| 333 | + } |
|
| 334 | 334 | |
| 335 | - if($user_algo !== $modx->config['pwd_hash_algo']) { |
|
| 336 | - $bk_pwd_hash_algo = $modx->config['pwd_hash_algo']; |
|
| 337 | - $modx->config['pwd_hash_algo'] = $user_algo; |
|
| 338 | - } |
|
| 335 | + if($user_algo !== $modx->config['pwd_hash_algo']) { |
|
| 336 | + $bk_pwd_hash_algo = $modx->config['pwd_hash_algo']; |
|
| 337 | + $modx->config['pwd_hash_algo'] = $user_algo; |
|
| 338 | + } |
|
| 339 | 339 | |
| 340 | - if($dbasePassword != $modx->manager->genV1Hash($givenPassword, $internalKey)) { |
|
| 341 | - return false; |
|
| 342 | - } |
|
| 340 | + if($dbasePassword != $modx->manager->genV1Hash($givenPassword, $internalKey)) { |
|
| 341 | + return false; |
|
| 342 | + } |
|
| 343 | 343 | |
| 344 | - updateNewHash($username, $givenPassword); |
|
| 344 | + updateNewHash($username, $givenPassword); |
|
| 345 | 345 | |
| 346 | - return true; |
|
| 346 | + return true; |
|
| 347 | 347 | } |
| 348 | 348 | |
| 349 | 349 | /** |
@@ -354,13 +354,13 @@ discard block |
||
| 354 | 354 | * @return bool |
| 355 | 355 | */ |
| 356 | 356 | function loginMD5($internalKey, $givenPassword, $dbasePassword, $username) { |
| 357 | - global $modx; |
|
| 357 | + global $modx; |
|
| 358 | 358 | |
| 359 | - if($dbasePassword != md5($givenPassword)) { |
|
| 360 | - return false; |
|
| 361 | - } |
|
| 362 | - updateNewHash($username, $givenPassword); |
|
| 363 | - return true; |
|
| 359 | + if($dbasePassword != md5($givenPassword)) { |
|
| 360 | + return false; |
|
| 361 | + } |
|
| 362 | + updateNewHash($username, $givenPassword); |
|
| 363 | + return true; |
|
| 364 | 364 | } |
| 365 | 365 | |
| 366 | 366 | /** |
@@ -368,11 +368,11 @@ discard block |
||
| 368 | 368 | * @param string $password |
| 369 | 369 | */ |
| 370 | 370 | function updateNewHash($username, $password) { |
| 371 | - global $modx; |
|
| 371 | + global $modx; |
|
| 372 | 372 | |
| 373 | - $field = array(); |
|
| 374 | - $field['password'] = $modx->phpass->HashPassword($password); |
|
| 375 | - $modx->db->update($field, '[+prefix+]manager_users', "username='{$username}'"); |
|
| 373 | + $field = array(); |
|
| 374 | + $field['password'] = $modx->phpass->HashPassword($password); |
|
| 375 | + $modx->db->update($field, '[+prefix+]manager_users', "username='{$username}'"); |
|
| 376 | 376 | } |
| 377 | 377 | |
| 378 | 378 | /** |
@@ -382,27 +382,27 @@ discard block |
||
| 382 | 382 | * @param int $blocked_minutes |
| 383 | 383 | */ |
| 384 | 384 | function incrementFailedLoginCount($internalKey, $failedlogins, $failed_allowed, $blocked_minutes) { |
| 385 | - global $modx; |
|
| 386 | - |
|
| 387 | - $failedlogins += 1; |
|
| 388 | - |
|
| 389 | - $fields = array('failedlogincount' => $failedlogins); |
|
| 390 | - if($failedlogins >= $failed_allowed) //block user for too many fail attempts |
|
| 391 | - { |
|
| 392 | - $fields['blockeduntil'] = time() + ($blocked_minutes * 60); |
|
| 393 | - } |
|
| 394 | - |
|
| 395 | - $modx->db->update($fields, '[+prefix+]user_attributes', "internalKey='{$internalKey}'"); |
|
| 396 | - |
|
| 397 | - if($failedlogins < $failed_allowed) { |
|
| 398 | - //sleep to help prevent brute force attacks |
|
| 399 | - $sleep = (int) $failedlogins / 2; |
|
| 400 | - if($sleep > 5) { |
|
| 401 | - $sleep = 5; |
|
| 402 | - } |
|
| 403 | - sleep($sleep); |
|
| 404 | - } |
|
| 405 | - @session_destroy(); |
|
| 406 | - session_unset(); |
|
| 407 | - return; |
|
| 385 | + global $modx; |
|
| 386 | + |
|
| 387 | + $failedlogins += 1; |
|
| 388 | + |
|
| 389 | + $fields = array('failedlogincount' => $failedlogins); |
|
| 390 | + if($failedlogins >= $failed_allowed) //block user for too many fail attempts |
|
| 391 | + { |
|
| 392 | + $fields['blockeduntil'] = time() + ($blocked_minutes * 60); |
|
| 393 | + } |
|
| 394 | + |
|
| 395 | + $modx->db->update($fields, '[+prefix+]user_attributes', "internalKey='{$internalKey}'"); |
|
| 396 | + |
|
| 397 | + if($failedlogins < $failed_allowed) { |
|
| 398 | + //sleep to help prevent brute force attacks |
|
| 399 | + $sleep = (int) $failedlogins / 2; |
|
| 400 | + if($sleep > 5) { |
|
| 401 | + $sleep = 5; |
|
| 402 | + } |
|
| 403 | + sleep($sleep); |
|
| 404 | + } |
|
| 405 | + @session_destroy(); |
|
| 406 | + session_unset(); |
|
| 407 | + return; |
|
| 408 | 408 | } |
