evolution-cms /
evolution
@@ -1,7 +1,7 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | if(!isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { |
| 3 | - header('HTTP/1.0 404 Not Found'); |
|
| 4 | - exit('error'); |
|
| 3 | + header('HTTP/1.0 404 Not Found'); |
|
| 4 | + exit('error'); |
|
| 5 | 5 | } |
| 6 | 6 | define('IN_MANAGER_MODE', true); // we use this to make sure files are accessed through |
| 7 | 7 | define('MODX_API_MODE', true); |
@@ -18,7 +18,7 @@ discard block |
||
| 18 | 18 | include_once("{$core_path}lang/english.inc.php"); |
| 19 | 19 | |
| 20 | 20 | if($manager_language !== 'english' && is_file("{$core_path}lang/{$manager_language}.inc.php")) { |
| 21 | - include_once("{$core_path}lang/{$manager_language}.inc.php"); |
|
| 21 | + include_once("{$core_path}lang/{$manager_language}.inc.php"); |
|
| 22 | 22 | } |
| 23 | 23 | |
| 24 | 24 | // include the logger |
@@ -26,7 +26,7 @@ discard block |
||
| 26 | 26 | |
| 27 | 27 | // Initialize System Alert Message Queque |
| 28 | 28 | if(!isset($_SESSION['SystemAlertMsgQueque'])) { |
| 29 | - $_SESSION['SystemAlertMsgQueque'] = array(); |
|
| 29 | + $_SESSION['SystemAlertMsgQueque'] = array(); |
|
| 30 | 30 | } |
| 31 | 31 | $SystemAlertMsgQueque = &$_SESSION['SystemAlertMsgQueque']; |
| 32 | 32 | |
@@ -41,10 +41,10 @@ discard block |
||
| 41 | 41 | |
| 42 | 42 | // invoke OnBeforeManagerLogin event |
| 43 | 43 | $modx->invokeEvent('OnBeforeManagerLogin', array( |
| 44 | - 'username' => $username, |
|
| 45 | - 'userpassword' => $givenPassword, |
|
| 46 | - 'rememberme' => $rememberme |
|
| 47 | - )); |
|
| 44 | + 'username' => $username, |
|
| 45 | + 'userpassword' => $givenPassword, |
|
| 46 | + 'rememberme' => $rememberme |
|
| 47 | + )); |
|
| 48 | 48 | $fields = 'mu.*, ua.*'; |
| 49 | 49 | $from = '[+prefix+]manager_users AS mu, [+prefix+]user_attributes AS ua'; |
| 50 | 50 | $where = "BINARY mu.username='{$username}' and ua.internalKey=mu.id"; |
@@ -52,8 +52,8 @@ discard block |
||
| 52 | 52 | $limit = $modx->db->getRecordCount($rs); |
| 53 | 53 | |
| 54 | 54 | if($limit == 0 || $limit > 1) { |
| 55 | - jsAlert($_lang['login_processor_unknown_user']); |
|
| 56 | - return; |
|
| 55 | + jsAlert($_lang['login_processor_unknown_user']); |
|
| 56 | + return; |
|
| 57 | 57 | } |
| 58 | 58 | |
| 59 | 59 | $row = $modx->db->getRow($rs); |
@@ -74,127 +74,127 @@ discard block |
||
| 74 | 74 | // get the user settings from the database |
| 75 | 75 | $rs = $modx->db->select('setting_name, setting_value', '[+prefix+]user_settings', "user='{$internalKey}' AND setting_value!=''"); |
| 76 | 76 | while($row = $modx->db->getRow($rs)) { |
| 77 | - extract($row); |
|
| 78 | - ${$setting_name} = $setting_value; |
|
| 77 | + extract($row); |
|
| 78 | + ${$setting_name} = $setting_value; |
|
| 79 | 79 | } |
| 80 | 80 | |
| 81 | 81 | // blocked due to number of login errors. |
| 82 | 82 | if($failedlogins >= $failed_allowed && $blockeduntildate > time()) { |
| 83 | - @session_destroy(); |
|
| 84 | - session_unset(); |
|
| 85 | - if($cip = getenv("HTTP_CLIENT_IP")) { |
|
| 86 | - $ip = $cip; |
|
| 87 | - } elseif($cip = getenv("HTTP_X_FORWARDED_FOR")) { |
|
| 88 | - $ip = $cip; |
|
| 89 | - } elseif($cip = getenv("REMOTE_ADDR")) { |
|
| 90 | - $ip = $cip; |
|
| 91 | - } else { |
|
| 92 | - $ip = "UNKNOWN"; |
|
| 93 | - } |
|
| 94 | - $log = new logHandler; |
|
| 95 | - $log->initAndWriteLog("Login Fail (Temporary Block)", $internalKey, $username, "119", $internalKey, "IP: " . $ip); |
|
| 96 | - jsAlert($_lang['login_processor_many_failed_logins']); |
|
| 97 | - return; |
|
| 83 | + @session_destroy(); |
|
| 84 | + session_unset(); |
|
| 85 | + if($cip = getenv("HTTP_CLIENT_IP")) { |
|
| 86 | + $ip = $cip; |
|
| 87 | + } elseif($cip = getenv("HTTP_X_FORWARDED_FOR")) { |
|
| 88 | + $ip = $cip; |
|
| 89 | + } elseif($cip = getenv("REMOTE_ADDR")) { |
|
| 90 | + $ip = $cip; |
|
| 91 | + } else { |
|
| 92 | + $ip = "UNKNOWN"; |
|
| 93 | + } |
|
| 94 | + $log = new logHandler; |
|
| 95 | + $log->initAndWriteLog("Login Fail (Temporary Block)", $internalKey, $username, "119", $internalKey, "IP: " . $ip); |
|
| 96 | + jsAlert($_lang['login_processor_many_failed_logins']); |
|
| 97 | + return; |
|
| 98 | 98 | } |
| 99 | 99 | |
| 100 | 100 | // blocked due to number of login errors, but get to try again |
| 101 | 101 | if($failedlogins >= $failed_allowed && $blockeduntildate < time()) { |
| 102 | - $fields = array(); |
|
| 103 | - $fields['failedlogincount'] = '0'; |
|
| 104 | - $fields['blockeduntil'] = time() - 1; |
|
| 105 | - $modx->db->update($fields, '[+prefix+]user_attributes', "internalKey='{$internalKey}'"); |
|
| 102 | + $fields = array(); |
|
| 103 | + $fields['failedlogincount'] = '0'; |
|
| 104 | + $fields['blockeduntil'] = time() - 1; |
|
| 105 | + $modx->db->update($fields, '[+prefix+]user_attributes', "internalKey='{$internalKey}'"); |
|
| 106 | 106 | } |
| 107 | 107 | |
| 108 | 108 | // this user has been blocked by an admin, so no way he's loggin in! |
| 109 | 109 | if($blocked == '1') { |
| 110 | - @session_destroy(); |
|
| 111 | - session_unset(); |
|
| 112 | - jsAlert($_lang['login_processor_blocked1']); |
|
| 113 | - return; |
|
| 110 | + @session_destroy(); |
|
| 111 | + session_unset(); |
|
| 112 | + jsAlert($_lang['login_processor_blocked1']); |
|
| 113 | + return; |
|
| 114 | 114 | } |
| 115 | 115 | |
| 116 | 116 | // blockuntil: this user has a block until date |
| 117 | 117 | if($blockeduntildate > time()) { |
| 118 | - @session_destroy(); |
|
| 119 | - session_unset(); |
|
| 120 | - jsAlert($_lang['login_processor_blocked2']); |
|
| 121 | - return; |
|
| 118 | + @session_destroy(); |
|
| 119 | + session_unset(); |
|
| 120 | + jsAlert($_lang['login_processor_blocked2']); |
|
| 121 | + return; |
|
| 122 | 122 | } |
| 123 | 123 | |
| 124 | 124 | // blockafter: this user has a block after date |
| 125 | 125 | if($blockedafterdate > 0 && $blockedafterdate < time()) { |
| 126 | - @session_destroy(); |
|
| 127 | - session_unset(); |
|
| 128 | - jsAlert($_lang['login_processor_blocked3']); |
|
| 129 | - return; |
|
| 126 | + @session_destroy(); |
|
| 127 | + session_unset(); |
|
| 128 | + jsAlert($_lang['login_processor_blocked3']); |
|
| 129 | + return; |
|
| 130 | 130 | } |
| 131 | 131 | |
| 132 | 132 | // allowed ip |
| 133 | 133 | if($allowed_ip) { |
| 134 | - if(($hostname = gethostbyaddr($_SERVER['REMOTE_ADDR'])) && ($hostname != $_SERVER['REMOTE_ADDR'])) { |
|
| 135 | - if(gethostbyname($hostname) != $_SERVER['REMOTE_ADDR']) { |
|
| 136 | - jsAlert($_lang['login_processor_remotehost_ip']); |
|
| 137 | - return; |
|
| 138 | - } |
|
| 139 | - } |
|
| 140 | - if(!in_array($_SERVER['REMOTE_ADDR'], array_filter(array_map('trim', explode(',', $allowed_ip))))) { |
|
| 141 | - jsAlert($_lang['login_processor_remote_ip']); |
|
| 142 | - return; |
|
| 143 | - } |
|
| 134 | + if(($hostname = gethostbyaddr($_SERVER['REMOTE_ADDR'])) && ($hostname != $_SERVER['REMOTE_ADDR'])) { |
|
| 135 | + if(gethostbyname($hostname) != $_SERVER['REMOTE_ADDR']) { |
|
| 136 | + jsAlert($_lang['login_processor_remotehost_ip']); |
|
| 137 | + return; |
|
| 138 | + } |
|
| 139 | + } |
|
| 140 | + if(!in_array($_SERVER['REMOTE_ADDR'], array_filter(array_map('trim', explode(',', $allowed_ip))))) { |
|
| 141 | + jsAlert($_lang['login_processor_remote_ip']); |
|
| 142 | + return; |
|
| 143 | + } |
|
| 144 | 144 | } |
| 145 | 145 | |
| 146 | 146 | // allowed days |
| 147 | 147 | if($allowed_days) { |
| 148 | - $date = getdate(); |
|
| 149 | - $day = $date['wday'] + 1; |
|
| 150 | - if(!in_array($day,explode(',',$allowed_days))) { |
|
| 151 | - jsAlert($_lang['login_processor_date']); |
|
| 152 | - return; |
|
| 153 | - } |
|
| 148 | + $date = getdate(); |
|
| 149 | + $day = $date['wday'] + 1; |
|
| 150 | + if(!in_array($day,explode(',',$allowed_days))) { |
|
| 151 | + jsAlert($_lang['login_processor_date']); |
|
| 152 | + return; |
|
| 153 | + } |
|
| 154 | 154 | } |
| 155 | 155 | |
| 156 | 156 | // invoke OnManagerAuthentication event |
| 157 | 157 | $rt = $modx->invokeEvent('OnManagerAuthentication', array( |
| 158 | - 'userid' => $internalKey, |
|
| 159 | - 'username' => $username, |
|
| 160 | - 'userpassword' => $givenPassword, |
|
| 161 | - 'savedpassword' => $dbasePassword, |
|
| 162 | - 'rememberme' => $rememberme |
|
| 163 | - )); |
|
| 158 | + 'userid' => $internalKey, |
|
| 159 | + 'username' => $username, |
|
| 160 | + 'userpassword' => $givenPassword, |
|
| 161 | + 'savedpassword' => $dbasePassword, |
|
| 162 | + 'rememberme' => $rememberme |
|
| 163 | + )); |
|
| 164 | 164 | |
| 165 | 165 | // check if plugin authenticated the user |
| 166 | 166 | $matchPassword = false; |
| 167 | 167 | if(!isset($rt) || !$rt || (is_array($rt) && !in_array(true, $rt))) { |
| 168 | - // check user password - local authentication |
|
| 169 | - $hashType = $modx->manager->getHashType($dbasePassword); |
|
| 170 | - if($hashType == 'phpass') { |
|
| 171 | - $matchPassword = login($username, $_REQUEST['password'], $dbasePassword); |
|
| 172 | - } elseif($hashType == 'md5') { |
|
| 173 | - $matchPassword = loginMD5($internalKey, $_REQUEST['password'], $dbasePassword, $username); |
|
| 174 | - } elseif($hashType == 'v1') { |
|
| 175 | - $matchPassword = loginV1($internalKey, $_REQUEST['password'], $dbasePassword, $username); |
|
| 176 | - } else { |
|
| 177 | - $matchPassword = false; |
|
| 178 | - } |
|
| 168 | + // check user password - local authentication |
|
| 169 | + $hashType = $modx->manager->getHashType($dbasePassword); |
|
| 170 | + if($hashType == 'phpass') { |
|
| 171 | + $matchPassword = login($username, $_REQUEST['password'], $dbasePassword); |
|
| 172 | + } elseif($hashType == 'md5') { |
|
| 173 | + $matchPassword = loginMD5($internalKey, $_REQUEST['password'], $dbasePassword, $username); |
|
| 174 | + } elseif($hashType == 'v1') { |
|
| 175 | + $matchPassword = loginV1($internalKey, $_REQUEST['password'], $dbasePassword, $username); |
|
| 176 | + } else { |
|
| 177 | + $matchPassword = false; |
|
| 178 | + } |
|
| 179 | 179 | } else if($rt === true || (is_array($rt) && in_array(true, $rt))) { |
| 180 | - $matchPassword = true; |
|
| 180 | + $matchPassword = true; |
|
| 181 | 181 | } |
| 182 | 182 | |
| 183 | 183 | if(!$matchPassword) { |
| 184 | - jsAlert($_lang['login_processor_wrong_password']); |
|
| 185 | - incrementFailedLoginCount($internalKey, $failedlogins, $failed_allowed, $blocked_minutes); |
|
| 186 | - return; |
|
| 184 | + jsAlert($_lang['login_processor_wrong_password']); |
|
| 185 | + incrementFailedLoginCount($internalKey, $failedlogins, $failed_allowed, $blocked_minutes); |
|
| 186 | + return; |
|
| 187 | 187 | } |
| 188 | 188 | |
| 189 | 189 | if($modx->config['use_captcha'] == 1) { |
| 190 | - if(!isset ($_SESSION['veriword'])) { |
|
| 191 | - jsAlert($_lang['login_processor_captcha_config']); |
|
| 192 | - return; |
|
| 193 | - } elseif($_SESSION['veriword'] != $captcha_code) { |
|
| 194 | - jsAlert($_lang['login_processor_bad_code']); |
|
| 195 | - incrementFailedLoginCount($internalKey, $failedlogins, $failed_allowed, $blocked_minutes); |
|
| 196 | - return; |
|
| 197 | - } |
|
| 190 | + if(!isset ($_SESSION['veriword'])) { |
|
| 191 | + jsAlert($_lang['login_processor_captcha_config']); |
|
| 192 | + return; |
|
| 193 | + } elseif($_SESSION['veriword'] != $captcha_code) { |
|
| 194 | + jsAlert($_lang['login_processor_bad_code']); |
|
| 195 | + incrementFailedLoginCount($internalKey, $failedlogins, $failed_allowed, $blocked_minutes); |
|
| 196 | + return; |
|
| 197 | + } |
|
| 198 | 198 | } |
| 199 | 199 | |
| 200 | 200 | $modx->cleanupExpiredLocks(); |
@@ -229,36 +229,36 @@ discard block |
||
| 229 | 229 | $_SESSION['mgrToken'] = md5($currentsessionid); |
| 230 | 230 | |
| 231 | 231 | if($rememberme == '1') { |
| 232 | - $_SESSION['modx.mgr.session.cookie.lifetime'] = (int)$modx->config['session.cookie.lifetime']; |
|
| 233 | - |
|
| 234 | - // Set a cookie separate from the session cookie with the username in it. |
|
| 235 | - // Are we using secure connection? If so, make sure the cookie is secure |
|
| 236 | - global $https_port; |
|
| 237 | - |
|
| 238 | - $secure = ((isset ($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') || $_SERVER['SERVER_PORT'] == $https_port); |
|
| 239 | - if(version_compare(PHP_VERSION, '5.2', '<')) { |
|
| 240 | - setcookie('modx_remember_manager', $_SESSION['mgrShortname'], time() + 60 * 60 * 24 * 365, MODX_BASE_URL, '; HttpOnly', $secure); |
|
| 241 | - } else { |
|
| 242 | - setcookie('modx_remember_manager', $_SESSION['mgrShortname'], time() + 60 * 60 * 24 * 365, MODX_BASE_URL, NULL, $secure, true); |
|
| 243 | - } |
|
| 232 | + $_SESSION['modx.mgr.session.cookie.lifetime'] = (int)$modx->config['session.cookie.lifetime']; |
|
| 233 | + |
|
| 234 | + // Set a cookie separate from the session cookie with the username in it. |
|
| 235 | + // Are we using secure connection? If so, make sure the cookie is secure |
|
| 236 | + global $https_port; |
|
| 237 | + |
|
| 238 | + $secure = ((isset ($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') || $_SERVER['SERVER_PORT'] == $https_port); |
|
| 239 | + if(version_compare(PHP_VERSION, '5.2', '<')) { |
|
| 240 | + setcookie('modx_remember_manager', $_SESSION['mgrShortname'], time() + 60 * 60 * 24 * 365, MODX_BASE_URL, '; HttpOnly', $secure); |
|
| 241 | + } else { |
|
| 242 | + setcookie('modx_remember_manager', $_SESSION['mgrShortname'], time() + 60 * 60 * 24 * 365, MODX_BASE_URL, NULL, $secure, true); |
|
| 243 | + } |
|
| 244 | 244 | } else { |
| 245 | - $_SESSION['modx.mgr.session.cookie.lifetime'] = 0; |
|
| 245 | + $_SESSION['modx.mgr.session.cookie.lifetime'] = 0; |
|
| 246 | 246 | |
| 247 | - // Remove the Remember Me cookie |
|
| 248 | - setcookie('modx_remember_manager', '', time() - 3600, MODX_BASE_URL); |
|
| 247 | + // Remove the Remember Me cookie |
|
| 248 | + setcookie('modx_remember_manager', '', time() - 3600, MODX_BASE_URL); |
|
| 249 | 249 | } |
| 250 | 250 | |
| 251 | 251 | // Check if user already has an active session, if not check if user pressed logout end of last session |
| 252 | 252 | $rs = $modx->db->select('lasthit', $modx->getFullTableName('active_user_sessions'), "internalKey='{$internalKey}'"); |
| 253 | 253 | $activeSession = $modx->db->getValue($rs); |
| 254 | 254 | if(!$activeSession) { |
| 255 | - $rs = $modx->db->select('lasthit', $modx->getFullTableName('active_users'), "internalKey='{$internalKey}' AND action != 8"); |
|
| 256 | - if($lastHit = $modx->db->getValue($rs)) { |
|
| 257 | - $_SESSION['show_logout_reminder'] = array( |
|
| 258 | - 'type' => 'logout_reminder', |
|
| 259 | - 'lastHit' => $lastHit |
|
| 260 | - ); |
|
| 261 | - } |
|
| 255 | + $rs = $modx->db->select('lasthit', $modx->getFullTableName('active_users'), "internalKey='{$internalKey}' AND action != 8"); |
|
| 256 | + if($lastHit = $modx->db->getValue($rs)) { |
|
| 257 | + $_SESSION['show_logout_reminder'] = array( |
|
| 258 | + 'type' => 'logout_reminder', |
|
| 259 | + 'lastHit' => $lastHit |
|
| 260 | + ); |
|
| 261 | + } |
|
| 262 | 262 | } |
| 263 | 263 | |
| 264 | 264 | $log = new logHandler; |
@@ -266,29 +266,29 @@ discard block |
||
| 266 | 266 | |
| 267 | 267 | // invoke OnManagerLogin event |
| 268 | 268 | $modx->invokeEvent('OnManagerLogin', array( |
| 269 | - 'userid' => $internalKey, |
|
| 270 | - 'username' => $username, |
|
| 271 | - 'userpassword' => $givenPassword, |
|
| 272 | - 'rememberme' => $rememberme |
|
| 273 | - )); |
|
| 269 | + 'userid' => $internalKey, |
|
| 270 | + 'username' => $username, |
|
| 271 | + 'userpassword' => $givenPassword, |
|
| 272 | + 'rememberme' => $rememberme |
|
| 273 | + )); |
|
| 274 | 274 | |
| 275 | 275 | // check if we should redirect user to a web page |
| 276 | 276 | $rs = $modx->db->select('setting_value', '[+prefix+]user_settings', "user='{$internalKey}' AND setting_name='manager_login_startup'"); |
| 277 | 277 | $id = (int)$modx->db->getValue($rs); |
| 278 | 278 | if($id > 0) { |
| 279 | - $header = 'Location: ' . $modx->makeUrl($id, '', '', 'full'); |
|
| 280 | - if($_POST['ajax'] == 1) { |
|
| 281 | - echo $header; |
|
| 282 | - } else { |
|
| 283 | - header($header); |
|
| 284 | - } |
|
| 279 | + $header = 'Location: ' . $modx->makeUrl($id, '', '', 'full'); |
|
| 280 | + if($_POST['ajax'] == 1) { |
|
| 281 | + echo $header; |
|
| 282 | + } else { |
|
| 283 | + header($header); |
|
| 284 | + } |
|
| 285 | 285 | } else { |
| 286 | - $header = 'Location: ' . MODX_MANAGER_URL; |
|
| 287 | - if($_POST['ajax'] == 1) { |
|
| 288 | - echo $header; |
|
| 289 | - } else { |
|
| 290 | - header($header); |
|
| 291 | - } |
|
| 286 | + $header = 'Location: ' . MODX_MANAGER_URL; |
|
| 287 | + if($_POST['ajax'] == 1) { |
|
| 288 | + echo $header; |
|
| 289 | + } else { |
|
| 290 | + header($header); |
|
| 291 | + } |
|
| 292 | 292 | } |
| 293 | 293 | |
| 294 | 294 | /** |
@@ -297,12 +297,12 @@ discard block |
||
| 297 | 297 | * @param string $msg |
| 298 | 298 | */ |
| 299 | 299 | function jsAlert($msg) { |
| 300 | - global $modx; |
|
| 301 | - if($_POST['ajax'] != 1) { |
|
| 302 | - echo "<script>window.setTimeout(\"alert('" . addslashes($modx->db->escape($msg)) . "')\",10);history.go(-1)</script>"; |
|
| 303 | - } else { |
|
| 304 | - echo $msg . "\n"; |
|
| 305 | - } |
|
| 300 | + global $modx; |
|
| 301 | + if($_POST['ajax'] != 1) { |
|
| 302 | + echo "<script>window.setTimeout(\"alert('" . addslashes($modx->db->escape($msg)) . "')\",10);history.go(-1)</script>"; |
|
| 303 | + } else { |
|
| 304 | + echo $msg . "\n"; |
|
| 305 | + } |
|
| 306 | 306 | } |
| 307 | 307 | |
| 308 | 308 | /** |
@@ -312,8 +312,8 @@ discard block |
||
| 312 | 312 | * @return bool |
| 313 | 313 | */ |
| 314 | 314 | function login($username, $givenPassword, $dbasePassword) { |
| 315 | - global $modx; |
|
| 316 | - return $modx->phpass->CheckPassword($givenPassword, $dbasePassword); |
|
| 315 | + global $modx; |
|
| 316 | + return $modx->phpass->CheckPassword($givenPassword, $dbasePassword); |
|
| 317 | 317 | } |
| 318 | 318 | |
| 319 | 319 | /** |
@@ -324,26 +324,26 @@ discard block |
||
| 324 | 324 | * @return bool |
| 325 | 325 | */ |
| 326 | 326 | function loginV1($internalKey, $givenPassword, $dbasePassword, $username) { |
| 327 | - global $modx; |
|
| 327 | + global $modx; |
|
| 328 | 328 | |
| 329 | - $user_algo = $modx->manager->getV1UserHashAlgorithm($internalKey); |
|
| 329 | + $user_algo = $modx->manager->getV1UserHashAlgorithm($internalKey); |
|
| 330 | 330 | |
| 331 | - if(!isset($modx->config['pwd_hash_algo']) || empty($modx->config['pwd_hash_algo'])) { |
|
| 332 | - $modx->config['pwd_hash_algo'] = 'UNCRYPT'; |
|
| 333 | - } |
|
| 331 | + if(!isset($modx->config['pwd_hash_algo']) || empty($modx->config['pwd_hash_algo'])) { |
|
| 332 | + $modx->config['pwd_hash_algo'] = 'UNCRYPT'; |
|
| 333 | + } |
|
| 334 | 334 | |
| 335 | - if($user_algo !== $modx->config['pwd_hash_algo']) { |
|
| 336 | - $bk_pwd_hash_algo = $modx->config['pwd_hash_algo']; |
|
| 337 | - $modx->config['pwd_hash_algo'] = $user_algo; |
|
| 338 | - } |
|
| 335 | + if($user_algo !== $modx->config['pwd_hash_algo']) { |
|
| 336 | + $bk_pwd_hash_algo = $modx->config['pwd_hash_algo']; |
|
| 337 | + $modx->config['pwd_hash_algo'] = $user_algo; |
|
| 338 | + } |
|
| 339 | 339 | |
| 340 | - if($dbasePassword != $modx->manager->genV1Hash($givenPassword, $internalKey)) { |
|
| 341 | - return false; |
|
| 342 | - } |
|
| 340 | + if($dbasePassword != $modx->manager->genV1Hash($givenPassword, $internalKey)) { |
|
| 341 | + return false; |
|
| 342 | + } |
|
| 343 | 343 | |
| 344 | - updateNewHash($username, $givenPassword); |
|
| 344 | + updateNewHash($username, $givenPassword); |
|
| 345 | 345 | |
| 346 | - return true; |
|
| 346 | + return true; |
|
| 347 | 347 | } |
| 348 | 348 | |
| 349 | 349 | /** |
@@ -354,13 +354,13 @@ discard block |
||
| 354 | 354 | * @return bool |
| 355 | 355 | */ |
| 356 | 356 | function loginMD5($internalKey, $givenPassword, $dbasePassword, $username) { |
| 357 | - global $modx; |
|
| 357 | + global $modx; |
|
| 358 | 358 | |
| 359 | - if($dbasePassword != md5($givenPassword)) { |
|
| 360 | - return false; |
|
| 361 | - } |
|
| 362 | - updateNewHash($username, $givenPassword); |
|
| 363 | - return true; |
|
| 359 | + if($dbasePassword != md5($givenPassword)) { |
|
| 360 | + return false; |
|
| 361 | + } |
|
| 362 | + updateNewHash($username, $givenPassword); |
|
| 363 | + return true; |
|
| 364 | 364 | } |
| 365 | 365 | |
| 366 | 366 | /** |
@@ -368,11 +368,11 @@ discard block |
||
| 368 | 368 | * @param string $password |
| 369 | 369 | */ |
| 370 | 370 | function updateNewHash($username, $password) { |
| 371 | - global $modx; |
|
| 371 | + global $modx; |
|
| 372 | 372 | |
| 373 | - $field = array(); |
|
| 374 | - $field['password'] = $modx->phpass->HashPassword($password); |
|
| 375 | - $modx->db->update($field, '[+prefix+]manager_users', "username='{$username}'"); |
|
| 373 | + $field = array(); |
|
| 374 | + $field['password'] = $modx->phpass->HashPassword($password); |
|
| 375 | + $modx->db->update($field, '[+prefix+]manager_users', "username='{$username}'"); |
|
| 376 | 376 | } |
| 377 | 377 | |
| 378 | 378 | /** |
@@ -382,27 +382,27 @@ discard block |
||
| 382 | 382 | * @param int $blocked_minutes |
| 383 | 383 | */ |
| 384 | 384 | function incrementFailedLoginCount($internalKey, $failedlogins, $failed_allowed, $blocked_minutes) { |
| 385 | - global $modx; |
|
| 386 | - |
|
| 387 | - $failedlogins += 1; |
|
| 388 | - |
|
| 389 | - $fields = array('failedlogincount' => $failedlogins); |
|
| 390 | - if($failedlogins >= $failed_allowed) //block user for too many fail attempts |
|
| 391 | - { |
|
| 392 | - $fields['blockeduntil'] = time() + ($blocked_minutes * 60); |
|
| 393 | - } |
|
| 394 | - |
|
| 395 | - $modx->db->update($fields, '[+prefix+]user_attributes', "internalKey='{$internalKey}'"); |
|
| 396 | - |
|
| 397 | - if($failedlogins < $failed_allowed) { |
|
| 398 | - //sleep to help prevent brute force attacks |
|
| 399 | - $sleep = (int) $failedlogins / 2; |
|
| 400 | - if($sleep > 5) { |
|
| 401 | - $sleep = 5; |
|
| 402 | - } |
|
| 403 | - sleep($sleep); |
|
| 404 | - } |
|
| 405 | - @session_destroy(); |
|
| 406 | - session_unset(); |
|
| 407 | - return; |
|
| 385 | + global $modx; |
|
| 386 | + |
|
| 387 | + $failedlogins += 1; |
|
| 388 | + |
|
| 389 | + $fields = array('failedlogincount' => $failedlogins); |
|
| 390 | + if($failedlogins >= $failed_allowed) //block user for too many fail attempts |
|
| 391 | + { |
|
| 392 | + $fields['blockeduntil'] = time() + ($blocked_minutes * 60); |
|
| 393 | + } |
|
| 394 | + |
|
| 395 | + $modx->db->update($fields, '[+prefix+]user_attributes', "internalKey='{$internalKey}'"); |
|
| 396 | + |
|
| 397 | + if($failedlogins < $failed_allowed) { |
|
| 398 | + //sleep to help prevent brute force attacks |
|
| 399 | + $sleep = (int) $failedlogins / 2; |
|
| 400 | + if($sleep > 5) { |
|
| 401 | + $sleep = 5; |
|
| 402 | + } |
|
| 403 | + sleep($sleep); |
|
| 404 | + } |
|
| 405 | + @session_destroy(); |
|
| 406 | + session_unset(); |
|
| 407 | + return; |
|
| 408 | 408 | } |
@@ -1,23 +1,23 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | -if(!isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { |
|
| 2 | +if (!isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { |
|
| 3 | 3 | header('HTTP/1.0 404 Not Found'); |
| 4 | 4 | exit('error'); |
| 5 | 5 | } |
| 6 | -define('IN_MANAGER_MODE', true); // we use this to make sure files are accessed through |
|
| 6 | +define('IN_MANAGER_MODE', true); // we use this to make sure files are accessed through |
|
| 7 | 7 | define('MODX_API_MODE', true); |
| 8 | -include_once(__DIR__ . '/../../index.php'); |
|
| 8 | +include_once(__DIR__.'/../../index.php'); |
|
| 9 | 9 | $modx->db->connect(); |
| 10 | 10 | $modx->getSettings(); |
| 11 | 11 | $modx->invokeEvent('OnManagerPageInit'); |
| 12 | 12 | $modx->loadExtension('ManagerAPI'); |
| 13 | 13 | $modx->loadExtension('phpass'); |
| 14 | 14 | |
| 15 | -$core_path = MODX_MANAGER_PATH . 'includes/'; |
|
| 15 | +$core_path = MODX_MANAGER_PATH.'includes/'; |
|
| 16 | 16 | // include_once the language file |
| 17 | 17 | $_lang = array(); |
| 18 | 18 | include_once("{$core_path}lang/english.inc.php"); |
| 19 | 19 | |
| 20 | -if($manager_language !== 'english' && is_file("{$core_path}lang/{$manager_language}.inc.php")) { |
|
| 20 | +if ($manager_language !== 'english' && is_file("{$core_path}lang/{$manager_language}.inc.php")) { |
|
| 21 | 21 | include_once("{$core_path}lang/{$manager_language}.inc.php"); |
| 22 | 22 | } |
| 23 | 23 | |
@@ -25,7 +25,7 @@ discard block |
||
| 25 | 25 | include_once("{$core_path}log.class.inc.php"); |
| 26 | 26 | |
| 27 | 27 | // Initialize System Alert Message Queque |
| 28 | -if(!isset($_SESSION['SystemAlertMsgQueque'])) { |
|
| 28 | +if (!isset($_SESSION['SystemAlertMsgQueque'])) { |
|
| 29 | 29 | $_SESSION['SystemAlertMsgQueque'] = array(); |
| 30 | 30 | } |
| 31 | 31 | $SystemAlertMsgQueque = &$_SESSION['SystemAlertMsgQueque']; |
@@ -51,7 +51,7 @@ discard block |
||
| 51 | 51 | $rs = $modx->db->select($fields, $from, $where); |
| 52 | 52 | $limit = $modx->db->getRecordCount($rs); |
| 53 | 53 | |
| 54 | -if($limit == 0 || $limit > 1) { |
|
| 54 | +if ($limit == 0 || $limit > 1) { |
|
| 55 | 55 | jsAlert($_lang['login_processor_unknown_user']); |
| 56 | 56 | return; |
| 57 | 57 | } |
@@ -73,32 +73,32 @@ discard block |
||
| 73 | 73 | |
| 74 | 74 | // get the user settings from the database |
| 75 | 75 | $rs = $modx->db->select('setting_name, setting_value', '[+prefix+]user_settings', "user='{$internalKey}' AND setting_value!=''"); |
| 76 | -while($row = $modx->db->getRow($rs)) { |
|
| 76 | +while ($row = $modx->db->getRow($rs)) { |
|
| 77 | 77 | extract($row); |
| 78 | 78 | ${$setting_name} = $setting_value; |
| 79 | 79 | } |
| 80 | 80 | |
| 81 | 81 | // blocked due to number of login errors. |
| 82 | -if($failedlogins >= $failed_allowed && $blockeduntildate > time()) { |
|
| 82 | +if ($failedlogins >= $failed_allowed && $blockeduntildate > time()) { |
|
| 83 | 83 | @session_destroy(); |
| 84 | 84 | session_unset(); |
| 85 | - if($cip = getenv("HTTP_CLIENT_IP")) { |
|
| 85 | + if ($cip = getenv("HTTP_CLIENT_IP")) { |
|
| 86 | 86 | $ip = $cip; |
| 87 | - } elseif($cip = getenv("HTTP_X_FORWARDED_FOR")) { |
|
| 87 | + } elseif ($cip = getenv("HTTP_X_FORWARDED_FOR")) { |
|
| 88 | 88 | $ip = $cip; |
| 89 | - } elseif($cip = getenv("REMOTE_ADDR")) { |
|
| 89 | + } elseif ($cip = getenv("REMOTE_ADDR")) { |
|
| 90 | 90 | $ip = $cip; |
| 91 | 91 | } else { |
| 92 | 92 | $ip = "UNKNOWN"; |
| 93 | 93 | } |
| 94 | 94 | $log = new logHandler; |
| 95 | - $log->initAndWriteLog("Login Fail (Temporary Block)", $internalKey, $username, "119", $internalKey, "IP: " . $ip); |
|
| 95 | + $log->initAndWriteLog("Login Fail (Temporary Block)", $internalKey, $username, "119", $internalKey, "IP: ".$ip); |
|
| 96 | 96 | jsAlert($_lang['login_processor_many_failed_logins']); |
| 97 | 97 | return; |
| 98 | 98 | } |
| 99 | 99 | |
| 100 | 100 | // blocked due to number of login errors, but get to try again |
| 101 | -if($failedlogins >= $failed_allowed && $blockeduntildate < time()) { |
|
| 101 | +if ($failedlogins >= $failed_allowed && $blockeduntildate < time()) { |
|
| 102 | 102 | $fields = array(); |
| 103 | 103 | $fields['failedlogincount'] = '0'; |
| 104 | 104 | $fields['blockeduntil'] = time() - 1; |
@@ -106,7 +106,7 @@ discard block |
||
| 106 | 106 | } |
| 107 | 107 | |
| 108 | 108 | // this user has been blocked by an admin, so no way he's loggin in! |
| 109 | -if($blocked == '1') { |
|
| 109 | +if ($blocked == '1') { |
|
| 110 | 110 | @session_destroy(); |
| 111 | 111 | session_unset(); |
| 112 | 112 | jsAlert($_lang['login_processor_blocked1']); |
@@ -114,7 +114,7 @@ discard block |
||
| 114 | 114 | } |
| 115 | 115 | |
| 116 | 116 | // blockuntil: this user has a block until date |
| 117 | -if($blockeduntildate > time()) { |
|
| 117 | +if ($blockeduntildate > time()) { |
|
| 118 | 118 | @session_destroy(); |
| 119 | 119 | session_unset(); |
| 120 | 120 | jsAlert($_lang['login_processor_blocked2']); |
@@ -122,7 +122,7 @@ discard block |
||
| 122 | 122 | } |
| 123 | 123 | |
| 124 | 124 | // blockafter: this user has a block after date |
| 125 | -if($blockedafterdate > 0 && $blockedafterdate < time()) { |
|
| 125 | +if ($blockedafterdate > 0 && $blockedafterdate < time()) { |
|
| 126 | 126 | @session_destroy(); |
| 127 | 127 | session_unset(); |
| 128 | 128 | jsAlert($_lang['login_processor_blocked3']); |
@@ -130,24 +130,24 @@ discard block |
||
| 130 | 130 | } |
| 131 | 131 | |
| 132 | 132 | // allowed ip |
| 133 | -if($allowed_ip) { |
|
| 134 | - if(($hostname = gethostbyaddr($_SERVER['REMOTE_ADDR'])) && ($hostname != $_SERVER['REMOTE_ADDR'])) { |
|
| 135 | - if(gethostbyname($hostname) != $_SERVER['REMOTE_ADDR']) { |
|
| 133 | +if ($allowed_ip) { |
|
| 134 | + if (($hostname = gethostbyaddr($_SERVER['REMOTE_ADDR'])) && ($hostname != $_SERVER['REMOTE_ADDR'])) { |
|
| 135 | + if (gethostbyname($hostname) != $_SERVER['REMOTE_ADDR']) { |
|
| 136 | 136 | jsAlert($_lang['login_processor_remotehost_ip']); |
| 137 | 137 | return; |
| 138 | 138 | } |
| 139 | 139 | } |
| 140 | - if(!in_array($_SERVER['REMOTE_ADDR'], array_filter(array_map('trim', explode(',', $allowed_ip))))) { |
|
| 140 | + if (!in_array($_SERVER['REMOTE_ADDR'], array_filter(array_map('trim', explode(',', $allowed_ip))))) { |
|
| 141 | 141 | jsAlert($_lang['login_processor_remote_ip']); |
| 142 | 142 | return; |
| 143 | 143 | } |
| 144 | 144 | } |
| 145 | 145 | |
| 146 | 146 | // allowed days |
| 147 | -if($allowed_days) { |
|
| 147 | +if ($allowed_days) { |
|
| 148 | 148 | $date = getdate(); |
| 149 | 149 | $day = $date['wday'] + 1; |
| 150 | - if(!in_array($day,explode(',',$allowed_days))) { |
|
| 150 | + if (!in_array($day, explode(',', $allowed_days))) { |
|
| 151 | 151 | jsAlert($_lang['login_processor_date']); |
| 152 | 152 | return; |
| 153 | 153 | } |
@@ -164,33 +164,33 @@ discard block |
||
| 164 | 164 | |
| 165 | 165 | // check if plugin authenticated the user |
| 166 | 166 | $matchPassword = false; |
| 167 | -if(!isset($rt) || !$rt || (is_array($rt) && !in_array(true, $rt))) { |
|
| 167 | +if (!isset($rt) || !$rt || (is_array($rt) && !in_array(true, $rt))) { |
|
| 168 | 168 | // check user password - local authentication |
| 169 | 169 | $hashType = $modx->manager->getHashType($dbasePassword); |
| 170 | - if($hashType == 'phpass') { |
|
| 170 | + if ($hashType == 'phpass') { |
|
| 171 | 171 | $matchPassword = login($username, $_REQUEST['password'], $dbasePassword); |
| 172 | - } elseif($hashType == 'md5') { |
|
| 172 | + } elseif ($hashType == 'md5') { |
|
| 173 | 173 | $matchPassword = loginMD5($internalKey, $_REQUEST['password'], $dbasePassword, $username); |
| 174 | - } elseif($hashType == 'v1') { |
|
| 174 | + } elseif ($hashType == 'v1') { |
|
| 175 | 175 | $matchPassword = loginV1($internalKey, $_REQUEST['password'], $dbasePassword, $username); |
| 176 | 176 | } else { |
| 177 | 177 | $matchPassword = false; |
| 178 | 178 | } |
| 179 | -} else if($rt === true || (is_array($rt) && in_array(true, $rt))) { |
|
| 179 | +} else if ($rt === true || (is_array($rt) && in_array(true, $rt))) { |
|
| 180 | 180 | $matchPassword = true; |
| 181 | 181 | } |
| 182 | 182 | |
| 183 | -if(!$matchPassword) { |
|
| 183 | +if (!$matchPassword) { |
|
| 184 | 184 | jsAlert($_lang['login_processor_wrong_password']); |
| 185 | 185 | incrementFailedLoginCount($internalKey, $failedlogins, $failed_allowed, $blocked_minutes); |
| 186 | 186 | return; |
| 187 | 187 | } |
| 188 | 188 | |
| 189 | -if($modx->config['use_captcha'] == 1) { |
|
| 190 | - if(!isset ($_SESSION['veriword'])) { |
|
| 189 | +if ($modx->config['use_captcha'] == 1) { |
|
| 190 | + if (!isset ($_SESSION['veriword'])) { |
|
| 191 | 191 | jsAlert($_lang['login_processor_captcha_config']); |
| 192 | 192 | return; |
| 193 | - } elseif($_SESSION['veriword'] != $captcha_code) { |
|
| 193 | + } elseif ($_SESSION['veriword'] != $captcha_code) { |
|
| 194 | 194 | jsAlert($_lang['login_processor_bad_code']); |
| 195 | 195 | incrementFailedLoginCount($internalKey, $failedlogins, $failed_allowed, $blocked_minutes); |
| 196 | 196 | return; |
@@ -218,25 +218,25 @@ discard block |
||
| 218 | 218 | $_SESSION['mgrPermissions'] = $modx->db->getRow($rs); |
| 219 | 219 | |
| 220 | 220 | // successful login so reset fail count and update key values |
| 221 | -$modx->db->update('failedlogincount=0, ' . 'logincount=logincount+1, ' . 'lastlogin=thislogin, ' . 'thislogin=' . time() . ', ' . "sessionid='{$currentsessionid}'", '[+prefix+]user_attributes', "internalKey='{$internalKey}'"); |
|
| 221 | +$modx->db->update('failedlogincount=0, '.'logincount=logincount+1, '.'lastlogin=thislogin, '.'thislogin='.time().', '."sessionid='{$currentsessionid}'", '[+prefix+]user_attributes', "internalKey='{$internalKey}'"); |
|
| 222 | 222 | |
| 223 | 223 | // get user's document groups |
| 224 | 224 | $i = 0; |
| 225 | -$rs = $modx->db->select('uga.documentgroup', $modx->getFullTableName('member_groups') . ' ug |
|
| 226 | - INNER JOIN ' . $modx->getFullTableName('membergroup_access') . ' uga ON uga.membergroup=ug.user_group', "ug.member='{$internalKey}'"); |
|
| 225 | +$rs = $modx->db->select('uga.documentgroup', $modx->getFullTableName('member_groups').' ug |
|
| 226 | + INNER JOIN ' . $modx->getFullTableName('membergroup_access').' uga ON uga.membergroup=ug.user_group', "ug.member='{$internalKey}'"); |
|
| 227 | 227 | $_SESSION['mgrDocgroups'] = $modx->db->getColumn('documentgroup', $rs); |
| 228 | 228 | |
| 229 | 229 | $_SESSION['mgrToken'] = md5($currentsessionid); |
| 230 | 230 | |
| 231 | -if($rememberme == '1') { |
|
| 232 | - $_SESSION['modx.mgr.session.cookie.lifetime'] = (int)$modx->config['session.cookie.lifetime']; |
|
| 231 | +if ($rememberme == '1') { |
|
| 232 | + $_SESSION['modx.mgr.session.cookie.lifetime'] = (int) $modx->config['session.cookie.lifetime']; |
|
| 233 | 233 | |
| 234 | 234 | // Set a cookie separate from the session cookie with the username in it. |
| 235 | 235 | // Are we using secure connection? If so, make sure the cookie is secure |
| 236 | 236 | global $https_port; |
| 237 | 237 | |
| 238 | 238 | $secure = ((isset ($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') || $_SERVER['SERVER_PORT'] == $https_port); |
| 239 | - if(version_compare(PHP_VERSION, '5.2', '<')) { |
|
| 239 | + if (version_compare(PHP_VERSION, '5.2', '<')) { |
|
| 240 | 240 | setcookie('modx_remember_manager', $_SESSION['mgrShortname'], time() + 60 * 60 * 24 * 365, MODX_BASE_URL, '; HttpOnly', $secure); |
| 241 | 241 | } else { |
| 242 | 242 | setcookie('modx_remember_manager', $_SESSION['mgrShortname'], time() + 60 * 60 * 24 * 365, MODX_BASE_URL, NULL, $secure, true); |
@@ -251,9 +251,9 @@ discard block |
||
| 251 | 251 | // Check if user already has an active session, if not check if user pressed logout end of last session |
| 252 | 252 | $rs = $modx->db->select('lasthit', $modx->getFullTableName('active_user_sessions'), "internalKey='{$internalKey}'"); |
| 253 | 253 | $activeSession = $modx->db->getValue($rs); |
| 254 | -if(!$activeSession) { |
|
| 254 | +if (!$activeSession) { |
|
| 255 | 255 | $rs = $modx->db->select('lasthit', $modx->getFullTableName('active_users'), "internalKey='{$internalKey}' AND action != 8"); |
| 256 | - if($lastHit = $modx->db->getValue($rs)) { |
|
| 256 | + if ($lastHit = $modx->db->getValue($rs)) { |
|
| 257 | 257 | $_SESSION['show_logout_reminder'] = array( |
| 258 | 258 | 'type' => 'logout_reminder', |
| 259 | 259 | 'lastHit' => $lastHit |
@@ -274,17 +274,17 @@ discard block |
||
| 274 | 274 | |
| 275 | 275 | // check if we should redirect user to a web page |
| 276 | 276 | $rs = $modx->db->select('setting_value', '[+prefix+]user_settings', "user='{$internalKey}' AND setting_name='manager_login_startup'"); |
| 277 | -$id = (int)$modx->db->getValue($rs); |
|
| 278 | -if($id > 0) { |
|
| 279 | - $header = 'Location: ' . $modx->makeUrl($id, '', '', 'full'); |
|
| 280 | - if($_POST['ajax'] == 1) { |
|
| 277 | +$id = (int) $modx->db->getValue($rs); |
|
| 278 | +if ($id > 0) { |
|
| 279 | + $header = 'Location: '.$modx->makeUrl($id, '', '', 'full'); |
|
| 280 | + if ($_POST['ajax'] == 1) { |
|
| 281 | 281 | echo $header; |
| 282 | 282 | } else { |
| 283 | 283 | header($header); |
| 284 | 284 | } |
| 285 | 285 | } else { |
| 286 | - $header = 'Location: ' . MODX_MANAGER_URL; |
|
| 287 | - if($_POST['ajax'] == 1) { |
|
| 286 | + $header = 'Location: '.MODX_MANAGER_URL; |
|
| 287 | + if ($_POST['ajax'] == 1) { |
|
| 288 | 288 | echo $header; |
| 289 | 289 | } else { |
| 290 | 290 | header($header); |
@@ -296,12 +296,12 @@ discard block |
||
| 296 | 296 | * |
| 297 | 297 | * @param string $msg |
| 298 | 298 | */ |
| 299 | -function jsAlert($msg) { |
|
| 299 | +function jsAlert($msg){ |
|
| 300 | 300 | global $modx; |
| 301 | - if($_POST['ajax'] != 1) { |
|
| 302 | - echo "<script>window.setTimeout(\"alert('" . addslashes($modx->db->escape($msg)) . "')\",10);history.go(-1)</script>"; |
|
| 301 | + if ($_POST['ajax'] != 1) { |
|
| 302 | + echo "<script>window.setTimeout(\"alert('".addslashes($modx->db->escape($msg))."')\",10);history.go(-1)</script>"; |
|
| 303 | 303 | } else { |
| 304 | - echo $msg . "\n"; |
|
| 304 | + echo $msg."\n"; |
|
| 305 | 305 | } |
| 306 | 306 | } |
| 307 | 307 | |
@@ -311,7 +311,7 @@ discard block |
||
| 311 | 311 | * @param string $dbasePassword |
| 312 | 312 | * @return bool |
| 313 | 313 | */ |
| 314 | -function login($username, $givenPassword, $dbasePassword) { |
|
| 314 | +function login($username, $givenPassword, $dbasePassword){ |
|
| 315 | 315 | global $modx; |
| 316 | 316 | return $modx->phpass->CheckPassword($givenPassword, $dbasePassword); |
| 317 | 317 | } |
@@ -323,21 +323,21 @@ discard block |
||
| 323 | 323 | * @param string $username |
| 324 | 324 | * @return bool |
| 325 | 325 | */ |
| 326 | -function loginV1($internalKey, $givenPassword, $dbasePassword, $username) { |
|
| 326 | +function loginV1($internalKey, $givenPassword, $dbasePassword, $username){ |
|
| 327 | 327 | global $modx; |
| 328 | 328 | |
| 329 | 329 | $user_algo = $modx->manager->getV1UserHashAlgorithm($internalKey); |
| 330 | 330 | |
| 331 | - if(!isset($modx->config['pwd_hash_algo']) || empty($modx->config['pwd_hash_algo'])) { |
|
| 331 | + if (!isset($modx->config['pwd_hash_algo']) || empty($modx->config['pwd_hash_algo'])) { |
|
| 332 | 332 | $modx->config['pwd_hash_algo'] = 'UNCRYPT'; |
| 333 | 333 | } |
| 334 | 334 | |
| 335 | - if($user_algo !== $modx->config['pwd_hash_algo']) { |
|
| 335 | + if ($user_algo !== $modx->config['pwd_hash_algo']) { |
|
| 336 | 336 | $bk_pwd_hash_algo = $modx->config['pwd_hash_algo']; |
| 337 | 337 | $modx->config['pwd_hash_algo'] = $user_algo; |
| 338 | 338 | } |
| 339 | 339 | |
| 340 | - if($dbasePassword != $modx->manager->genV1Hash($givenPassword, $internalKey)) { |
|
| 340 | + if ($dbasePassword != $modx->manager->genV1Hash($givenPassword, $internalKey)) { |
|
| 341 | 341 | return false; |
| 342 | 342 | } |
| 343 | 343 | |
@@ -353,10 +353,10 @@ discard block |
||
| 353 | 353 | * @param string $username |
| 354 | 354 | * @return bool |
| 355 | 355 | */ |
| 356 | -function loginMD5($internalKey, $givenPassword, $dbasePassword, $username) { |
|
| 356 | +function loginMD5($internalKey, $givenPassword, $dbasePassword, $username){ |
|
| 357 | 357 | global $modx; |
| 358 | 358 | |
| 359 | - if($dbasePassword != md5($givenPassword)) { |
|
| 359 | + if ($dbasePassword != md5($givenPassword)) { |
|
| 360 | 360 | return false; |
| 361 | 361 | } |
| 362 | 362 | updateNewHash($username, $givenPassword); |
@@ -367,7 +367,7 @@ discard block |
||
| 367 | 367 | * @param string $username |
| 368 | 368 | * @param string $password |
| 369 | 369 | */ |
| 370 | -function updateNewHash($username, $password) { |
|
| 370 | +function updateNewHash($username, $password){ |
|
| 371 | 371 | global $modx; |
| 372 | 372 | |
| 373 | 373 | $field = array(); |
@@ -381,23 +381,23 @@ discard block |
||
| 381 | 381 | * @param int $failed_allowed |
| 382 | 382 | * @param int $blocked_minutes |
| 383 | 383 | */ |
| 384 | -function incrementFailedLoginCount($internalKey, $failedlogins, $failed_allowed, $blocked_minutes) { |
|
| 384 | +function incrementFailedLoginCount($internalKey, $failedlogins, $failed_allowed, $blocked_minutes){ |
|
| 385 | 385 | global $modx; |
| 386 | 386 | |
| 387 | 387 | $failedlogins += 1; |
| 388 | 388 | |
| 389 | 389 | $fields = array('failedlogincount' => $failedlogins); |
| 390 | - if($failedlogins >= $failed_allowed) //block user for too many fail attempts |
|
| 390 | + if ($failedlogins >= $failed_allowed) //block user for too many fail attempts |
|
| 391 | 391 | { |
| 392 | 392 | $fields['blockeduntil'] = time() + ($blocked_minutes * 60); |
| 393 | 393 | } |
| 394 | 394 | |
| 395 | 395 | $modx->db->update($fields, '[+prefix+]user_attributes', "internalKey='{$internalKey}'"); |
| 396 | 396 | |
| 397 | - if($failedlogins < $failed_allowed) { |
|
| 397 | + if ($failedlogins < $failed_allowed) { |
|
| 398 | 398 | //sleep to help prevent brute force attacks |
| 399 | 399 | $sleep = (int) $failedlogins / 2; |
| 400 | - if($sleep > 5) { |
|
| 400 | + if ($sleep > 5) { |
|
| 401 | 401 | $sleep = 5; |
| 402 | 402 | } |
| 403 | 403 | sleep($sleep); |
