Changeset 1744 for trunk/include/functions_user.inc.php

Timestamp:

Jan 23, 2007, 2:22:52 AM (17 years ago)

Author:

rvelices

Message:

• revert feature 564: log the login of each user; but add the possibility to be

done by a plugin

• create a "standard" way to define PHP functions that we use but might not be

available in the current php version

• when a comment is rejected (spam, anti-flood etc), put the content back to the

browser in case there is a real user behind it

• now a comment can be entered only if the page was retrieved between 2 seconds

ago and 1 hour ago

File:

• trunk/include/functions_user.inc.php (modified) (5 diffs)

trunk/include/functions_user.inc.php

@@ -859 +859 @@
  * returns the auto login key or false on error
  * @param int user_id
+ * @param string [out] username
 */
-function calculate_auto_login_key($user_id)
+function calculate_auto_login_key($user_id, &$username)
 {
   global $conf;
@@ -872 +873 @@
   {
     $row = mysql_fetch_assoc($result);
-    $key = sha1( $row['username'].$row['password'] );
+    $username = $row['username'];
+    $data = $row['username'].$row['password'];
+    $key = base64_encode(
+      pack('H*', sha1($data))
+      .hash_hmac('md5', $data, $conf['secret_key'],true)
+      );
     return $key;
   }
@@ -890 +896 @@
   if ($remember_me and $conf['authorize_remembering'])
   {
-    $key = calculate_auto_login_key($user_id);
+    $key = calculate_auto_login_key($user_id, $username);
     if ($key!==false)
     {
@@ -929 +935 @@
   {
     $cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']]));
-    if ($cookie!==false)
-    {
-      $key = calculate_auto_login_key($cookie['id']);
+    if ($cookie!==false and is_numeric(@$cookie['id']) )
+    {
+      $key = calculate_auto_login_key( $cookie['id'], $username );
       if ($key!==false and $key===$cookie['key'])
       {
         log_user($cookie['id'], true);
+        trigger_action('login_success', $username);
         return true;
       }
@@ -940 +947 @@
     setcookie($conf['remember_me_name'], '', 0, cookie_path());
   }
+  return false;
+}
+
+/**
+ * Tries to login a user given username and password (must be MySql escaped)
+ * return true on success
+ */
+function try_log_user($username, $password, $remember_me)
+{
+  global $conf;
+  // retrieving the encrypted password of the login submitted
+  $query = '
+SELECT '.$conf['user_fields']['id'].' AS id,
+       '.$conf['user_fields']['password'].' AS password
+  FROM '.USERS_TABLE.'
+  WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
+;';
+  $row = mysql_fetch_assoc(pwg_query($query));
+  if ($row['password'] == $conf['pass_convert']($password))
+  {
+    log_user($row['id'], $remember_me);
+    trigger_action('login_success', $username);
+    return true;
+  }
+  trigger_action('login_failure', $username);
   return false;
 }