| changeset 603 | 33b274c8d357 |
| parent 595 | b051eb79b158 |
| child 618 | 587b393f1e5e |
| 602:ecbc8d202058 | 603:33b274c8d357 |
|---|---|
434 { |
434 { |
435 $data = RenderMan::strToPageID($paths->get_pageid_from_url()); |
435 $data = RenderMan::strToPageID($paths->get_pageid_from_url()); |
436 |
436 |
437 if(!$this->compat && $userdata['account_active'] != 1 && $data[1] != 'Special' && $data[1] != 'Admin') |
437 if(!$this->compat && $userdata['account_active'] != 1 && $data[1] != 'Special' && $data[1] != 'Admin') |
438 { |
438 { |
439 $language = intval(getConfig('default_language')); |
439 $this->show_inactive_error($userdata); |
440 $lang = new Language($language); |
|
441 @setlocale(LC_ALL, $lang->lang_code); |
|
442 |
|
443 $this->logout(); |
|
444 $a = getConfig('account_activation'); |
|
445 switch($a) |
|
446 { |
|
447 case 'none': |
|
448 default: |
|
449 $solution = $lang->get('user_login_noact_solution_none'); |
|
450 break; |
|
451 case 'user': |
|
452 $solution = $lang->get('user_login_noact_solution_user'); |
|
453 break; |
|
454 case 'admin': |
|
455 $solution = $lang->get('user_login_noact_solution_admin'); |
|
456 break; |
|
457 } |
|
458 |
|
459 // admin activation request opportunity |
|
460 $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND edit_summary=\'' . $db->escape($userdata['username']) . '\';'); |
|
461 if ( !$q ) |
|
462 $db->_die(); |
|
463 |
|
464 $can_request = ( $db->numrows() < 1 ); |
|
465 $db->free_result(); |
|
466 |
|
467 if ( isset($_POST['logout']) ) |
|
468 { |
|
469 $this->sid = $_COOKIE['sid']; |
|
470 $this->user_logged_in = true; |
|
471 $this->user_id = intval($userdata['user_id']); |
|
472 $this->username = $userdata['username']; |
|
473 $this->auth_level = USER_LEVEL_MEMBER; |
|
474 $this->user_level = USER_LEVEL_MEMBER; |
|
475 $this->logout(); |
|
476 redirect(scriptPath . '/', $lang->get('user_login_noact_msg_logout_success_title'), $lang->get('user_login_noact_msg_logout_success_body'), 5); |
|
477 } |
|
478 |
|
479 if ( $can_request && !isset($_POST['activation_request']) ) |
|
480 { |
|
481 $form = '<p>' . $lang->get('user_login_noact_msg_ask_admins') . '</p> |
|
482 <form action="' . makeUrlNS('System', 'ActivateStub') . '" method="post"> |
|
483 <p><input type="submit" name="activation_request" value="' . $lang->get('user_login_noact_btn_request_activation') . '" /> <input type="submit" name="logout" value="' . $lang->get('user_login_noact_btn_log_out') . '" /></p> |
|
484 </form>'; |
|
485 } |
|
486 else |
|
487 { |
|
488 if ( $can_request && isset($_POST['activation_request']) ) |
|
489 { |
|
490 $this->admin_activation_request($userdata['username']); |
|
491 $form = '<p>' . $lang->get('user_login_noact_msg_admins_just_asked') . '</p> |
|
492 <form action="' . makeUrlNS('System', 'ActivateStub') . '" method="post"> |
|
493 <p><input type="submit" name="logout" value="' . $lang->get('user_login_noact_btn_log_out') . '" /></p> |
|
494 </form>'; |
|
495 } |
|
496 else |
|
497 { |
|
498 $form = '<p>' . $lang->get('user_login_noact_msg_admins_asked') . '</p> |
|
499 <form action="' . makeUrlNS('System', 'ActivateStub') . '" method="post"> |
|
500 <p><input type="submit" name="logout" value="' . $lang->get('user_login_noact_btn_log_out') . '" /></p> |
|
501 </form>'; |
|
502 } |
|
503 } |
|
504 |
|
505 die_semicritical($lang->get('user_login_noact_title'), '<p>' . $lang->get('user_login_noact_msg_intro') . ' '.$solution.'</p>' . $form); |
|
506 } |
440 } |
507 |
441 |
508 $this->sid = $_COOKIE['sid']; |
442 $this->sid = $_COOKIE['sid']; |
509 $this->user_logged_in = true; |
443 $this->user_logged_in = true; |
510 $this->user_id = intval($userdata['user_id']); |
444 $this->user_id = intval($userdata['user_id']); |
1153 $session_key = "u=$username;p=$passha1;s=$salt"; |
1087 $session_key = "u=$username;p=$passha1;s=$salt"; |
1154 |
1088 |
1155 // Encrypt the key |
1089 // Encrypt the key |
1156 $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); |
1090 $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); |
1157 $session_key = $aes->encrypt($session_key, $this->private_key, ENC_HEX); |
1091 $session_key = $aes->encrypt($session_key, $this->private_key, ENC_HEX); |
1092 $dec_DEBUG = $aes->decrypt($session_key, $this->private_key, ENC_HEX); |
|
1158 |
1093 |
1159 // If we're registering an elevated-privilege key, it needs to be on GET |
1094 // If we're registering an elevated-privilege key, it needs to be on GET |
1160 if($level > USER_LEVEL_MEMBER) |
1095 if($level > USER_LEVEL_MEMBER) |
1161 { |
1096 { |
1162 // Reverse it - cosmetic only ;-) |
1097 // Reverse it - cosmetic only ;-) |
1295 . ' ON ( p.message_to=u.username AND p.message_read=0 )' . "\n" |
1230 . ' ON ( p.message_to=u.username AND p.message_read=0 )' . "\n" |
1296 . ' WHERE k.session_key=\''.$keyhash.'\'' . "\n" |
1231 . ' WHERE k.session_key=\''.$keyhash.'\'' . "\n" |
1297 . ' AND k.salt=\''.$salt.'\'' . "\n" |
1232 . ' AND k.salt=\''.$salt.'\'' . "\n" |
1298 . ' GROUP BY u.user_id,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,u.user_lang,u.user_timezone,k.source_ip,k.time,k.auth_level,x.user_id, x.user_aim, x.user_yahoo, x.user_msn, x.user_xmpp, x.user_homepage, x.user_location, x.user_job, x.user_hobbies, x.email_public, x.disable_js_fx;'); |
1233 . ' GROUP BY u.user_id,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,u.user_lang,u.user_timezone,k.source_ip,k.time,k.auth_level,x.user_id, x.user_aim, x.user_yahoo, x.user_msn, x.user_xmpp, x.user_homepage, x.user_location, x.user_job, x.user_hobbies, x.email_public, x.disable_js_fx;'); |
1299 |
1234 |
1300 if ( !$query ) |
1235 if ( !$query && ( defined('IN_ENANO_INSTALL') or defined('IN_ENANO_UPGRADE') ) ) |
1301 { |
1236 { |
1302 $query = $this->sql('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms, 1440 AS user_timezone FROM '.table_prefix.'session_keys AS k |
1237 $query = $this->sql('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms, 1440 AS user_timezone FROM '.table_prefix.'session_keys AS k |
1303 LEFT JOIN '.table_prefix.'users AS u |
1238 LEFT JOIN '.table_prefix.'users AS u |
1304 ON ( u.user_id=k.user_id ) |
1239 ON ( u.user_id=k.user_id ) |
1305 LEFT JOIN '.table_prefix.'privmsgs AS p |
1240 LEFT JOIN '.table_prefix.'privmsgs AS p |
1306 ON ( p.message_to=u.username AND p.message_read=0 ) |
1241 ON ( p.message_to=u.username AND p.message_read=0 ) |
1307 WHERE k.session_key=\''.$keyhash.'\' |
1242 WHERE k.session_key=\''.$keyhash.'\' |
1308 AND k.salt=\''.$salt.'\' |
1243 AND k.salt=\''.$salt.'\' |
1309 GROUP BY u.user_id,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level;'); |
1244 GROUP BY u.user_id,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level;'); |
1245 } |
|
1246 else if ( !$query ) |
|
1247 { |
|
1248 $db->_die(); |
|
1310 } |
1249 } |
1311 if($db->numrows() < 1) |
1250 if($db->numrows() < 1) |
1312 { |
1251 { |
1313 // echo '(debug) $session->validate_session: Key was not found in database<br />'; |
1252 // echo '(debug) $session->validate_session: Key was not found in database<br />'; |
1314 return false; |
1253 return false; |
1498 } |
1437 } |
1499 return 'success'; |
1438 return 'success'; |
1500 } |
1439 } |
1501 |
1440 |
1502 # Miscellaneous stuff |
1441 # Miscellaneous stuff |
1442 |
|
1443 /** |
|
1444 * Alerts the user that their account is inactive, and tells them appropriate steps to remedy the situation. Halts execution. |
|
1445 * @param array Return from validate_session() |
|
1446 */ |
|
1447 |
|
1448 function show_inactive_error($userdata) |
|
1449 { |
|
1450 global $db, $session, $paths, $template, $plugins; // Common objects |
|
1451 global $lang; |
|
1452 |
|
1453 $language = intval(getConfig('default_language')); |
|
1454 $lang = new Language($language); |
|
1455 @setlocale(LC_ALL, $lang->lang_code); |
|
1456 |
|
1457 $this->logout(); |
|
1458 $a = getConfig('account_activation'); |
|
1459 switch($a) |
|
1460 { |
|
1461 case 'none': |
|
1462 default: |
|
1463 $solution = $lang->get('user_login_noact_solution_none'); |
|
1464 break; |
|
1465 case 'user': |
|
1466 $solution = $lang->get('user_login_noact_solution_user'); |
|
1467 break; |
|
1468 case 'admin': |
|
1469 $solution = $lang->get('user_login_noact_solution_admin'); |
|
1470 break; |
|
1471 } |
|
1472 |
|
1473 // admin activation request opportunity |
|
1474 $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND edit_summary=\'' . $db->escape($userdata['username']) . '\';'); |
|
1475 if ( !$q ) |
|
1476 $db->_die(); |
|
1477 |
|
1478 $can_request = ( $db->numrows() < 1 ); |
|
1479 $db->free_result(); |
|
1480 |
|
1481 if ( isset($_POST['logout']) ) |
|
1482 { |
|
1483 $this->sid = $_COOKIE['sid']; |
|
1484 $this->user_logged_in = true; |
|
1485 $this->user_id = intval($userdata['user_id']); |
|
1486 $this->username = $userdata['username']; |
|
1487 $this->auth_level = USER_LEVEL_MEMBER; |
|
1488 $this->user_level = USER_LEVEL_MEMBER; |
|
1489 $this->logout(); |
|
1490 redirect(scriptPath . '/', $lang->get('user_login_noact_msg_logout_success_title'), $lang->get('user_login_noact_msg_logout_success_body'), 5); |
|
1491 } |
|
1492 |
|
1493 if ( $can_request && !isset($_POST['activation_request']) ) |
|
1494 { |
|
1495 $form = '<p>' . $lang->get('user_login_noact_msg_ask_admins') . '</p> |
|
1496 <form action="' . makeUrlNS('System', 'ActivateStub') . '" method="post"> |
|
1497 <p><input type="submit" name="activation_request" value="' . $lang->get('user_login_noact_btn_request_activation') . '" /> <input type="submit" name="logout" value="' . $lang->get('user_login_noact_btn_log_out') . '" /></p> |
|
1498 </form>'; |
|
1499 } |
|
1500 else |
|
1501 { |
|
1502 if ( $can_request && isset($_POST['activation_request']) ) |
|
1503 { |
|
1504 $this->admin_activation_request($userdata['username']); |
|
1505 $form = '<p>' . $lang->get('user_login_noact_msg_admins_just_asked') . '</p> |
|
1506 <form action="' . makeUrlNS('System', 'ActivateStub') . '" method="post"> |
|
1507 <p><input type="submit" name="logout" value="' . $lang->get('user_login_noact_btn_log_out') . '" /></p> |
|
1508 </form>'; |
|
1509 } |
|
1510 else |
|
1511 { |
|
1512 $form = '<p>' . $lang->get('user_login_noact_msg_admins_asked') . '</p> |
|
1513 <form action="' . makeUrlNS('System', 'ActivateStub') . '" method="post"> |
|
1514 <p><input type="submit" name="logout" value="' . $lang->get('user_login_noact_btn_log_out') . '" /></p> |
|
1515 </form>'; |
|
1516 } |
|
1517 } |
|
1518 |
|
1519 die_semicritical($lang->get('user_login_noact_title'), '<p>' . $lang->get('user_login_noact_msg_intro') . ' '.$solution.'</p>' . $form); |
|
1520 } |
|
1503 |
1521 |
1504 /** |
1522 /** |
1505 * Appends the high-privilege session key to the URL if we are authorized to do high-privilege stuff |
1523 * Appends the high-privilege session key to the URL if we are authorized to do high-privilege stuff |
1506 * @param string $url The URL to add session data to |
1524 * @param string $url The URL to add session data to |
1507 * @return string |
1525 * @return string |