aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/functions.php
diff options
context:
space:
mode:
authorMeik Sievertsen <acydburn@phpbb.com>2006-03-12 23:19:55 +0000
committerMeik Sievertsen <acydburn@phpbb.com>2006-03-12 23:19:55 +0000
commit9988679d567a8bba9bade92dd9524bb012a1fe43 (patch)
tree72da21e7465fed3ca99f20bd809a3df9c020530d /phpBB/includes/functions.php
parentf4cfd3665f7cf1ed96ce4c2eca03ac6854aae258 (diff)
downloadforums-9988679d567a8bba9bade92dd9524bb012a1fe43.tar
forums-9988679d567a8bba9bade92dd9524bb012a1fe43.tar.gz
forums-9988679d567a8bba9bade92dd9524bb012a1fe43.tar.bz2
forums-9988679d567a8bba9bade92dd9524bb012a1fe43.tar.xz
forums-9988679d567a8bba9bade92dd9524bb012a1fe43.zip
- streamlined reports to consist of the feature set we decided upon (Nils, your turn now)
- use getenv instead of $_ENV (with $_ENV the case could be wrong) - permission fixes (there was a bug arising with getting permission flags - re-added them and handled roles deletion differently) - implemented max login attempts - changed the expected return parameters for logins/sessions - added acp page for editing report/denial reasons - other fixes here and there git-svn-id: file:///svn/phpbb/trunk@5622 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/functions.php')
-rw-r--r--phpBB/includes/functions.php59
1 files changed, 51 insertions, 8 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index e75ba650f0..569f3d08a9 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -136,11 +136,11 @@ function gen_rand_string($num_chars)
* Return unique id
* @param $extra additional entropy for call to mt_srand
*/
-function unique_id($extra = 0)
+function unique_id($extra = 0, $prefix = false)
{
list($usec, $sec) = explode(' ', microtime());
mt_srand((float) $extra + (float) $sec + ((float) $usec * 100000));
- return uniqid(mt_rand(), true);
+ return uniqid(($prefix === false) ? mt_rand() : $prefix, true);
}
if (!function_exists('array_combine'))
@@ -1318,7 +1318,10 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
$admin = ($admin) ? 1 : 0;
// If authentication is successful we redirect user to previous page
- if (($result = $auth->login($username, $password, $autologin, $viewonline, $admin)) === true)
+ $result = $auth->login($username, $password, $autologin, $viewonline, $admin);
+
+ // The result parameter is always an array, holding the relevant informations...
+ if ($result['status'] == LOGIN_SUCCESS)
{
// If admin authentication
if ($admin)
@@ -1329,7 +1332,9 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
}
else
{
+ // Authenticated, but not having admin permissions
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
+ trigger_error('NO_AUTH_ADMIN');
}
}
@@ -1340,19 +1345,57 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
trigger_error($message);
}
+ // The user wanted to re-authenticate, but something failed - log this
if ($admin)
{
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
- // If we get a non-numeric (e.g. string) value we output an error
- if (is_string($result))
+ // Something failed, determine what...
+ if ($result['status'] == LOGIN_BREAK)
{
- trigger_error($result, E_USER_ERROR);
+ trigger_error($result['error_msg'], E_USER_ERROR);
}
- // If we get an integer zero then we are inactive, else the username/password is wrong
- $err = ($result === 0) ? $user->lang['ACTIVE_ERROR'] : $user->lang['LOGIN_ERROR'];
+ // Special cases... determine
+ switch ($result['status'])
+ {
+ case LOGIN_ERROR_ATTEMPTS:
+
+ // Show confirm image
+ $sql = 'DELETE FROM ' . CONFIRM_TABLE . "
+ WHERE session_id = '" . $db->sql_escape($user->session_id) . "'
+ AND confirm_type = " . CONFIRM_LOGIN;
+ $db->sql_query($sql);
+
+ // Generate code
+ $code = gen_rand_string(mt_rand(5, 8));
+ $confirm_id = md5(unique_id(0, $user->ip));
+
+ $sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array(
+ 'confirm_id' => (string) $confirm_id,
+ 'session_id' => (string) $user->session_id,
+ 'confirm_type' => (int) CONFIRM_LOGIN,
+ 'code' => (string) $code)
+ );
+ $db->sql_query($sql);
+
+ $template->assign_vars(array(
+ 'S_CONFIRM_CODE' => true,
+ 'CONFIRM_ID' => $confirm_id,
+ 'CONFIRM_IMAGE' => '<img src="' . $phpbb_root_path . 'ucp.' . $phpEx . $SID . '&amp;mode=confirm&amp;id=' . $confirm_id . '&amp;type=' . CONFIRM_LOGIN . '" alt="" title="" />',
+ 'L_LOGIN_CONFIRM_EXPLAIN' => sprintf($user->lang['LOGIN_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'),
+ ));
+
+ $err = $user->lang[$result['error_msg']];
+
+ break;
+
+ // Username, password, etc...
+ default:
+ $err = $user->lang[$result['error_msg']];
+ break;
+ }
}
if (!$redirect)