Home Explore Help
Register Sign In
NSHkD
/
Gazelle
forked from Oppaitime/Gazelle
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Oppaitime's version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
207 Commits
1 Branch
Tree: 451326c0c9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '451326c0c9'
${ noResults }
Gazelle/sections/login/index.php

index.php 15KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384 
  1. <?php

  2. 

  3. /*-- TODO ---------------------------//

  4. Add the JavaScript validation into the display page using the class

  5. //-----------------------------------*/

  6. 

  7. // Allow users to reset their password while logged in

  8. if (!empty($LoggedUser['ID']) && $_REQUEST['act'] != 'recover') {

  9.   header('Location: index.php');

  10.   die();

  11. }

  12. 

  13. if (BLOCK_OPERA_MINI && isset($_SERVER['HTTP_X_OPERAMINI_PHONE'])) {

  14.   error('Opera Mini is banned. Please use another browser.');

  15. }

  16. 

  17. // Check if IP is banned

  18. if (Tools::site_ban_ip($_SERVER['REMOTE_ADDR'])) {

  19.   error('Your IP address has been banned.');

  20. }

  21. 

  22. require_once SERVER_ROOT.'/classes/twofa.class.php';

  23. require_once SERVER_ROOT.'/classes/validate.class.php';

  24. 

  25. $Validate = new VALIDATE;

  26. $TwoFA = new TwoFactorAuth(SITE_NAME);

  27. 

  28. if (array_key_exists('action', $_GET) && $_GET['action'] == 'disabled') {

  29.   require('disabled.php');

  30.   die();

  31. }

  32. 

  33. if (isset($_REQUEST['act']) && $_REQUEST['act'] == 'recover') {

  34.   // Recover password

  35.   if (!empty($_REQUEST['key'])) {

  36.     // User has entered a new password, use step 2

  37.     $DB->query("

  38.       SELECT

  39.         m.ID,

  40.         m.Email,

  41.         m.ipcc,

  42.         i.ResetExpires

  43.       FROM users_main AS m

  44.         INNER JOIN users_info AS i ON i.UserID = m.ID

  45.       WHERE i.ResetKey = '".db_string($_REQUEST['key'])."'

  46.         AND i.ResetKey != ''");

  47.     list($UserID, $Email, $Country, $Expires) = $DB->next_record();

  48. 

  49.     if (!apc_exists('DBKEY')) {

  50.       error('Database not fully decrypted. Please wait for staff to fix this and try again later');

  51.     }

  52. 

  53.     $Email = DBCrypt::decrypt($Email);

  54. 

  55.     if ($UserID && strtotime($Expires) > time()) {

  56.       // If the user has requested a password change, and his key has not expired

  57.       $Validate->SetFields('password', '1', 'regex', 'You entered an invalid password. Any password at least 6 characters long is accepted, but a strong password is 8 characters or longer, contains at least 1 lowercase and uppercase letter, contains at least a number or symbol', array('regex' => '/(?=^.{6,}$).*$/'));

  58.       $Validate->SetFields('verifypassword', '1', 'compare', 'Your passwords did not match.', array('comparefield' => 'password'));

  59. 

  60.       if (!empty($_REQUEST['password'])) {

  61.         // If the user has entered a password.

  62.         // If the user has not entered a password, $PassWasReset is not set to 1, and the success message is not shown

  63.         $Err = $Validate->ValidateForm($_REQUEST);

  64.         if ($Err == '') {

  65.           // Form validates without error, set new secret and password.

  66.           $DB->query("

  67.             UPDATE

  68.               users_main AS m,

  69.               users_info AS i

  70.             SET

  71.               m.PassHash = '".db_string(Users::make_sec_hash($_REQUEST['password']))."',

  72.               i.ResetKey = '',

  73.               m.LastLogin = NOW(),

  74.               i.ResetExpires = NULL

  75.             WHERE m.ID = '$UserID'

  76.               AND i.UserID = m.ID");

  77.           $DB->query("

  78.             INSERT INTO users_history_passwords

  79.               (UserID, ChangerIP, ChangeTime)

  80.             VALUES

  81.               ('$UserID', '".DBCrypt::encrypt($_SERVER['REMOTE_ADDR'])."', '".sqltime()."')");

  82.           $PassWasReset = true;

  83.           $LoggedUser['ID'] = $UserID; // Set $LoggedUser['ID'] for logout_all_sessions() to work

  84.           logout_all_sessions();

  85. 

  86.         }

  87.       }

  88. 

  89.       // Either a form asking for them to enter the password

  90.       // Or a success message if $PassWasReset is 1

  91.       require('recover_step2.php');

  92. 

  93.     } else {

  94.       // Either his key has expired, or he hasn't requested a pass change at all

  95.       if (strtotime($Expires) < time() && $UserID) {

  96.         // If his key has expired, clear all the reset information

  97.         $DB->query("

  98.           UPDATE users_info

  99.           SET ResetKey = '',

  100.             ResetExpires = NULL

  101.           WHERE UserID = '$UserID'");

  102.         $_SESSION['reseterr'] = 'The link you were given has expired.'; // Error message to display on form

  103.       }

  104.       // Show him the first form (enter email address)

  105.       header('Location: login.php?act=recover');

  106.     }

  107. 

  108.   } // End step 2

  109. 

  110.   // User has not clicked the link in his email, use step 1

  111.   else {

  112.     $Validate->SetFields('email', '1', 'email', 'You entered an invalid email address.');

  113. 

  114.     if (!empty($_REQUEST['email'])) {

  115.       // User has entered email and submitted form

  116.       $Err = $Validate->ValidateForm($_REQUEST);

  117.       if (!apc_exists('DBKEY')) {

  118.         $Err = 'Database not fully decrypted. Please wait for staff to fix this and try again.';

  119.       }

  120. 

  121.       if (!$Err) {

  122.         // Form validates correctly

  123.         $DB->query("

  124.           SELECT

  125.             Email

  126.           FROM users_main");

  127.         while(list($EncEmail) = $DB->next_record()) {

  128.           if (strtolower($_REQUEST['email']) == strtolower(DBCrypt::decrypt($EncEmail))) {

  129.             break; // $EncEmail is now the encrypted form of the given email from the database

  130.           }

  131.         }

  132. 

  133.         $DB->query("

  134.           SELECT

  135.             ID,

  136.             Username,

  137.             Email

  138.           FROM users_main

  139.           WHERE Email = '$EncEmail'");

  140.         list($UserID, $Username, $Email) = $DB->next_record();

  141.         $Email = DBCrypt::decrypt($Email);

  142. 

  143.         if ($UserID) {

  144.           // Email exists in the database

  145.           // Set ResetKey, send out email, and set $Sent to 1 to show success page

  146.           Users::reset_password($UserID, $Username, $Email);

  147. 

  148.           $Sent = 1; // If $Sent is 1, recover_step1.php displays a success message

  149. 

  150.           //Log out all of the users current sessions

  151.           $Cache->delete_value("user_info_$UserID");

  152.           $Cache->delete_value("user_info_heavy_$UserID");

  153.           $Cache->delete_value("user_stats_$UserID");

  154.           $Cache->delete_value("enabled_$UserID");

  155. 

  156.           $DB->query("

  157.             SELECT SessionID

  158.             FROM users_sessions

  159.             WHERE UserID = '$UserID'");

  160.           while (list($SessionID) = $DB->next_record()) {

  161.             $Cache->delete_value("session_$UserID"."_$SessionID");

  162.           }

  163.           $DB->query("

  164.             UPDATE users_sessions

  165.             SET Active = 0

  166.             WHERE UserID = '$UserID'

  167.               AND Active = 1");

  168.         } else {

  169.           $Err = 'There is no user with that email address.';

  170.         }

  171.       }

  172. 

  173.     } elseif (!empty($_SESSION['reseterr'])) {

  174.       // User has not entered email address, and there is an error set in session data

  175.       // This is typically because their key has expired.

  176.       // Stick the error into $Err so recover_step1.php can take care of it

  177.       $Err = $_SESSION['reseterr'];

  178.       unset($_SESSION['reseterr']);

  179.     }

  180. 

  181.     // Either a form for the user's email address, or a success message

  182.     require('recover_step1.php');

  183.   }

  184. 

  185. } // End password recovery

  186. 

  187. else if (isset($_REQUEST['act']) && $_REQUEST['act'] == 'newlocation') {

  188.   if (isset($_REQUEST['key'])) {

  189.     if ($ASNCache = $Cache->get_value('new_location_'.$_REQUEST['key'])) {

  190.       $Cache->cache_value('new_location_'.$ASNCache['UserID'].'_'.$ASNCache['ASN'], true);

  191.       require('newlocation.php');

  192.       die();

  193.     } else {

  194.       error(403);

  195.     }

  196.   } else {

  197.     error(403);

  198.   }

  199. } // End new location

  200. 

  201. // Normal login

  202. else {

  203.   $Validate->SetFields('username', true, 'regex', 'You did not enter a valid username.', array('regex' => USERNAME_REGEX));

  204.   $Validate->SetFields('password', '1', 'string', 'You entered an invalid password.', array('minlength' => '6', 'maxlength' => '307200'));

  205. 

  206.   list($Attempts, $Banned) = $Cache->get_value('login_attempts_'.db_string($_SERVER['REMOTE_ADDR']));

  207. 

  208.   // Function to log a user's login attempt

  209.   function log_attempt() {

  210.     global $Cache, $Attempts;

  211.     $Attempts = ($Attempts ?? 0) + 1;

  212.     $Cache->cache_value('login_attempts_'.db_string($_SERVER['REMOTE_ADDR']), array($Attempts, ($Attempts > 5)), 60*60*$Attempts);

  213.     $AllAttempts = $Cache->get_value('login_attempts');

  214.     $AllAttempts[$_SERVER['REMOTE_ADDR']] = time()+(60*60*$Attempts);

  215.     foreach($AllAttempts as $IP => $Time) {

  216.       if ($Time < time()) { unset($AllAttempts[$IP]); }

  217.     }

  218.     $Cache->cache_value('login_attempts', $AllAttempts, 0);

  219.   }

  220. 

  221.   // If user has submitted form

  222.   if (isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password'])) {

  223.     if ($Banned) {

  224.       header("Location: login.php");

  225.       die();

  226.     }

  227.     $Err = $Validate->ValidateForm($_POST);

  228. 

  229.     if (!$Err) {

  230.       // Passes preliminary validation (username and password "look right")

  231.       $DB->query("

  232.         SELECT

  233.           ID,

  234.           PermissionID,

  235.           CustomPermissions,

  236.           PassHash,

  237.           TwoFactor,

  238.           Enabled

  239.         FROM users_main

  240.         WHERE Username = '".db_string($_POST['username'])."'

  241.           AND Username != ''");

  242.       list($UserID, $PermissionID, $CustomPermissions, $PassHash, $TwoFactor, $Enabled) = $DB->next_record(MYSQLI_NUM, array(2));

  243.       if (!$Banned) {

  244.         if ($UserID && Users::check_password($_POST['password'], $PassHash)) {

  245.           // Update hash if better algorithm available

  246.           if (password_needs_rehash($PassHash, PASSWORD_DEFAULT)) {

  247.             $DB->query("

  248.               UPDATE users_main

  249.               SET PassHash = '".make_sec_hash($_POST['password'])."'

  250.               WHERE Username = '".db_string($_POST['username'])."'");

  251.           }

  252. 

  253.           if (empty($TwoFactor) || $TwoFA->verifyCode($TwoFactor, $_POST['twofa'])) {

  254.             if ($Enabled == 1) {

  255. 

  256.               // Check if the current login attempt is from a location previously logged in from

  257.               if (apc_exists('DBKEY')) {

  258.                 $DB->query("

  259.                   SELECT IP

  260.                   FROM users_history_ips

  261.                   WHERE UserID = $UserID");

  262.                 $IPs = $DB->to_array(false, MYSQLI_NUM);

  263.                 $QueryParts = array();

  264.                 foreach ($IPs as $i => $IP) {

  265.                   $IPs[$i] = DBCrypt::decrypt($IP[0]);

  266.                 }

  267.                 $IPs = array_unique($IPs);

  268.                 if (count($IPs) > 0) { // Always allow first login

  269.                   foreach ($IPs as $IP) {

  270.                     $QueryParts[] = "(StartIP<=INET6_ATON('$IP') AND EndIP>=INET6_ATON('$IP'))";

  271.                   }

  272.                   $DB->query('SELECT ASN FROM geoip_asn WHERE '.implode(' OR ', $QueryParts));

  273.                   $PastASNs = array_column($DB->to_array(false, MYSQLI_NUM), 0);

  274.                   $DB->query("SELECT ASN FROM geoip_asn WHERE StartIP<=INET6_ATON('$_SERVER[REMOTE_ADDR]') AND EndIP>=INET6_ATON('$_SERVER[REMOTE_ADDR]')");

  275.                   list($CurrentASN) = $DB->next_record();

  276. 

  277.                   // if we are in DEBUG_MODE, no need to enforce location restriction

  278.                   if (!in_array($CurrentASN, $PastASNs) && !DEBUG_MODE) {

  279.                     // Never logged in from this location before

  280.                     if ($Cache->get_value('new_location_'.$UserID.'_'.$CurrentASN) !== true) {

  281.                       $DB->query("

  282.                         SELECT

  283.                           UserName,

  284.                           Email

  285.                         FROM users_main

  286.                         WHERE ID = $UserID");

  287.                       list($Username, $Email) = $DB->next_record();

  288.                       Users::auth_location($UserID, $Username, $CurrentASN, DBCrypt::decrypt($Email));

  289.                       require('newlocation.php');

  290.                       die();

  291.                     }

  292.                   }

  293.                 }

  294.               }

  295. 

  296.               $SessionID = Users::make_secret(64);

  297.               $KeepLogged = ($_POST['keeplogged'] ?? false) ? 1 : 0;

  298.               if (DEBUG_MODE) {

  299.                 // allow HTTP (non secure) cookies if running in DEBUG_MODE

  300.                 setcookie('session', $SessionID, (time()+60*60*24*365)*$KeepLogged, '/', '', false, true);

  301.                 setcookie('userid', $UserID, (time()+60*60*24*365)*$KeepLogged, '/', '', false, true);

  302.               } else {

  303.                 setcookie('session', $SessionID, (time()+60*60*24*365)*$KeepLogged, '/', '', true, true);

  304.                 setcookie('userid', $UserID, (time()+60*60*24*365)*$KeepLogged, '/', '', true, true);

  305.               }

  306. 

  307.               // Because we <3 our staff

  308.               $Permissions = Permissions::get_permissions($PermissionID);

  309.               $CustomPermissions = unserialize($CustomPermissions);

  310.               if (isset($Permissions['Permissions']['site_disable_ip_history'])

  311.                 || isset($CustomPermissions['site_disable_ip_history'])

  312.               ) {

  313.                 $_SERVER['REMOTE_ADDR'] = '127.0.0.1';

  314.               }

  315. 

  316.               $DB->query("

  317.                 INSERT INTO users_sessions

  318.                   (UserID, SessionID, KeepLogged, Browser, OperatingSystem, IP, LastUpdate, FullUA)

  319.                 VALUES

  320.                   ('$UserID', '".db_string($SessionID)."', '$KeepLogged', '$Browser', '$OperatingSystem', '".db_string(apc_exists('DBKEY')?DBCrypt::encrypt($_SERVER['REMOTE_ADDR']):'0.0.0.0')."', '".sqltime()."', '".db_string($_SERVER['HTTP_USER_AGENT'])."')");

  321. 

  322.               $Cache->begin_transaction("users_sessions_$UserID");

  323.               $Cache->insert_front($SessionID, array(

  324.                   'SessionID' => $SessionID,

  325.                   'Browser' => $Browser,

  326.                   'OperatingSystem' => $OperatingSystem,

  327.                   'IP' => (apc_exists('DBKEY')?DBCrypt::encrypt($_SERVER['REMOTE_ADDR']):'0.0.0.0'),

  328.                   'LastUpdate' => sqltime()

  329.                   ));

  330.               $Cache->commit_transaction(0);

  331. 

  332.               $Sql = "

  333.                 UPDATE users_main

  334.                 SET

  335.                   LastLogin = '".sqltime()."',

  336.                   LastAccess = '".sqltime()."'

  337.                 WHERE ID = '".db_string($UserID)."'";

  338. 

  339.               $DB->query($Sql);

  340. 

  341.               if (!empty($_COOKIE['redirect'])) {

  342.                 $URL = $_COOKIE['redirect'];

  343.                 setcookie('redirect', '', time() - 60 * 60 * 24, '/', '', false);

  344.                 header("Location: $URL");

  345.                 die();

  346.               } else {

  347.                 header('Location: index.php');

  348.                 die();

  349.               }

  350.             } else {

  351.               log_attempt();

  352.               if ($Enabled == 2) {

  353. 

  354.                 // Save the username in a cookie for the disabled page

  355.                 setcookie('username', db_string($_POST['username']), time() + 60 * 60, '/', '', false);

  356.                 header('Location: login.php?action=disabled');

  357.               } elseif ($Enabled == 0) {

  358.                 $Err = 'Your account has not been confirmed.<br />Please check your email.';

  359.               }

  360.               setcookie('keeplogged', '', time() + 60 * 60 * 24 * 365, '/', '', false);

  361.             }

  362.           } else {

  363.             log_attempt();

  364.             $Err = 'Two-factor authentication failed.';

  365.             setcookie('keeplogged', '', time() + 60 * 60 * 24 * 365, '/', '', false);

  366.           }

  367.         } else {

  368.           log_attempt();

  369.           $Err = 'Your username or password was incorrect.';

  370.           setcookie('keeplogged', '', time() + 60 * 60 * 24 * 365, '/', '', false);

  371.         }

  372. 

  373.       } else {

  374.         log_attempt();

  375.         setcookie('keeplogged', '', time() + 60 * 60 * 24 * 365, '/', '', false);

  376.       }

  377. 

  378.     } else {

  379.       log_attempt();

  380.       setcookie('keeplogged', '', time() + 60 * 60 * 24 * 365, '/', '', false);

  381.     }

  382.   }

  383.   require('sections/login/login.php');

  384. }