|
|
@@ -0,0 +1,377 @@ |
|
|
<?php |
|
|
// clanCMS to phpBB3 bridge by FuntimeError of dfbrigade.org |
|
|
|
|
|
/** |
|
|
* @ignore |
|
|
*/ |
|
|
if (!defined('IN_PHPBB')) |
|
|
{ |
|
|
// exit; |
|
|
} |
|
|
|
|
|
/** |
|
|
* INSTALL: Replace MYDBNAME with the real name of your database |
|
|
* INSTALL: Replace MYCRYPTKEY with the encryption key found in clancms\config.php |
|
|
* look for $config['encryption_key'] and the key is inside quotes after the equal sign |
|
|
* INSTALL: Replace MYSESSIONCOOKIENAME with the session cookie name key found in clancms\config.php |
|
|
* look for $config['sess_cookie_name'] and the key is inside quotes after the equal sign |
|
|
* INSTALL: if you are still having issues getting it to work, try setting clancms_mcrypt to false instead of true on the line DEFINE('clancms_mcrypt',true); |
|
|
*/ |
|
|
DEFINE('CLANCMSDB','MYDBNAME'); |
|
|
DEFINE('clancmsEncryptionKey', 'MYCRYPTKEY'); |
|
|
DEFINE('sessionCookieName', 'MYSESSIONCOOKIENAME'); |
|
|
DEFINE('clancms_mcrypt',true); |
|
|
|
|
|
|
|
|
function validate_session_clancms2($userrow) |
|
|
{ |
|
|
global $db; |
|
|
|
|
|
|
|
|
$sess_info = unserialize(decode($_COOKIE[sessionCookieName],md5(clancmsEncryptionKey))); |
|
|
$sess_id = $sess_info['session_id']; |
|
|
$sess_ip = $sess_info['ip_address']; |
|
|
|
|
|
$sql = "SELECT * |
|
|
FROM ".CLANCMSDB.".ClanCMS_sessions |
|
|
WHERE |
|
|
session_id = '". $db->sql_escape(utf8_clean_string($sess_id)). "' "; |
|
|
$result = $db->sql_query($sql); |
|
|
$row = $db->sql_fetchrow($result); |
|
|
$db->sql_freeresult($result); |
|
|
|
|
|
//if user logged into main site but not forum |
|
|
if($row && $userrow['username_clean'] == 'anonymous') |
|
|
{ |
|
|
$user_info = unserialize($row['user_data']); |
|
|
if(strlen($user_info['username'])) |
|
|
{ |
|
|
$clancmsuser = $user_info['username']; |
|
|
$sql = 'SELECT * FROM ' . USERS_TABLE . " WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($clancmsuser)) . "'"; |
|
|
$result = $db->sql_query($sql); |
|
|
$row = $db->sql_fetchrow($result); |
|
|
$db->sql_freeresult($result); |
|
|
//invalidate session |
|
|
return false; |
|
|
} |
|
|
} |
|
|
//no session mismatch, carry on |
|
|
return true; |
|
|
} |
|
|
|
|
|
|
|
|
/** |
|
|
* Login function |
|
|
*/ |
|
|
function login_clancms2(&$username, &$password) |
|
|
{ |
|
|
global $db, $config; |
|
|
|
|
|
// do not allow empty password |
|
|
if (!$password) |
|
|
{ |
|
|
return array( |
|
|
'status' => LOGIN_ERROR_PASSWORD, |
|
|
'error_msg' => 'NO_PASSWORD_SUPPLIED', |
|
|
'user_row' => array('user_id' => ANONYMOUS), |
|
|
); |
|
|
} |
|
|
|
|
|
if (!$username) |
|
|
{ |
|
|
return array( |
|
|
'status' => LOGIN_ERROR_USERNAME, |
|
|
'error_msg' => 'LOGIN_ERROR_USERNAME', |
|
|
'user_row' => array('user_id' => ANONYMOUS), |
|
|
); |
|
|
} |
|
|
|
|
|
|
|
|
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts |
|
|
FROM ' . USERS_TABLE . " |
|
|
WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; |
|
|
$result = $db->sql_query($sql); |
|
|
$row = $db->sql_fetchrow($result); |
|
|
$db->sql_freeresult($result); |
|
|
|
|
|
//if not in forum database, check main site db. |
|
|
if (!$row) |
|
|
{ |
|
|
$sql = "SELECT user_salt FROM ".CLANCMSDB.".ClanCMS_users WHERE user_name = '". $db->sql_escape(utf8_clean_string($username))."'"; |
|
|
$result = $db->sql_query($sql); |
|
|
$row = $db->sql_fetchrow($result); |
|
|
$db->sql_freeresult($result); |
|
|
$salt = $row['user_salt']; |
|
|
|
|
|
$sql = "SELECT * FROM ".CLANCMSDB.".ClanCMS_users WHERE user_name = '". $db->sql_escape(utf8_clean_string($username))."' and user_password = '". sha1($salt . sha1($password))."'"; |
|
|
$result = $db->sql_query($sql); |
|
|
$row = $db->sql_fetchrow($result); |
|
|
$row2 = $db->sql_fetchrow($result); |
|
|
$db->sql_freeresult($result); |
|
|
|
|
|
if(!$row) |
|
|
{ |
|
|
return array( |
|
|
'status' => LOGIN_ERROR_USERNAME, |
|
|
'error_msg' => 'LOGIN_ERROR_USERNAME', |
|
|
'user_row' => array('user_id' => ANONYMOUS), |
|
|
); |
|
|
} |
|
|
else |
|
|
{ |
|
|
// retrieve default group id |
|
|
$sql = 'SELECT group_id |
|
|
FROM ' . GROUPS_TABLE . " |
|
|
WHERE group_name = '" . $db->sql_escape('REGISTERED') . "' |
|
|
AND group_type = " . GROUP_SPECIAL; |
|
|
$result = $db->sql_query($sql); |
|
|
$row = $db->sql_fetchrow($result); |
|
|
$db->sql_freeresult($result); |
|
|
|
|
|
if (!$row) |
|
|
{ |
|
|
trigger_error('NO_GROUP'); |
|
|
} |
|
|
|
|
|
// generate user account data |
|
|
$clancms_user_row = array( |
|
|
'username' => $username, |
|
|
'user_password' => phpbb_hash($password), |
|
|
'user_email' => (!empty($row2['user_email'])) ? utf8_htmlspecialchars(htmlspecialchars_decode($row2['user_email'])): '', |
|
|
'group_id' => (int) $row['group_id'], |
|
|
'user_type' => USER_NORMAL, |
|
|
'user_ip' => $user->ip, |
|
|
'user_new' => ($config['new_member_post_limit']) ? 1 : 0, |
|
|
); |
|
|
|
|
|
unset($row); |
|
|
|
|
|
// this is the user's first login so create an empty profile |
|
|
return array( |
|
|
'status' => LOGIN_SUCCESS_CREATE_PROFILE, |
|
|
'error_msg' => false, |
|
|
'user_row' => $clancms_user_row, |
|
|
); |
|
|
|
|
|
} |
|
|
} |
|
|
|
|
|
$show_captcha = false; |
|
|
//$config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']; |
|
|
|
|
|
// If there are too much login attempts, we need to check for an confirm image |
|
|
// Every auth module is able to define what to do by itself... |
|
|
if ($show_captcha) |
|
|
{ |
|
|
// Visual Confirmation handling |
|
|
if (!class_exists('phpbb_captcha_factory')) |
|
|
{ |
|
|
global $phpbb_root_path, $phpEx; |
|
|
include ($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx); |
|
|
} |
|
|
|
|
|
$captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']); |
|
|
$captcha->init(CONFIRM_LOGIN); |
|
|
$vc_response = $captcha->validate($row); |
|
|
if ($vc_response) |
|
|
{ |
|
|
return array( |
|
|
'status' => LOGIN_ERROR_ATTEMPTS, |
|
|
'error_msg' => 'LOGIN_ERROR_ATTEMPTS', |
|
|
'user_row' => $row, |
|
|
); |
|
|
} |
|
|
else |
|
|
{ |
|
|
$captcha->reset(); |
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
if (phpbb_check_hash($password, $row['user_password'])) |
|
|
{ |
|
|
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts |
|
|
FROM ' . USERS_TABLE . " |
|
|
WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; |
|
|
$result = $db->sql_query($sql); |
|
|
$row = $db->sql_fetchrow($result); |
|
|
$db->sql_freeresult($result); |
|
|
if ($row) |
|
|
{ |
|
|
if ($row['user_login_attempts'] != 0) |
|
|
{ |
|
|
// Successful, reset login attempts (the user passed all stages) |
|
|
$sql = 'UPDATE ' . USERS_TABLE . ' |
|
|
SET user_login_attempts = 0 |
|
|
WHERE user_id = ' . $row['user_id']; |
|
|
$db->sql_query($sql); |
|
|
} |
|
|
|
|
|
// User inactive... |
|
|
if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) |
|
|
{ |
|
|
return array( |
|
|
'status' => LOGIN_ERROR_ACTIVE, |
|
|
'error_msg' => 'ACTIVE_ERROR', |
|
|
'user_row' => $row, |
|
|
); |
|
|
} |
|
|
|
|
|
// Successful login... set user_login_attempts to zero... |
|
|
return array( |
|
|
'status' => LOGIN_SUCCESS, |
|
|
'error_msg' => false, |
|
|
'user_row' => $row, |
|
|
); |
|
|
} |
|
|
} |
|
|
// Password incorrect - increase login attempts |
|
|
$sql = 'UPDATE ' . USERS_TABLE . ' |
|
|
SET user_login_attempts = user_login_attempts + 1 |
|
|
WHERE user_id = ' . (int) $row['user_id'] . ' |
|
|
AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; |
|
|
$db->sql_query($sql); |
|
|
|
|
|
// Give status about wrong password... |
|
|
return array( |
|
|
'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD, |
|
|
'error_msg' => ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD', |
|
|
'user_row' => $row, |
|
|
); |
|
|
} |
|
|
|
|
|
function autologin_clancms2() |
|
|
{ |
|
|
|
|
|
global $db; |
|
|
$sess_info = unserialize(decode($_COOKIE[sessionCookieName],md5(clancmsEncryptionKey))); |
|
|
$sess_id = $sess_info['session_id']; |
|
|
$sess_ip = $sess_info['ip_address']; |
|
|
$sql = "SELECT * |
|
|
FROM ".CLANCMSDB.".ClanCMS_sessions |
|
|
WHERE |
|
|
session_id = '". $db->sql_escape(utf8_clean_string($sess_id)). "' "; |
|
|
$result = $db->sql_query($sql); |
|
|
$row = $db->sql_fetchrow($result); |
|
|
$db->sql_freeresult($result); |
|
|
|
|
|
//if user found |
|
|
if($row) |
|
|
{ |
|
|
$user_info = unserialize($row['user_data']); |
|
|
if(strlen($user_info['username'])) |
|
|
{ |
|
|
$clancmsuser = $user_info['username']; |
|
|
$sql = 'SELECT * FROM ' . USERS_TABLE . " WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($clancmsuser)) . "'"; |
|
|
$result = $db->sql_query($sql); |
|
|
$row = $db->sql_fetchrow($result); |
|
|
$db->sql_freeresult($result); |
|
|
return $row; |
|
|
} |
|
|
} |
|
|
//no user forund. phpbb still wants a blank array |
|
|
return array(); |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
function logout_clancms2($userrow,$newsession) |
|
|
{ |
|
|
global $db; |
|
|
|
|
|
$sess_info = unserialize(decode($_COOKIE[sessionCookieName],md5(clancmsEncryptionKey))); |
|
|
$sess_id = $sess_info['session_id']; |
|
|
$sql = "DELETE FROM ".CLANCMSDB.".ClanCMS_sessions WHERE session_id = '". $db->sql_escape(utf8_clean_string($sess_id)). "' "; |
|
|
|
|
|
$result = $db->sql_query($sql); |
|
|
$row = $db->sql_fetchrow($result); |
|
|
$db->sql_freeresult($result); |
|
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
function decode($string, $key = '') |
|
|
{ |
|
|
if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string)) |
|
|
{ |
|
|
return FALSE; |
|
|
} |
|
|
|
|
|
$dec = base64_decode($string); |
|
|
if (clancms_mcrypt) |
|
|
{ |
|
|
if (!($dec = mcrypt_decode($dec, $key))) |
|
|
{ |
|
|
return FALSE; |
|
|
} |
|
|
} |
|
|
return _xor_decode($dec, $key); |
|
|
} |
|
|
|
|
|
function _xor_decode($string, $key) |
|
|
{ |
|
|
$string = _xor_merge($string, $key); |
|
|
$dec = ''; |
|
|
for ($i = 0; $i < strlen($string); $i++) |
|
|
{ |
|
|
$dec .= (substr($string, $i++, 1) ^ substr($string, $i, 1)); |
|
|
} |
|
|
|
|
|
return $dec; |
|
|
} |
|
|
|
|
|
function _xor_merge($string, $key) |
|
|
{ |
|
|
$hash = sha1($key); |
|
|
$str = ''; |
|
|
for ($i = 0; $i < strlen($string); $i++) |
|
|
{ |
|
|
$str .= substr($string, $i, 1) ^ substr($hash, ($i % strlen($hash)), 1); |
|
|
} |
|
|
|
|
|
return $str; |
|
|
} |
|
|
|
|
|
function mcrypt_decode($data, $key) |
|
|
{ |
|
|
$data = _remove_cipher_noise($data, $key); |
|
|
$init_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); |
|
|
if ($init_size > strlen($data)) |
|
|
{ |
|
|
return FALSE; |
|
|
} |
|
|
|
|
|
$init_vect = substr($data, 0, $init_size); |
|
|
$data = substr($data, $init_size); |
|
|
return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_ECB, $init_vect), "\0"); |
|
|
} |
|
|
|
|
|
function _remove_cipher_noise($data, $key) |
|
|
{ |
|
|
$keyhash = sha1($key); |
|
|
$keylen = strlen($keyhash); |
|
|
$str = ''; |
|
|
for ($i = 0, $j = 0, $len = strlen($data); $i < $len; ++$i, ++$j) |
|
|
{ |
|
|
if ($j >= $keylen) |
|
|
{ |
|
|
$j = 0; |
|
|
} |
|
|
|
|
|
$temp = ord($data[$i]) - ord($keyhash[$j]); |
|
|
|
|
|
if ($temp < 0) |
|
|
{ |
|
|
$temp = $temp + 256; |
|
|
} |
|
|
|
|
|
$str .= chr($temp); |
|
|
} |
|
|
return $str; |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
?> |
funtimeerror revised this gist