| changeset 1001 | 79770fb4132a |
| parent 985 | 4ecf46e5eeab |
| child 1026 | f0431eb8161e |
| 1000:dbefcae6b5cd | 1001:79770fb4132a |
|---|---|
925 else |
925 else |
926 { |
926 { |
927 $session_key = hmac_sha1($password_hmac, $salt); |
927 $session_key = hmac_sha1($password_hmac, $salt); |
928 } |
928 } |
929 |
929 |
930 // Minimum level |
|
931 $level = max(array($level, USER_LEVEL_MEMBER)); |
|
932 |
|
930 // Type of key |
933 // Type of key |
931 $key_type = ( $level > USER_LEVEL_MEMBER ) ? SK_ELEV : ( $remember ? SK_LONG : SK_SHORT ); |
934 $key_type = ( $level > USER_LEVEL_MEMBER ) ? SK_ELEV : ( $remember ? SK_LONG : SK_SHORT ); |
932 |
935 |
933 // If we're registering an elevated-privilege key, it needs to be on GET |
936 // If we're registering an elevated-privilege key, it needs to be on GET |
934 if($level > USER_LEVEL_MEMBER) |
937 if($level > USER_LEVEL_MEMBER) |
955 // Sanity check |
958 // Sanity check |
956 if(!is_int($user_id)) |
959 if(!is_int($user_id)) |
957 die('Somehow an SQL injection attempt crawled into our session registrar! (1)'); |
960 die('Somehow an SQL injection attempt crawled into our session registrar! (1)'); |
958 if(!is_int($level)) |
961 if(!is_int($level)) |
959 die('Somehow an SQL injection attempt crawled into our session registrar! (2)'); |
962 die('Somehow an SQL injection attempt crawled into our session registrar! (2)'); |
963 |
|
964 // Update RAM |
|
965 $this->user_id = $user_id; |
|
966 $this->user_level = max(array($this->user_level, $level)); |
|
960 |
967 |
961 // All done! |
968 // All done! |
962 $query = $db->sql_query('INSERT INTO '.table_prefix.'session_keys(session_key, salt, user_id, auth_level, source_ip, time, key_type) VALUES(\''.$keyhash.'\', \''.$db->escape($salt).'\', '.$user_id.', '.$level.', \''.$ip.'\', '.$time.', ' . $key_type . ');'); |
969 $query = $db->sql_query('INSERT INTO '.table_prefix.'session_keys(session_key, salt, user_id, auth_level, source_ip, time, key_type) VALUES(\''.$keyhash.'\', \''.$db->escape($salt).'\', '.$user_id.', '.$level.', \''.$ip.'\', '.$time.', ' . $key_type . ');'); |
963 if ( !$query && defined('IN_ENANO_UPGRADE') ) |
970 if ( !$query && defined('IN_ENANO_UPGRADE') ) |
964 // we're trying to upgrade so the key_type column is probably missing - try it again without specifying the key type |
971 // we're trying to upgrade so the key_type column is probably missing - try it again without specifying the key type |
3997 /** |
4004 /** |
3998 * Called upon processing an incoming login request. If you added anything to the userinfo object during the jshook |
4005 * Called upon processing an incoming login request. If you added anything to the userinfo object during the jshook |
3999 * login_build_userinfo, that will be in the $userinfo array here. Expected return values are: true if your plugin has |
4006 * login_build_userinfo, that will be in the $userinfo array here. Expected return values are: true if your plugin has |
4000 * not only succeeded but ALSO issued a session key (bypass the whole Enano builtin login process) and an associative array |
4007 * not only succeeded but ALSO issued a session key (bypass the whole Enano builtin login process) and an associative array |
4001 * with "mode" set to "error" and an error string in "error" to send an error back to the client. Any return value other |
4008 * with "mode" set to "error" and an error string in "error" to send an error back to the client. Any return value other |
4002 * than these will be ignored. |
4009 * than these will be treated as a pass-through, and the user's password will be validated through Enano's standard process. |
4003 * @hook login_process_userdata_json |
4010 * @hook login_process_userdata_json |
4004 */ |
4011 */ |
4005 |
4012 |
4006 $code = $plugins->setHook('login_process_userdata_json', true); |
4013 $code = $plugins->setHook('login_process_userdata_json', true); |
4007 foreach ( $code as $cmd ) |
4014 foreach ( $code as $cmd ) |
4009 $result = eval($cmd); |
4016 $result = eval($cmd); |
4010 if ( $result === true ) |
4017 if ( $result === true ) |
4011 { |
4018 { |
4012 return array( |
4019 return array( |
4013 'mode' => 'login_success', |
4020 'mode' => 'login_success', |
4014 'key' => ( $this->sid_super ) ? $this->sid_super : false |
4021 'key' => ( $this->sid_super ) ? $this->sid_super : false, |
4022 'user_id' => $this->user_id, |
|
4023 'user_level' => $this->user_level |
|
4015 ); |
4024 ); |
4016 } |
4025 } |
4017 else if ( is_array($result) ) |
4026 else if ( is_array($result) ) |
4018 { |
4027 { |
4019 if ( isset($result['mode']) && $result['mode'] === 'error' && isset($result['error']) ) |
4028 if ( isset($result['mode']) && $result['mode'] === 'error' && isset($result['error']) ) |
4045 |
4054 |
4046 if ( $login_result['success'] ) |
4055 if ( $login_result['success'] ) |
4047 { |
4056 { |
4048 return array( |
4057 return array( |
4049 'mode' => 'login_success', |
4058 'mode' => 'login_success', |
4050 'key' => ( $this->sid_super ) ? $this->sid_super : false |
4059 'key' => ( $this->sid_super ) ? $this->sid_super : false, |
4060 'user_id' => $this->user_id, |
|
4061 'user_level' => $this->user_level |
|
4051 ); |
4062 ); |
4052 } |
4063 } |
4053 else |
4064 else |
4054 { |
4065 { |
4055 return array( |
4066 return array( |