Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RN v2.20.00 - Feedback
Author Message
wHiTeHaT
Life Cycles Becoming CPU Cycles


Joined: Jul 18, 2004
Posts: 576
Location: Netherlands

PostPosted: Sun Aug 02, 2009 6:51 am Reply with quote

I'm inspecting the Your_Account index.php file especialy the login case.

I'm having trouble detecting at what position it is setted where the user is verified.

If anyone could enlighten for me:

Code:
case 'login':

      global $nsnst_const;
      if (!isset($gfx_check)) $gfx_check = '';
      $username = check_html(trim($username) , 'nohtml'); // RN0001003
      $user_password = htmlspecialchars(stripslashes($user_password));
      $result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users WHERE username=\'' . addslashes($username) . '\'');
      $ya_numUser = $db->sql_numrows($result);
      $setinfo = $db->sql_fetchrow($result);
      // menelaos: check of the member agreed with the TOS and update the database field
      if (isset($_POST['tos_yes'])) {
         if (($ya_config['tos'] == 1) AND ($_POST['tos_yes'] == 1)) {
            $db->sql_query('UPDATE ' . $user_prefix . '_users SET agreedtos=\'1\' WHERE username=\'' . addslashes($username) . '\'');
         }
      }
      $forward = ereg_replace('redirect=', '', $redirect);
      if (ereg('privmsg', $forward)) $pm_login = 'active';
      else $pm_login = '';
      if ($ya_numUser == 0) {
         include_once 'header.php';
         Show_YA_menu();
         OpenTable();
         echo '<center><span class="title">' . _SORRYNOUSERINFO . '</span></center>';
         CloseTable();
         include_once 'footer.php';
      } elseif ($ya_numUser == 1 AND $setinfo['user_id'] != 1 AND $setinfo['user_password'] != '' AND $setinfo['user_active'] > 0 AND $setinfo['user_level'] > 0) {
         /*
         * Check user against database - montego: I do not like the following code, why do we always
         * want to update the users password even if it hadn't changed?  I am leaving this here for now
         * as time for 2.3.0 is short. We should also consider changing the encryption algorithm with a
         * better salt too, but it would force a ton of problems with existing sites.
         */
         $dbpass = $setinfo['user_password'];
         $non_crypt_pass = $user_password;
         $old_crypt_pass = crypt($user_password, substr($dbpass, 0, 2));
         $new_pass = md5($user_password);
         if (($dbpass == $non_crypt_pass) OR ($dbpass == $old_crypt_pass)) {
            $db->sql_query('UPDATE ' . $user_prefix . '_users SET user_password=\'' . $new_pass . '\'   WHERE username=\'' . addslashes($username) . '\'');
            $result = $db->sql_query('SELECT user_password FROM ' . $user_prefix . '_users   WHERE username=\'' . addslashes($username) . '\'');
            list($dbpass) = $db->sql_fetchrow($result);
         }
         if ($dbpass != $new_pass) {
            Header('Location: modules.php?name=' . $module_name . '&stop=1');
            die();
         }
         // menelaos: show a member the current TOS if he has not agreed yet
         //if (($ya_config['tos'] == 1) AND ($ya_config['tosall'] == 1) AND ($setinfo['agreedtos'] != 1)) {
         //   if (!isset($_POST['tos_yes']) or $_POST['tos_yes'] != 1) {
         //      include_once 'modules/' . $module_name . '/public/ya_tos.php';
         //      exit;
         //   }
         //}
         $datekey = date('F j');
         $rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . $random_num . $datekey));
         $code = substr($rcode, 2, $ya_config['codesize']);
         if (!security_code_check($gfx_check, array(2, 4, 5, 7))) {
            include_once 'header.php';
            OpenTable();
            echo '<center><strong>' . _SECCODEINCOR . '</strong><br /><br />';
            echo '[ <a href="modules.php?name=' . $module_name . '">' . _GOBACK2 . '</a> ]</center>';
            CloseTable();
            include_once 'footer.php';
            die();
         }
         if (extension_loaded('gd') AND $code != $gfx_check AND ($ya_config['usegfxcheck'] == 2 OR $ya_config['usegfxcheck'] == 3)) {
            Header('Location: modules.php?name=' . $module_name . '&stop=1');
            die();
         } else {
            // menelaos: show a member the current TOS if he has not agreed yet
            yacookie($setinfo['user_id'], $setinfo['username'], $new_pass, $setinfo['storynum'], $setinfo['umode'], $setinfo['uorder'], $setinfo['thold'], $setinfo['noscore'], $setinfo['ublockon'], $setinfo['theme'], $setinfo['commentmax']);
            if (!defined('NUKESENTINEL_IS_LOADED')) {
               $uname = $_SERVER['REMOTE_ADDR'];
            } else {
               $uname = $nsnst_const['remote_ip'];
            }
            if (!ereg('^([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})$', $uname)) $uname = '127.0.0.1'; // RN0001003
            $db->sql_query('DELETE FROM ' . $prefix . '_session WHERE uname=\'' . $uname . '\' AND guest=\'1\'');
            //      if ($Version_Num >= 7.4)
            $db->sql_query('UPDATE ' . $user_prefix . '_users SET last_ip=\'' . $uname . '\' WHERE username=\'' . addslashes($username) . '\'');
         }
         // menelaos: the cookiecheck is run here
         if ($ya_config['cookiecheck'] == 1) {
            $cookiecheck = yacookiecheckresults();
         }
         if (isset($pm_login) && $pm_login != '') {
            Header('Location: modules.php?name=Private_Messages&file=index&folder=inbox');
         } elseif ($redirect == '') {
            Header('Location: modules.php?name=Your_Account&op=userinfo&bypass=1&username=' . $username);
         } elseif ($mode == '') {
            Header('Location: forums.html?file=' . $forward);
         } elseif ($t != '') {
            Header('Location: forums.html?file=' . $forward . '&mode=' . $mode . '&t=' . $t);
         } else {
            Header('Location: forums.html?file=' . $forward . '&mode=' . $mode . '&f=' . $f);
         }
      } elseif ($ya_numUser == 1 AND ($setinfo['user_level'] < 1 OR $setinfo['user_active'] < 1)) {
         include_once 'header.php';
         Show_YA_menu();
         OpenTable();
         if ($setinfo['user_level'] == 0) {
            echo '<br /><center><span class="title"><strong>' . _ACCSUSPENDED . '</strong></span></center><br />';
         } elseif ($setinfo['user_level'] == -1) {
            echo '<br /><center><span class="title"><strong>' . _ACCDELETED . '</strong></span></center><br />';
         } else {
            echo '<br /><center><span class="title"><strong>' . _SORRYNOUSERINFO . '</strong></span></center><br />';
         }
         CloseTable();
         include_once 'footer.php';
      } else {
         Header('Location: modules.php?name=' . $module_name . '&stop=1');
      }
      break;

i need to execute some aditional code.
I would also be satisfeid when ever it is the login case , i could run an aditional code outside the yat module itself.

[EDITED]
i solved my problem by doing a if $op in another file outside of the YAT module.
FYI i ad a simular case:

Code:
if ($op == 'login') {

$do_something;
}   
if ($op == 'logout') {
$do_something_else;

}
 
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Mon Aug 03, 2009 9:44 am Reply with quote

What is YAT?
 
View user's profile Send private message
wHiTeHaT
PostPosted: Mon Aug 03, 2009 10:39 am Reply with quote

it should simply be YA , it is something in my head, probaly refering to your account tweak
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RN v2.20.00 - Feedback

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©