[SOLVED]YAT case login

wHiTeHaT · Posted: Sun Aug 02, 2009 6:51 am

I'm inspecting the Your_Account index.php file especialy the login case.

I'm having trouble detecting at what position it is setted where the user is verified.

If anyone could enlighten for me:

Code:

case 'login':
 global $nsnst_const;
 if (!isset($gfx_check)) $gfx_check = '';
 $username = check_html(trim($username) , 'nohtml'); // RN0001003
 $user_password = htmlspecialchars(stripslashes($user_password));
 $result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users WHERE username=\'' . addslashes($username) . '\'');
 $ya_numUser = $db->sql_numrows($result);
 $setinfo = $db->sql_fetchrow($result);
 // menelaos: check of the member agreed with the TOS and update the database field
 if (isset($_POST['tos_yes'])) {
 if (($ya_config['tos'] == 1) AND ($_POST['tos_yes'] == 1)) {
 $db->sql_query('UPDATE ' . $user_prefix . '_users SET agreedtos=\'1\' WHERE username=\'' . addslashes($username) . '\'');
 }
 }
 $forward = ereg_replace('redirect=', '', $redirect);
 if (ereg('privmsg', $forward)) $pm_login = 'active';
 else $pm_login = '';
 if ($ya_numUser == 0) {
 include_once 'header.php';
 Show_YA_menu();
 OpenTable();
 echo '<center>' . _SORRYNOUSERINFO . '</center>';
 CloseTable();
 include_once 'footer.php';
 } elseif ($ya_numUser == 1 AND $setinfo['user_id'] != 1 AND $setinfo['user_password'] != '' AND $setinfo['user_active'] > 0 AND $setinfo['user_level'] > 0) {
 /*
 * Check user against database - montego: I do not like the following code, why do we always
 * want to update the users password even if it hadn't changed? I am leaving this here for now
 * as time for 2.3.0 is short. We should also consider changing the encryption algorithm with a
 * better salt too, but it would force a ton of problems with existing sites.
 */
 $dbpass = $setinfo['user_password'];
 $non_crypt_pass = $user_password;
 $old_crypt_pass = crypt($user_password, substr($dbpass, 0, 2));
 $new_pass = md5($user_password);
 if (($dbpass == $non_crypt_pass) OR ($dbpass == $old_crypt_pass)) {
 $db->sql_query('UPDATE ' . $user_prefix . '_users SET user_password=\'' . $new_pass . '\' WHERE username=\'' . addslashes($username) . '\'');
 $result = $db->sql_query('SELECT user_password FROM ' . $user_prefix . '_users WHERE username=\'' . addslashes($username) . '\'');
 list($dbpass) = $db->sql_fetchrow($result);
 }
 if ($dbpass != $new_pass) {
 Header('Location: modules.php?name=' . $module_name . '&stop=1');
 die();
 }
 // menelaos: show a member the current TOS if he has not agreed yet
 //if (($ya_config['tos'] == 1) AND ($ya_config['tosall'] == 1) AND ($setinfo['agreedtos'] != 1)) {
 // if (!isset($_POST['tos_yes']) or $_POST['tos_yes'] != 1) {
 // include_once 'modules/' . $module_name . '/public/ya_tos.php';
 // exit;
 // }
 //}
 $datekey = date('F j');
 $rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . $random_num . $datekey));
 $code = substr($rcode, 2, $ya_config['codesize']);
 if (!security_code_check($gfx_check, array(2, 4, 5, 7))) {
 include_once 'header.php';
 OpenTable();
 echo '<center>' . _SECCODEINCOR . ' ';
 echo '[ <a href="modules.php?name=' . $module_name . '">' . _GOBACK2 . '</a> ]</center>';
 CloseTable();
 include_once 'footer.php';
 die();
 }
 if (extension_loaded('gd') AND $code != $gfx_check AND ($ya_config['usegfxcheck'] == 2 OR $ya_config['usegfxcheck'] == 3)) {
 Header('Location: modules.php?name=' . $module_name . '&stop=1');
 die();
 } else {
 // menelaos: show a member the current TOS if he has not agreed yet
 yacookie($setinfo['user_id'], $setinfo['username'], $new_pass, $setinfo['storynum'], $setinfo['umode'], $setinfo['uorder'], $setinfo['thold'], $setinfo['noscore'], $setinfo['ublockon'], $setinfo['theme'], $setinfo['commentmax']);
 if (!defined('NUKESENTINEL_IS_LOADED')) {
 $uname = $_SERVER['REMOTE_ADDR'];
 } else {
 $uname = $nsnst_const['remote_ip'];
 }
 if (!ereg('^([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})$', $uname)) $uname = '127.0.0.1'; // RN0001003
 $db->sql_query('DELETE FROM ' . $prefix . '_session WHERE uname=\'' . $uname . '\' AND guest=\'1\'');
 // if ($Version_Num >= 7.4)
 $db->sql_query('UPDATE ' . $user_prefix . '_users SET last_ip=\'' . $uname . '\' WHERE username=\'' . addslashes($username) . '\'');
 }
 // menelaos: the cookiecheck is run here
 if ($ya_config['cookiecheck'] == 1) {
 $cookiecheck = yacookiecheckresults();
 }
 if (isset($pm_login) && $pm_login != '') {
 Header('Location: modules.php?name=Private_Messages&file=index&folder=inbox');
 } elseif ($redirect == '') {
 Header('Location: modules.php?name=Your_Account&op=userinfo&bypass=1&username=' . $username);
 } elseif ($mode == '') {
 Header('Location: forums.html&file=' . $forward);
 } elseif ($t != '') {
 Header('Location: forums.html&file=' . $forward . '&mode=' . $mode . '&t=' . $t);
 } else {
 Header('Location: forums.html&file=' . $forward . '&mode=' . $mode . '&f=' . $f);
 }
 } elseif ($ya_numUser == 1 AND ($setinfo['user_level'] < 1 OR $setinfo['user_active'] < 1)) {
 include_once 'header.php';
 Show_YA_menu();
 OpenTable();
 if ($setinfo['user_level'] == 0) {
 echo ' <center>' . _ACCSUSPENDED . '</center> ';
 } elseif ($setinfo['user_level'] == -1) {
 echo ' <center>' . _ACCDELETED . '</center> ';
 } else {
 echo ' <center>' . _SORRYNOUSERINFO . '</center> ';
 }
 CloseTable();
 include_once 'footer.php';
 } else {
 Header('Location: modules.php?name=' . $module_name . '&stop=1');
 }
 break;

i need to execute some aditional code.
I would also be satisfeid when ever it is the login case , i could run an aditional code outside the yat module itself.

[EDITED]
i solved my problem by doing a if $op in another file outside of the YAT module.
FYI i ad a simular case:

Code:

if ($op == 'login') {
$do_something;
}
if ($op == 'logout') {
$do_something_else;

}

Raven · Posted: Mon Aug 03, 2009 9:44 am

What is YAT?

wHiTeHaT · Posted: Mon Aug 03, 2009 10:39 am

it should simply be YA , it is something in my head, probaly refering to your account tweak