Location: PHPKode > projects > IntraMessenger > common/user_start.inc.php
<?php
/*******************************************************
 **                  IntraMessenger - server          **
 **                                                   **
 **  Copyright:      (C) 2006 - 2011 THeUDS           **
 **  Web:            http://www.theuds.com            **
 **                  http://www.intramessenger.net    **
 **  Licence :       GPL (GNU Public License)         **
 **  http://opensource.org/licenses/gpl-license.php   **
 *******************************************************/

/*******************************************************
 **       This file is part of IntraMessenger-server  **
 **                                                   **
 **  IntraMessenger is a free software.               **
 **  IntraMessenger is distributed in the hope that   **
 **  it will be useful, but WITHOUT ANY WARRANTY.     **
 *******************************************************/
//

if ( !defined('INTRAMESSENGER') )
{
  exit;
}

function inc_user_password_error($t_id_user, $t_user, $t_check, $t_max_pass_errors_before_lock, $t_lock_duration)
{
  global $PREFIX_IM_TABLE, $l_start_waiting_valid;
  //
  //$t_max_pass_errors_before_lock = intval(_MAX_PASSWORD_ERRORS_BEFORE_LOCK_USER);
  if ($t_max_pass_errors_before_lock < 2) $t_max_pass_errors_before_lock = 5;
  if ($t_max_pass_errors_before_lock > 20) $t_max_pass_errors_before_lock = 10;
  //
  $t_id_user = intval($t_id_user);
	if ($t_id_user > 0)
	{
    $requete  = " select USR_PWD_ERRORS ";
    $requete .= " FROM " . $PREFIX_IM_TABLE . "USR_USER ";
    $requete .= " WHERE ID_USER = " . $t_id_user . " ";
    $result = mysql_query($requete);
    if (!$result) error_sql_log("[ERR-M4a]", $requete);
    if ( mysql_num_rows($result) == 1 )
    {
      list ($nb_errors) = mysql_fetch_row ($result);
      //
      $nb_errors = (intval($nb_errors) + 1);
      $requete  = " update " . $PREFIX_IM_TABLE . "USR_USER ";
      $requete .= " set USR_PWD_ERRORS = (USR_PWD_ERRORS + 1) ";
      $requete .= " WHERE ID_USER = " . $t_id_user . " ";
      $requete .= " LIMIT 1 "; // (to protect)
      $result = mysql_query($requete);
      if (!$result) error_sql_log("[ERR-M4b]", $requete);
      //
      if ($nb_errors >= $t_max_pass_errors_before_lock)
      {
        $requete  = " update " . $PREFIX_IM_TABLE . "USR_USER ";
        $requete .= " set USR_STATUS = 2 "; // locked  // USR_CHECK = 'WAIT'
        if ($t_lock_duration > 0)
          $requete .= " , USR_TIME_LOCK = CURTIME() + 60 * " . intval($t_lock_duration); // lock x minutes
        else
          $requete .= " , USR_TIME_LOCK = '00:00:00' "; // unlimited (need admin to unlock)
        //
        $requete .= " WHERE ID_USER = " . $t_id_user . " ";
        $requete .= " LIMIT 1 "; // (to protect)
        $result = mysql_query($requete);
        if (!$result) error_sql_log("[ERR-M4c]", $requete);
        //
        write_log("log_lock_user_for_password_errors", $t_user . ";" . $t_check);
        //
        if (_SEND_ADMIN_ALERT != "")
        {
          $txt = $l_start_waiting_valid;
          if ($txt == "") $txt = "Locked user(s) waiting...";
          send_alert_message_to_admins($txt);
        }
      }
    }
  }
  write_log("log_password_errors", $t_user . ";" . $t_check);
}


function f_verif_check_user_creat($t_user, $t_id_user, $t_check, $t_pass, $n_version, $t_nick, $t_max_nb_ip, $t_pending_user_on_computer_change)
{
  global $PREFIX_IM_TABLE, $l_index_pending_avatars, $l_start_waiting_valid;
  //
	//require("config/config.inc.php");
	//require("extern/extern.inc.php");
  require("config/auth.inc.php");
  require("f_not_empty.inc.php");
  //
	$id_user_to_add_new_user = 0;             // Auto add this userID in contact list (to new users).
	$passcr_old = ""; // before 1.4
	$passcr = "";     // after 1.4
	$salt_and_pepper = ""; // before 1.4
	$t_id_user = intval($t_id_user);
	if (_USER_NEED_PASSWORD != '')
	{
		if ($t_pass != '')
		{
			if (f_nb_auth_extern() == 1)
			{
        if (substr($t_pass, 0, 5) == "M%zK:") 
        {
          $t_pass = substr($t_pass,-(strlen($t_pass)-4));
          $t_pass = base64_decode($t_pass);
        }
			}
			//$t_pass = f_clean_name($t_pass);
			$passcr_old = substr(md5($salt_and_pepper . $t_pass), 5, 20); // before 1.4
			$passcr = sha1($password_pepper . $t_pass . "W$*7B0-c6");
		}	
	}	
	//
	//
	// Eviter le flood (plusieurs sessions depuis un même PC) // too many users from same computer.
	if ( (intval(_MAX_NB_USER) > 0) or (intval(_MAX_NB_SESSION) > 0) or (intval($t_max_nb_ip) > 0) or ($t_pending_user_on_computer_change != "") )
	{
    $requete  = " select count(*) ";
    $requete .= " FROM " . $PREFIX_IM_TABLE . "SES_SESSION SES, " . $PREFIX_IM_TABLE . "USR_USER USR ";
    $requete .= " WHERE SES.ID_USER = USR.ID_USER ";
    $requete .= " and USR.USR_CHECK = '" . $t_check . "' ";
    $result = mysql_query($requete);
    if (!$result) error_sql_log("[ERR-M4h]", $requete);
    if ( mysql_num_rows($result) == 1 )
    {
      list ($nb_same_pc) = mysql_fetch_row ($result);
      if (intval($nb_same_pc) > 2)
        return "KO-DUPLICATE-PC"; // anciennement KO-MAX-SESSION
    }
  }
	//
	//if ($t_id_user > 0) close_session_id_user($t_id_user);
	// Eviter doubles sessions pour le même user :
	/* enlevé 20/06/09, par bloque, si plantage exe.
	if ($t_id_user > 0)
    {
    $requete  = " select count(*) ";
    $requete .= " FROM " . $PREFIX_IM_TABLE . "SES_SESSION ";
    $requete .= " WHERE ID_USER = " . $t_id_user;
    $result = mysql_query($requete);
    if (!$result) error_sql_log("[ERR-M4i]", $requete);
    if ( mysql_num_rows($result) == 1 )
    {
      list ($nb_same_user) = mysql_fetch_row ($result);
      if (intval($nb_same_user) > 0)
        return "KO-MAX-SESSION";
    }
  }
	*/
	//
	if (intval(_MAX_NB_SESSION) > 0)
	{
    $requete  = " select count(*) ";
    $requete .= " FROM " . $PREFIX_IM_TABLE . "SES_SESSION ";
    $result = mysql_query($requete);
    if (!$result) error_sql_log("[ERR-K4i]", $requete);
    if ( mysql_num_rows($result) == 1 )
    {
      list ($nb_ses) = mysql_fetch_row ($result);
      //
      if (intval($nb_ses) >= intval(_MAX_NB_SESSION))
        return "KO-MAX-SESSION";
    }
  }
	//
	//
	$retour = ''; // par défaut
	//
	$requete  = " select USR_NAME, USR_CHECK, USR_PASSWORD, USR_STATUS ";
	$requete .= " FROM " . $PREFIX_IM_TABLE . "USR_USER ";
	$requete .= " WHERE USR_USERNAME = '" . $t_user . "' ";
	$result = mysql_query($requete);
	if (!$result) error_sql_log("[ERR-M4d]", $requete);
	//
	// ***************************************** If user exist already ****************************************************
	//
	//if (f_get_id_nom_user($t_user) > 0) // Non !!! 
	if ( mysql_num_rows($result) == 1 )
	{
		list ($usr_nom, $usr_check, $usr_pass, $usr_status) = mysql_fetch_row ($result);
		//
		//if ( ($usr_status == 2) or ($usr_check == "WAIT") ) // en attente de validation de l'admin (ou verrouillé pour erreurs de mot de passe).
		if ($usr_status == 2) // en attente de validation de l'admin (ou verrouillé pour erreurs de mot de passe).
      return "WAIT";
		//
		//
		// on vérifie le password AVANT le update_check_user : sinon, risque usurpation pseudo !
		// on vérifie le mot de passe (si demandé dans les options)
		if (_USER_NEED_PASSWORD != '')
		{
      if (f_nb_auth_extern() == 1)
      {
        // Check extern authentication
        //$retour = f_check_if_auth_exten_ok($t_user, $t_pass);
        $retour = f_check_if_auth_exten_ok($t_nick, $t_pass);
      }
      //
      // --------- classic access, NO extern auth --------- 
      if ($retour == '')
      {
        $retour = 'KO-PASS';
        if ( ($usr_pass == $passcr_old) or ($usr_pass == $passcr) )  $retour = 'OK';
        //
        if ( ($usr_pass == '') or ($usr_pass == $passcr_old) ) // si pas encore dans la BDD (ou ancien cryptage), on le met (et si non en extern).
        {
          $retour = f_update_pass_user($t_id_user, $t_pass);
          /*
          $requete  = " update " . $PREFIX_IM_TABLE . "USR_USER ";
          $requete .= " SET USR_PASSWORD = '" . $passcr . "' ";
          $requete .= " WHERE ID_USER = " . intval($t_id_user) . " ";
          $result = mysql_query($requete);
          if (!$result) error_sql_log("[ERR-M4e]", $requete);
          //$usr_pass = $passcr;
          $retour = 'OK';
          */
        }
      }
		}
		else
      $retour = 'OK';
    //
    // Pour ne pas que ca traine :
    unset($usr_pass); 
    unset($t_pass);
    unset($passcr);
    unset($passcr_old);
    //
		// Si pas de problème de mot de passe, on vérifie le check du poste.
		//if ( ($retour != 'KO-PASS') and ($retour != 'KO-PHENIX') and ($retour != 'KO-PHPBB') ...)
		//if ( ($retour == 'OK') or ($retour == '') )
		if ($retour == 'OK')
		{
      if ($usr_status <> 1) // config validée  ou  leave.
      {
        $requete  = " update " . $PREFIX_IM_TABLE . "USR_USER ";
        $requete .= " SET USR_STATUS = 1, USR_TIME_LOCK = '00:00:00' ";
        $requete .= " WHERE ID_USER = " . $t_id_user . " ";
        $requete .= " LIMIT 1 "; // (to protect)
        $result = mysql_query($requete);
        if (!$result) error_sql_log("[ERR-M4k]", $requete);
      }
      //
      if ($usr_check == "")
      {
        update_check_user($t_id_user, $t_check);
        $usr_check = $t_check;
      }
      //
			switch ($usr_check)
			{
#				case "" : // si valeur de controle non renseignée, on la récupère.
#					$retour = ''; // vide pour récupérer auto la valeur
#					break;
				case $t_check : // si valeur OK
					$retour = 'OK';
					break;
				case "WAIT" : // en attente de validation de l'admin
					$retour = 'WAIT';
					break;
				default : // tous les autres cas (donc si différent de la 'bonne' valeur)
					if ($t_pending_user_on_computer_change != '')
					{
						error_check_log($t_id_user, "'" . $t_check . "' <> '" . $usr_check . "'" );
						update_check_user($t_id_user, 'WAIT');
						$retour = 'KO';
            //if (defined("_SEND_ADMIN_ALERT"))
            if (_SEND_ADMIN_ALERT != "")
            {
              $txt = $l_start_waiting_valid;
              if ($txt == "") $txt = "Pending user(s) waiting...";
              send_alert_message_to_admins($txt);
            }
					}
					else
					{
						// Vérifie si une session en cours avec un autre check (donc le même compte depuis un autre PC).
						if (f_get_id_session_id_user($t_id_user) == 0)
						{
              update_check_user($t_id_user, $t_check);
              $retour = 'OK';
              //
              // si l'ancien existait :
              if ( ($usr_check != "") and ($usr_check != "WAIT") )
              {
                write_log("log_user_check_change", $t_user . ";" . $usr_check . ";" . $t_check );
              }
            }
            else
            {
              $retour = 'KO-OTHER-PC';
              write_log("log_user_check_double", $t_user . ";" . $usr_check . ";" . $t_check );
            }
					}
					break;
			}
		}
	}
	else 	// ***************************************** If NEW user ****************************************************
	{
		if (_ALLOW_AUTO_ADD_NEW_USER_ON_SERVER != '')
		{
			$tt = f_if_already_max_nb_users();
			if (intval($tt) == 0)
			{
				if (f_get_id_nom_user($t_user) != '')
				{
					$retour = 'DOUBLON'; // pseudo existe déjà.
				}
				else
				{
          if (f_nb_auth_extern() == 1)
          {
            // Check extern authentication
            //$retour = f_check_if_auth_exten_ok($t_user, $t_pass);
            $retour = f_check_if_auth_exten_ok($t_nick, $t_pass);
          }
          else
          {
            if ( (intval($n_version) >= 22) and (_NEED_QUICK_REGISTER_TO_AUTO_ADD_NEW_USER != '') and (_USER_NEED_PASSWORD != '') ) $retour = "KO-NEED_REGISTER";
          }
          //
          if (($retour == "") or ($retour == "OK")) // si ok extern (ou pas d'auth extern)
          {
            if ($retour == "OK") // si extern OK, alors on ne stocke pas le mot de passe dans la base IM (car inutile).
            {
              // Login Phenix via Triade
              #if (_AUTHENTICATION_ON_TRIADE != '')   
              if (_EXTERNAL_AUTHENTICATION == "triade")
              {
                $user_phenix_triade = f_triade_auth_to_phenix($t_user, $t_pass);
              }
              //
              unset($t_pass);
              $passcr = ""; // not unset !!! 
            }
            //
            $usr_status = 1; // ok
            if (_PENDING_NEW_AUTO_ADDED_USER != '')
            {
              $usr_status = 2; // locked (ajouté, mais reste en attente)
              //$t_i_chk = "WAIT"; // ajouté, mais reste en attente
              //if (defined("_SEND_ADMIN_ALERT"))
              if (_SEND_ADMIN_ALERT != "")
              {
                $txt = $l_start_waiting_valid;
                if ($txt == "") $txt = "Pending new user(s) waiting...";
                send_alert_message_to_admins($txt);
              }
            }
            //
            $name_or_function = ""; // Name and first name in col name_function (USR_NAME) (for default)
            $f = f_clean_username(_EXTERNAL_AUTHENTICATION);
            if ($f <> "")
            {
              if (strstr("#phenix#ovidentia#taskfreak#webcollab#sugarcrm#phprojekt#toutateam#groupoffice#cuteflow#", $f)) $name_or_function = f_extern_name_of_user($t_user);
            }
            if (_EXTERNAL_AUTHENTICATION == "triade")    
            {
              $name_or_function = $t_user;
              $name_or_function = str_replace('.',' ',$name_or_function);
              $name_or_function = str_replace('_',' ',$name_or_function);
              $name_or_function = trim($name_or_function);
              $name_or_function = ucwords($name_or_function);
            }
            if ($name_or_function != "")
            {
              $name_or_function = f_clean_name($name_or_function);   // f_clean_username($name_or_function); NON si met tout en minuscules
            }
            if ($t_nick == $t_user) $t_nick = "";
            //
            $requete  = " insert into " . $PREFIX_IM_TABLE . "USR_USER ";
            $requete .= " (USR_USERNAME, USR_NICKNAME, USR_CHECK, USR_DATE_CREAT, USR_PASSWORD, USR_NAME, USR_STATUS) VALUES (";
            $requete .= " '" . $t_user . "' , '" . $t_nick . "' , '" . $t_check . "' , CURDATE() , '" . $passcr . "' , '" . $name_or_function . "', " . $usr_status . " )";
            $result = mysql_query($requete);
            if (!$result) error_sql_log("[ERR-M4f]", $requete);
            //
            write_log("log_user_create", $t_user . ";" . $t_check);
            //
            $last_id = mysql_insert_id();
            //
            // Login Phenix via Triade
            #if ( (_AUTHENTICATION_ON_TRIADE != '') and isset($user_phenix_triade) )
            if ( (_EXTERNAL_AUTHENTICATION == "triade") and isset($user_phenix_triade) )
            {
              $requete  = " update " . $PREFIX_IM_TABLE . "USR_USER ";
              $requete .= " set USR_TRIADE_PHENIX = '" . $user_phenix_triade . "' ";
              $requete .= " where ID_USER = " . intval($last_id);
              $requete .= " LIMIT 1 "; // (to protect)
              $result = mysql_query($requete);
              if (!$result) error_sql_log("[ERR-M4g]", $requete);
            }
            //
         		if (_USER_NEED_PASSWORD != '')
            {
              $requete  = " update " . $PREFIX_IM_TABLE . "USR_USER ";
              $requete .= " SET USR_DATE_PASSWORD = CURDATE() ";
              $requete .= " WHERE ID_USER = " . intval($last_id);
              $requete .= " LIMIT 1 "; // (to protect)
              $result = mysql_query($requete);
              if (!$result) error_sql_log("[ERR-M4m]", $requete);
            }
            //
            $id_user_to_add_new_user = intval($id_user_to_add_new_user);
         		if ( ($id_user_to_add_new_user > 0 ) and ($last_id > 0) )
            {
              if (f_get_username_of_id($id_user_to_add_new_user) != "")
              {
                $requete = "INSERT INTO " . $PREFIX_IM_TABLE . "CNT_CONTACT (ID_USER_1, ID_USER_2, CNT_STATUS) ";
                $requete .= "VALUES (" . $id_user_to_add_new_user . ", " . $last_id . ", 1) ";
                $result = mysql_query($requete);
                if (!$result) error_sql_log("[ERR-M4n1]", $requete);
                //
                $requete = "INSERT INTO " . $PREFIX_IM_TABLE . "CNT_CONTACT (ID_USER_1, ID_USER_2, CNT_STATUS) ";
                $requete .= "VALUES (" . $last_id . ", " . $id_user_to_add_new_user . ", 1) ";
                $result = mysql_query($requete);
                if (!$result) error_sql_log("[ERR-M4n2]", $requete);
              }
            }
            //
            if (_STATISTICS != '')
            {
              if (!function_exists('stats_inc')) require ("stats.inc.php"); 
              stats_inc("STA_NB_CREAT");
            }
            // si l'ajout c'est bien passé :
            if (_PENDING_NEW_AUTO_ADDED_USER != '')
              $retour = 'WAIT'; // ajouté, mais reste en attente
            else
              $retour = 'OK'; // ajouté et directement valide
          }
				}
			}
			else
				$retour = 'KO-MAX'; // nbre de user max atteint.
			//
		}
		else
			$retour = 'NO'; // User inconnu
	}
  //
	return $retour;  // renvoie OK KO NO WAIT ou vide
}


function f_max_same_ip_already($t_max_nb_ip)
{
  global $PREFIX_IM_TABLE;
	//
	$retour = "OK";
	//if (!defined("_MAX_NB_IP")) define("_MAX_NB_IP", 0);
	//
	if (intval($t_max_nb_ip) > 0)
	{
    $ip_local = $_SERVER['REMOTE_ADDR'];	
    //
    $requete  = " select count(*) ";
    $requete .= " FROM " . $PREFIX_IM_TABLE . "SES_SESSION ";
    $requete .= " WHERE SES_IP_ADDRESS = '" . $ip_local . "' ";
    $result = mysql_query($requete);
    if (!$result) error_sql_log("[ERR-K4i]", $requete);
    if ( mysql_num_rows($result) == 1 )
    {
      list ($nb_ses) = mysql_fetch_row ($result);
      //
      if (intval($nb_ses) >= intval($t_max_nb_ip))
        $retour = 'KO-MAX-SESSION';
    }
  }
  //
	return $retour;
}

?>
Return current item: IntraMessenger