function login( $username=null, $passwd2=null ) { global $_CB_database, $_GET, $_POST, $_CB_framework, $ueConfig, $_PLUGINS; $spoofCheckOk = false; if ( cbSpoofCheck( 'login', 'POST', 2 ) ) { $spoofCheckOk = true; } else { if ( is_callable("josSpoofCheck") && is_callable("josSpoofValue") ) { $validate = josSpoofValue(); if ( cbGetParam( $_POST, $validate ) ) { josSpoofCheck(1); $spoofCheckOk = true; } } } if ( ! $spoofCheckOk ) { echo _UE_SESSION_EXPIRED . ' ' . _UE_PLEASE_REFRESH; return; } $messagesToUser = array(); $resultError = null; if ( !$username || !$passwd2 ) { $username = trim( cbGetParam( $_POST, 'username', '' ) ); $passwd2 = trim( cbGetParam( $_POST, 'passwd', '', _CB_ALLOWRAW ) ); } $return = trim( stripslashes( cbGetParam( $_POST, 'return', null ) ) ); if ( cbStartOfStringMatch( $return, 'B:' ) ) { $return = base64_decode( substr( $return, 2 ) ); $arrToClean = array( 'B' => get_magic_quotes_gpc() ? addslashes( $return ) : $return ); $return = cbGetParam( $arrToClean, 'B', '' ); } $message = trim( cbGetParam( $_POST, 'message', 0 ) ); //print "message:".$message; // $remember = trim( cbGetParam( $_POST, 'remember', '' ) ); // $lang = trim( cbGetParam( $_POST, 'lang', '' ) ); if ( !$username || !$passwd2 ) { $resultError = _LOGIN_INCOMPLETE; } else { $_PLUGINS->loadPluginGroup('user'); $_PLUGINS->trigger( 'onBeforeLogin', array( &$username, &$passwd2 ) ); $alertmessages = array(); $showSysMessage = true; $stopLogin = false; $returnURL = null; if($_PLUGINS->is_errors()) { $resultError = $_PLUGINS->getErrorMSG(); } else { /* $_CB_database->setQuery( "SELECT * " . "\n FROM #__users u, " . "\n #__comprofiler ue " . "\n WHERE u.username='".$username."' AND u.id = ue.id" ); $row = null; if ( $_CB_database->loadObject( $row ) && cbHashPassword( $passwd2, $row ) ) { */ $loginType = ( isset( $ueConfig['login_type'] ) ? $ueConfig['login_type'] : 0 ); // NEXT 3 LINES: CB 1.2 RC 2 + CB 1.2 specific : remove after ! if ( ! defined( '_UE_INCORRECT_EMAIL_OR_PASSWORD' ) ) { DEFINE('_UE_INCORRECT_EMAIL_OR_PASSWORD','Incorrect email or password. Please try again.'); } $row = new moscomprofilerUser( $_CB_database ); $foundUser = false; if ( $loginType <= 1 ) { $foundUser = $row->loadByUsername( stripslashes( $username ) ) && cbHashPassword( $passwd2, $row ); } if ( ( ! $foundUser ) && ( $loginType >= 1 ) ) { $foundUser = $row->loadByEmail( stripslashes( $username ) ) && cbHashPassword( $passwd2, $row ); if ( $foundUser ) { $username = $row->username; } } if ( $foundUser ) { $pluginResults = $_PLUGINS->trigger( 'onDuringLogin', array( &$row, 1, &$return ) ); if ( is_array( $pluginResults ) && count( $pluginResults ) ) { foreach ( $pluginResults as $res ) { if ( is_array( $res ) ) { if ( isset( $res['messagesToUser'] ) ) { $messagesToUser[] = $res['messagesToUser']; } if ( isset( $res['alertMessage'] ) ) { $alertmessages[] = $res['alertMessage']; } if ( isset( $res['showSysMessage'] ) ) { $showSysMessage = $showSysMessage && $res['showSysMessage']; } if ( isset( $res['stopLogin'] ) ) { $stopLogin = $stopLogin || $res['stopLogin']; } } } } if($_PLUGINS->is_errors()) { $resultError = $_PLUGINS->getErrorMSG(); } elseif ( $stopLogin ) { // login stopped: don't even check for errors... } elseif ($row->approved == 2){ $resultError = _LOGIN_REJECTED; } elseif ($row->confirmed != 1){ if ( $row->cbactivation == '' ) { $row->store(); // just in case the activation code was missing } $cbNotification = new cbNotification(); $cbNotification->sendFromSystem($row->id,getLangDefinition(stripslashes($ueConfig['reg_pend_appr_sub'])),getLangDefinition(stripslashes($ueConfig['reg_pend_appr_msg']))); $resultError = _LOGIN_NOT_CONFIRMED; } elseif ($row->approved == 0){ $resultError = _LOGIN_NOT_APPROVED; } elseif ($row->block == 1) { $resultError = _UE_LOGIN_BLOCKED; } elseif ($row->lastvisitDate == '0000-00-00 00:00:00') { if (isset($ueConfig['reg_first_visit_url']) and ($ueConfig['reg_first_visit_url'] != "")) { $return = $ueConfig['reg_first_visit_url']; } $_PLUGINS->trigger( 'onBeforeFirstLogin', array( &$row, $username, $passwd2, &$return )); if ($_PLUGINS->is_errors()) { $resultError = $_PLUGINS->getErrorMSG( "
" ); } } } else { if ( $loginType < 2 ) { $resultError = _LOGIN_INCORRECT; } else { $resultError = _UE_INCORRECT_EMAIL_OR_PASSWORD; } } } if ( $resultError ) { if ( $showSysMessage ) { $alertmessages[] = $resultError; } } elseif ( ! $stopLogin ) { $rememberMe = cbGetParam( $_POST, 'remember' ); $_CB_framework->login( $username, $passwd2, $rememberMe ); $_PLUGINS->trigger( 'onAfterLogin', array( &$row, true ) ); if ( $message && $showSysMessage ) { $alertmessages[] = _LOGIN_SUCCESS; } // changing com_comprofiler to comprofiler is a quick-fix for SEF ON on return path... if ( $return && !( strpos( $return, 'comprofiler' /* 'com_comprofiler' */ ) && ( strpos( $return, 'login') || strpos( $return, 'registers' ) || strpos( strtolower( $return ), 'lostpassword' ) ) ) ) { // checks for the presence of a return url // and ensures that this url is not the registration or login pages $returnURL = (strncasecmp($return, "http:", 5)||strncasecmp($return, "https:", 6)) ? $return : cbSef( $return, false ); } elseif ( ! $returnURL ) { $returnURL = cbSef( 'index.php', false ); } } // JS Popup message if ( count( $alertmessages ) > 0 ) { echo '\n"; /* **not sure if this is the best case but the **reason why we weren't seeing the login message was **because we are immediately redirecting to another page **so if we flush out the contents to the browser then we get the alert. */ if (!$resultError && ( ! ( count( $messagesToUser ) > 0 ) ) && function_exists("ob_flush")) { ob_flush(); // warning: this makes cbRedirect fail in IE6, as headers are already sent...JS redirect will work. } } } if ( count( $messagesToUser ) > 0 ) { if ( $resultError ) { echo "
".$resultError."
"; } echo "\n
" . implode( "
\n
", $messagesToUser ) . "
\n"; } elseif ($resultError) { echo "
".$resultError."
"; } else { cbRedirect( $returnURL ); } }