function login( $username=null, $passwd2=null ) {
global $_CB_database, $_GET, $_POST, $_CB_framework, $ueConfig, $_PLUGINS;
$spoofCheckOk = false;
if ( cbSpoofCheck( 'login', 'POST', 2 ) ) {
$spoofCheckOk = true;
} else {
if ( is_callable("josSpoofCheck") && is_callable("josSpoofValue") ) {
$validate = josSpoofValue();
if ( cbGetParam( $_POST, $validate ) ) {
josSpoofCheck(1);
$spoofCheckOk = true;
}
}
}
if ( ! $spoofCheckOk ) {
echo _UE_SESSION_EXPIRED . ' ' . _UE_PLEASE_REFRESH;
return;
}
$messagesToUser = array();
$resultError = null;
if ( !$username || !$passwd2 ) {
$username = trim( cbGetParam( $_POST, 'username', '' ) );
$passwd2 = trim( cbGetParam( $_POST, 'passwd', '', _CB_ALLOWRAW ) );
}
$return = trim( stripslashes( cbGetParam( $_POST, 'return', null ) ) );
if ( cbStartOfStringMatch( $return, 'B:' ) ) {
$return = base64_decode( substr( $return, 2 ) );
$arrToClean = array( 'B' => get_magic_quotes_gpc() ? addslashes( $return ) : $return );
$return = cbGetParam( $arrToClean, 'B', '' );
}
$message = trim( cbGetParam( $_POST, 'message', 0 ) );
//print "message:".$message;
// $remember = trim( cbGetParam( $_POST, 'remember', '' ) );
// $lang = trim( cbGetParam( $_POST, 'lang', '' ) );
if ( !$username || !$passwd2 ) {
$resultError = _LOGIN_INCOMPLETE;
} else {
$_PLUGINS->loadPluginGroup('user');
$_PLUGINS->trigger( 'onBeforeLogin', array( &$username, &$passwd2 ) );
$alertmessages = array();
$showSysMessage = true;
$stopLogin = false;
$returnURL = null;
if($_PLUGINS->is_errors()) {
$resultError = $_PLUGINS->getErrorMSG();
} else {
/*
$_CB_database->setQuery( "SELECT * "
. "\n FROM #__users u, "
. "\n #__comprofiler ue "
. "\n WHERE u.username='".$username."' AND u.id = ue.id"
);
$row = null;
if ( $_CB_database->loadObject( $row ) && cbHashPassword( $passwd2, $row ) ) {
*/
$loginType = ( isset( $ueConfig['login_type'] ) ? $ueConfig['login_type'] : 0 );
// NEXT 3 LINES: CB 1.2 RC 2 + CB 1.2 specific : remove after !
if ( ! defined( '_UE_INCORRECT_EMAIL_OR_PASSWORD' ) ) {
DEFINE('_UE_INCORRECT_EMAIL_OR_PASSWORD','Incorrect email or password. Please try again.');
}
$row = new moscomprofilerUser( $_CB_database );
$foundUser = false;
if ( $loginType <= 1 ) {
$foundUser = $row->loadByUsername( stripslashes( $username ) ) && cbHashPassword( $passwd2, $row );
}
if ( ( ! $foundUser ) && ( $loginType >= 1 ) ) {
$foundUser = $row->loadByEmail( stripslashes( $username ) ) && cbHashPassword( $passwd2, $row );
if ( $foundUser ) {
$username = $row->username;
}
}
if ( $foundUser ) {
$pluginResults = $_PLUGINS->trigger( 'onDuringLogin', array( &$row, 1, &$return ) );
if ( is_array( $pluginResults ) && count( $pluginResults ) ) {
foreach ( $pluginResults as $res ) {
if ( is_array( $res ) ) {
if ( isset( $res['messagesToUser'] ) ) {
$messagesToUser[] = $res['messagesToUser'];
}
if ( isset( $res['alertMessage'] ) ) {
$alertmessages[] = $res['alertMessage'];
}
if ( isset( $res['showSysMessage'] ) ) {
$showSysMessage = $showSysMessage && $res['showSysMessage'];
}
if ( isset( $res['stopLogin'] ) ) {
$stopLogin = $stopLogin || $res['stopLogin'];
}
}
}
}
if($_PLUGINS->is_errors()) {
$resultError = $_PLUGINS->getErrorMSG();
}
elseif ( $stopLogin ) {
// login stopped: don't even check for errors...
}
elseif ($row->approved == 2){
$resultError = _LOGIN_REJECTED;
}
elseif ($row->confirmed != 1){
if ( $row->cbactivation == '' ) {
$row->store(); // just in case the activation code was missing
}
$cbNotification = new cbNotification();
$cbNotification->sendFromSystem($row->id,getLangDefinition(stripslashes($ueConfig['reg_pend_appr_sub'])),getLangDefinition(stripslashes($ueConfig['reg_pend_appr_msg'])));
$resultError = _LOGIN_NOT_CONFIRMED;
}
elseif ($row->approved == 0){
$resultError = _LOGIN_NOT_APPROVED;
}
elseif ($row->block == 1) {
$resultError = _UE_LOGIN_BLOCKED;
}
elseif ($row->lastvisitDate == '0000-00-00 00:00:00') {
if (isset($ueConfig['reg_first_visit_url']) and ($ueConfig['reg_first_visit_url'] != "")) {
$return = $ueConfig['reg_first_visit_url'];
}
$_PLUGINS->trigger( 'onBeforeFirstLogin', array( &$row, $username, $passwd2, &$return ));
if ($_PLUGINS->is_errors()) {
$resultError = $_PLUGINS->getErrorMSG( "
" );
}
}
} else {
if ( $loginType < 2 ) {
$resultError = _LOGIN_INCORRECT;
} else {
$resultError = _UE_INCORRECT_EMAIL_OR_PASSWORD;
}
}
}
if ( $resultError ) {
if ( $showSysMessage ) {
$alertmessages[] = $resultError;
}
} elseif ( ! $stopLogin ) {
$rememberMe = cbGetParam( $_POST, 'remember' );
$_CB_framework->login( $username, $passwd2, $rememberMe );
$_PLUGINS->trigger( 'onAfterLogin', array( &$row, true ) );
if ( $message && $showSysMessage ) {
$alertmessages[] = _LOGIN_SUCCESS;
}
// changing com_comprofiler to comprofiler is a quick-fix for SEF ON on return path...
if ( $return && !( strpos( $return, 'comprofiler' /* 'com_comprofiler' */ ) && ( strpos( $return, 'login') || strpos( $return, 'registers' ) || strpos( strtolower( $return ), 'lostpassword' ) ) ) ) {
// checks for the presence of a return url
// and ensures that this url is not the registration or login pages
$returnURL = (strncasecmp($return, "http:", 5)||strncasecmp($return, "https:", 6)) ? $return : cbSef( $return, false );
} elseif ( ! $returnURL ) {
$returnURL = cbSef( 'index.php', false );
}
}
// JS Popup message
if ( count( $alertmessages ) > 0 ) {
echo '\n";
/*
**not sure if this is the best case but the
**reason why we weren't seeing the login message was
**because we are immediately redirecting to another page
**so if we flush out the contents to the browser then we get the alert.
*/
if (!$resultError && ( ! ( count( $messagesToUser ) > 0 ) ) && function_exists("ob_flush")) {
ob_flush(); // warning: this makes cbRedirect fail in IE6, as headers are already sent...JS redirect will work.
}
}
}
if ( count( $messagesToUser ) > 0 ) {
if ( $resultError ) {
echo "