Changeset 148 for trunk/lib/Auth_SQL.inc.php
- Timestamp:
- Jun 5, 2006 1:33:26 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Auth_SQL.inc.php
r146 r148 262 262 seconds_online = seconds_online + (UNIX_TIMESTAMP() - UNIX_TIMESTAMP(last_access_datetime)), 263 263 last_login_datetime = '0000-00-00 00:00:00' 264 WHERE " . $this->_params['db_primary_key'] . " = '" . $this->get Val('user_id') . "'264 WHERE " . $this->_params['db_primary_key'] . " = '" . $this->get('user_id') . "' 265 265 "); 266 266 $_SESSION[$this->_ns] = array('authenticated' => false); … … 290 290 * @return mixed Value stored in session. 291 291 */ 292 function get Val($key, $default='')292 function get($key, $default='') 293 293 { 294 294 if (isset($_SESSION[$this->_ns][$key])) { … … 390 390 if (!empty($user_data['blocked'])) { 391 391 392 $app->logMsg(sprintf('User %s (%s) login failed due to blocked account: %s', $this->get Val('user_id'), $this->getVal('username'), $this->getVal('blocked_reason')), LOG_NOTICE, __FILE__, __LINE__);392 $app->logMsg(sprintf('User %s (%s) login failed due to blocked account: %s', $this->get('user_id'), $this->get('username'), $this->get('blocked_reason')), LOG_NOTICE, __FILE__, __LINE__); 393 393 394 394 switch ($user_data['blocked_reason']) { … … 412 412 * (2) If this number exceeds the login_abuse_max_ips, assume multiple people are logging in under the same account. 413 413 **/ 414 if ($this->getParam('abuse_detection') && !$this->get Val('login_abuse_exempt')) {414 if ($this->getParam('abuse_detection') && !$this->get('login_abuse_exempt')) { 415 415 $qid = $db->query(" 416 416 SELECT COUNT(DISTINCT LEFT(remote_ip_binary, " . $this->_params['login_abuse_ip_bitmask'] . ")) 417 417 FROM " . $this->_params['db_login_table'] . " 418 WHERE " . $this->_params['db_primary_key'] . " = '" . $this->get Val('user_id') . "'418 WHERE " . $this->_params['db_primary_key'] . " = '" . $this->get('user_id') . "' 419 419 AND DATE_ADD(login_datetime, INTERVAL '" . $this->_params['login_abuse_timeframe'] . "' DAY_HOUR) > NOW() 420 420 "); 421 421 list($distinct_ips) = mysql_fetch_row($qid); 422 422 if ($distinct_ips > $this->_params['login_abuse_max_ips']) { 423 if ($this->get Val('abuse_warning_level') < $this->_params['login_abuse_warnings']) {423 if ($this->get('abuse_warning_level') < $this->_params['login_abuse_warnings']) { 424 424 // Warn the user with a password reset. 425 425 $this->resetPassword(null, _("This is a security precaution. We have detected this account has been accessed from multiple computers simultaneously. It is against policy to share login information with others. If further account abuse is detected this account will be blocked.")); 426 426 $app->raiseMsg(_("Your password has been reset as a security precaution. Please check your email for more information."), MSG_NOTICE, __FILE__, __LINE__); 427 $app->logMsg(sprintf('Account abuse detected for user %s (%s) from IP %s', $this->get Val('user_id'), $this->getVal('username'), $this->getVal('remote_ip')), LOG_WARNING, __FILE__, __LINE__);427 $app->logMsg(sprintf('Account abuse detected for user %s (%s) from IP %s', $this->get('user_id'), $this->get('username'), $this->get('remote_ip')), LOG_WARNING, __FILE__, __LINE__); 428 428 } else { 429 429 // Block the account with the reason of account abuse. 430 430 $this->blockAccount(null, 'account abuse'); 431 431 $app->raiseMsg(_("Your account has been blocked as a security precaution. Please contact us for more information."), MSG_NOTICE, __FILE__, __LINE__); 432 $app->logMsg(sprintf('Account blocked for user %s (%s) from IP %s', $this->get Val('user_id'), $this->getVal('username'), $this->getVal('remote_ip')), LOG_ALERT, __FILE__, __LINE__);432 $app->logMsg(sprintf('Account blocked for user %s (%s) from IP %s', $this->get('user_id'), $this->get('username'), $this->get('remote_ip')), LOG_ALERT, __FILE__, __LINE__); 433 433 } 434 434 // Increment user's warning level. 435 $db->query("UPDATE " . $this->_params['db_table'] . " SET abuse_warning_level = abuse_warning_level + 1 WHERE " . $this->_params['db_primary_key'] . " = '" . $this->get Val('user_id') . "'");435 $db->query("UPDATE " . $this->_params['db_table'] . " SET abuse_warning_level = abuse_warning_level + 1 WHERE " . $this->_params['db_primary_key'] . " = '" . $this->get('user_id') . "'"); 436 436 // Reset the login counter for this user. 437 $db->query("DELETE FROM " . $this->_params['db_login_table'] . " WHERE " . $this->_params['db_primary_key'] . " = '" . $this->get Val('user_id') . "'");437 $db->query("DELETE FROM " . $this->_params['db_login_table'] . " WHERE " . $this->_params['db_primary_key'] . " = '" . $this->get('user_id') . "'"); 438 438 // No login: reset password because of account abuse! 439 439 $this->clearAuth(); … … 448 448 remote_ip_binary 449 449 ) VALUES ( 450 '" . $this->get Val('user_id') . "',451 '" . $this->get Val('login_datetime') . "',452 '" . sprintf('%032b', ip2long($this->get Val('remote_ip'))) . "'450 '" . $this->get('user_id') . "', 451 '" . $this->get('login_datetime') . "', 452 '" . sprintf('%032b', ip2long($this->get('remote_ip'))) . "' 453 453 ) 454 454 "); … … 458 458 $db->query(" 459 459 UPDATE " . $this->_params['db_table'] . " SET 460 last_login_datetime = '" . $this->get Val('login_datetime') . "',461 last_access_datetime = '" . $this->get Val('login_datetime') . "',462 last_login_ip = '" . $this->get Val('remote_ip') . "'463 WHERE " . $this->_params['db_primary_key'] . " = '" . $this->get Val('user_id') . "'460 last_login_datetime = '" . $this->get('login_datetime') . "', 461 last_access_datetime = '" . $this->get('login_datetime') . "', 462 last_login_ip = '" . $this->get('remote_ip') . "' 463 WHERE " . $this->_params['db_primary_key'] . " = '" . $this->get('user_id') . "' 464 464 "); 465 465 … … 508 508 $user_in_trusted_network = true; 509 509 $app->logMsg(sprintf('User %s accessing from trusted network %s', 510 ($this->get Val('user_id') ? ' ' . $this->getVal('user_id') . ' (' . $this->getVal('username') . ')' : ''),510 ($this->get('user_id') ? ' ' . $this->get('user_id') . ' (' . $this->get('username') . ')' : ''), 511 511 $trusted_net 512 512 ), LOG_DEBUG, __FILE__, __LINE__); … … 514 514 $user_in_trusted_network = true; 515 515 $app->logMsg(sprintf('User %s accessing from trusted network proxy.aol.com', 516 ($this->get Val('user_id') ? ' ' . $this->getVal('user_id') . ' (' . $this->getVal('username') . ')' : '')516 ($this->get('user_id') ? ' ' . $this->get('user_id') . ' (' . $this->get('username') . ')' : '') 517 517 ), LOG_DEBUG, __FILE__, __LINE__); 518 518 } else { … … 535 535 UPDATE " . $this->_params['db_table'] . " SET 536 536 seconds_online = seconds_online + (UNIX_TIMESTAMP() - UNIX_TIMESTAMP(last_access_datetime)) + 1, 537 last_access_datetime = '" . $this->get Val('last_access_datetime') . "'538 WHERE " . $this->_params['db_primary_key'] . " = '" . $this->get Val('user_id') . "'537 last_access_datetime = '" . $this->get('last_access_datetime') . "' 538 WHERE " . $this->_params['db_primary_key'] . " = '" . $this->get('user_id') . "' 539 539 "); 540 540 if (mysql_affected_rows($db->getDBH()) > 0) { … … 542 542 return true; 543 543 } else { 544 $app->logMsg(sprintf('User update failed. Record not found for user %s (%s).', $this->get Val('user_id'), $this->getVal('username')), LOG_NOTICE, __FILE__, __LINE__);544 $app->logMsg(sprintf('User update failed. Record not found for user %s (%s).', $this->get('user_id'), $this->get('username')), LOG_NOTICE, __FILE__, __LINE__); 545 545 } 546 546 } else if (isset($_SESSION[$this->_ns]) && true === $_SESSION[$this->_ns]['authenticated']) { … … 565 565 $expire_reasons[] = sprintf('remote_ip not matched (%s != %s)', $_SESSION[$this->_ns]['remote_ip'], getRemoteAddr()); 566 566 } 567 $app->logMsg(sprintf('User %s (%s) session expired: %s', $this->get Val('user_id'), $this->getVal('username'), join(', ', $expire_reasons)), LOG_INFO, __FILE__, __LINE__);567 $app->logMsg(sprintf('User %s (%s) session expired: %s', $this->get('user_id'), $this->get('username'), join(', ', $expire_reasons)), LOG_INFO, __FILE__, __LINE__); 568 568 } 569 569 … … 617 617 618 618 // Get user_id if specified. 619 $user_id = isset($user_id) ? $user_id : $this->get Val('user_id');619 $user_id = isset($user_id) ? $user_id : $this->get('user_id'); 620 620 $db->query(" 621 621 UPDATE " . $this->_params['db_table'] . " SET … … 638 638 if ($this->getParam('blocking')) { 639 639 // Get user_id if specified. 640 $user_id = isset($user_id) ? $user_id : $this->get Val('user_id');640 $user_id = isset($user_id) ? $user_id : $this->get('user_id'); 641 641 $db->query(" 642 642 UPDATE " . $this->_params['db_table'] . " SET … … 788 788 789 789 // Get user_id if specified. 790 $user_id = isset($user_id) ? $user_id : $this->get Val('user_id');790 $user_id = isset($user_id) ? $user_id : $this->get('user_id'); 791 791 792 792 // Issue the password change query. … … 817 817 818 818 // Get user_id if specified. 819 $user_id = isset($user_id) ? $user_id : $this->get Val('user_id');819 $user_id = isset($user_id) ? $user_id : $this->get('user_id'); 820 820 821 821 // Reset password of a specific user. … … 891 891 return true; 892 892 $zone_members = preg_split('/,\s*/', $security_zone); 893 $priv = empty($priv) ? $this->get Val('priv') : $priv;893 $priv = empty($priv) ? $this->get('priv') : $priv; 894 894 895 895 // If the current user's privilege level is NOT in that array or if the … … 917 917 /* If the current user's privilege level is NOT in that array or if the 918 918 * user has no privilege, DIE with a message. */ 919 if (!in_array($this->get Val('priv'), $zone_members) || !$this->getVal('priv')) {919 if (!in_array($this->get('priv'), $zone_members) || !$this->get('priv')) { 920 920 $message = empty($message) ? _("You have insufficient privileges to view that page.") : $message; 921 921 $app->raiseMsg($message, MSG_NOTICE, __FILE__, __LINE__);
Note: See TracChangeset
for help on using the changeset viewer.