public function _remap()
{
if ($this->config->item('auth_two_factor_enable')) {
$_return_to = $this->input->get('return_to', TRUE);
$_remember = $this->input->get('remember', TRUE);
$_user_id = $this->uri->segment(3);
$_user = $this->user_model->get_by_id($_user_id);
if (!$_user) {
$this->session->set_flashdata('error', lang('auth_twofactor_token_unverified'));
if ($_return_to) {
redirect('auth/login?return_to=' . $_return_to);
return;
} else {
redirect('auth/login');
return;
}
}
$_salt = $this->uri->segment(4);
$_token = $this->uri->segment(5);
$_ip = $this->input->ip_address();
$_login_method = $this->uri->segment(6) ? $this->uri->segment(6) : 'native';
// Safety first
switch ($_login_method) {
case 'facebook':
case 'twitter':
case 'linkedin':
case 'native':
// All good, homies.
break;
default:
$_login_method = 'native';
break;
}
if ($this->auth_model->verify_two_factor_token($_user->id, $_salt, $_token, $_ip)) {
// Token is valid, generate a new one for the next request
$this->data['token'] = $this->auth_model->generate_two_factor_token($_user->id);
// Set data for the views
$this->data['user_id'] = $_user->id;
$this->data['login_method'] = $_login_method;
$this->data['return_to'] = $_return_to;
$this->data['remember'] = $_remember;
if ($this->input->post('answer')) {
// Validate the answer, if correct then log user in and forward, if not
// then generate a new token and show errors
$this->data['question'] = $this->user_model->get_security_question($_user->id);
$_valid = $this->user_model->validate_security_answer($this->data['question']->id, $_user->id, $this->input->post('answer'));
if ($_valid) {
// Set login data for this user
$this->user_model->set_login_data($_user->id);
// If we're remembering this user set a cookie
if ($_remember) {
$this->user_model->set_remember_cookie($_user->id, $_user->password, $_user->email);
}
// Update their last login and increment their login count
$this->user_model->update_last_login($_user->id);
// --------------------------------------------------------------------------
// Generate an event for this log in
create_event('did_log_in', $_user->id, 0, NULL, array('method' => $_login_method));
// --------------------------------------------------------------------------
// Say hello
if ($_user->last_login) {
$this->load->helper('date');
$_last_login = $this->config->item('auth_show_nicetime_on_login') ? nice_time(strtotime($_user->last_login)) : user_datetime($_user->last_login);
if ($this->config->item('auth_show_last_ip_on_login')) {
$this->session->set_flashdata('message', lang('auth_login_ok_welcome_with_ip', array($_user->first_name, $_last_login, $_user->last_ip)));
} else {
$this->session->set_flashdata('message', lang('auth_login_ok_welcome', array($_user->first_name, $_last_login)));
}
} else {
$this->session->set_flashdata('message', lang('auth_login_ok_welcome_notime', array($_user->first_name)));
}
// --------------------------------------------------------------------------
// Delete the token we generated, its no needed, eh!
$this->auth_model->delete_two_factor_token($this->data['token']['id']);
// --------------------------------------------------------------------------
$_redirect = $_return_to != site_url() ? $_return_to : $_user->group_homepage;
redirect($_redirect);
return;
} else {
$this->data['error'] = lang('auth_twofactor_answer_incorrect');
// Ask away cap'n!
$this->data['page']->title = lang('auth_twofactor_answer_title');
$this->load->view('structure/header', $this->data);
$this->load->view('auth/security_question/ask', $this->data);
$this->load->view('structure/footer', $this->data);
}
} else {
// Determine whether the user has any security questions set
$this->data['question'] = $this->user_model->get_security_question($_user->id);
if ($this->data['question']) {
// Ask away cap'n!
$this->data['page']->title = 'Security Question';
$this->load->view('structure/header', $this->data);
$this->load->view('auth/security_question/ask', $this->data);
$this->load->view('structure/footer', $this->data);
} else {
// Auth config stuffz
$this->data['questions'] = $this->config->item('auth_two_factor_questions');
$this->data['num_questions'] = count($this->data['questions']) < $this->config->item('auth_two_factor_num_questions') ? count($this->data['questions']) : $this->config->item('auth_two_factor_num_questions');
$this->data['num_custom_questions'] = $this->config->item('auth_two_factor_num_custom_question');
//.........这里部分代码省略.........
//.........这里部分代码省略.........
// the next process will confirm the login and set this.
if (!$this->config->item('auth_two_factor_enable')) {
// Set login data for this user
$this->user_model->set_login_data($_user->id);
// If we're remembering this user set a cookie
if ($remember) {
$this->user_model->set_remember_cookie($_user->id, $_user->password, $_user->email);
}
// Update their last login and increment their login count
$this->user_model->update_last_login($_user->id);
}
// Return some helpful data
$_return = array('user_id' => $_user->id, 'first_name' => $_user->first_name, 'last_login' => $_user->last_login, 'last_ip' => $_user->last_ip, 'homepage' => $_user->group_homepage, 'remember' => $remember);
// Two factor auth?
if ($this->config->item('auth_two_factor_enable')) {
// Generate token
$_return['two_factor_auth'] = $this->generate_two_factor_token($_user->id);
}
// Temporary password?
if ($_user->temp_pw) {
$_return['temp_pw'] = array();
$_return['temp_pw']['id'] = $_user->id;
$_return['temp_pw']['hash'] = md5($_user->salt);
}
return $_return;
// --------------------------------------------------------------------------
// Is the password NULL? If so it means the account was created using an API of sorts
} elseif ($_user->password === NULL) {
switch (APP_NATIVE_LOGIN_USING) {
case 'EMAIL':
$_identifier = $_user->email;
break;
// --------------------------------------------------------------------------
// --------------------------------------------------------------------------
case 'USERNAME':
$_identifier = $_user->username;
break;
// --------------------------------------------------------------------------
// --------------------------------------------------------------------------
case 'BOTH':
default:
$_identifier = $_user->email;
break;
}
switch ($user->auth_method_id) {
// Facebook Connect
case '2':
$this->_set_error('auth_login_fail_social_fb', site_url('auth/forgotten_password?identifier=' . $_identifier));
break;
// Twitter
// Twitter
case '3':
$this->_set_error('auth_login_fail_social_tw', site_url('auth/forgotten_password?identifier=' . $_identifier));
break;
// LinkedIn
// LinkedIn
case '5':
$this->_set_error('auth_login_fail_social_li', site_url('auth/forgotten_password?identifier=' . $_identifier));
break;
// Other
// Other
default:
$this->_set_error('auth_login_fail_social', site_url('auth/forgotten_password?identifier=' . $_identifier));
break;
}
return FALSE;
// --------------------------------------------------------------------------
} else {
// User was recognised but the password was wrong
// Increment the user's failed login count
$this->user_model->increment_failed_login($_user->id, $this->brute_force_protection['expire']);
// Are we already blocked? Let them know...
if ($_user->failed_login_count >= $this->brute_force_protection['limit']) {
// Check if the block has expired
if (time() < strtotime($_user->failed_login_expires)) {
$_block_time = ceil($this->brute_force_protection['expire'] / 60);
$this->_set_error('auth_login_fail_blocked', $_block_time);
return FALSE;
}
// Block has expired, reset the counter
$this->user_model->reset_failed_login($user->id);
}
// Check if the password was changed recently
if ($_user->password_changed) {
$_changed = strtotime($_user->password_changed);
$_recent = strtotime('-2 WEEKS');
if ($_changed > $_recent) {
$_changed_recently = nice_time($_changed);
}
}
}
}
// Login failed
if (empty($_changed_recently)) {
$this->_set_error('auth_login_fail_general');
} else {
$this->_set_error('auth_login_fail_general_recent', $_changed_recently);
}
return FALSE;
}
/**
* Get the relative time of when a thread was solved.
*
* @param int Timestamp of when the thread was solved.
* @return string Relative time of when the thread was solved.
**/
function mysupport_relative_time($statustime)
{
global $lang;
$lang->load("mysupport");
$time = TIME_NOW - $statustime;
if ($time <= 60) {
return $lang->mysupport_just_now;
} else {
$options = array();
if ($time >= 864000) {
$options['hours'] = false;
$options['minutes'] = false;
$options['seconds'] = false;
}
return nice_time($time) . " " . $lang->mysupport_ago;
}
}
/**
* Log a user in using hashes of their user ID and password; easy way of
* automatically logging a user in from the likes of an email.
*
* @access public
* @param none
* @return void
**/
public function with_hashes()
{
if (!$this->config->item('auth_enable_hashed_login')) {
show_404();
}
// --------------------------------------------------------------------------
$_hash['id'] = $this->uri->segment(4);
$_hash['pw'] = $this->uri->segment(5);
if (empty($_hash['id']) || empty($_hash['pw'])) {
show_error($lang['auth_with_hashes_incomplete_creds']);
}
// --------------------------------------------------------------------------
/**
* If the user is already logged in we need to check to see if we check to see if they are
* attempting to login as themselves, if so we redirect, otherwise we log them out and try
* again using the hashes.
*
**/
if ($this->user_model->is_logged_in()) {
if (md5(active_user('id')) == $_hash['id']) {
// We are attempting to log in as who we're already logged in as, redirect normally
if ($this->data['return_to']) {
redirect($this->data['return_to']);
} else {
// Nowhere to go? Send them to their default homepage
redirect(active_user('group_homepage'));
}
} else {
// We are logging in as someone else, log the current user out and try again
$this->auth_model->logout();
redirect(preg_replace('/^\\//', '', $_SERVER['REQUEST_URI']));
}
return;
}
// --------------------------------------------------------------------------
/**
* The active user is a guest, we must look up the hashed user and log them in
* if all is ok otherwise we report an error.
*
**/
$_user = $this->user_model->get_by_hashes($_hash['id'], $_hash['pw']);
// --------------------------------------------------------------------------
if ($_user) {
// User was verified, log the user in
$this->user_model->set_login_data($_user->id);
// --------------------------------------------------------------------------
// Say hello
if ($_user->last_login) {
$this->load->helper('date');
$_last_login = $this->config->item('auth_show_nicetime_on_login') ? nice_time(strtotime($_user->last_login)) : user_datetime($_user->last_login);
if ($this->config->item('auth_show_last_ip_on_login')) {
$this->session->set_flashdata('message', lang('auth_login_ok_welcome_with_ip', array($_user->first_name, $_last_login, $_user->last_ip)));
} else {
$this->session->set_flashdata('message', lang('auth_login_ok_welcome', array($_user->first_name, $_user->last_login)));
}
} else {
$this->session->set_flashdata('message', lang('auth_login_ok_welcome_notime', array($_user->first_name)));
}
// --------------------------------------------------------------------------
// Update their last login
$this->user_model->update_last_login($_user->id);
// --------------------------------------------------------------------------
// Redirect user
if ($this->data['return_to'] != site_url()) {
// We have somewhere we want to go
redirect($this->data['return_to']);
} else {
// Nowhere to go? Send them to their default homepage
redirect($_user->group_homepage);
}
} else {
// Bad lookup, invalid hash.
$this->session->set_flashdata('error', lang('auth_with_hashes_autologin_fail'));
redirect($this->data['return_to']);
}
}
请发表评论