private function _authenticate($inputUserName, $inputPassword, $remember)
{
global $locale, $settings;
$inputUserName = preg_replace(array("/\\=/", "/\\#/", "/\\sOR\\s/"), "", stripinput($inputUserName));
$where = "user_name";
switch ($settings['login_method']) {
case 1:
$where = "user_email";
break;
case 2:
$where = preg_match("/^[-0-9A-Z_\\.]{1,50}@([-0-9A-Z_\\.]+\\.){1,50}([0-9A-Z]){2,4}\$/i", $inputUserName) ? "user_email" : "user_name";
break;
}
$result = dbquery("SELECT * FROM " . DB_USERS . " WHERE " . $where . "='" . $inputUserName . "' LIMIT 1");
if (dbrows($result) == 1) {
$user = dbarray($result);
// Initialize password auth
$passAuth = new PasswordAuth();
$passAuth->currentAlgo = $user["user_algo"];
$passAuth->currentSalt = $user["user_salt"];
$passAuth->currentPasswordHash = $user["user_password"];
$passAuth->inputPassword = $inputPassword;
// Check if input password is valid
if ($passAuth->isValidCurrentPassword(TRUE)) {
if ($settings['multiple_logins'] != 1) {
$user['user_algo'] = $passAuth->getNewAlgo();
$user['user_salt'] = $passAuth->getNewSalt();
$user['user_password'] = $passAuth->getNewHash();
$result = dbquery("UPDATE " . DB_USERS . "\n\t\t\t\t\t\tSET user_algo='" . $user['user_algo'] . "', user_salt='" . $user['user_salt'] . "', user_password='" . $user['user_password'] . "'\n\t\t\t\t\t\tWHERE user_id='" . $user['user_id'] . "'");
}
if ($user['user_status'] == 0 && $user['user_actiontime'] == 0) {
Authenticate::setUserCookie($user['user_id'], $user['user_salt'], $user['user_algo'], $remember, TRUE);
Authenticate::_setUserTheme($user);
$this->_userData = $user;
} else {
require_once INCLUDES . "suspend_include.php";
require_once INCLUDES . "sendmail_include.php";
if ($user['user_status'] == 3 && $user['user_actiontime'] < time() || $user['user_status'] == 7) {
$result = dbquery("UPDATE " . DB_USERS . " SET user_status='0', user_actiontime='0' WHERE user_id='" . $user['user_id'] . "'");
if ($user['user_status'] == 3) {
$subject = str_replace("[SITENAME]", $settings['sitename'], $locale['global_451']);
$message = str_replace("[SITEURL]", $settings['siteurl'], $locale['global_455']);
$message = str_replace("[SITEUSERNAME]", $settings['siteusername'], $message);
unsuspend_log($user['user_id'], 3, $locale['global_450'], TRUE);
} else {
$subject = $locale['global_454'];
$message = str_replace("[SITEURL]", $settings['siteurl'], $locale['global_452']);
$message = str_replace("[SITEUSERNAME]", $settings['siteusername'], $message);
}
$message = str_replace("USER_NAME", $user['user_name'], $message);
sendemail($user['user_name'], $user['user_email'], $settings['siteusername'], $settings['siteemail'], $subject, $message);
} else {
redirect(Authenticate::getRedirectUrl(4, $user['user_status'], $user['user_id']));
}
}
} else {
redirect(Authenticate::getRedirectUrl(1));
}
} else {
redirect(Authenticate::getRedirectUrl(1));
}
}
