在Invision Power Board中设置会话

时间:2016-03-29 16:48:51

标签: php session invision-power-board

经过大量的努力,我们找到了一些IPB远程登录的东西,但它无法正常工作。我们可以获取成员信息,但无法在会话中设置此成员。 请帮助我们进行IPB的设定会议。

以下是代码:

remote_login.php

<?php
$_SERVER['SCRIPT_FILENAME'] = __FILE__;
$path   = '';

require_once $path . 'init.php';
\IPS\Session\Front::i();

$key = md5( md5( \IPS\Settings::i()->sql_user . \IPS\Settings::i()->sql_pass ) . \IPS\Settings::i()->board_start );

$login_type = 'email';

/* uncomment for more security  */
// $ip_address = array('127.0.0.1', 'x.x.x.x'); // EDIT THIS LINE!!
// if(in_array($_SERVER['REMOTE_ADDR'], $ip_address) !== TRUE) {
    // echo_json(array('status' => 'FAILD', 'msg' => 'BAD_IP_ADDR'));
// }

/* -~-~-~-~-~-~ Stop Editing -~-~-~-~-~-~ */

if( !\IPS\Request::i()->do || !\IPS\Request::i()->id || !\IPS\Request::i()->key || !\IPS\Login::compareHashes( \IPS\Request::i()->key, md5($key . \IPS\Request::i()->id))) {
    echo_json(array('status' => 'FAILD', 'msg' => 'BAD_KEY'));
}

$member = \IPS\Member::load( \IPS\Request::i()->id, $login_type );

if( !$member->member_id ) {
    echo_json(array('status' => 'FAILD', 'msg' => 'ACCOUNT_NOT_FOUND'));
}

switch(\IPS\Request::i()->do) {
    case 'get_salt':
        echo_json(array('status' => 'SUCCESS', 'pass_salt' => $member->members_pass_salt));
    break;
    case 'login':
        if( \IPS\Login::compareHashes($member->members_pass_hash, \IPS\Request::i()->password) === TRUE ) {

/* Remove old failed login attempts */
                        if ( \IPS\Settings::i()->ipb_bruteforce_period and ( \IPS\Settings::i()->ipb_bruteforce_unlock or !isset( $member->failed_logins[ \IPS\Request::i()->ipAddress() ] ) or $member->failed_logins[ \IPS\Request::i()->ipAddress() ] < \IPS\Settings::i()->ipb_bruteforce_attempts ) )
                        {
                            $removeLoginsOlderThan = \IPS\DateTime::create()->sub( new \DateInterval( 'PT' . \IPS\Settings::i()->ipb_bruteforce_period . 'M' ) );
                            $failedLogins = $member->failed_logins;
                            if ( is_array( $failedLogins ) )
                            {
                                foreach ( $failedLogins as $ipAddress => $times )
                                {
                                    foreach ( $times as $k => $v )
                                    {
                                        if ( $v < $removeLoginsOlderThan->getTimestamp() )
                                        {
                                            unset( $failedLogins[ $ipAddress ][ $k ] );
                                        }
                                    }
                                }
                                $member->failed_logins = $failedLogins;
                            }
                            else
                            {
                                $member->failed_logins = array();
                            }
                            $member->save();
                        }


/* If we're still here, the login was fine, so we can reset the count and process login */
                        if ( isset( $member->failed_logins[ \IPS\Request::i()->ipAddress() ] ) )
                        {
                            $failedLogins = $member->failed_logins;
                            unset( $failedLogins[ \IPS\Request::i()->ipAddress() ] );
                            $member->failed_logins = $failedLogins;
                        }
                        $member->last_visit = time();
                        $member->save();


/*==========================try to set session code start================*/
            /* Create a unique session key and redirect */

            \IPS\Session::i()->setMember( $member );
            $expire = new \IPS\DateTime;
            $expire->add( new \DateInterval( 'P7D' ) );
            \IPS\Request::i()->setCookie( 'member_id', $member->member_id, $expire );
            \IPS\Request::i()->setCookie( 'pass_hash', $member->member_login_key, $expire );

            if ( $anonymous and !\IPS\Settings::i()->disable_anonymous )
            {
                \IPS\Request::i()->setCookie( 'anon_login', 1, $expire );
            }
            \IPS\Session::i()->setMember( $member );
            \IPS\Session::i()->init();
            \IPS\Request::i()->setCookie( 'ips4_member_id', $member->member_id, $expire );
            \IPS\Request::i()->setCookie( 'ips4_pass_hash', $member->member_login_key, $expire );

            /*$member->checkLoginKey();

            $expire = new \IPS\DateTime;
            $expire->add( new \DateInterval( 'P1Y' ) );
            \IPS\Request::i()->setCookie( 'ips4_member_id', $member->member_id, $expire );
            \IPS\Request::i()->setCookie( 'ips4_pass_hash', $member->member_login_key, $expire );*/

/*==========================try to set session code end================*/
            echo_json(
                    array(
                        'status' => 'SUCCESS',
                        'connect_status'            => ( $member->members_bitoptions['validating'] ) ? 'VALIDATING' : 'SUCCESS',
                        'email'                     => $member->email,
                        'name'                      => $member->name,
                        'connect_id'                => $member->member_id,
                        'member' =>$member
                    )
                );
        }
    break;
}


function echo_json(array $arr) {
    echo json_encode($arr);
    exit;
}

login.php

  <?php

$ips_connect_key = '3325a51154becfc88fXXXXXXXXX';
$remote_login = 'IPB/remote_login.php';

$email          = $_GET['email'];
$password       = $_GET['password'];

$key            = md5($ips_connect_key . $email);
// fetch salt first
$res = json_decode(file_get_contents($remote_login . "?do=get_salt&id={$email}&key={$key}"), true);

$hash = crypt( $password, '$2a$13$' . $res['pass_salt'] );

$res = json_decode(file_get_contents($remote_login . "?do=login&id={$email}&key={$key}&password={$hash}"), true);
$_COOKIE["ips4_member_id"]=41;
$_COOKIE['ips4_pass_hash']="e195d3939b62342481dfc32fcf360538";
$_COOKIE['ips4_IPSSessionFront']="sn359rogbto4j7jqhcqh10stl5";
print_r($res);
echo "<br/><br/><br/>";
print_r($_COOKIE);

calling login.php

 login.php?email=XXXXX@gmail.com&password=XXXXXX!

在这里,我们可以获取成员信息,但无法将该成员设置为已登录。

0 个答案:

没有答案