HEX
Server: Apache/2.4.59 (Debian)
System: Linux skycube.cz 4.19.0-25-amd64 #1 SMP Debian 4.19.289-2 (2023-08-08) x86_64
User: ilya (534)
PHP: 7.3.31-1~deb10u7
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /var/www/ilya/data/www/kamforum.ru/sources/loginauth/convert/
Upload Files
File: /var/www/ilya/data/www/kamforum.ru/sources/loginauth/convert/auth.php.bak
<?php
/*
+---------------------------------------------------------------------------
|   Invision Power Board V2.1.0
|   ========================================
|   by Matthew Mecham
|   (c) 2004 Invision Power Services
|   http://www.invisionpower.com
|   ========================================
+---------------------------------------------------------------------------
|   INVISION POWER DYNAMIC IS NOT FREE SOFTWARE!
|   http://www.invisionpower.com/dynamic/
+---------------------------------------------------------------------------
|
|   > LOG IN MODULE: Converted Board Modules
|   > Script written by Stewart Campbell
|   > Date started: October 15th 2005
|
+---------------------------------------------------------------------------
| NOTES:
| This module is part of the authentication suite of modules. It's designed
| to enable different types of authentication.
|
| RETURN CODES
| 'ERROR': Error, check array: $class->auth_errors
| 'NO_USER': No user found in LOCAL record set but auth passed in REMOTE dir
| 'WRONG_AUTH': Wrong password or username
| 'SUCCESS': Success, user and password matched
|
+---------------------------------------------------------------------------
| EXAMPLE USAGE
|
| $class = new login_method();
| $class->is_admin_auth = 0; // Boolean (0,1) Use different queries if desired
|							 // if logging into CP.
| $class->allow_create = 0;
| // $allow_create. Boolean flag (0,1) to tell the module whether its allowed
| // to create a member in the IPS product's database if the user passed authentication
| // but don't exist in the IPS product's database. Optional.
|
| $return_code = $class->authenticate( $username, $plain_text_password );
|
| if ( $return_code == 'SUCCESS' )
| {
|     print $class->member['member_name'];
| }
| else
| {
| 	  print "NO USER";
| }
+---------------------------------------------------------------------------
*/

class login_method extends login_core
{
	# Globals
	var $member;
	
	/*-------------------------------------------------------------------------*/
	// Constructor
	/*-------------------------------------------------------------------------*/
	
	function login_method()
	{
	}
	
	/*-------------------------------------------------------------------------*/
	// Authentication
	/*-------------------------------------------------------------------------*/
	
	function authenticate( $username, $password )
	{
		global $ipsclass;
		
		$this->_load_member( $username );
		
		if($ipsclass->vars['conv_configured'] != 1)
		{
			$this->return_code = "WRONG_AUTH";
			return;
		}
		
		switch($ipsclass->vars['conv_chosen'])
		{
			case 'vb3':
			case 'vb35':
				$this->authenticate_vb3( $username, $password );
				break;
			case 'ib31':
				$this->authenticate_ib31( $username, $password );
				break;
			case 'smf10':
			case 'yabbse':
				$this->authenticate_smf( $username, $password );
				break;
			case 'ubbt5':
				$this->authenticate_ubbthreads5( $username, $password );
				break;
			default:
				$this->return_code = "WRONG_AUTH";
				return;
		}
		return;
	}

	/*-------------------------------------------------------------------------*/
	// Authentication for vB3
	/*-------------------------------------------------------------------------*/
	
	function authenticate_vb3( $username, $password )
	{
		global $ipsclass;
		
		if ( $this->member['misc'])
		{

			$single_md5_pass = md5( $password );
			
			$decr = md5( $single_md5_pass . $this->member['misc'] );
			
			if ( $decr == $this->member['legacy_password'] )
			{	
				$this->_clean_convert_data( $single_md5_pass );
				
				$this->return_code = 'SUCCESS';
				return;
			}
			
		}
		$this->return_code = 'WRONG_AUTH';
	}
	
	
	/*-------------------------------------------------------------------------*/
	// Authentication for iB3.1
	/*-------------------------------------------------------------------------*/
	
	function authenticate_ib31( $username, $password )
	{
			$decr = md5( $password . $username );
			$single_md5_pass = md5( $password );
				
			if ( $decr == $this->member['legacy_password'] )
			{	
				$this->_clean_convert_data( $single_md5_pass );
				
				$this->return_code = "SUCCESS";
				return;
			}
			
			$this->return_code = "WRONG_AUTH";
	}
	
	/*-------------------------------------------------------------------------*/
	// Authentication for SMF / YABB.SE
	/*-------------------------------------------------------------------------*/
	
	function authenticate_smf( $username, $password )
	{
		if($this->member['misc'])
		{
			$single_md5_pass = md5( $password );
			
			$success = false;
			
			if ( crypt( $password, substr( $password,0,2 ) ) == $this->member['legacy_password'] )
			{
				$success = true;
			}
			else if ( strlen($this->member['legacy_password']) == 32  AND ( $this->_md5_hmac( $password, $username ) == $this->member['legacy_password'] ) )
			{
				$success = true;
			}
			else if ( strlen($this->member['legacy_password']) == 32  AND ( $single_md5_pass == $this->member['legacy_password'] ) )
			{
				$success = true;
			}
			
			if( $success )
			{
				$this->_clean_convert_data( $single_md5_pass );
				$this->return_code = "SUCCESS";
				return;
			}
		
		}
		$this->return_code = "WRONG_AUTH";
		return;
	}
	
	//*-------------------------------------------------------------------------*/
	// Authentication for UBB.Threads 5
	//*-------------------------------------------------------------------------*/*/
	
	function authenticate_ubbthreads5( $username, $password )
	{
		$single_md5_pass = md5( $password );
		
		$success = false;
		
		if(crypt($password, $this->member['legacy_password']) == $this->member['legacy_password'])
		{
			$success = true;
		}
		else if($single_md5_pass == $row['legacy_password'])
		{
			$success = true;
		}
		
		if( $success )
		{
			$this->_clean_convert_data( $single_md5_pass );
			$this->return_code = "SUCCESS";
			return;
		}
		
		$this->return_code = "WRONG_AUTH";
		return;
	}
	
	/*-------------------------------------------------------------------------*/
	// Utility Functions
	/*-------------------------------------------------------------------------*/
	
	/*-------------------------------------------------------------------------*/
	// Load member from DB
	/*-------------------------------------------------------------------------*/
	
	function _load_member( $username )
	{
		$this->member = $this->ipsclass->DB->build_and_exec_query( array( 'select' => '*', 'from' => 'members', 'where' => "name='" . $username . "'" ) );
	}
	
	/*-------------------------------------------------------------------------*/
	// Clean-Up The Converted Data
	/*-------------------------------------------------------------------------*/
	
	function _clean_convert_data( $new_pass )
	{
		global $ipsclass;
		
		$ipsclass->DB->query("UPDATE ibf_members SET legacy_password='',misc='0' WHERE id={$this->member['id']}");
		$ipsclass->converge->converge_update_password( $new_pass, $this->member['email'] );
	}
	
  function _md5_hmac($data, $key)
	{
		if (strlen($key) > 64)
			$key = pack('H*', md5($key));
		$key  = str_pad($key, 64, chr(0x00));

		$k_ipad = $key ^ str_repeat(chr(0x36), 64);
		$k_opad = $key ^ str_repeat(chr(0x5c), 64);

		return md5($k_opad . pack('H*', md5($k_ipad . $data)));
	}
}

?>
@ Telegram