e107_handlers/login.php from e107inc/e107

e107_handlers/login.php
Summary

Maintainability

6 hrs
Test Coverage

69%
Issues
Coverage
<?php
/*
 * e107 website system
 *
 * Copyright (C) 2008-2013 e107 Inc (e107.org)
 * Released under the terms and conditions of the
 * GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
 *
 * Login handler
 *
*/


if (!defined('e107_INIT')) { exit; }


// require_once(e_HANDLER.'user_handler.php'); //shouldn't be necessary
e107::includeLan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_login.php');

// TODO - class constants
define ('LOGIN_TRY_OTHER', 2);        // Try some other authentication method
define ('LOGIN_CONTINUE',1);        // Not rejected (which is not exactly the same as 'accepted') by alt_auth
define ('LOGIN_ABORT',-1);            // Rejected by alt_auth
define ('LOGIN_BAD_PW', -2);        // Password wrong
define ('LOGIN_BAD_USER', -3);        // User not in DB
define ('LOGIN_BAD_USERNAME', -4);    // Username format unacceptable (e.g. too long)
define ('LOGIN_BAD_CODE', -5);        // Wrong image code entered
define ('LOGIN_MULTIPLE', -6);         // Error if multiple logins not allowed
define ('LOGIN_NOT_ACTIVATED', -7);    // User in DB, not activated
define ('LOGIN_BLANK_FIELD', -8);    // Username or password blank
define ('LOGIN_BAD_TRIGGER', -9);    // Rejected by trigger event
define ('LOGIN_BANNED', -10);        // Banned user attempting login
define ('LOGIN_CHAP_FAIL', -11);    // CHAP login failed
define ('LOGIN_DB_ERROR', -12);        // Error adding user to main DB

/**
 * TODO - use new user model, compact everything in max 2 classes
 */
class userlogin
{
    protected $e107;
    protected $userMethods;            // Pointer to user handler
    protected $userIP;                // IP address
    protected $lookEmail = false;    // Flag set if logged in using email address
    protected $userData = array();    // Information for current user
    protected $passResult = false;    // USed to determine if stored password needs update
    protected $testMode   = false;
    protected $secImageType = 'logcode';

    public function __construct()
    {
        $this->e107 = e107::getInstance();
        $this->userIP = e107::getIPHandler()->getIP();
        $this->userMethods = e107::getUserSession();
    }

    /**
     * @param $area
     * @return void
     */
    public function setSecureImageMode($area)
    {
        $modes = array(
            'admin' => 'admincode',
            'login' => 'logcode',
        //    'fpw'   => '',
        );

        $this->secImageType = varset($modes[$area],'not-a-pref');

    }

    /**
    # Class called when user attempts to log in
    #
    # @param string $username, $_POSTED user name
    # @param string $userpass, $_POSTED user password
    # @param $autologin - 'signup' - uses a specially encoded password - logs in if matches
    #                    - zero for 'normal' login
    #                    - non-zero sets the 'remember me' flag in the cookie
    ' @param string $response - response string returned by CHAP login (instead of password)
    # @return  boolean - FALSE on login fail, TRUE on login successful
    */
    public function login($username, $userpass, $autologin, $response = '', $noredirect = false)
    {
        $pref = e107::getPref();
        $tp = e107::getParser();
        $sql = e107::getDb();

        $e_event = e107::getEvent();
        $_E107 = e107::getE107();
        
        $username = trim($username);
        $userpass = trim($userpass);

        if($_E107['cli'] && ($username == ''))
        {
            return FALSE;
        }
        
        $forceLogin = ($autologin === 'signup');
        if(!$forceLogin && $autologin === 'provider') $forceLogin = 'provider';

        if(empty($username) || (empty($userpass) && empty($response) && $forceLogin !== 'provider'))
        {    // Required fields blank
            return $this->invalidLogin($username,LOGIN_BLANK_FIELD);
        }

//        $this->e107->admin_log->addEvent(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'IP: '.$fip,FALSE,LOG_TO_ROLLING);
//        $this->e107->check_ban("banlist_ip='{$this->userIP}' ",FALSE);            // This will exit if a ban is in force
        e107::getIPHandler()->checkBan("banlist_ip='{$this->userIP}' ",FALSE);            // This will exit if a ban is in force
        
        $autologin = intval($autologin);        // Will decode to zero if forced login
        $authorized = false;
        if (!$forceLogin && e107::isInstalled('alt_auth'))
        {
            $authMethod[0] = varset($pref['auth_method'], 'e107');        // Primary authentication method
            $authMethod[1] = varset($pref['auth_method2'], 'none');        // Secondary authentication method (if defined)
            $result = false;
            foreach ($authMethod as $key => $method)
            {
                if ($method == 'e107')
                {
                    if ($this->lookupUser($username, $forceLogin))
                    {
                        if ($this->checkUserPassword($username, $userpass, $response, $forceLogin) === TRUE)
                        {
                            $authorized = true;
                            $result = LOGIN_CONTINUE;        // Valid User exists in local DB
                        }
                        elseif(varset($pref['auth_badpassword'], TRUE))
                        {
                            $result = LOGIN_TRY_OTHER;
                            continue; // Should use alternate method for password auth
                        }
                        else 
                        {
                            return $this->invalidLogin($username,LOGIN_ABORT);
                        }
                    }
                }
                else
                {
                    if ($method != 'none')
                    {
                        $auth_file = e_PLUGIN.'alt_auth/'.$method.'_auth.php';
                        if (file_exists($auth_file))
                        {
                            require_once(e_PLUGIN.'alt_auth/alt_auth_login_class.php');
                            $al = new alt_login($method, $username, $userpass); 
                            $result = $al->loginResult; 
                            switch ($result)
                            {
                                case LOGIN_ABORT :
                                    return $this->invalidLogin($username,LOGIN_ABORT);
                                break;
                                case LOGIN_DB_ERROR :
                                    return $this->invalidLogin($username,LOGIN_DB_ERROR);
                                break;
                                case AUTH_SUCCESS:
                                    $authorized = true;
                                break;
                                case LOGIN_TRY_OTHER:
                                    if ($key === array_key_last($authMethod)) { 
                                        return $this->invalidLogin($username,LOGIN_ABORT);
                                    }
                                    continue 2;
                                break;
                            }
                        }
                    }
                }
                if ($result === LOGIN_CONTINUE)
                {
                    break;
                }
            }
        }

        $username = preg_replace("/\sOR\s|\=|\#/", "", $username);

        // Check secure image
        if (!$forceLogin && !empty($pref[$this->secImageType]) && extension_loaded('gd'))
        {
            if ($secImgResult = e107::getSecureImg()->invalidCode($_POST['rand_num'], $_POST['code_verify'])) // Invalid code
            {
                return $this->invalidLogin($username, LOGIN_BAD_CODE, $secImgResult);
            }

        }

        if (empty($this->userData))        // May have retrieved user data earlier
        {
            if (!$this->lookupUser($username, $forceLogin))
            {
                return false;        // User doesn't exist
            }
        }

        if ($authorized !== true && $this->checkUserPassword($username, $userpass, $response, $forceLogin) !== true)
        {
            return false;
        }


        // Check user status
        switch ($this->userData['user_ban'])
        {
            case USER_REGISTERED_NOT_VALIDATED : // User not fully signed up - hasn't activated account.
                return $this->invalidLogin($username, LOGIN_NOT_ACTIVATED);
            case USER_BANNED :        // User banned
                return $this->invalidLogin($username, LOGIN_BANNED,$this->userData['user_id']);
            case USER_VALIDATED :        // Valid user
                break;            // Nothing to do ATM
            case USER_EMAIL_BOUNCED:
                $bounceLAN      = LAN_LOGIN_36;
                $bounceMessage  =  $tp->lanVars($bounceLAN, $this->userData['user_email'],true );
                $bounceMessage  = str_replace(array('[',']'),array("<a href='".e_HTTP."usersettings.php'>","</a>"), $bounceMessage);

                e107::getMessage()->addWarning($bounceMessage, 'default', true);
                break;
            default :            // May want to pick this up
        }


        // User is OK as far as core is concerned
//        $this->e107->admin_log->addEvent(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'User passed basics',FALSE,LOG_TO_ROLLING);
        if (($this->passResult !== FALSE) && ($this->passResult !== PASSWORD_VALID))
        {  // May want to rewrite password using salted hash (or whatever the preferred method is) - $pass_result has the value to write
            // If login by email address also allowed, will have to write that value too
//              $sql->update('user',"`user_password` = '{$pass_result}' WHERE `user_id`=".intval($this->userData['user_id']));
            $reHashedPass = $this->userMethods->rehashPassword($this->userData,$userpass);
            if($reHashedPass !==false)
            {
                $log = e107::getLog();
                $auditLog = "User Password ReHashed";
                $log->user_audit(USER_AUDIT_LOGIN, $auditLog, $this->userData['user_id'], $this->userData['user_name']);
                $this->userData['user_password'] = $reHashedPass;
            }
        }


        $userpass = '';                // Finished with any plaintext password - can get rid of it




        $ret = $e_event->trigger("preuserlogin", $username);
        if ($ret != '')
        {
            return $this->invalidLogin($username,LOGIN_BAD_TRIGGER,$ret);
        }


        // Trigger events happy as well
        $user_id = $this->userData['user_id'];
        $user_name = $this->userData['user_name'];
        $user_admin = $this->userData['user_admin'];
        $user_email = $this->userData['user_email'];

        /* restrict more than one person logging in using same us/pw */
        if(!empty($pref['session_save_method']) && ($pref['session_save_method'] === 'db') && !empty($pref['disallowMultiLogin']) && !empty($user_id))
        {
            // logout any existing user of this account.
            $mLog = '';
            if($sql->delete('session', "session_user = ".$user_id))
            {
                $mLog = 'Dropped existing user session: #' . $user_id. " ".$username;
            }

            if($onlineIP = $sql->retrieve("online", "online_ip", "online_user_id='".$user_id.".".$user_name."'"))
            {
                $mLog .= ' ('. e107::getIpHandler()->ipDecode($onlineIP).')';
                $sql->delete('online', "online_user_id='".$user_id.".".$user_name."'");
            }

            if(!empty($mLog))
            {
                $this->logNote('LAN_ROLL_LOG_07', $mLog );
            }

        }
        elseif(!empty($pref['track_online']) && !empty($pref['disallowMultiLogin']) && !empty($user_id))
        {
            if($sql->select("online", "online_ip", "online_user_id='".$user_id.".".$user_name."'"))
            {
                return $this->invalidLogin($username, LOGIN_MULTIPLE, $user_id);
            }
        }




        // User login definitely accepted here

        if($ret = $e_event->trigger("user_validlogin", $user_id))
        {
            return false;
        }

        $cookieval = $this->validLogin($this->userData, $autologin);

        if($_E107['cli'])
        {
            return $cookieval;
        }


        if($noredirect)
        {
            return true;
        }

        $redir = e_REQUEST_URL;
        $class_list = $this->userMethods->addCommonClasses($this->userData, TRUE);
        //$redir = e_SELF;
        //if (e_QUERY) $redir .= '?'.str_replace('&amp;','&',e_QUERY);
        if (isset($pref['frontpage_force']) && is_array($pref['frontpage_force']))
        {    // See if we're to force a page immediately following login - assumes $pref['frontpage_force'] is an ordered list of rules
//          $log_info = "New user: ".$this->userData['user_name']."  Class: ".$this->userData['user_class']."  Admin: ".$this->userData['user_admin']."  Perms: ".$this->userData['user_perms'];
//          $this->e107->admin_log->addEvent(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login Start",$log_info,FALSE,FALSE);
            // FIXME - front page now supports SEF URLs - make a check here
            foreach ($pref['frontpage_force'] as $fk=>$fp)
            {
                if (in_array($fk,$class_list))
                {  // We've found the entry of interest
                    if (strlen($fp))
                    {
                        if (strpos($fp, 'http') === FALSE)
                        {
                            $fp = str_replace(e_HTTP, '', $fp);        // This handles sites in a subdirectory properly (normally, will replace nothing)
                            $fp = SITEURL.$fp;
                        }
                        //$redir = ((strpos($fp, 'http') === FALSE) ? SITEURL : '').$tp->replaceConstants($fp, TRUE, FALSE);
                        $redir = e107::getParser()->replaceConstants($fp, TRUE, FALSE);
        //                $this->e107->admin_log->addEvent(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Redirect active",$redir,FALSE,FALSE);
                    }
                    break;
                }
            }
        }
        
        $redirPrev = e107::getRedirect()->getPreviousUrl();

        if($redirPrev)
        {
            e107::getRedirect()->redirect($redirPrev);
        }

        e107::getRedirect()->redirect($redir);
        exit();
    }


    /**
     * @return array
     */
    public function getUserData()
    {
        return $this->userData;
    }

    /**
     * Look up a user in the e107 database, according to the options set (for login name/email address)
     * Note: PASSWORD IS NOT VERIFIED BY THIS ROUTINE
     * @param string $username - as entered
     * @param boolean $forceLogin - TRUE if login is being forced from clicking signup link; normally FALSE
     * @return boolean TRUE if name exists, and $this->userData array set up
     *                   FALSE otherwise
     */
    protected function lookupUser($username, $forceLogin)
    {
        $pref = e107::getPref();
        $log = e107::getLog();

        $maxLength = varset($pref['loginname_maxlength'],30);

        /*
         * 2: Username/Email and Password
         * 1: Email and Password
         * 0: Username and Password
         */
        if(!empty($pref['allowEmailLogin'])) // Email login only
        {
            $maxLength = 254; // Maximum email length    
        }

        // Check username general format
        if (!$forceLogin && (strlen($username) > $maxLength)) // Error - invalid username
        {
            $auditLog = array('reason'=>'username longer than maxlength', 'maxlength'=> $maxLength, 'username'=>$username);
            $log->user_audit(USER_AUDIT_LOGIN, $auditLog, 0, $username);
            $this->invalidLogin($username,LOGIN_BAD_USERNAME);
            return FALSE;
        }

        $query = $this->getLookupQuery($username, $forceLogin);

        if (e107::getDb()->select('user', '*', $query) !== 1)     // Handle duplicate emails as well // Invalid user
        {
            $auditLog = array('reason'=>'query failed to return a result', 'query'=>$query, 'username'=>$username);
            $log->user_audit(USER_AUDIT_LOGIN, $auditLog, 0, $username);
            return $this->invalidLogin($username,LOGIN_BAD_USER);
        }

        // User is in DB here
        $this->userData = e107::getDb()->fetch();        // Get user info
        $this->userData['user_perms'] = trim($this->userData['user_perms']);
        $this->lookEmail = ($username == $this->userData['user_email']) ? 1 : 0;        // Know whether login name or email address used now
        
        return TRUE;
    }



    /**
     *    Generate a DB query to look up a user, dependent on the various login options supported.
     */
    public function getLookupQuery($username, $forceLogin, $dbAlias = '')
    {
        $pref = e107::getPref();
        $tp = e107::getParser();

        $username = preg_replace("/\sOR\s|\=|\#/", "", $username);
        
        if($forceLogin === 'provider')
        {
            return "{$dbAlias}`user_xup`='".$tp->toDB($username)."'";
        }

        $qry[0] = "{$dbAlias}`user_loginname`= '".$tp->toDB($username)."'";  // username only  (default)
        $qry[1] = "{$dbAlias}`user_email` = '".$tp->toDB($username)."'";   // email only
        $qry[2] = (strpos($username,'@') !== false ) ? "{$dbAlias}`user_loginname`= '".$tp->toDB($username)."'  OR {$dbAlias}`user_email` = '".$tp->toDB($username)."'" : $qry[0];  //username or email
        

        // Look up user in DB - even if email addresses allowed, still look up by user name as well - user could have specified email address for their login name
        $query = (!$forceLogin && varset($pref['allowEmailLogin'],0)) ? $qry[$pref['allowEmailLogin']] : $qry[0];
        return $query;
    }


    /**
     * Checks user password againt preferences set etc
     * Assumes that $this->userData array already set up
     *
     * @param string $username - the user name string as entered (might not relate to the intended user at this stage)
     * @param string $userpass - as entered
     * @param string $response - received string if CHAP used
     * @param boolean $forceLogin - TRUE if login is being forced from clicking signup link; normally FALSE
     * @return bool|string if valid password
     *           otherwise FALSE
     */
    protected function checkUserPassword($username, $userpass, $response, $forceLogin)
    {
        $pref = e107::getPref();
        $log = e107::getLog();
        
        if($forceLogin === 'provider') return true;
        /*
        if ($this->lookEmail && vartrue($pref['passwordEncoding']))
        {
            $tmp = e107::getArrayStorage()->unserialize($this->userData['user_prefs']);
            if(!$tmp && $this->userData['user_prefs']) $tmp = unserialize($this->userData['user_prefs']); // try old storage type
            $requiredPassword = varset($tmp['email_password'], $this->userData['user_password']);    // Use email-specific password if set. Otherwise, 'normal' one might work
            unset($tmp);
        }
        else
        {
            $requiredPassword = $this->userData['user_password'];
        }
        */

        // Now check password
        if ($forceLogin)
        {
            if (md5($this->userData['user_name'].$this->userData['user_password'].$this->userData['user_join']) != $userpass)
            {
                return $this->invalidLogin($username,LOGIN_BAD_PW);
            }
        }
        else
        {
            $session = e107::getSession();
            $gotChallenge = $session->is('challenge');
            //$aLogVal = "U: {$username}, P: ******, C: ".$session->get('challenge')." R:{$response} S: {$this->userData['user_password']} Prf: {$pref['password_CHAP']}/{$gotChallenge}";
            if ((($pref['password_CHAP'] > 0) && ($response && $gotChallenge) && ($response != $session->get('challenge'))) || ($pref['password_CHAP'] == 2))
            {  // Verify using CHAP
                  //$this->e107->admin_log->addEvent(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","CHAP login",$aLogVal, FALSE, LOG_TO_ROLLING);
                if (($pass_result = $this->userMethods->CheckCHAP($session->get('challenge'), $response, $username, $this->userData['user_password'])) === PASSWORD_INVALID)
                {
                    return $this->invalidLogin($username,LOGIN_CHAP_FAIL);
                }
            }
            else // Plaintext password
            {

                $login_name = ($this->lookEmail) ? $this->userData['user_loginname'] : $username;

                  $auditLog = array(
                    'type'              => (($this->lookEmail) ? 'email' : 'userlogin'),
                    'login_name'        => $login_name,
                //    'userpass'          => $userpass,
                    'pwdHash'           => $this->userData['user_password']
                );

                if (($pass_result = $this->userMethods->CheckPassword($userpass, $login_name, $this->userData['user_password'])) === PASSWORD_INVALID)
                {
                    $auditLog['result'] = intval($pass_result);
                    $log->user_audit(USER_AUDIT_LOGIN, $auditLog, $this->userData['user_id'], $this->userData['user_name']);
                    return $this->invalidLogin($username,LOGIN_BAD_PW);
                }

                $auditLog['result'] = intval($pass_result);

                $log->user_audit(USER_AUDIT_LOGIN, $auditLog, $this->userData['user_id'], $this->userData['user_name']);
            }


            $this->passResult = $pass_result;
        }

        return true;
    }


    /**
     * @return array
     */
    public function test()
    {

        $this->testMode = true;
        $errors = array(
            'LOGIN_TRY_OTHER'=> 2,        // Try some other authentication method
            'LOGIN_CONTINUE'=>1,        // Not rejected (which is not exactly the same as 'accepted') by alt_auth
            'LOGIN_ABORT'=>-1,            // Rejected by alt_auth
            'LOGIN_BAD_PW'=> -2,        // Password wrong
            'LOGIN_BAD_USER'=> -3,        // User not in DB
            'LOGIN_BAD_USERNAME'=> -4,    // Username format unacceptable (e.g. too long)
            'LOGIN_BAD_CODE'=> -5,        // Wrong image code entered
            'LOGIN_MULTIPLE'=> -6,         // Error if multiple logins not allowed
            'LOGIN_NOT_ACTIVATED'=> -7,    // User in DB=> not activated
            'LOGIN_BLANK_FIELD'=> -8,    // Username or password blank
            'LOGIN_BAD_TRIGGER'=> -9,    // Rejected by trigger event
            'LOGIN_BANNED'=> -10,        // Banned user attempting login
            'LOGIN_CHAP_FAIL'=> -11,    // CHAP login failed
            'LOGIN_DB_ERROR'=> -12,        // Error adding user to main DB
        );

        $ret = [];
        foreach($errors as $k=>$v)
        {
            $ret[] = $this->invalidLogin("John Smith", $v, 'Custom error text');
        //    echo "<h4>".$k."</h4>";
        //    $ret[] = e107::getMessage()->render();
        }

        return $ret;

    }

    /**
     * called to log the reason for a failed login.
     * @param $username
     * @param $reason
     * @param string $extra_text
     * @return boolean Currently always returns false - could return some other value
     */
    protected function invalidLogin($username, $reason, $extra_text = '')
    {
        global $pref;

        $doCheck = FALSE;            // Flag set if need to ban check
        $this->userData = array();

        switch($reason)
        {
            case LOGIN_ABORT :        // alt_auth reject
                $message = LAN_LOGIN_21;
                $this->genNote($this->userIP, $username, 'Alt_auth: ' . LAN_LOGIN_14);
                $this->logNote('LAN_ROLL_LOG_04', 'Alt_Auth: ' . $username);
                $doCheck = true;
                break;
            case LOGIN_DB_ERROR :    // alt_auth couldn't add valid user
                $message = LAN_LOGIN_31;
                $this->genNote($username, 'Alt_auth: ' . LAN_LOGIN_30);
//                $this->logNote('LAN_ROLL_LOG_04', 'Alt_Auth: '.$username);    // Added in alt_auth login
                $doCheck = true;
                break;
            case LOGIN_BAD_PW :
                $message = LAN_LOGIN_21;
                $this->logNote('LAN_ROLL_LOG_03', $username);
                break;
            case LOGIN_CHAP_FAIL :
                $message = LAN_LOGIN_21;
                $this->logNote('LAN_ROLL_LOG_03', 'CHAP: ' . $username);
                break;
            case LOGIN_BAD_USER :
                $message = LAN_LOGIN_21;
                $this->genNote($username, LAN_LOGIN_14);
                $this->logNote('LAN_ROLL_LOG_04', $username);
                $doCheck = true;
                break;
            case LOGIN_BAD_USERNAME :
                $message = LAN_LOGIN_21;
                $this->logNote('LAN_ROLL_LOG_08', $username);
                break;
            case LOGIN_MULTIPLE :
                $message = LAN_LOGIN_24;
                $this->logNote('LAN_ROLL_LOG_07', "U: {$username} IP: {$this->userIP}");
                $this->genNote($username, LAN_LOGIN_16);
                $doCheck = true;
                break;
            case LOGIN_BAD_CODE :
                $message = $extra_text; // LAN_LOGIN_23;
                $this->logNote('LAN_ROLL_LOG_02', $username);
                break;
            case LOGIN_NOT_ACTIVATED :
                if($pref['user_reg_veri'] == 2)
                {
                    $message = LAN_LOGIN_37;
                }
                else
                {
                    $srch = array("[", "]");
                    $repl = array("<a href='" . e_HTTP . "signup.php?resend'>", "</a>");
                    $message = str_replace($srch, $repl, LAN_LOGIN_22);
                }
                $this->logNote('LAN_ROLL_LOG_05', $username);
                $this->genNote($username, LAN_LOGIN_27);
                $doCheck = true;
                break;
            case LOGIN_BLANK_FIELD :
                $message = LAN_LOGIN_20;
                $this->logNote('LAN_ROLL_LOG_01', $username);
                break;
            case LOGIN_BAD_TRIGGER :
                $message = $extra_text;
                $this->logNote('LAN_ROLL_LOG_06', $username);
                break;
            case LOGIN_BANNED :
                $message = LAN_LOGIN_21;        // Just give 'incorrect login' message
                $this->genNote($username, LAN_LOGIN_25);
                $this->logNote('LAN_ROLL_LOG_09', $username);
                break;
            default :        // Something's gone wrong!
                $message = LAN_LOGIN_21;        // Just give 'incorrect login' message
                $this->genNote($username, LAN_LOGIN_26);
                $this->logNote('LAN_ROLL_LOG_10', $username);
        }

        e107::getMessage()->reset()->addError($message); // prevent duplicates

        if($this->testMode === true)
        {
            return $message;
        }

        defined('LOGINMESSAGE') or define('LOGINMESSAGE', $message);

    //    $sql->update('online', 'user_active = 0 WHERE user_ip = "'.$this->userIP.'" LIMIT 1');

        if ($doCheck) // See if ban required (formerly the checkibr() function)
        {
            if($pref['autoban'] == 1 || $pref['autoban'] == 3) // Flood + Login or Login Only.
            {
                $fails = e107::getDb()->count("generic", "(*)", "WHERE gen_ip='{$this->userIP}' AND gen_type='failed_login' ");

                $failLimit = vartrue($pref['failed_login_limit'],10);

                if($fails >= $failLimit)
                {
                    $time = time();
                    $description = e107::getParser()->lanVars(LAN_LOGIN_18,$failLimit);
                    e107::getIPHandler()->add_ban(4, $description, $this->userIP, 1);
                    e107::getDb()->insert("generic", "0, 'auto_banned', '".$time."', 0, '{$this->userIP}', '{$extra_text}', '".LAN_LOGIN_20.": ".e107::getParser()->toDB($username).", ".LAN_LOGIN_17);
                    e107::getEvent()->trigger('user_ban_failed_login', array('time'=>$time, 'ip'=>$this->userIP, 'other'=>$extra_text)); 
                }
            }
        }
        return false;        // Passed back to signal failed login
    }


    /**
     * Make a note of an event in the rolling log
     * @param string $title - title of logged event
     * @param string $text - detail of event
     * @return void
     */
    protected function logNote($title, $text)
    {
        $title = e107::getParser()->toDB($title);
    //    $text  = e107::getParser()->toDB($text);
    //    $text = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS_);

        $debug = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS,4);
        $debug[] = $text;

        // unset($debug[0]);
        $debug[0] = e_REQUEST_URI;

    //    $array = debug_backtrace();
    //    e107::getLog()->addEvent(4, $array, "LOGIN", $title, $text, FALSE, LOG_TO_ROLLING);
        e107::getLog()->addEvent(4, $debug[1]['file']."|".$debug[1]['function']."@".$debug[1]['line'], "LOGIN", $title, $debug, FALSE, LOG_TO_ROLLING);
    }


    /**
     * Make a note of a failed login in the 'generic' table
     * @param string $username - as entered
     * @param string $msg1 - detail of event
     * @return void
     */
    protected function genNote($username, $msg1)
    {
        $message = e107::getParser()->toDB($msg1." ::: ".LAN_LOGIN_1.": ".$username);
        e107::getDb()->insert("generic", "0, 'failed_login', '".time()."', 0, '{$this->userIP}', 0, '{$message}'");
    }



    /**
     * Assumes the user is valid and logs them in.
     * @param array $userData ie. user_id, user_name, user_email,user_join, user_admin
     * @param bool $autologin 
     * @return bool|void
     */
    public function validLogin($userData, $autologin=false)
    {

        $cookieval = $this->userMethods->makeUserCookie($userData, $autologin);

        // Calculate class membership - needed for a couple of things
        // Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point
        $class_list = $this->userMethods->addCommonClasses($userData, true);



        $edata_li = array('user_id'    => $userData['user_id'], 'user_name' => $userData['user_name'], 'class_list' => implode(',', $class_list), /*'remember_me' => $autologin,*/
                          'user_admin' => $userData['user_admin'], 'user_email' => $userData['user_email']);

        $userAuditPref = e107::getPref('user_audit_class', e_UC_NOBODY);
        if (check_class($userAuditPref, $class_list))
        {
            e107::getLog()->user_audit(USER_AUDIT_LOGIN,  $edata_li, $userData['user_id'], $userData['user_name']);
        }

        e107::getEvent()->trigger("login", $edata_li);

        //  // 'New user' probationary period expired - we can take them out of the class
        if(check_class(e_UC_NEWUSER, $class_list) && $this->userMethods->newUserExpired($userData['user_join']))
        {
            $userData['user_class'] = e107::getUserClass()->ucRemove(e_UC_NEWUSER, $userData['user_class']);
//            $this->e107->admin_log->addEvent(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login new user complete",$userData['user_class'],FALSE,FALSE);
            e107::getDb()->update('user', "`user_class` = '" . $userData['user_class'] . "' WHERE `user_id`=" . $userData['user_id'] . " LIMIT 1");
            $edata_li = array('user_id' => $userData['user_id'], 'user_name' => $userData['user_name'], 'class_list' => $userData['user_class'], 'user_email' => $userData['user_email']);
            e107::getEvent()->trigger('userNotNew', $edata_li);
        }

        return $cookieval;
    }


}