BS login control with captcha mod (PHPF Version 6.01.12 and higher)
(c) 2008 by Silvermoon (http://www.bs-fusion.de)
-------------------------------------------------------------------

[ENGLISH INSTRUCTION]

Description of this mod:
-------------------------
This Mod includes two security aspects.

1st Security aspect
--------------------
In order to log in, you need a verification code. If this isn't uncorrect, login will be stopped.

2nd Security aspect
--------------------
In the cookie "fusion_user" will be an additional entry attached, which in the review of the cookies
is crucial. The IP pool of the own IP address (eg, 123,123.), will be encrypted. 
If now the cookie exists, and the encrypted data sheet is uncorrect with the existing IP pool, the cookies for members 
where deleted.
Now is a manipulation of this cookie almost impossible. All special characters in the cookie where removed.


Prior to the installation of this Mods, you are make backups from the maincore.php, login.php, maintenance.php
an the user_info_panel.php.

For all that the default files to use from PHP-Fusion is the installation done quickly.

1st Opening the maincore.php and search for the following entry:
$crypt_prefix = md5 ("Hier einen Sicherheitsstring eingeben");

-- The string "Hier einen Sicherheitsstring eingeben" change with your own.
-- Save maincore.php

2nd All files from the package with the old replaced.

3rd New logging after installation

4th Completion


For manual changes to the readme files, this carefully into account.
================================================== ======================================

1st maincore.php open


2nd Search for:
--------------- 

// PHP-Fusion user cookie functions
if (!isset($_COOKIE['fusion_visited'])) {
	$result=dbquery("UPDATE ".$db_prefix."settings SET counter=counter+1");
	setcookie("fusion_visited", "yes", time() + 31536000, "/", "", "0");
}



3rd New functions insert and the new login control with the old replace: 
-------------------------------------------------------------------------------

/** start BS login control mod with Captcha  (powered by BS-Fusion) **/
function bs_ipcrypt() {
global $sub_ip2;
$i=1;
$crypt_prefix=md5("Hier_einen_Sicherheitsstring_eingeben");
return md5(sha1(md5(sha1($crypt_prefix.$sub_ip2."."))));
}

function bs_safecookie($cookie_value="") {
$found = array("&","/","!","$","%","\"","'","(",")","{","}","[","]","$","*",'"','\'',"<",">","\\","^","\$");	
$value=str_replace($found,"",$cookie_value);
return $value;
}

if (isset($_POST['login'])) {
	if (check_captcha($_POST['captcha_encode'], $_POST['user_capatcha'])) {
	$user_pass = md5($_POST['user_pass']);
	$user_name = preg_replace(array("/\=/","/\#/","/\sOR\s/"), "", stripinput($_POST['user_name']));
	$result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_name='$user_name' AND (user_password='".md5($user_pass)."' OR user_password='$user_pass')");
	if (dbrows($result) != 0) {
		$data = dbarray($result);
		if ($data['user_password'] == $user_pass) {
			$result = dbquery("UPDATE ".$db_prefix."users SET user_password='".md5($user_pass)."' WHERE user_id='".$data['user_id']."'");
		}
		$cookie_value = $data['user_id'].".".$user_pass.".".bs_ipcrypt();
		if ($data['user_status'] == 0) {	
			$cookie_exp = isset($_POST['remember_me']) ? time() + 3600*24*30 : time() + 3600*3;
			header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
			setcookie("fusion_user", $cookie_value, $cookie_exp, "/", "", "0");
			redirect(BASEDIR."setuser.php?user=".$data['user_name'], "script");
		} elseif ($data['user_status'] == 1) {
			redirect(BASEDIR."setuser.php?error=1", "script");
		} elseif ($data['user_status'] == 2) {
			redirect(BASEDIR."setuser.php?error=2", "script");
		}
	} else {
		redirect(BASEDIR."setuser.php?error=3");
	}
	}
}

if (isset($_COOKIE['fusion_user'])) {
	$cookie_vars = explode(".", bs_safecookie($_COOKIE['fusion_user']));
	$cookie_1 = isNum($cookie_vars['0']) ? $cookie_vars['0'] : "0";
	$cookie_2 = (preg_match("/^[0-9a-z]{32}$/", $cookie_vars['1']) ? $cookie_vars['1'] : "");
	$cookie_3 = (preg_match("/^[0-9a-z]{32}$/", $cookie_vars['2']) ? $cookie_vars['2'] : "");
	if ($cookie_3 == bs_ipcrypt()) {
	$result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_id='$cookie_1' AND user_password='".md5($cookie_2)."'");
	unset($cookie_vars,$cookie_1,$cookie_2);
	if (dbrows($result) != 0) {
		$userdata = dbarray($result);
		if ($userdata['user_status'] == 0) {
			if ($userdata['user_theme'] != "Default" && file_exists(THEMES.$userdata['user_theme']."/theme.php")) {
				define("THEME", THEMES.$userdata['user_theme']."/");
			} else {
				define("THEME", THEMES.$settings['theme']."/");
			}
			if ($userdata['user_offset'] <> 0) {
				$settings['timeoffset'] = $settings['timeoffset'] + $userdata['user_offset'];
			}
			if (empty($_COOKIE['fusion_lastvisit'])) {
				setcookie("fusion_lastvisit", $userdata['user_lastvisit'], time() + 3600, "/", "", "0");
				$lastvisited = $userdata['user_lastvisit'];
			} else {
				$lastvisited = $_COOKIE['fusion_lastvisit'];
			}
		} else {
			header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
			setcookie("fusion_user", "", time() - 7200, "/", "", "0");
			setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
			redirect(BASEDIR."index.php", "script");
		}
	} else {
		header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
		setcookie("fusion_user", "", time() - 7200, "/", "", "0");
		setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
		redirect(BASEDIR."index.php", "script");
	}
	} else {
		header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
		setcookie("fusion_user", "", time() - 7200, "/", "", "0");
		setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
		redirect(BASEDIR."index.php", "script");	
	}
} else {
	define("THEME", THEMES.$settings['theme']."/");
	$userdata = "";	$userdata['user_level'] = 0; $userdata['user_rights'] = ""; $userdata['user_groups'] = "";
}
/** End of BS Login control mod with captcha **/ 


5th save maincore.php


6th open login.php and replace the source code between "else { }" with the new source code


7th open maintenance.php and replace the surce code between "if (!iMEMBERS) {}" with the new source code


8th open user_info_panel.php and replace the source code between "else { }" with the new source code


=======================================================
[NEW SOURCE CODE FOR "login.php" und "maintenance.php"]
=======================================================

/** start BS login control mod with Captcha  (powered by BS-Fusion) **/	
echo "<div align='center'><br>
<form name='loginform' method='post' action='".FUSION_SELF."'>
<table border='0' cellspacing='0' cellpadding='3'>
<tr>
<td valign='top'>".$locale['061']."<br><input type='text' name='user_name' class='textbox' style='width:100px'></td>
<td valign='top'>".$locale['062']."<br><input type='password' name='user_pass' class='textbox' style='width:100px;'></td>

</tr>
<tr><td>".make_captcha()."</td>
<td> ==&gt; <input type='password' name='user_capatcha' class='textbox' style='width:100px'></td>
</tr>
<tr>
<td valign='bottom' align='right'><input type='checkbox' name='remember_me' value='y' title='".$locale['063']."'></td>
<td><input type='submit' name='login' value='".$locale['064']."' class='button'></td>
</tr></table>
</form>
</div>\n";
/** End of BS Login control mod with captcha **/  


===============================================
[NEW SOURCE CODE FOR "user_info_panel.php"]
===============================================
	
/** start BS login control mod with Captcha  (powered by BS-Fusion) **/	
	echo "<div align='center'>".(isset($loginerror) ? $loginerror : "")."<form name='loginform' method='post' action='".FUSION_SELF."'>".$locale['061']."<br>";
	echo "<input type='text' name='user_name' class='textbox' style='width:100px'><br>".$locale['062']."<br>";
	echo "<input type='password' name='user_pass' class='textbox' style='width:100px' id='textfield'><br>";
	echo "<input type='checkbox' name='remember_me' value='y' title='".$locale['063']."' style='vertical-align:middle;'>".$locale['063']."<br>\n";
echo make_captcha()."<br><input type='password' name='user_capatcha' class='textbox' style='width:100px'><br>
<input type='submit' name='login' value='".$locale['064']."' class='button'><br></form><br>\n";
/** End of BS Login control mod with captcha **/ 

	if ($settings['enable_registration']) {
		echo "".$locale['065']."<br><br>\n";
	}
	echo $locale['066']."
</div>\n";



9th All changed files to save and replace with the old.


10th If everything has been changed, then it should work with a new log in.

	
---------------------------------------------
I hope that the translation is understandable.