pioder
/
uf

<?php/** * @package	uForum * @file		login.php* @version	$Id$ * @copyright	2009(c) PioDer <pioder@wp.pl>* @link 	http://pioder.gim2przemysl.int.pl/* @license	GNU GPL v3**/define('IN_uF', true);//include files
include('./config.php');include('./includes/constants.php');include('./includes/db.php');include('./includes/errors.php');//connect to database 
DataBase::db_connect();include('./includes/sessions.php');include('./includes/classes/class_user.php');include('./common.php');include('./includes/emailer.php');include('./includes/misc_functions.php');$default_lang = DefaultLang();include('./lngs/'.$default_lang.'/main.php');include('./lngs/'.$default_lang.'/email.php');include('./includes/classes/secure.php');$start = TimeGeneration();SessDelInvalid();	SessRegister();SessDeleteOld();foreach ($_POST as $name => $value){	if ($forum_config['use_censorlist'])	{		$_POST[$name] = Secure::UseCensorlist($value);	}}if (isset($_GET['mode'])){	switch($_GET['mode'])	{		case 'logout':		{			if ($_SESSION['uid']==0)			{				header('Location: index.php');			}			$uid = $_SESSION['uid'];			$_SESSION['uid']=0;			$_SESSION['sessionid']='0';			SessDelete($uid);			$stop = TimeGeneration();			message_forum($lng['islogout'], 'index.php');    			break;		}		case 'login':		{			$default_skin = ViewSkinName();			if ($_SESSION['uid']>0)			{				header('Location: index.php');			}			if (isset($_POST['user']))			{				$user = strip_tags(addslashes($_POST['user']));				$pass = md5(strip_tags($_POST['pass']));				$sql = "SELECT `u_id`, `nick`, `pass` FROM `".USERS_TABLE."` WHERE nick='$user'";				$query = DataBase::sql_query($sql,GENERAL,'Could not obtain user inforamtion');				$result = DataBase::fetch($query);				$nick = $result['nick'];				if ($result['nick']==$user)				{		  			if ($result['u_id']!='-1')		  			{						if($pass==$result['pass'])						{							$user_id = $result['u_id'];							$sql = "DELETE FROM `".SESSIONS_TABLE."` WHERE `u_id`='$user_id'";							DataBase::sql_query($sql,GENERAL,'Could not delete session.');							if (User::UserInformation($user_id,'active')==0)							{ 								SessDelete($_SESSION['uid']); 								$_SESSION['uid']='0'; 								message_forum($lng['account_disabled'],'index.php');							}							$ssid = md5(time().'donothackthiscriptplease!');//session identifier
							$_SESSION['uid']=$user_id;							$_SESSION['sessionid']=$ssid;							//session register
 							$sql = "INSERT INTO `".SESSIONS_TABLE."` VALUES ('', '".$_COOKIE[SESS_NAME]."','$user_id','".time()."')";//query
 							DataBase::sql_query($sql,GENERAL,'Could not add new session.');//run query
							//next...
							$sql = "UPDATE `".USERS_TABLE."` SET lastvisit='".time()."' WHERE u_id='$user_id'";//update lastvisit for user
							DataBase::sql_query($sql,GENERAL,'Could not update user lastvisit');//run query
							$msg = $lng['youareloggedas'].': <b>'.$nick.'</b>';// messaage "login as.."
							$skin['pa_link']='';							$stop = TimeGeneration();//generate generation's time
							message_forum($msg, 'index.php');//message and require to index.php
						}						else						{        						$msg = '<br><div align="center" style="width:100%"><span class="fsmall" style="color: red"><b>'.$lng['invalidpass'].'</b></span></div>';						}					} 					else					{ 						message_forum('Access denied.','index.php');					}				}				else				{					$msg = '<br><div align="center" style="width:100%"><span class="fsmall" style="color: red"><b>'.$lng['invalidlogin'].'</b></span></div>';				}			} 			else			{				$msg = '';				$_POST['user']='';			}			$skin = array(			'lforumname' => $lng['forumname'],			'user' => $lng['user'],			'lpass' => $lng['lpassw'],			'lforgotpass' => $lng['lforgot_pass'],			'llog_in'=> $lng['llog_in'],			'msg' => $msg			);			$skin = array_push_assoc($skin, GenerateHeader($lng['llogin'],'</a>&gt; <a href="login.php?mode=login" class="navigator">'.$lng['llogin']));			include('./skins/'.$default_skin.'/overall_header.tpl');			include('./skins/'.$default_skin.'/login_body.tpl');			$skin['pa_link']='';			$stop = TimeGeneration();			$skin['queries'] =  ShowQueries($start, $stop);			include('./skins/'.$default_skin.'/overall_footer.tpl');				break;		}		case 'forgotpassword':		{			if ($_SESSION['uid']>0)			{				header('Location: index.php');			}			$default_skin = ViewSkinName();			if (!$forum_config['allow_send_email'])			{				message_forum($lng['no_send_newpass'],'index.php');			}			if (isset($_POST['username']))			{				$uid = User::UserIdByNick(htmlspecialchars($_POST['username']));				if (User::UserInformation($uid,'email')!='')				{					$int_rand = rand(1, (strlen(PASSWD_HASH)-$forum_config['newpasswd_len']));					$newpass = substr(PASSWD_HASH, $int_rand, $forum_config['newpasswd_len']);					User::UpdatePassword($uid, md5($newpass));					SendForgotPassEmail($newpass);					message_forum($lng['pass_changed'],'index.php');				}				else				{					message_forum($lng['no_user'],$_SERVER['REQUEST_URI']);				}			}			$skin = array(			'user' => $lng['user'],			'lsave' => $lng['save'],			'pa_link'=>''			);			$skin = array_push_assoc($skin, GenerateHeader($lng['lforgot_pass2'], '</a>&gt; <a href="'.$_SERVER['REQUEST_URI'].'" class="navigator">'.$lng['lforgot_pass2']));			include('./skins/'.$default_skin.'/overall_header.tpl');			include('./skins/'.$default_skin.'/newpass_body.tpl');			$stop = TimeGeneration();			$skin['queries'] =  ShowQueries($start, $stop);			include('./skins/'.$default_skin.'/overall_footer.tpl');			break;		}		default:		{			$stop = TimeGeneration();			message_forum($lng['invalidmode'], 'index.php');		}	}}else{	$stop = TimeGeneration();	message_forum($lng['invalidmode'], 'index.php');}?>