<?php
/** 
* @package	uForum 
* @file		login.php
* @version	$Id$ 
* @copyright	2007-2010 (c) PioDer <pioder@wp.pl>
* @link    		http://www.pioder.pl/
* @license	see LICENSE.txt
**/
define('IN_uF', true);
//include files
require('./config.php');
require('./includes/constants.php');
require('./includes/db.php');
require('./includes/errors.php');
//connect to database 
DataBase::db_connect();
require('./includes/sessions.php');
require('./includes/classes/class_user.php');
require('./common.php');
require('./includes/emailer.php');
require('./includes/misc_functions.php');
$default_lang = DefaultLang();
require('./lngs/'.$default_lang.'/main.php');
require('./lngs/'.$default_lang.'/email.php');
require('./includes/classes/secure.php');
$start = TimeGeneration();
SessDelInvalid();	
SessRegister();
SessDeleteOld();
foreach ($_POST as $name => $value)
{
	if ($forum_config['use_censorlist'])
	{
		$_POST[$name] = Secure::UseCensorlist($value);
	}
}
if (isset($_GET['mode']))
{
	switch($_GET['mode'])
	{
		case 'logout':
		{
			if ($_SESSION['uid']==0)
			{
				header('Location: index.php');
			}
			$uid = $_SESSION['uid'];
			$_SESSION['uid']=0;
			$_SESSION['sessionid']='0';
			SessDelete($uid);
			$stop = TimeGeneration();
			message_forum($lng['islogout'], 'index.php');
    			break;
		}
		case 'login':
		{
			$default_skin = ViewSkinName();
			if ($_SESSION['uid']>0)
			{
				header('Location: index.php');
			}
			if (isset($_POST['user']))
			{
				$user = strip_tags(addslashes($_POST['user']));
				$pass = md5(strip_tags($_POST['pass']));
				$sql = "SELECT `u_id`, `nick`, `pass` FROM `".USERS_TABLE."` WHERE nick='$user'";
				$query = DataBase::sql_query($sql,GENERAL,'Could not obtain user inforamtion');
				$result = DataBase::fetch($query);
				$nick = $result['nick'];
				if ($result['nick']==$user)
				{
		  			if ($result['u_id']!='-1')
		  			{
						if($pass==$result['pass'])
						{
							$user_id = $result['u_id'];
							$sql = "DELETE FROM `".SESSIONS_TABLE."` WHERE `u_id`='$user_id'";
							DataBase::sql_query($sql,GENERAL,'Could not delete session.');
							if (User::UserInformation($user_id,'active')==0)
							{
 								SessDelete($_SESSION['uid']);
 								$_SESSION['uid']='0';
 								message_forum($lng['account_disabled'],'index.php');
							}
							$ssid = md5($_SERVER['REQUEST_TIME'].'donothackthiscriptplease!');//session identifier
							$_SESSION['uid']=$user_id;
							$_SESSION['sessionid']=$ssid;
							//session register
 							$sql = "INSERT INTO `".SESSIONS_TABLE."` VALUES ('', '".$_COOKIE[SESS_NAME]."','$user_id','".$_SERVER['REQUEST_TIME']."')";//query
 							DataBase::sql_query($sql,GENERAL,'Could not add new session.');//run query
							//next...
							$sql = "UPDATE `".USERS_TABLE."` SET lastvisit='".$_SERVER['REQUEST_TIME']."' WHERE u_id='$user_id'";//update lastvisit for user
							DataBase::sql_query($sql,GENERAL,'Could not update user lastvisit');//run query
							$msg = $lng['youareloggedas'].': <b>'.$nick.'</b>';// messaage "login as.."
							$stop = TimeGeneration();//generate generation's time
							message_forum($msg, 'index.php');//message and require to index.php
						}
						else
						{
        						$msg = '<br><div align="center" style="width:100%"><span class="fsmall" style="color: red"><b>'.$lng['invalidpass'].'</b></span></div>';
						}
					} 
					else
					{ 
						message_forum('Access denied.','index.php');
					}
				}
				else
				{
					$msg = '<br><div align="center" style="width:100%"><span class="fsmall" style="color: red"><b>'.$lng['invalidlogin'].'</b></span></div>';
				}
			} 
			else
			{
				$msg = '';
				$_POST['user']='';
			}
			$skin = array(
			'lforumname' => $lng['forumname'],
			'user' => $lng['user'],
			'lpass' => $lng['lpassw'],
			'lforgotpass' => $lng['lforgot_pass'],
			'llog_in'=> $lng['llog_in'],
			'msg' => $msg
			);
			$skin = array_push_assoc($skin, GenerateHeader($lng['llogin'], '<a href="login.php?mode=login" class="navigator">'.$lng['llogin']));
			require('./skins/'.$default_skin.'/overall_header.tpl');
			require('./skins/'.$default_skin.'/login_body.tpl');
			$stop = TimeGeneration();
			$skin['queries'] =  ShowQueries($start, $stop);
			require('./skins/'.$default_skin.'/overall_footer.tpl');	
			break;
		}
		case 'forgotpassword':
		{
			if ($_SESSION['uid']>0)
			{
				header('Location: index.php');
			}
			$default_skin = ViewSkinName();
			if (!$forum_config['allow_send_email'])
			{
				message_forum($lng['no_send_newpass'],'index.php');
			}
			if (isset($_POST['username']))
			{
				$uid = User::UserIdByNick(htmlspecialchars($_POST['username']));
				if (User::UserInformation($uid,'email')!='')
				{
					$int_rand = rand(1, (strlen(PASSWD_HASH)-$forum_config['newpasswd_len']));
					$newpass = substr(PASSWD_HASH, $int_rand, $forum_config['newpasswd_len']);
					User::UpdatePassword($uid, md5($newpass));
					SendForgotPassEmail($newpass);
					message_forum($lng['pass_changed'],'index.php');
				}
				else
				{
					message_forum($lng['no_user'],$_SERVER['REQUEST_URI']);
				}
			}
			$skin = array(
			'user' => $lng['user'],
			'lsave' => $lng['save'],
			'pa_link'=>''
			);
			$skin = array_push_assoc($skin, GenerateHeader($lng['lforgot_pass2'], '<a href="'.$_SERVER['REQUEST_URI'].'" class="navigator">'.$lng['lforgot_pass2']));
			require('./skins/'.$default_skin.'/overall_header.tpl');
			require('./skins/'.$default_skin.'/newpass_body.tpl');
			$stop = TimeGeneration();
			$skin['queries'] =  ShowQueries($start, $stop);
			require('./skins/'.$default_skin.'/overall_footer.tpl');
			break;
		}
		default:
		{
			$stop = TimeGeneration();
			message_forum($lng['invalidmode'], 'index.php');
		}
	}
}
else
{
	$stop = TimeGeneration();
	message_forum($lng['invalidmode'], 'index.php');
}
?>