pioder
/
uf
1
0
Fork 0
Code Releases 0 Activity
A lightweight forum engine written in PHP. Repository is now obsolete and read-only. http://www.pioder.pl/uforum.html
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
32 Commits
1 Branch
524 KiB
 
 
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
uf/login.php

187 lines
5.9 KiB
Raw Permalink Blame History

<?php
/**
* @package uForum
* @file login.php
* @version $Id$
* @copyright 2007-2010 (c) PioDer <[email protected]>
* @link http://www.pioder.pl/
* @license see LICENSE.txt
**/
define('IN_uF', true);
//include files
require('./config.php');
require('./includes/constants.php');
require('./includes/db.php');
require('./includes/errors.php');
//connect to database
DataBase::db_connect();
require('./includes/sessions.php');
require('./includes/classes/class_user.php');
require('./common.php');
require('./includes/emailer.php');
require('./includes/misc_functions.php');
$default_lang = DefaultLang();
require('./lngs/'.$default_lang.'/main.php');
require('./lngs/'.$default_lang.'/email.php');
require('./includes/classes/secure.php');
$start = TimeGeneration();
SessDelInvalid();
SessRegister();
SessDeleteOld();
foreach ($_POST as $name => $value)
{
if ($forum_config['use_censorlist'])
{
$_POST[$name] = Secure::UseCensorlist($value);
}
}
if (isset($_GET['mode']))
{
switch($_GET['mode'])
{
case 'logout':
{
if ($_SESSION['uid']==0)
{
header('Location: index.php');
}
$uid = $_SESSION['uid'];
$_SESSION['uid']=0;
$_SESSION['sessionid']='0';
SessDelete($uid);
$stop = TimeGeneration();
message_forum($lng['islogout'], 'index.php');
break;
}
case 'login':
{
$default_skin = ViewSkinName();
if ($_SESSION['uid']>0)
{
header('Location: index.php');
}
if (isset($_POST['user']))
{
$user = strip_tags(addslashes($_POST['user']));
$pass = md5(strip_tags($_POST['pass']));
$sql = "SELECT `u_id`, `nick`, `pass` FROM `".USERS_TABLE."` WHERE nick='$user'";
$query = DataBase::sql_query($sql,GENERAL,'Could not obtain user inforamtion');
$result = DataBase::fetch($query);
$nick = $result['nick'];
if ($result['nick']==$user)
{
if ($result['u_id']!='-1')
{
if($pass==$result['pass'])
{
$user_id = $result['u_id'];
$sql = "DELETE FROM `".SESSIONS_TABLE."` WHERE `u_id`='$user_id'";
DataBase::sql_query($sql,GENERAL,'Could not delete session.');
if (User::UserInformation($user_id,'active')==0)
{
SessDelete($_SESSION['uid']);
$_SESSION['uid']='0';
message_forum($lng['account_disabled'],'index.php');
}
$ssid = md5($_SERVER['REQUEST_TIME'].'donothackthiscriptplease!');//session identifier
$_SESSION['uid']=$user_id;
$_SESSION['sessionid']=$ssid;
//session register
$sql = "INSERT INTO `".SESSIONS_TABLE."` VALUES ('', '".$_COOKIE[SESS_NAME]."','$user_id','".$_SERVER['REQUEST_TIME']."')";//query
DataBase::sql_query($sql,GENERAL,'Could not add new session.');//run query
//next...
$sql = "UPDATE `".USERS_TABLE."` SET lastvisit='".$_SERVER['REQUEST_TIME']."' WHERE u_id='$user_id'";//update lastvisit for user
DataBase::sql_query($sql,GENERAL,'Could not update user lastvisit');//run query
$msg = $lng['youareloggedas'].': <b>'.$nick.'</b>';// messaage "login as.."
$stop = TimeGeneration();//generate generation's time
message_forum($msg, 'index.php');//message and require to index.php
}
else
{
$msg = '<br><div align="center" style="width:100%"><span class="fsmall" style="color: red"><b>'.$lng['invalidpass'].'</b></span></div>';
}
}
else
{
message_forum('Access denied.','index.php');
}
}
else
{
$msg = '<br><div align="center" style="width:100%"><span class="fsmall" style="color: red"><b>'.$lng['invalidlogin'].'</b></span></div>';
}
}
else
{
$msg = '';
$_POST['user']='';
}
$skin = array(
'lforumname' => $lng['forumname'],
'user' => $lng['user'],
'lpass' => $lng['lpassw'],
'lforgotpass' => $lng['lforgot_pass'],
'llog_in'=> $lng['llog_in'],
'msg' => $msg
);
$skin = array_push_assoc($skin, GenerateHeader($lng['llogin'], '<a href="login.php?mode=login" class="navigator">'.$lng['llogin']));
require('./skins/'.$default_skin.'/overall_header.tpl');
require('./skins/'.$default_skin.'/login_body.tpl');
$stop = TimeGeneration();
$skin['queries'] = ShowQueries($start, $stop);
require('./skins/'.$default_skin.'/overall_footer.tpl');
break;
}
case 'forgotpassword':
{
if ($_SESSION['uid']>0)
{
header('Location: index.php');
}
$default_skin = ViewSkinName();
if (!$forum_config['allow_send_email'])
{
message_forum($lng['no_send_newpass'],'index.php');
}
if (isset($_POST['username']))
{
$uid = User::UserIdByNick(htmlspecialchars($_POST['username']));
if (User::UserInformation($uid,'email')!='')
{
$int_rand = rand(1, (strlen(PASSWD_HASH)-$forum_config['newpasswd_len']));
$newpass = substr(PASSWD_HASH, $int_rand, $forum_config['newpasswd_len']);
User::UpdatePassword($uid, md5($newpass));
SendForgotPassEmail($newpass);
message_forum($lng['pass_changed'],'index.php');
}
else
{
message_forum($lng['no_user'],$_SERVER['REQUEST_URI']);
}
}
$skin = array(
'user' => $lng['user'],
'lsave' => $lng['save'],
'pa_link'=>''
);
$skin = array_push_assoc($skin, GenerateHeader($lng['lforgot_pass2'], '<a href="'.$_SERVER['REQUEST_URI'].'" class="navigator">'.$lng['lforgot_pass2']));
require('./skins/'.$default_skin.'/overall_header.tpl');
require('./skins/'.$default_skin.'/newpass_body.tpl');
$stop = TimeGeneration();
$skin['queries'] = ShowQueries($start, $stop);
require('./skins/'.$default_skin.'/overall_footer.tpl');
break;
}
default:
{
$stop = TimeGeneration();
message_forum($lng['invalidmode'], 'index.php');
}
}
}
else
{
$stop = TimeGeneration();
message_forum($lng['invalidmode'], 'index.php');
}
?>