A lightweight forum engine written in PHP. Repository is now obsolete and read-only. http://www.pioder.pl/uforum.html
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

189 lines
5.9 KiB

<?php
/**
* @package uForum
* @file login.php
* @version $Id$
* @copyright 2009(c) PioDer <[email protected]>
* @link http://pioder.gim2przemysl.int.pl/
* @license GNU GPL v3
**/
define('IN_uF', true);
//include files
include('./config.php');
include('./includes/constants.php');
include('./includes/db.php');
include('./includes/errors.php');
//connect to database
DataBase::db_connect();
include('./includes/sessions.php');
include('./includes/classes/class_user.php');
include('./common.php');
include('./includes/emailer.php');
include('./includes/misc_functions.php');
$default_lang = DefaultLang();
include('./lngs/'.$default_lang.'/main.php');
include('./lngs/'.$default_lang.'/email.php');
include('./includes/classes/secure.php');
$start = TimeGeneration();
SessDelInvalid();
SessRegister();
SessDeleteOld();
foreach ($_POST as $name => $value)
{
if ($forum_config['use_censorlist'])
{
$_POST[$name] = Secure::UseCensorlist($value);
}
}
if (isset($_GET['mode']))
{
switch($_GET['mode'])
{
case 'logout':
{
if ($_SESSION['uid']==0)
{
header('Location: index.php');
}
$uid = $_SESSION['uid'];
$_SESSION['uid']=0;
$_SESSION['sessionid']='0';
SessDelete($uid);
$stop = TimeGeneration();
message_forum($lng['islogout'], 'index.php');
break;
}
case 'login':
{
$default_skin = ViewSkinName();
if ($_SESSION['uid']>0)
{
header('Location: index.php');
}
if (isset($_POST['user']))
{
$user = strip_tags(addslashes($_POST['user']));
$pass = md5(strip_tags($_POST['pass']));
$sql = "SELECT `u_id`, `nick`, `pass` FROM `".USERS_TABLE."` WHERE nick='$user'";
$query = DataBase::sql_query($sql,GENERAL,'Could not obtain user inforamtion');
$result = DataBase::fetch($query);
$nick = $result['nick'];
if ($result['nick']==$user)
{
if ($result['u_id']!='-1')
{
if($pass==$result['pass'])
{
$user_id = $result['u_id'];
$sql = "DELETE FROM `".SESSIONS_TABLE."` WHERE `u_id`='$user_id'";
DataBase::sql_query($sql,GENERAL,'Could not delete session.');
if (User::UserInformation($user_id,'active')==0)
{
SessDelete($_SESSION['uid']);
$_SESSION['uid']='0';
message_forum($lng['account_disabled'],'index.php');
}
$ssid = md5(time().'donothackthiscriptplease!');//session identifier
$_SESSION['uid']=$user_id;
$_SESSION['sessionid']=$ssid;
//session register
$sql = "INSERT INTO `".SESSIONS_TABLE."` VALUES ('', '".$_COOKIE[SESS_NAME]."','$user_id','".time()."')";//query
DataBase::sql_query($sql,GENERAL,'Could not add new session.');//run query
//next...
$sql = "UPDATE `".USERS_TABLE."` SET lastvisit='".time()."' WHERE u_id='$user_id'";//update lastvisit for user
DataBase::sql_query($sql,GENERAL,'Could not update user lastvisit');//run query
$msg = $lng['youareloggedas'].': <b>'.$nick.'</b>';// messaage "login as.."
$skin['pa_link']='';
$stop = TimeGeneration();//generate generation's time
message_forum($msg, 'index.php');//message and require to index.php
}
else
{
$msg = '<br><div align="center" style="width:100%"><span class="fsmall" style="color: red"><b>'.$lng['invalidpass'].'</b></span></div>';
}
}
else
{
message_forum('Access denied.','index.php');
}
}
else
{
$msg = '<br><div align="center" style="width:100%"><span class="fsmall" style="color: red"><b>'.$lng['invalidlogin'].'</b></span></div>';
}
}
else
{
$msg = '';
$_POST['user']='';
}
$skin = array(
'lforumname' => $lng['forumname'],
'user' => $lng['user'],
'lpass' => $lng['lpassw'],
'lforgotpass' => $lng['lforgot_pass'],
'llog_in'=> $lng['llog_in'],
'msg' => $msg
);
$skin = array_push_associative($skin, GenerateHeader($lng['llogin'],'</a>&gt; <a href="login.php?mode=login" class="navigator">'.$lng['llogin']));
include('./skins/'.$default_skin.'/overall_header.tpl');
include('./skins/'.$default_skin.'/login_body.tpl');
$skin['pa_link']='';
$stop = TimeGeneration();
$skin['queries'] = ShowQueries($start, $stop);
include('./skins/'.$default_skin.'/overall_footer.tpl');
break;
}
case 'forgotpassword':
{
if ($_SESSION['uid']>0)
{
header('Location: index.php');
}
$default_skin = ViewSkinName();
if (!$forum_config['allow_send_email'])
{
message_forum($lng['no_send_newpass'],'index.php');
}
if (isset($_POST['username']))
{
$uid = User::UserIdByNick(htmlspecialchars($_POST['username']));
if (User::UserInformation($uid,'email')!='')
{
$int_rand = rand(1, (strlen(PASSWD_HASH)-$forum_config['newpasswd_len']));
$newpass = substr(PASSWD_HASH, $int_rand, $forum_config['newpasswd_len']);
User::UpdatePassword($uid, md5($newpass));
SendForgotPassEmail($newpass);
message_forum($lng['pass_changed'],'index.php');
}
else
{
message_forum($lng['no_user'],$_SERVER['REQUEST_URI']);
}
}
$skin = array(
'user' => $lng['user'],
'lsave' => $lng['save'],
'pa_link'=>''
);
$skin = array_push_associative($skin, GenerateHeader($lng['lforgot_pass2'], '</a>&gt; <a href="'.$_SERVER['REQUEST_URI'].'" class="navigator">'.$lng['lforgot_pass2']));
include('./skins/'.$default_skin.'/overall_header.tpl');
include('./skins/'.$default_skin.'/newpass_body.tpl');
$stop = TimeGeneration();
$skin['queries'] = ShowQueries($start, $stop);
include('./skins/'.$default_skin.'/overall_footer.tpl');
break;
}
default:
{
$stop = TimeGeneration();
message_forum($lng['invalidmode'], 'index.php');
}
}
}
else
{
$stop = TimeGeneration();
message_forum($lng['invalidmode'], 'index.php');
}
?>