A lightweight forum engine written in PHP. Repository is now obsolete and read-only.
http://www.pioder.pl/uforum.html
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
189 lines
5.9 KiB
189 lines
5.9 KiB
<?php
|
|
/**
|
|
* @package uForum
|
|
* @file login.php
|
|
* @version $Id$
|
|
* @copyright 2009(c) PioDer <[email protected]>
|
|
* @link http://pioder.gim2przemysl.int.pl/
|
|
* @license GNU GPL v3
|
|
**/
|
|
define('IN_uF', true);
|
|
//include files
|
|
include('./config.php');
|
|
include('./includes/constants.php');
|
|
include('./includes/db.php');
|
|
include('./includes/errors.php');
|
|
//connect to database
|
|
DataBase::db_connect();
|
|
include('./includes/sessions.php');
|
|
include('./includes/classes/class_user.php');
|
|
include('./common.php');
|
|
include('./includes/emailer.php');
|
|
include('./includes/misc_functions.php');
|
|
$default_lang = DefaultLang();
|
|
include('./lngs/'.$default_lang.'/main.php');
|
|
include('./lngs/'.$default_lang.'/email.php');
|
|
include('./includes/classes/secure.php');
|
|
$start = TimeGeneration();
|
|
SessDelInvalid();
|
|
SessRegister();
|
|
SessDeleteOld();
|
|
foreach ($_POST as $name => $value)
|
|
{
|
|
if ($forum_config['use_censorlist'])
|
|
{
|
|
$_POST[$name] = Secure::UseCensorlist($value);
|
|
}
|
|
}
|
|
if (isset($_GET['mode']))
|
|
{
|
|
switch($_GET['mode'])
|
|
{
|
|
case 'logout':
|
|
{
|
|
if ($_SESSION['uid']==0)
|
|
{
|
|
header('Location: index.php');
|
|
}
|
|
$uid = $_SESSION['uid'];
|
|
$_SESSION['uid']=0;
|
|
$_SESSION['sessionid']='0';
|
|
SessDelete($uid);
|
|
$stop = TimeGeneration();
|
|
message_forum($lng['islogout'], 'index.php');
|
|
break;
|
|
}
|
|
case 'login':
|
|
{
|
|
$default_skin = ViewSkinName();
|
|
if ($_SESSION['uid']>0)
|
|
{
|
|
header('Location: index.php');
|
|
}
|
|
if (isset($_POST['user']))
|
|
{
|
|
$user = strip_tags(addslashes($_POST['user']));
|
|
$pass = md5(strip_tags($_POST['pass']));
|
|
$sql = "SELECT `u_id`, `nick`, `pass` FROM `".USERS_TABLE."` WHERE nick='$user'";
|
|
$query = DataBase::sql_query($sql,'GENERAL','Could not obtain user inforamtion');
|
|
$result = @mysql_fetch_array($query);
|
|
$nick = $result['nick'];
|
|
if ($result['nick']==$user)
|
|
{
|
|
if ($result['u_id']!='-1')
|
|
{
|
|
if($pass==$result['pass'])
|
|
{
|
|
$user_id = $result['u_id'];
|
|
$sql = "DELETE FROM `".SESSIONS_TABLE."` WHERE `u_id`='$user_id'";
|
|
DataBase::sql_query($sql,'GENERAL','Could not delete session.');
|
|
if (User::UserInformation($user_id,'active')==0)
|
|
{
|
|
SessDelete($_SESSION['uid']);
|
|
$_SESSION['uid']='0';
|
|
message_forum($lng['account_disabled'],'index.php');
|
|
}
|
|
$ssid = md5(time().'donothackthiscriptplease!');//session identifier
|
|
$_SESSION['uid']=$user_id;
|
|
$_SESSION['sessionid']=$ssid;
|
|
//session register
|
|
$sql = "INSERT INTO `".SESSIONS_TABLE."` VALUES ('', '".$_COOKIE[SESS_NAME]."','$user_id','".time()."')";//query
|
|
DataBase::sql_query($sql,'GENERAL','Could not add new session.');//run query
|
|
//next...
|
|
$sql = "UPDATE `".USERS_TABLE."` SET lastvisit='".time()."' WHERE u_id='$user_id'";//update lastvisit for user
|
|
DataBase::sql_query($sql,'GENERAL','Could not update user lastvisit');//run query
|
|
$msg = $lng['youareloggedas'].': <b>'.$nick.'</b>';// messaage "login as.."
|
|
$skin['pa_link']='';
|
|
$stop = TimeGeneration();//generate generation's time
|
|
message_forum($msg, 'index.php');//message and require to index.php
|
|
}
|
|
else
|
|
{
|
|
$msg = '<br><div align="center" style="width:100%"><span class="fsmall" style="color: red"><b>'.$lng['invalidpass'].'</b></span></div>';
|
|
}
|
|
}
|
|
else
|
|
{
|
|
message_forum('Access denied.','index.php');
|
|
}
|
|
}
|
|
else
|
|
{
|
|
$msg = '<br><div align="center" style="width:100%"><span class="fsmall" style="color: red"><b>'.$lng['invalidlogin'].'</b></span></div>';
|
|
}
|
|
}
|
|
else
|
|
{
|
|
$msg = '';
|
|
$_POST['user']='';
|
|
}
|
|
$skin = array(
|
|
'lforumname' => $lng['forumname'],
|
|
'user' => $lng['user'],
|
|
'lpass' => $lng['lpassw'],
|
|
'lforgotpass' => $lng['lforgot_pass'],
|
|
'llog_in'=> $lng['llog_in'],
|
|
'msg' => $msg
|
|
);
|
|
$skin = array_push_associative($skin, GenerateHeader($lng['llogin'],'</a>> <a href="login.php?mode=login" class="navigator">'.$lng['llogin']));
|
|
include('./skins/'.$default_skin.'/overall_header.tpl');
|
|
include('./skins/'.$default_skin.'/login_body.tpl');
|
|
$skin['pa_link']='';
|
|
$stop = TimeGeneration();
|
|
$skin['queries'] = ShowQueries($start, $stop);
|
|
include('./skins/'.$default_skin.'/overall_footer.tpl');
|
|
break;
|
|
}
|
|
case 'forgotpassword':
|
|
{
|
|
if ($_SESSION['uid']>0)
|
|
{
|
|
header('Location: index.php');
|
|
}
|
|
$default_skin = ViewSkinName();
|
|
if (!$forum_config['allow_send_email'])
|
|
{
|
|
message_forum($lng['no_send_newpass'],'index.php');
|
|
}
|
|
if (isset($_POST['username']))
|
|
{
|
|
$uid = User::UserIdByNick(htmlspecialchars($_POST['username']));
|
|
if (User::UserInformation($uid,'email')!='')
|
|
{
|
|
$int_rand = rand(1, (strlen(PASSWD_HASH)-$forum_config['newpasswd_len']));
|
|
$newpass = substr(PASSWD_HASH, $int_rand, $forum_config['newpasswd_len']);
|
|
User::UpdatePassword($uid, md5($newpass));
|
|
SendForgotPassEmail($newpass);
|
|
message_forum($lng['pass_changed'],'index.php');
|
|
}
|
|
else
|
|
{
|
|
message_forum($lng['no_user'],$_SERVER['REQUEST_URI']);
|
|
}
|
|
}
|
|
$skin = array(
|
|
'user' => $lng['user'],
|
|
'lsave' => $lng['save'],
|
|
'pa_link'=>''
|
|
);
|
|
$skin = array_push_associative($skin, GenerateHeader($lng['lforgot_pass2'], '</a>> <a href="'.$_SERVER['REQUEST_URI'].'" class="navigator">'.$lng['lforgot_pass2']));
|
|
include('./skins/'.$default_skin.'/overall_header.tpl');
|
|
include('./skins/'.$default_skin.'/newpass_body.tpl');
|
|
$stop = TimeGeneration();
|
|
$skin['queries'] = ShowQueries($start, $stop);
|
|
include('./skins/'.$default_skin.'/overall_footer.tpl');
|
|
break;
|
|
}
|
|
default:
|
|
{
|
|
$stop = TimeGeneration();
|
|
message_forum($lng['invalidmode'], 'index.php');
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
$stop = TimeGeneration();
|
|
message_forum($lng['invalidmode'], 'index.php');
|
|
}
|
|
?>
|