includes/sessions.php
changeset 170 4c5c2b66a34d
parent 155 edbff85d43e8
child 177 b4aaca42c8a4
equal deleted inserted replaced
169:250aeb408ed7 170:4c5c2b66a34d
   583     
   583     
   584     // Select the user data from the table, and decrypt that so we can verify the password
   584     // Select the user data from the table, and decrypt that so we can verify the password
   585     $this->sql('SELECT password,old_encryption,user_id,user_level,theme,style,temp_password,temp_password_time FROM '.table_prefix.'users WHERE lcase(username)=\''.$db_username_lower.'\' OR username=\'' . $db_username . '\';');
   585     $this->sql('SELECT password,old_encryption,user_id,user_level,theme,style,temp_password,temp_password_time FROM '.table_prefix.'users WHERE lcase(username)=\''.$db_username_lower.'\' OR username=\'' . $db_username . '\';');
   586     if($db->numrows() < 1)
   586     if($db->numrows() < 1)
   587     {
   587     {
   588       return "The username and/or password is incorrect.\n$db->latest_query";
   588       return "The username and/or password is incorrect.";
   589       // This wasn't logged in <1.0.2, dunno how it slipped through
   589       // This wasn't logged in <1.0.2, dunno how it slipped through
   590       if($level > USER_LEVEL_MEMBER)
   590       if($level > USER_LEVEL_MEMBER)
   591         $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
   591         $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
   592       else
   592       else
   593         $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
   593         $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');