24 |
24 |
25 |
25 |
26 if (isset($_GET['action'])) |
26 if (isset($_GET['action'])) |
27 define('PUN_QUIET_VISIT', 1); |
27 define('PUN_QUIET_VISIT', 1); |
28 |
28 |
29 define('PUN_ROOT', './'); |
29 //define('PUN_ROOT', './'); |
30 require PUN_ROOT.'include/common.php'; |
30 //require PUN_ROOT.'include/common.php'; |
|
31 |
|
32 global $pun_db, $pun_user, $pun_config, $lang_common; |
|
33 |
31 |
34 |
32 |
35 |
33 // Load the login.php language file |
36 // Load the login.php language file |
34 require PUN_ROOT.'lang/'.$pun_user['language'].'/login.php'; |
37 require PUN_ROOT.'lang/'.$pun_user['language'].'/login.php'; |
35 |
38 |
38 if (isset($_POST['form_sent']) && $action == 'in') |
41 if (isset($_POST['form_sent']) && $action == 'in') |
39 { |
42 { |
40 $form_username = trim($_POST['req_username']); |
43 $form_username = trim($_POST['req_username']); |
41 $form_password = trim($_POST['req_password']); |
44 $form_password = trim($_POST['req_password']); |
42 |
45 |
43 $username_sql = ($db_type == 'mysql' || $db_type == 'mysqli') ? 'username=\''.$db->escape($form_username).'\'' : 'LOWER(username)=LOWER(\''.$db->escape($form_username).'\')'; |
46 $username_sql = ($db_type == 'mysql' || $db_type == 'mysqli') ? 'username=\''.$pun_db->escape($form_username).'\'' : 'LOWER(username)=LOWER(\''.$pun_db->escape($form_username).'\')'; |
44 |
47 |
45 $result = $db->query('SELECT id, group_id, password, save_pass FROM '.$db->prefix.'users WHERE '.$username_sql) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); |
48 $result = $pun_db->query('SELECT id, group_id, password, save_pass FROM '.$pun_db->prefix.'users WHERE '.$username_sql) or error('Unable to fetch user info', __FILE__, __LINE__, $pun_db->error()); |
46 list($user_id, $group_id, $db_password_hash, $save_pass) = $db->fetch_row($result); |
49 list($user_id, $group_id, $db_password_hash, $save_pass) = $pun_db->fetch_row($result); |
47 |
50 |
48 $authorized = false; |
51 $authorized = false; |
49 |
52 |
50 if (!empty($db_password_hash)) |
53 if (!empty($db_password_hash)) |
51 { |
54 { |
59 else if (!$sha1_in_db && $db_password_hash == md5($form_password)) |
62 else if (!$sha1_in_db && $db_password_hash == md5($form_password)) |
60 { |
63 { |
61 $authorized = true; |
64 $authorized = true; |
62 |
65 |
63 if ($sha1_available) // There's an MD5 hash in the database, but SHA1 hashing is available, so we update the DB |
66 if ($sha1_available) // There's an MD5 hash in the database, but SHA1 hashing is available, so we update the DB |
64 $db->query('UPDATE '.$db->prefix.'users SET password=\''.$form_password_hash.'\' WHERE id='.$user_id) or error('Unable to update user password', __FILE__, __LINE__, $db->error()); |
67 $pun_db->query('UPDATE '.$pun_db->prefix.'users SET password=\''.$form_password_hash.'\' WHERE id='.$user_id) or error('Unable to update user password', __FILE__, __LINE__, $pun_db->error()); |
65 } |
68 } |
66 } |
69 } |
67 |
70 |
68 if (!$authorized) |
71 if (!$authorized) |
69 message($lang_login['Wrong user/pass'].' <a href="login.php?action=forget">'.$lang_login['Forgotten pass'].'</a>'); |
72 message($lang_login['Wrong user/pass'].' <a href="login.php?action=forget">'.$lang_login['Forgotten pass'].'</a>'); |
70 |
73 |
71 // Update the status if this is the first time the user logged in |
74 // Update the status if this is the first time the user logged in |
72 if ($group_id == PUN_UNVERIFIED) |
75 if ($group_id == PUN_UNVERIFIED) |
73 $db->query('UPDATE '.$db->prefix.'users SET group_id='.$pun_config['o_default_user_group'].' WHERE id='.$user_id) or error('Unable to update user status', __FILE__, __LINE__, $db->error()); |
76 $pun_db->query('UPDATE '.$pun_db->prefix.'users SET group_id='.$pun_config['o_default_user_group'].' WHERE id='.$user_id) or error('Unable to update user status', __FILE__, __LINE__, $pun_db->error()); |
74 |
77 |
75 // Remove this users guest entry from the online list |
78 // Remove this users guest entry from the online list |
76 $db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape(get_remote_address()).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error()); |
79 $pun_db->query('DELETE FROM '.$pun_db->prefix.'online WHERE ident=\''.$pun_db->escape(get_remote_address()).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $pun_db->error()); |
77 |
80 |
78 $expire = ($save_pass == '1') ? time() + 31536000 : 0; |
81 $expire = ($save_pass == '1') ? time() + 31536000 : 0; |
79 pun_setcookie($user_id, $form_password_hash, $expire); |
82 pun_setcookie($user_id, $form_password_hash, $expire); |
80 |
83 |
81 redirect(htmlspecialchars($_POST['redirect_url']), $lang_login['Login redirect']); |
84 pun_redirect(htmlspecialchars($_POST['redirect_url']), $lang_login['Login redirect']); |
82 } |
85 } |
83 |
86 |
84 |
87 |
85 else if ($action == 'out') |
88 else if ($action == 'out') |
86 { |
89 { |
89 header('Location: index.php'); |
92 header('Location: index.php'); |
90 exit; |
93 exit; |
91 } |
94 } |
92 |
95 |
93 // Remove user from "users online" list. |
96 // Remove user from "users online" list. |
94 $db->query('DELETE FROM '.$db->prefix.'online WHERE user_id='.$pun_user['id']) or error('Unable to delete from online list', __FILE__, __LINE__, $db->error()); |
97 $pun_db->query('DELETE FROM '.$pun_db->prefix.'online WHERE user_id='.$pun_user['id']) or error('Unable to delete from online list', __FILE__, __LINE__, $pun_db->error()); |
95 |
98 |
96 // Update last_visit (make sure there's something to update it with) |
99 // Update last_visit (make sure there's something to update it with) |
97 if (isset($pun_user['logged'])) |
100 if (isset($pun_user['logged'])) |
98 $db->query('UPDATE '.$db->prefix.'users SET last_visit='.$pun_user['logged'].' WHERE id='.$pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error()); |
101 $pun_db->query('UPDATE '.$pun_db->prefix.'users SET last_visit='.$pun_user['logged'].' WHERE id='.$pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $pun_db->error()); |
99 |
102 |
100 pun_setcookie(1, random_pass(8), time() + 31536000); |
103 pun_setcookie(1, random_pass(8), time() + 31536000); |
101 |
104 |
102 redirect('index.php', $lang_login['Logout redirect']); |
105 pun_redirect('index.php', $lang_login['Logout redirect']); |
103 } |
106 } |
104 |
107 |
105 |
108 |
106 else if ($action == 'forget' || $action == 'forget_2') |
109 else if ($action == 'forget' || $action == 'forget_2') |
107 { |
110 { |
115 // Validate the email-address |
118 // Validate the email-address |
116 $email = strtolower(trim($_POST['req_email'])); |
119 $email = strtolower(trim($_POST['req_email'])); |
117 if (!is_valid_email($email)) |
120 if (!is_valid_email($email)) |
118 message($lang_common['Invalid e-mail']); |
121 message($lang_common['Invalid e-mail']); |
119 |
122 |
120 $result = $db->query('SELECT id, username FROM '.$db->prefix.'users WHERE email=\''.$db->escape($email).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); |
123 $result = $pun_db->query('SELECT id, username FROM '.$pun_db->prefix.'users WHERE email=\''.$pun_db->escape($email).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $pun_db->error()); |
121 |
124 |
122 if ($db->num_rows($result)) |
125 if ($pun_db->num_rows($result)) |
123 { |
126 { |
124 // Load the "activate password" template |
127 // Load the "activate password" template |
125 $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/activate_password.tpl')); |
128 $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/activate_password.tpl')); |
126 |
129 |
127 // The first row contains the subject |
130 // The first row contains the subject |
132 // Do the generic replacements first (they apply to all e-mails sent out here) |
135 // Do the generic replacements first (they apply to all e-mails sent out here) |
133 $mail_message = str_replace('<base_url>', $pun_config['o_base_url'].'/', $mail_message); |
136 $mail_message = str_replace('<base_url>', $pun_config['o_base_url'].'/', $mail_message); |
134 $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message); |
137 $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message); |
135 |
138 |
136 // Loop through users we found |
139 // Loop through users we found |
137 while ($cur_hit = $db->fetch_assoc($result)) |
140 while ($cur_hit = $pun_db->fetch_assoc($result)) |
138 { |
141 { |
139 // Generate a new password and a new password activation code |
142 // Generate a new password and a new password activation code |
140 $new_password = random_pass(8); |
143 $new_password = random_pass(8); |
141 $new_password_key = random_pass(8); |
144 $new_password_key = random_pass(8); |
142 |
145 |
143 $db->query('UPDATE '.$db->prefix.'users SET activate_string=\''.pun_hash($new_password).'\', activate_key=\''.$new_password_key.'\' WHERE id='.$cur_hit['id']) or error('Unable to update activation data', __FILE__, __LINE__, $db->error()); |
146 $pun_db->query('UPDATE '.$pun_db->prefix.'users SET activate_string=\''.pun_hash($new_password).'\', activate_key=\''.$new_password_key.'\' WHERE id='.$cur_hit['id']) or error('Unable to update activation data', __FILE__, __LINE__, $pun_db->error()); |
144 |
147 |
145 // Do the user specific replacements to the template |
148 // Do the user specific replacements to the template |
146 $cur_mail_message = str_replace('<username>', $cur_hit['username'], $mail_message); |
149 $cur_mail_message = str_replace('<username>', $cur_hit['username'], $mail_message); |
147 $cur_mail_message = str_replace('<activation_url>', $pun_config['o_base_url'].'/profile.php?id='.$cur_hit['id'].'&action=change_pass&key='.$new_password_key, $cur_mail_message); |
150 $cur_mail_message = str_replace('<activation_url>', $pun_config['o_base_url'].'/profile.php?id='.$cur_hit['id'].'&action=change_pass&key='.$new_password_key, $cur_mail_message); |
148 $cur_mail_message = str_replace('<new_password>', $new_password, $cur_mail_message); |
151 $cur_mail_message = str_replace('<new_password>', $new_password, $cur_mail_message); |