Mercurial Mercurial > repos > punbb / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
punbb/login.php
changeset 2 a8a21e1c7afa
parent 0 f9ffdbd96607
equal deleted inserted replaced
1:8f6143115bf5 2:a8a21e1c7afa 
    24 
    24 
    25 
    25 
    26 if (isset($_GET['action']))
 
    26 if (isset($_GET['action']))
 
    27 	define('PUN_QUIET_VISIT', 1);
 
    27 	define('PUN_QUIET_VISIT', 1);
 
    28 
    28 
    29 define('PUN_ROOT', './');
 
    29 //define('PUN_ROOT', './');
 
    30 require PUN_ROOT.'include/common.php';
 
    30 //require PUN_ROOT.'include/common.php';
 
       
    31 
       
    32 global $pun_db, $pun_user, $pun_config, $lang_common;
 
       
    33 
    31 
    34 
    32 
    35 
    33 // Load the login.php language file
 
    36 // Load the login.php language file
 
    34 require PUN_ROOT.'lang/'.$pun_user['language'].'/login.php';
 
    37 require PUN_ROOT.'lang/'.$pun_user['language'].'/login.php';
 
    35 
    38 
    38 if (isset($_POST['form_sent']) && $action == 'in')
 
    41 if (isset($_POST['form_sent']) && $action == 'in')
 
    39 {
 
    42 {
 
    40 	$form_username = trim($_POST['req_username']);
 
    43 	$form_username = trim($_POST['req_username']);
 
    41 	$form_password = trim($_POST['req_password']);
 
    44 	$form_password = trim($_POST['req_password']);
 
    42 
    45 
    43 	$username_sql = ($db_type == 'mysql' || $db_type == 'mysqli') ? 'username=\''.$db->escape($form_username).'\'' : 'LOWER(username)=LOWER(\''.$db->escape($form_username).'\')';
 
    46 	$username_sql = ($db_type == 'mysql' || $db_type == 'mysqli') ? 'username=\''.$pun_db->escape($form_username).'\'' : 'LOWER(username)=LOWER(\''.$pun_db->escape($form_username).'\')';
 
    44 
    47 
    45 	$result = $db->query('SELECT id, group_id, password, save_pass FROM '.$db->prefix.'users WHERE '.$username_sql) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
 
    48 	$result = $pun_db->query('SELECT id, group_id, password, save_pass FROM '.$pun_db->prefix.'users WHERE '.$username_sql) or error('Unable to fetch user info', __FILE__, __LINE__, $pun_db->error());
 
    46 	list($user_id, $group_id, $db_password_hash, $save_pass) = $db->fetch_row($result);
 
    49 	list($user_id, $group_id, $db_password_hash, $save_pass) = $pun_db->fetch_row($result);
 
    47 
    50 
    48 	$authorized = false;
 
    51 	$authorized = false;
 
    49 
    52 
    50 	if (!empty($db_password_hash))
 
    53 	if (!empty($db_password_hash))
 
    51 	{
 
    54 	{
 
    59 		else if (!$sha1_in_db && $db_password_hash == md5($form_password))
 
    62 		else if (!$sha1_in_db && $db_password_hash == md5($form_password))
 
    60 		{
 
    63 		{
 
    61 			$authorized = true;
 
    64 			$authorized = true;
 
    62 
    65 
    63 			if ($sha1_available)	// There's an MD5 hash in the database, but SHA1 hashing is available, so we update the DB
 
    66 			if ($sha1_available)	// There's an MD5 hash in the database, but SHA1 hashing is available, so we update the DB
 
    64 				$db->query('UPDATE '.$db->prefix.'users SET password=\''.$form_password_hash.'\' WHERE id='.$user_id) or error('Unable to update user password', __FILE__, __LINE__, $db->error());
 
    67 				$pun_db->query('UPDATE '.$pun_db->prefix.'users SET password=\''.$form_password_hash.'\' WHERE id='.$user_id) or error('Unable to update user password', __FILE__, __LINE__, $pun_db->error());
 
    65 		}
 
    68 		}
 
    66 	}
 
    69 	}
 
    67 
    70 
    68 	if (!$authorized)
 
    71 	if (!$authorized)
 
    69 		message($lang_login['Wrong user/pass'].' <a href="login.php?action=forget">'.$lang_login['Forgotten pass'].'</a>');
 
    72 		message($lang_login['Wrong user/pass'].' <a href="login.php?action=forget">'.$lang_login['Forgotten pass'].'</a>');
 
    70 
    73 
    71 	// Update the status if this is the first time the user logged in
 
    74 	// Update the status if this is the first time the user logged in
 
    72 	if ($group_id == PUN_UNVERIFIED)
 
    75 	if ($group_id == PUN_UNVERIFIED)
 
    73 		$db->query('UPDATE '.$db->prefix.'users SET group_id='.$pun_config['o_default_user_group'].' WHERE id='.$user_id) or error('Unable to update user status', __FILE__, __LINE__, $db->error());
 
    76 		$pun_db->query('UPDATE '.$pun_db->prefix.'users SET group_id='.$pun_config['o_default_user_group'].' WHERE id='.$user_id) or error('Unable to update user status', __FILE__, __LINE__, $pun_db->error());
 
    74 
    77 
    75 	// Remove this users guest entry from the online list
 
    78 	// Remove this users guest entry from the online list
 
    76 	$db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape(get_remote_address()).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
 
    79 	$pun_db->query('DELETE FROM '.$pun_db->prefix.'online WHERE ident=\''.$pun_db->escape(get_remote_address()).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $pun_db->error());
 
    77 
    80 
    78 	$expire = ($save_pass == '1') ? time() + 31536000 : 0;
 
    81 	$expire = ($save_pass == '1') ? time() + 31536000 : 0;
 
    79 	pun_setcookie($user_id, $form_password_hash, $expire);
 
    82 	pun_setcookie($user_id, $form_password_hash, $expire);
 
    80 
    83 
    81 	redirect(htmlspecialchars($_POST['redirect_url']), $lang_login['Login redirect']);
 
    84 	pun_redirect(htmlspecialchars($_POST['redirect_url']), $lang_login['Login redirect']);
 
    82 }
 
    85 }
 
    83 
    86 
    84 
    87 
    85 else if ($action == 'out')
 
    88 else if ($action == 'out')
 
    86 {
 
    89 {
 
    89 		header('Location: index.php');
 
    92 		header('Location: index.php');
 
    90 		exit;
 
    93 		exit;
 
    91 	}
 
    94 	}
 
    92 
    95 
    93 	// Remove user from "users online" list.
 
    96 	// Remove user from "users online" list.
 
    94 	$db->query('DELETE FROM '.$db->prefix.'online WHERE user_id='.$pun_user['id']) or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
 
    97 	$pun_db->query('DELETE FROM '.$pun_db->prefix.'online WHERE user_id='.$pun_user['id']) or error('Unable to delete from online list', __FILE__, __LINE__, $pun_db->error());
 
    95 
    98 
    96 	// Update last_visit (make sure there's something to update it with)
 
    99 	// Update last_visit (make sure there's something to update it with)
 
    97 	if (isset($pun_user['logged']))
 
   100 	if (isset($pun_user['logged']))
 
    98 		$db->query('UPDATE '.$db->prefix.'users SET last_visit='.$pun_user['logged'].' WHERE id='.$pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
 
   101 		$pun_db->query('UPDATE '.$pun_db->prefix.'users SET last_visit='.$pun_user['logged'].' WHERE id='.$pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $pun_db->error());
 
    99 
   102 
   100 	pun_setcookie(1, random_pass(8), time() + 31536000);
 
   103 	pun_setcookie(1, random_pass(8), time() + 31536000);
 
   101 
   104 
   102 	redirect('index.php', $lang_login['Logout redirect']);
 
   105 	pun_redirect('index.php', $lang_login['Logout redirect']);
 
   103 }
 
   106 }
 
   104 
   107 
   105 
   108 
   106 else if ($action == 'forget' || $action == 'forget_2')
 
   109 else if ($action == 'forget' || $action == 'forget_2')
 
   107 {
 
   110 {
 
   115 		// Validate the email-address
 
   118 		// Validate the email-address
 
   116 		$email = strtolower(trim($_POST['req_email']));
 
   119 		$email = strtolower(trim($_POST['req_email']));
 
   117 		if (!is_valid_email($email))
 
   120 		if (!is_valid_email($email))
 
   118 			message($lang_common['Invalid e-mail']);
 
   121 			message($lang_common['Invalid e-mail']);
 
   119 
   122 
   120 		$result = $db->query('SELECT id, username FROM '.$db->prefix.'users WHERE email=\''.$db->escape($email).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
 
   123 		$result = $pun_db->query('SELECT id, username FROM '.$pun_db->prefix.'users WHERE email=\''.$pun_db->escape($email).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $pun_db->error());
 
   121 
   124 
   122 		if ($db->num_rows($result))
 
   125 		if ($pun_db->num_rows($result))
 
   123 		{
 
   126 		{
 
   124 			// Load the "activate password" template
 
   127 			// Load the "activate password" template
 
   125 			$mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/activate_password.tpl'));
 
   128 			$mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/activate_password.tpl'));
 
   126 
   129 
   127 			// The first row contains the subject
 
   130 			// The first row contains the subject
 
   132 			// Do the generic replacements first (they apply to all e-mails sent out here)
 
   135 			// Do the generic replacements first (they apply to all e-mails sent out here)
 
   133 			$mail_message = str_replace('<base_url>', $pun_config['o_base_url'].'/', $mail_message);
 
   136 			$mail_message = str_replace('<base_url>', $pun_config['o_base_url'].'/', $mail_message);
 
   134 			$mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message);
 
   137 			$mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message);
 
   135 
   138 
   136 			// Loop through users we found
 
   139 			// Loop through users we found
 
   137 			while ($cur_hit = $db->fetch_assoc($result))
 
   140 			while ($cur_hit = $pun_db->fetch_assoc($result))
 
   138 			{
 
   141 			{
 
   139 				// Generate a new password and a new password activation code
 
   142 				// Generate a new password and a new password activation code
 
   140 				$new_password = random_pass(8);
 
   143 				$new_password = random_pass(8);
 
   141 				$new_password_key = random_pass(8);
 
   144 				$new_password_key = random_pass(8);
 
   142 
   145 
   143 				$db->query('UPDATE '.$db->prefix.'users SET activate_string=\''.pun_hash($new_password).'\', activate_key=\''.$new_password_key.'\' WHERE id='.$cur_hit['id']) or error('Unable to update activation data', __FILE__, __LINE__, $db->error());
 
   146 				$pun_db->query('UPDATE '.$pun_db->prefix.'users SET activate_string=\''.pun_hash($new_password).'\', activate_key=\''.$new_password_key.'\' WHERE id='.$cur_hit['id']) or error('Unable to update activation data', __FILE__, __LINE__, $pun_db->error());
 
   144 
   147 
   145 				// Do the user specific replacements to the template
 
   148 				// Do the user specific replacements to the template
 
   146 				$cur_mail_message = str_replace('<username>', $cur_hit['username'], $mail_message);
 
   149 				$cur_mail_message = str_replace('<username>', $cur_hit['username'], $mail_message);
 
   147 				$cur_mail_message = str_replace('<activation_url>', $pun_config['o_base_url'].'/profile.php?id='.$cur_hit['id'].'&action=change_pass&key='.$new_password_key, $cur_mail_message);
 
   150 				$cur_mail_message = str_replace('<activation_url>', $pun_config['o_base_url'].'/profile.php?id='.$cur_hit['id'].'&action=change_pass&key='.$new_password_key, $cur_mail_message);
 
   148 				$cur_mail_message = str_replace('<new_password>', $new_password, $cur_mail_message);
 
   151 				$cur_mail_message = str_replace('<new_password>', $new_password, $cur_mail_message);
PunBB for Enano