diff -r 5e1f1e916419 -r 98bbc533541c punbb/login.php
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/punbb/login.php	Sun Apr 06 00:28:50 2008 -0400
@@ -0,0 +1,394 @@
+<?php
+/***********************************************************************
+
+  Copyright (C) 2002-2008  PunBB.org
+
+  This file is part of PunBB.
+
+  PunBB is free software; you can redistribute it and/or modify it
+  under the terms of the GNU General Public License as published
+  by the Free Software Foundation; either version 2 of the License,
+  or (at your option) any later version.
+
+  PunBB is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston,
+  MA  02111-1307  USA
+
+************************************************************************/
+
+
+if (isset($_GET['action']))
+	define('PUN_QUIET_VISIT', 1);
+
+// if (!defined('PUN_ROOT'))
+// 	define('PUN_ROOT', './');
+// require PUN_ROOT.'include/common.php';
+
+// import globals (I really hope this isn't dangerous)
+foreach ( $GLOBALS as $key => $_ )
+{
+  $$key =& $GLOBALS[$key];
+}
+
+($hook = get_hook('li_start')) ? eval($hook) : null;
+
+// Load the login.php language file
+require PUN_ROOT.'lang/'.$pun_user['language'].'/login.php';
+
+
+$action = isset($_GET['action']) ? $_GET['action'] : null;
+
+
+// Login
+if (isset($_POST['form_sent']) && $action == 'in')
+{
+	$form_username = trim($_POST['req_username']);
+	$form_password = trim($_POST['req_password']);
+
+	($hook = get_hook('li_login_form_submitted')) ? eval($hook) : null;
+
+	// Get user info matching login attempt
+	$query = array(
+		'SELECT'	=> 'u.id, u.group_id, u.password, u.save_pass, u.salt',
+		'FROM'		=> 'users AS u'
+	);
+
+	if ($db_type == 'mysql' || $db_type == 'mysqli')
+		$query['WHERE'] = 'username=\''.$pun_db->escape($form_username).'\'';
+	else
+		$query['WHERE'] = 'LOWER(username)=LOWER(\''.$pun_db->escape($form_username).'\')';
+
+	($hook = get_hook('li_qr_get_login_data')) ? eval($hook) : null;
+	$result = $pun_db->query_build($query) or error(__FILE__, __LINE__);
+	list($user_id, $group_id, $db_password_hash, $save_pass, $salt) = $pun_db->fetch_row($result);
+
+	$authorized = false;
+	if (!empty($db_password_hash))
+	{
+		$sha1_in_db = (strlen($db_password_hash) == 40) ? true : false;
+		$form_password_hash = sha1($salt.sha1($form_password));
+
+		if ($sha1_in_db && $db_password_hash == $form_password_hash)
+			$authorized = true;
+		else if ((!$sha1_in_db && $db_password_hash == md5($form_password)) || ($sha1_in_db && $db_password_hash == sha1($form_password)))
+		{
+			$authorized = true;
+
+			$salt = random_key(12);
+			$form_password_hash = sha1($salt.sha1($form_password));
+
+			// There's an old MD5 hash or an unsalted SHA1 hash in the database, so we replace it
+			// with a randomly generated salt and a new, salted SHA1 hash
+			$query = array(
+				'UPDATE'	=> 'users',
+				'SET'		=> 'password=\''.$form_password_hash.'\', salt=\''.$pun_db->escape($salt).'\'',
+				'WHERE'		=> 'id='.$user_id
+			);
+
+			($hook = get_hook('li_qr_update_user_hash')) ? eval($hook) : null;
+			$pun_db->query_build($query) or error(__FILE__, __LINE__);
+		}
+	}
+
+	($hook = get_hook('li_login_pre_auth_message')) ? eval($hook) : null;
+
+	if (!$authorized)
+		message($lang_login['Wrong user/pass'], sprintf($lang_login['Forgotten password'], '<a href="'.pun_link($pun_url['request_password']).'">'.$lang_login['Request pass'].'</a>'));
+
+	// Update the status if this is the first time the user logged in
+	if ($group_id == PUN_UNVERIFIED)
+	{
+		$query = array(
+			'UPDATE'	=> 'users',
+			'SET'		=> 'group_id='.$pun_config['o_default_user_group'],
+			'WHERE'		=> 'id='.$user_id
+		);
+
+		($hook = get_hook('li_qr_update_user_group')) ? eval($hook) : null;
+		$pun_db->query_build($query) or error(__FILE__, __LINE__);
+	}
+
+	// Remove this user's guest entry from the online list
+	$query = array(
+		'DELETE'	=> 'online',
+		'WHERE'		=> 'ident=\''.$pun_db->escape(get_remote_address()).'\''
+	);
+
+	($hook = get_hook('li_qr_delete_online_user')) ? eval($hook) : null;
+	$pun_db->query_build($query) or error(__FILE__, __LINE__);
+
+	$expire = ($save_pass == '1') ? time() + 31536000 : 0;
+	pun_setcookie($cookie_name, base64_encode($user_id.'|'.$form_password_hash), $expire);
+
+	pun_redirect(htmlspecialchars($_POST['redirect_url']).((substr_count($_POST['redirect_url'], '?') == 1) ? '&amp;' : '?').'login=1', $lang_login['Login redirect']);
+}
+
+
+// Logout
+else if ($action == 'out')
+{
+	if ($pun_user['is_guest'] || !isset($_GET['id']) || $_GET['id'] != $pun_user['id'])
+	{
+		header('Location: '.pun_link($pun_url['index']));
+		exit;
+	}
+
+	// We validate the CSRF token. If it's set in POST and we're at this point, the token is valid.
+	// If it's in GET, we need to make sure it's valid.
+	if (!isset($_POST['csrf_token']) && (!isset($_GET['csrf_token']) || $_GET['csrf_token'] !== generate_form_token('logout'.$pun_user['id'])))
+		csrf_confirm_form();
+
+	($hook = get_hook('li_logout_selected')) ? eval($hook) : null;
+
+	// Remove user from "users online" list.
+	$query = array(
+		'DELETE'	=> 'online',
+		'WHERE'		=> 'user_id='.$pun_user['id']
+	);
+
+	($hook = get_hook('li_qr_delete_online_user2')) ? eval($hook) : null;
+	$pun_db->query_build($query) or error(__FILE__, __LINE__);
+
+	// Update last_visit (make sure there's something to update it with)
+	if (isset($pun_user['logged']))
+	{
+		$query = array(
+			'UPDATE'	=> 'users',
+			'SET'		=> 'last_visit='.$pun_user['logged'],
+			'WHERE'		=> 'id='.$pun_user['id']
+		);
+
+		($hook = get_hook('li_qr_update_last_visit')) ? eval($hook) : null;
+		$pun_db->query_build($query) or error(__FILE__, __LINE__);
+	}
+
+	pun_setcookie($cookie_name, base64_encode('1|'.random_key(8, true)), time() + 31536000);
+
+	// Reset tracked topics
+	set_tracked_topics(null);
+
+	($hook = get_hook('li_logout_pre_redirect')) ? eval($hook) : null;
+
+	pun_redirect(pun_link($pun_url['index']), $lang_login['Logout redirect']);
+}
+
+
+// New password
+else if ($action == 'forget' || $action == 'forget_2')
+{
+	if (!$pun_user['is_guest'])
+		header('Location: '.pun_link($pun_url['index']));
+
+	($hook = get_hook('li_forgot_pass_selected')) ? eval($hook) : null;
+
+	if (isset($_POST['form_sent']))
+	{
+		require PUN_ROOT.'include/email.php';
+
+		// Validate the email-address
+		$email = strtolower(trim($_POST['req_email']));
+		if (!is_valid_email($email))
+			message($lang_common['Invalid e-mail']);
+
+		// Fetch user matching $email
+		$query = array(
+			'SELECT'	=> 'u.id, u.username, u.salt',
+			'FROM'		=> 'users AS u',
+			'WHERE'		=> 'u.email=\''.$pun_db->escape($email).'\''
+		);
+
+		($hook = get_hook('li_qr_get_user_data')) ? eval($hook) : null;
+		$result = $pun_db->query_build($query) or error(__FILE__, __LINE__);
+		if ($pun_db->num_rows($result))
+		{
+			($hook = get_hook('li_forgot_pass_pre_email')) ? eval($hook) : null;
+
+			// Load the "activate password" template
+			$mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/activate_password.tpl'));
+
+			// The first row contains the subject
+			$first_crlf = strpos($mail_tpl, "\n");
+			$mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8));
+			$mail_message = trim(substr($mail_tpl, $first_crlf));
+
+			// Do the generic replacements first (they apply to all e-mails sent out here)
+			$mail_message = str_replace('<base_url>', $base_url.'/', $mail_message);
+			$mail_message = str_replace('<board_mailer>', sprintf($lang_common['Forum mailer'], $pun_config['o_board_title']), $mail_message);
+
+			// Loop through users we found
+			while ($cur_hit = $pun_db->fetch_assoc($result))
+			{
+				// Generate a new password activation key
+				$new_password_key = random_key(8, true);
+
+				$query = array(
+					'UPDATE'	=> 'users',
+					'SET'		=> 'activate_key=\''.$new_password_key.'\'',
+					'WHERE'		=> 'id='.$cur_hit['id']
+				);
+
+				($hook = get_hook('li_qr_set_activate_key')) ? eval($hook) : null;
+				$pun_db->query_build($query) or error(__FILE__, __LINE__);
+
+				// Do the user specific replacements to the template
+				$cur_mail_message = str_replace('<username>', $cur_hit['username'], $mail_message);
+				$cur_mail_message = str_replace('<activation_url>', str_replace('&amp;', '&', pun_link($pun_url['change_password_key'], array($cur_hit['id'], $new_password_key))), $cur_mail_message);
+
+				pun_mail($email, $mail_subject, $cur_mail_message);
+			}
+
+			message(sprintf($lang_login['Forget mail'], '<a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>'));
+		}
+		else
+			message(sprintf($lang_login['No e-mail match'], htmlspecialchars($email)));
+	}
+
+	// Setup form
+	$pun_page['set_count'] = $pun_page['fld_count'] = 0;
+	$pun_page['form_action'] = $base_url.'/login.php?action=forget_2';
+
+	// Setup breadcrumbs
+	$pun_page['crumbs'] = array(
+		array($pun_config['o_board_title'], pun_link($pun_url['index'])),
+		$lang_login['New password request']
+	);
+
+	($hook = get_hook('li_forgot_pass_pre_header_load')) ? eval($hook) : null;
+
+	define ('PUN_PAGE', 'dialogue');
+	require PUN_ROOT.'header.php';
+
+?>
+<div id="pun-main" class="main">
+
+	<h1><span><?php echo end($pun_page['crumbs']) ?></span></h1>
+
+	<div class="main-head">
+		<h2><span><?php echo $lang_login['New password head'] ?></span></h2>
+	</div>
+
+	<div class="main-content frm">
+		<div class="frm-info">
+			<p class="important"><?php echo $lang_login['New password info'] ?></p>
+		</div>
+		<div id="req-msg" class="frm-warn">
+			<p class="important"><?php printf($lang_common['Required warn'], '<em class="req-text">'.$lang_common['Required'].'</em>') ?></p>
+		</div>
+		<form id="afocus" class="frm-form" method="post" accept-charset="utf-8" action="<?php echo $pun_page['form_action'] ?>">
+			<div class="hidden">
+				<input type="hidden" name="form_sent" value="1" />
+			</div>
+<?php ($hook = get_hook('li_forgot_pass_pre_fieldset')) ? eval($hook) : null; ?>
+			<fieldset class="frm-set set<?php echo ++$pun_page['set_count'] ?>">
+				<legend class="frm-legend"><strong><?php echo $lang_common['Required information'] ?></strong></legend>
+				<div class="frm-fld text required">
+					<label for="fld<?php echo ++$pun_page['fld_count'] ?>">
+						<span class="fld-label"><?php echo $lang_login['E-mail address'] ?></span><br />
+						<span class="fld-input"><input id="fld<?php echo $pun_page['fld_count'] ?>" type="text" name="req_email" size="35" maxlength="80" /></span><br />
+						<em class="req-text"><?php echo $lang_common['Required'] ?></em>
+						<span class="fld-help"><?php echo $lang_login['E-mail address help'] ?></span>
+					</label>
+				</div>
+			</fieldset>
+<?php ($hook = get_hook('li_forgot_pass_post_fieldset')) ? eval($hook) : null; ?>
+			<div class="frm-buttons">
+				<span class="submit"><input type="submit" name="request_pass" value="<?php echo $lang_common['Submit'] ?>" /></span>
+				<span class="cancel"><input type="submit" name="cancel" value="<?php echo $lang_common['Cancel'] ?>" /></span>
+			</div>
+		</form>
+	</div>
+
+</div>
+<?php
+
+	require PUN_ROOT.'footer.php';
+}
+
+if (!$pun_user['is_guest'])
+	header('Location: '.pun_link($pun_url['index']));
+
+// Setup form
+$pun_page['set_count'] = $pun_page['fld_count'] = 0;
+$pun_page['form_action'] = $base_url.'/login.php?action=in';
+
+$pun_page['hidden_fields'] = array(
+	'<input type="hidden" name="form_sent" value="1" />',
+	'<input type="hidden" name="redirect_url" value="'.htmlspecialchars($pun_user['prev_url']).'" />'
+);
+
+// Setup form information
+$pun_page['frm_info'] = array(
+	'<li><span>'.sprintf($lang_login['Must be registered'], '<a href="'.pun_link($pun_url['register']).'">'.$lang_login['Register now'].'</a>').'</span></li>',
+	'<li><span>'.sprintf($lang_login['Forgotten password'], '<a href="'.pun_link($pun_url['request_password']).'">'.$lang_login['Request pass'].'</a>').'</span></li>'
+);
+
+// Setup breadcrumbs
+$pun_page['crumbs'] = array(
+	array($pun_config['o_board_title'], pun_link($pun_url['index'])),
+	$lang_common['Login']
+);
+
+($hook = get_hook('li_login_pre_header_load')) ? eval($hook) : null;
+
+define('PUN_PAGE', 'login');
+require PUN_ROOT.'header.php';
+
+?>
+<div id="pun-main" class="main">
+
+	<h1><span><?php echo end($pun_page['crumbs']) ?></span></h1>
+
+	<div class="main-head">
+		<h2><span><?php printf($lang_login['Login info'], htmlspecialchars($pun_config['o_board_title'])) ?></span></h2>
+	</div>
+
+	<div class="main-content frm">
+		<div class="frm-info">
+			<ul>
+				<?php echo implode("\n\t\t\t\t\t", $pun_page['frm_info'])."\n" ?>
+			</ul>
+		</div>
+		<div id="req-msg" class="frm-warn">
+			<p class="important"><?php printf($lang_common['Required warn'], '<em class="req-text">'.$lang_common['Required'].'</em>') ?></p>
+		</div>
+		<form id="afocus" class="frm-form" method="post" accept-charset="utf-8" action="<?php echo $pun_page['form_action'] ?>">
+			<div class="hidden">
+				<?php echo implode("\n\t\t\t\t", $pun_page['hidden_fields'])."\n" ?>
+			</div>
+<?php ($hook = get_hook('li_login_pre_fieldset')) ? eval($hook) : null; ?>
+			<fieldset class="frm-set set<?php echo ++$pun_page['set_count'] ?>">
+				<legend class="frm-legend"><strong><?php echo $lang_login['Login information'] ?></strong></legend>
+				<div class="frm-fld text required">
+					<label for="fld<?php echo ++$pun_page['fld_count'] ?>">
+						<span class="fld-label"><?php echo $lang_login['Username'] ?></span><br />
+						<span class="fld-input"><input type="text" id="fld<?php echo $pun_page['fld_count'] ?>" name="req_username" size="30" maxlength="25" /></span><br />
+						<em class="req-text"><?php echo $lang_common['Required'] ?></em>
+					</label>
+				</div>
+				<div class="frm-fld text required">
+					<label for="fld<?php echo ++$pun_page['fld_count'] ?>">
+						<span class="fld-label"><?php echo $lang_login['Password'] ?></span><br />
+						<span class="fld-input"><input type="password" id="fld<?php echo $pun_page['fld_count'] ?>" name="req_password" size="30" /></span><br />
+						<em class="req-text"><?php echo $lang_common['Required'] ?></em>
+					</label>
+				</div>
+			</fieldset>
+<?php ($hook = get_hook('li_login_post_fieldset')) ? eval($hook) : null; ?>
+			<div class="frm-buttons">
+				<span class="submit"><input type="submit" name="login" value="<?php echo $lang_common['Login'] ?>" /></span>
+			</div>
+		</form>
+	</div>
+
+</div>
+<?php
+
+($hook = get_hook('li_end')) ? eval($hook) : null;
+
+require PUN_ROOT.'footer.php';