function chk_username($username, $registered_id = null)
{
global $epsclass, $eps_lang;
if (!$this->chk_length($username, 2, 25, $eps_lang['Username'])) {
return false;
}
if (!preg_match('#[\\[\\]\\"\'\\?\\(\\)\\<\\>\\{\\};]#ui', $username)) {
if (!preg_match('#(^[0-9]+$)|(^[^a-z0-9]+$)#ui', $username)) {
$username = eps_strtolower($username);
if ($username == 'guest' || $username == eps_strtolower($eps_lang['Guest']) || $username == 'admin' || $username == eps_strtolower($eps_lang['Admin'])) {
$this->errors[] = $eps_lang['Validate_username'];
return false;
} else {
$sql = "SELECT 1 FROM " . TBL_USER . " WHERE (LOWER(username)='" . $epsclass->db->escape($username) . "' OR LOWER(username)='" . $epsclass->db->escape(preg_replace('#[^\\w]#u', '', $username)) . "')";
if ($registered_id > 0) {
$sql .= ' AND id!=' . $registered_id;
}
$result = $epsclass->db->query($sql) or error('Unable to fetch user info', __FILE__, __LINE__, $epsclass->db->error());
if ($epsclass->db->num_rows($result)) {
$this->errors[] = $eps_lang['Username'] . ': ' . $eps_lang['Validate_duplicate'];
$epsclass->db->free_result($result);
return false;
} else {
$epsclass->db->free_result($result);
return true;
}
}
} else {
$this->errors[] = $eps_lang['Username'] . ': ' . $eps_lang['Validate_invalid'];
return false;
}
} else {
$this->errors[] = $eps_lang['Username'] . ': ' . $eps_lang['Validate_invalid_char'];
return false;
}
}
// Clean
$username = trim($_POST['req_username']);
$password = trim($_POST['req_password']);
$auto = isset($_POST['auto']) ? true : false;
// Validate
$epsclass->validate->chk_empty($username, $eps_lang['Username']);
$epsclass->validate->chk_empty($password, $eps_lang['Password']);
// Anti-Flood
if (!$epsclass->antiflood->verify('login', 2)) {
@($confirm_code = trim($_POST['req_confirmcode']));
if ($epsclass->validate->chk_empty($confirm_code, $eps_lang['Confirm_code'])) {
$epsclass->validate->chk_match($confirm_code, eps_encrypt($_SESSION['visual'], 6), $eps_lang['Confirm_code']);
}
}
if (empty($epsclass->validate->errors)) {
$username_tmp = eps_strtolower($username);
//$result = $epsclass->db->query("SELECT id,password,group_id,active FROM ".TBL_USER." WHERE LOWER(username)='".$epsclass->db->escape($username_tmp)."'") or error('Unable to fetch user info', __FILE__, __LINE__, $epsclass->db->error());
$result = $epsclass->db->vselect(TBL_USER, array('id', 'password', 'group_id', 'active'), "WHERE LOWER(username)='" . $epsclass->db->escape($username_tmp) . "'", true);
if ($epsclass->db->num_rows($result) == 1) {
list($user_id, $db_password, $group_id, $active) = $epsclass->db->fetch_row($result);
$epsclass->db->free_result($result);
// Check
if (!$active && !IS_ADMIN) {
$errors[] = $eps_lang['User_inactive'];
} else {
if ($db_password != eps_hash($password)) {
$errors[] = $eps_lang['Password_wrong'];
} else {
// Set User With Password In Database
set_user($user_id, $db_password, $auto);
$epsclass->antiflood->update('login', 2);
