Beispiel #1
0
function login($user, $is_cookie, $pwd = '')
{
    require __DIR__ . '/../conf/database.php';
    if (!function_exists('my_rsa')) {
        require __DIR__ . '/checkpwd.php';
    }
    $user = mysqli_real_escape_string($con, $user);
    $res = mysqli_query($con, "select password,user_id,language,defunct,email,privilege from users where user_id='{$user}' or email='{$user}' limit 1");
    $r = mysqli_fetch_row($res);
    if (!$r) {
        return _('There\'s no such user...');
    }
    if ($r[3] != 'N') {
        return _('Your account is still being reviewed...');
    }
    if (!$is_cookie && !password_right($user, $pwd)) {
        return _('Wrong Username/Password...');
    }
    //Clear guest session.
    session_unset();
    if (!function_exists('clear_cookie')) {
        require __DIR__ . '/cookie.php';
    }
    clear_cookie('SID');
    //Create new session.
    $_SESSION['user'] = $r[1];
    $_SESSION['lang'] = $r[2];
    $_SESSION['email'] = $r[4];
    $_SESSION['priv'] = $r[5];
    //Initialize user preference.
    if (!class_exists('preferences')) {
        require __DIR__ . '/preferences.php';
    }
    global $pref;
    $pref = new preferences();
    $res = mysqli_query($con, "select property,value from preferences where user_id='{$user}'");
    while ($r = mysqli_fetch_row($res)) {
        $property = $r[0];
        $pref->{$property} = $r[1];
    }
    $_SESSION['pref'] = serialize($pref);
    require __DIR__ . '/userinfo.php';
    $ip = mysqli_escape_string($con, get_ip());
    mysqli_query($con, "update users set accesstime=NOW(),ip='{$ip}' where user_id='{$user}'");
    return TRUE;
}
function login($user, $is_cookie, $pwd = '')
{
    $user = mysql_real_escape_string($user);
    $res = mysql_query("select password,user_id,language,defunct from users where user_id='{$user}'");
    $r = mysql_fetch_row($res);
    if (!$r) {
        return "No such user";
    }
    if ($r[3] != 'N') {
        return "User is disabled";
    }
    if (!$is_cookie && !password_right($user, $pwd)) {
        return "Password is incorrect";
    }
    session_unset();
    setcookie('SID', '', 31415926);
    $_SESSION['user'] = $r[1];
    $_SESSION['lang'] = $r[2];
    $res = mysql_query("select rightstr from privilege where user_id='{$user}'");
    while ($r = mysql_fetch_row($res)) {
        if ($r[0] == 'administrator' || $r[0] == 'source_browser' || $r[0] == 'insider') {
            $_SESSION[$r[0]] = true;
        }
    }
    require_once 'inc/preferences.php';
    $pref = new preferences();
    $res = mysql_query("select property,value from preferences where user_id='{$user}'");
    while ($r = mysql_fetch_row($res)) {
        $property = $r[0];
        $pref->{$property} = $r[1];
    }
    $_SESSION['pref'] = serialize($pref);
    $ip = mysql_escape_string($_SERVER["REMOTE_ADDR"]);
    mysql_query("update users set accesstime=NOW(),ip='{$ip}' where user_id='{$user}'");
    return TRUE;
}
<?php

require 'inc/checklogin.php';
if (!isset($_SESSION['user'], $_SESSION['administrator'])) {
    die('<div class="center">You are not administrator.</div>');
}
require 'inc/database.php';
if (isset($_POST['paswd'])) {
    require_once 'inc/checkpwd.php';
    if (password_right($_SESSION['user'], $_POST['paswd'])) {
        $_SESSION['admin_tfa'] = 1;
        if (isset($_SESSION['admin_retpage'])) {
            $ret = $_SESSION['admin_retpage'];
        } else {
            $ret = "index.php";
        }
        header("Location: {$ret}");
        exit(0);
    }
}
$Title = "Admin Verification";
?>
<!DOCTYPE html>
<html>
  <?php 
require 'head.php';
?>
  <body>
    <?php 
require 'page_header.php';
?>
}
if (strlen($_POST['email']) > 60) {
    die('E-mail is too long!');
}
if ($_POST['type'] == 'profile') {
    if (!isset($_POST['oldpwd'])) {
        die('Invalid argument.');
    }
    session_start();
    if (!isset($_SESSION['user'])) {
        die('Not logged in.');
    }
    $user = $_SESSION['user'];
    require 'inc/database.php';
    require_once 'inc/checkpwd.php';
    if (!password_right($user, $_POST['oldpwd'])) {
        die('Old password is not correct!');
    }
    $query = 'update users set email=\'' . mysql_real_escape_string($_POST['email']) . '\',school=\'' . mysql_real_escape_string($_POST['school']) . '\',nick=\'' . mysql_real_escape_string($_POST['nick']) . '\'';
    if (isset($_POST['newpwd']) && $_POST['newpwd'] != '') {
        $len = strlen($_POST['newpwd']);
        if ($len < 6 || $len > 20) {
            die('Password is too long or too short!');
        }
        $query .= ',password=\'' . mysql_real_escape_string(my_rsa($_POST['newpwd'])) . '\'';
    }
    $query .= " where user_id='{$user}'";
    mysql_query($query);
    echo "User infomation updated successfully!";
} else {
    if ($_POST['type'] == 'reg') {