$adminsession = '1';
} else {
// Log failed login
$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => $_SERVER['REMOTE_ADDR']));
$rstlog->logAction(LOGIN_ACTION, LOG_WARNING, "Unknown user '" . $loginname . "' tried to login.");
redirectTo('index.php', array('showmessage' => '2'));
exit;
}
}
$userinfo_stmt = Database::prepare("SELECT * FROM {$table}\n\t\t\tWHERE `loginname`= :loginname");
Database::pexecute($userinfo_stmt, array("loginname" => $loginname));
$userinfo = $userinfo_stmt->fetch(PDO::FETCH_ASSOC);
if ($userinfo['loginfail_count'] >= Settings::Get('login.maxloginattempts') && $userinfo['lastlogin_fail'] > time() - Settings::Get('login.deactivatetime')) {
redirectTo('index.php', array('showmessage' => '3'));
exit;
} elseif (validatePasswordLogin($userinfo, $password, $table, $uid)) {
// only show "you're banned" if the login was successfull
// because we don't want to publish that the user does exist
if ($userinfo['deactivated']) {
unset($userinfo);
redirectTo('index.php', array('showmessage' => '5'));
exit;
} else {
// login correct
// reset loginfail_counter, set lastlogin_succ
$stmt = Database::prepare("UPDATE {$table}\n\t\t SET `lastlogin_succ`= :lastlogin_succ, `loginfail_count`='0'\n\t\t WHERE `{$uid}`= :uid");
Database::pexecute($stmt, array("lastlogin_succ" => time(), "uid" => $userinfo[$uid]));
$userinfo['userid'] = $userinfo[$uid];
$userinfo['adminsession'] = $adminsession;
}
} else {
}
if ($userinfo['pop3'] == '1') {
$se[] = "POP3";
}
if ($userinfo['phpenabled'] == '1') {
$se[] = "PHP";
}
if ($userinfo['perlenabled'] == '1') {
$se[] = "Perl/CGI";
}
$services_enabled = implode(", ", $se);
eval("echo \"" . getTemplate('index/index') . "\";");
} elseif ($page == 'change_password') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$old_password = validate($_POST['old_password'], 'old password');
if (!validatePasswordLogin($userinfo, $old_password, TABLE_PANEL_CUSTOMERS, 'customerid')) {
standard_error('oldpasswordnotcorrect');
}
$new_password = validatePassword($_POST['new_password'], 'new password');
$new_password_confirm = validatePassword($_POST['new_password_confirm'], 'new password confirm');
if ($old_password == '') {
standard_error(array('stringisempty', 'oldpassword'));
} elseif ($new_password == '') {
standard_error(array('stringisempty', 'newpassword'));
} elseif ($new_password_confirm == '') {
standard_error(array('stringisempty', 'newpasswordconfirm'));
} elseif ($new_password != $new_password_confirm) {
standard_error('newpasswordconfirmerror');
} else {
// Update user password
$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`\n\t\t\t\tSET `password` = :newpassword\n\t\t\t\tWHERE `customerid` = :customerid");
$days = floor($hours / 24);
$hours = floor($hours - $days * 24);
$minutes = floor($minutes - $days * 24 * 60 - $hours * 60);
$seconds = floor($seconds - $days * 24 * 60 * 60 - $hours * 60 * 60 - $minutes * 60);
$uptime = "{$days}d, {$hours}h, {$minutes}m, {$seconds}s";
// Just cleanup
unset($uptime_array, $seconds, $minutes, $hours, $days);
} else {
// Nothing of the above worked, show an error :/
$uptime = '';
}
eval("echo \"" . getTemplate("index/index") . "\";");
} elseif ($page == 'change_password') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$old_password = validate($_POST['old_password'], 'old password');
if (!validatePasswordLogin($userinfo, $old_password, TABLE_PANEL_ADMINS, 'adminid')) {
standard_error('oldpasswordnotcorrect');
}
$new_password = validate($_POST['new_password'], 'new password');
$new_password_confirm = validate($_POST['new_password_confirm'], 'new password confirm');
if ($old_password == '') {
standard_error(array('stringisempty', 'oldpassword'));
} elseif ($new_password == '') {
standard_error(array('stringisempty', 'newpassword'));
} elseif ($new_password_confirm == '') {
standard_error(array('stringisempty', 'newpasswordconfirm'));
} elseif ($new_password != $new_password_confirm) {
standard_error('newpasswordconfirmerror');
} else {
$chgpwd_stmt = Database::prepare("\n\t\t\t\tUPDATE `" . TABLE_PANEL_ADMINS . "`\n\t\t\t\tSET `password`= :newpasswd\n\t\t\t\tWHERE `adminid`= :adminid");
Database::pexecute($chgpwd_stmt, array('newpasswd' => makeCryptPassword($new_password), 'adminid' => (int) $userinfo['adminid']));
