function Login() { $username = mysql_escape_string($_POST['username']); $password = mysql_escape_string($_POST['password']); if (empty($username)) { $error = "Username is empty!"; return array(false, $error); } if (empty($password)) { $error = "Password is empty!"; return array(false, $error); } $query = sprintf("SELECT password, first_name, preferred_name, statusID FROM users WHERE username = '******'", $username); $get_hash = mysql_query($query); if (!$get_hash) { die('This is an error message: ' . mysql_error()); } $row = mysql_fetch_array($get_hash, MYSQL_NUM); if (!$row) { $error = "User not found!"; return array(false, $error); } $hash = $row[0]; $name = $row[1]; $pref = $row[2]; $statusID = $row[3]; if (!ValidatePassword($password, $hash)) { $error = "Password not correct!"; return array(false, $error); } /* Ensure that we don't already have a session */ session_set_cookie_params(86400, '/', '.wsbf.net'); if (!session_id()) { session_start(); } $query = sprintf("SELECT positionID FROM staff WHERE username = '******' AND start_date < NOW() AND end_date > NOW()", $username); $get_position = mysql_query($query); if (!$get_position) { die('This is an error message: ' . mysql_error()); } if (mysql_num_rows($get_position) > 0) { $num = 0; while ($row = mysql_fetch_array($get_position, MYSQL_NUM)) { $positionID[$num] = $row[$num]; $num++; } $_SESSION['positionID'] = $positionID; } $_SESSION['username'] = $username; $_SESSION['preferred_name'] = $pref; $_SESSION['statusID'] = $statusID; return array(true, $name); }
function EditPassword() { global $CFG; // Are they submitting information? if (isset($_REQUEST['submit'])) { // Yup, so try and validate it; submit it to the database if everything's okay. $aError = ValidatePassword($_REQUEST['presentpw'], $_REQUEST['newpwa'], $_REQUEST['newpwb']); } // Template require "./skins/{$CFG['skin']}/usercp/password.tpl.php"; // Send the page. exit; }
echo $PHP_SELF; ?> "> <tr><td align="center"> <table> <?php if (isset($submit)) { if ($submit == "OK") { if (!empty($senhaantiga) and !empty($novasenha) and !empty($novasenha2)) { // Pega senha atual $results = ldap_search($conexao, "ou=System," . $dn, "cn=" . $usuario); $numresults = ldap_count_entries($conexao, $results); $info = ldap_get_entries($conexao, $results); $senhaantigaldap = $info[0]["userpassword"][0]; // Verificando senha antiga if (!ValidatePassword($senhaantiga, $senhaantigaldap)) { echo "<tr><td><font color=\"red\"><b>Senha atual não é válida!</b></font></td></tr>"; echo "<tr><td align=\"center\"><a href=\"senha.php\"><img align=\"middle\" border=\"0\" src=\"../figuras/volta2.gif\"></a></td></tr>"; } else { if ($novasenha != $novasenha2) { echo "<tr><td><font color=\"red\"><b>As novas senhas não são iguais!</b></font></td></tr>"; echo "<tr><td align=\"center\"><a href=\"senha.php\"><img align=\"middle\" border=\"0\" src=\"../figuras/volta2.gif\"></a></td></tr>"; } else { // Alterar senha $entry["userpassword"][0] = HashPassword($novasenha); $uptdn = "cn=" . $usuario . ",ou=System," . $dn; if (ldap_modify($conexao, $uptdn, $entry)) { echo "<tr><td align=\"center\"><b>Senha atualizada com sucesso!<br>Por favor, efetue o <i>logout</i> e <i>login</i> no sistema novamente!</b></td></tr>"; echo "<tr><td align=\"center\"><a href=\"logout.php\">Logout!</a></td></tr>"; } else { echo "<tr><td align=\"center\"><font color=\"red\"><b>A senha não foi atualizada!<br>(" . ldap_error($conexao) . ")</b></font></td></tr>";
function do_login($box_text = '', $need_admin = false, $extra_vars = false) { global $config, $user; $error = w(); $action = request_var('mode', ''); if (empty($user->data)) { $user->init(false); } if (empty($user->lang)) { $user->setup(); } if ($user->is('bot')) { redirect(s_link()); } $code_invite = request_var('invite', ''); $admin = _button('admin'); $login = _button('login'); $submit = _button(); $need_auth = false; if ($admin) { $need_auth = true; } $v_fields = array( 'username' => '', 'email' => '', 'email_confirm' => '', 'key' => '', 'key_confirm' => '', 'gender' => 0, 'birthday_month' => 0, 'birthday_day' => 0, 'birthday_year' => 0, 'tos' => 0, 'ref' => 0 ); if (!empty($code_invite)) { $sql = 'SELECT i.invite_email, m.user_email FROM _members_ref_invite i, _members m WHERE i.invite_code = ? AND i.invite_uid = m.user_id'; if (!$invite_row = sql_fieldrow(sql_filter($sql, $code_invite))) { fatal_error(); } $v_fields['ref'] = $invite_row['user_email']; $v_fields['email'] = $invite_row['invite_email']; unset($invite_row); } switch ($action) { case 'in': if ($user->is('member') && !$admin) { redirect(s_link()); } if ($login && (!$user->is('member') || $admin)) { $username = request_var('username', ''); $password = request_var('password', ''); $ref = request_var('ref', ''); if (!empty($username) && !empty($password)) { $username_base = get_username_base($username); $sql = 'SELECT user_id, username, user_password, user_type, user_country, user_avatar, user_location, user_gender, user_birthday FROM _members WHERE username_base = ?'; if ($row = sql_fieldrow(sql_filter($sql, $username_base))) { $exclude_type = array(USER_INACTIVE); if (ValidatePassword($password, $row['user_password']) && (!in_array($row['user_type'], $exclude_type))) { $user->session_create($row['user_id'], $admin); if (!$row['user_country'] || !$row['user_location'] || !$row['user_gender'] || !$row['user_birthday'] || !$row['user_avatar']) { $ref = s_link('my', 'profile'); } else { $ref = (empty($ref) || (preg_match('#' . preg_quote($config['server_name']) . '/$#', $ref))) ? s_link('today') : $ref; } redirect($ref); } } } } break; case 'out': if ($user->is('member')) { $user->session_kill(); } redirect(s_link()); break; case 'up': if ($user->is('member')) { redirect(s_link('my profile')); } else if ($user->is('bot')) { redirect(s_link()); } $code = request_var('code', ''); if (!empty($code)) { if (!preg_match('#([a-z0-9]+)#is', $code)) { fatal_error(); } $sql = 'SELECT c.*, m.user_id, m.username, m.username_base, m.user_email FROM _crypt_confirm c, _members m WHERE c.crypt_code = ? AND c.crypt_userid = m.user_id'; if (!$crypt_data = sql_fieldrow(sql_filter($sql, $code))) { fatal_error(); } $user_id = $crypt_data['user_id']; $sql = 'UPDATE _members SET user_type = ? WHERE user_id = ?'; sql_query(sql_filter($sql, USER_NORMAL, $user_id)); $sql = 'DELETE FROM _crypt_confirm WHERE crypt_code = ? AND crypt_userid = ?'; sql_query(sql_filter($sql, $code, $user_id)); $emailer = new emailer(); $emailer->from('info'); $emailer->use_template('user_welcome_confirm'); $emailer->email_address($crypt_data['user_email']); $emailer->assign_vars(array( 'USERNAME' => $crypt_data['username']) ); $emailer->send(); $emailer->reset(); $user->session_create($user_id, 0); // if (empty($user->data)) { $user->init(); } if (empty($user->lang)) { $user->setup(); } $custom_vars = array( 'S_REDIRECT' => '', 'MESSAGE_TITLE' => lang('information'), 'MESSAGE_TEXT' => lang('membership_added_confirm') ); page_layout('INFORMATION', 'message', $custom_vars); } // /*$sql = 'SELECT * FROM _members_ref_assoc WHERE ref_uid = ?'; if ($ref_assoc = sql_fieldrow(sql_filter($sql, $user_id))) { if ($user_id != $ref_assoc['ref_orig']) { $user->points_add(3, $ref_assoc['ref_orig']); $sql_insert = array( 'user_id' => $user_id, 'buddy_id' => $ref_assoc['ref_orig'], 'friend_time' => time() ); sql_insert('members_friends', $sql_insert); $sql_insert = array( 'user_id' => $ref_assoc['ref_orig'], 'buddy_id' => $user_id, 'friend_time' => time() ); sql_insert('members_friends', $sql_insert); $user->save_unread(UH_FRIEND, $user_id, 0, $ref_assoc['ref_orig']); } $sql = 'DELETE FROM _members_ref_assoc WHERE ref_id = ?'; sql_query(sql_filter($sql, $ref_assoc['ref_id'])); } // $sql = 'SELECT * FROM _members_ref_invite WHERE invite_email = ?'; if ($row = sql_fieldrow(sql_filter($sql, $crypt_data['user_email']))) { $sql = 'DELETE FROM _members_ref_invite WHERE invite_code = ?'; sql_query(sql_filter($sql, $row['invite_code'])); } // $emailer = new emailer(); $emailer->from('info'); $emailer->use_template('user_welcome_confirm'); $emailer->email_address($crypt_data['user_email']); $emailer->assign_vars(array( 'USERNAME' => $crypt_data['username']) ); $emailer->send(); $emailer->reset(); // if (empty($user->data)) { $user->init(); } if (empty($user->lang)) { $user->setup(); } $custom_vars = array( 'S_REDIRECT' => '', 'MESSAGE_TITLE' => lang('information'), 'MESSAGE_TEXT' => lang('membership_added_confirm') ); page_layout('INFORMATION', 'message', $custom_vars); * */ if ($submit) { foreach ($v_fields as $k => $v) { $v_fields[$k] = request_var($k, $v); } if (empty($v_fields['username'])) { $error['username'] = '******'; } else { $len_username = strlen($v_fields['username']); if (($len_username < 2) || ($len_username > 20) || !get_username_base($v_fields['username'], true)) { $error['username'] = '******'; } if (!sizeof($error)) { $result = validate_username($v_fields['username']); if ($result['error']) { $error['username'] = $result['error_msg']; } } if (!sizeof($error)) { $v_fields['username_base'] = get_username_base($v_fields['username']); $sql = 'SELECT user_id FROM _members WHERE username_base = ?'; if (sql_field(sql_filter($sql, $v_fields['username_base']), 'user_id', 0)) { $error['username'] = '******'; } } if (!sizeof($error)) { $sql = 'SELECT ub FROM _artists WHERE subdomain = ?'; if (sql_field(sql_filter($sql, $v_fields['username_base']), 'ub', 0)) { $error['username'] = '******'; } } } if (empty($v_fields['email']) || empty($v_fields['email_confirm'])) { if (empty($v_fields['email'])) { $error['email'] = 'EMPTY_EMAIL'; } if (empty($v_fields['email_confirm'])) { $error['email_confirm'] = 'EMPTY_EMAIL_CONFIRM'; } } else { if ($v_fields['email'] == $v_fields['email_confirm']) { $result = validate_email($v_fields['email']); if ($result['error']) { $error['email'] = $result['error_msg']; } } else { $error['email'] = 'EMAIL_MISMATCH'; $error['email_confirm'] = 'EMAIL_MISMATCH'; } } if (!empty($v_fields['key']) && !empty($v_fields['key_confirm'])) { if ($v_fields['key'] != $v_fields['key_confirm']) { $error['key'] = 'PASSWORD_MISMATCH'; } else if (strlen($v_fields['key']) > 32) { $error['key'] = 'PASSWORD_LONG'; } } else { if (empty($v_fields['key'])) { $error['key'] = 'EMPTY_PASSWORD'; } elseif (empty($v_fields['key_confirm'])) { $error['key_confirm'] = 'EMPTY_PASSWORD_CONFIRM'; } } if (!$v_fields['birthday_month'] || !$v_fields['birthday_day'] || !$v_fields['birthday_year']) { $error['birthday'] = 'EMPTY_BIRTH_MONTH'; } if (!$v_fields['tos']) { $error['tos'] = 'AGREETOS_ERROR'; } if (!sizeof($error)) { //$v_fields['country'] = strtolower(geoip_country_code_by_name($user->ip)); $v_fields['country'] = 90; $v_fields['birthday'] = leading_zero($v_fields['birthday_year']) . leading_zero($v_fields['birthday_month']) . leading_zero($v_fields['birthday_day']); $member_data = array( 'user_type' => USER_INACTIVE, 'user_active' => 1, 'username' => $v_fields['username'], 'username_base' => $v_fields['username_base'], 'user_password' => HashPassword($v_fields['key']), 'user_regip' => $user->ip, 'user_session_time' => 0, 'user_lastpage' => '', 'user_lastvisit' => time(), 'user_regdate' => time(), 'user_level' => 0, 'user_posts' => 0, 'userpage_posts' => 0, 'user_points' => 0, 'user_timezone' => $config['board_timezone'], 'user_dst' => $config['board_dst'], 'user_lang' => $config['default_lang'], 'user_dateformat' => $config['default_dateformat'], 'user_country' => (int) $v_fields['country'], 'user_rank' => 0, 'user_avatar' => '', 'user_avatar_type' => 0, 'user_email' => $v_fields['email'], 'user_lastlogon' => 0, 'user_totaltime' => 0, 'user_totallogon' => 0, 'user_totalpages' => 0, 'user_gender' => $v_fields['gender'], 'user_birthday' => (string) $v_fields['birthday'], 'user_mark_items' => 0, 'user_topic_order' => 0, 'user_email_dc' => 1, 'user_refop' => 0, 'user_refby' => $v_fields['ref'] ); $user_id = sql_insert('members', $member_data); set_config('max_users', $config['max_users'] + 1); // Confirmation code $verification_code = md5(unique_id()); $insert = array( 'crypt_userid' => $user_id, 'crypt_code' => $verification_code, 'crypt_time' => $user->time ); sql_insert('crypt_confirm', $insert); // Emailer $emailer = new emailer(); if (!empty($v_fields['ref'])) { $valid_ref = email_format($v_fields['ref']); if ($valid_ref) { $sql = 'SELECT user_id FROM _members WHERE user_email = ?'; if ($ref_friend = sql_field(sql_filter($sql, $v_fields['ref']), 'user_id', 0)) { $sql_insert = array( 'ref_uid' => $user_id, 'ref_orig' => $ref_friend ); sql_insert('members_ref_assoc', $sql_insert); $sql_insert = array( 'user_id' => $user_id, 'buddy_id' => $ref_friend, 'friend_time' => time() ); sql_insert('members_friends', $sql_insert); } else { $invite_user = explode('@', $v_fields['ref']); $invite_code = substr(md5(unique_id()), 0, 6); $sql_insert = array( 'invite_code' => $invite_code, 'invite_email' => $v_fields['ref'], 'invite_uid' => $user_id ); sql_insert('members_ref_invite', $sql_insert); $emailer->from('info'); $emailer->use_template('user_invite'); $emailer->email_address($v_fields['ref']); $emailer->assign_vars(array( 'INVITED' => $invite_user[0], 'USERNAME' => $v_fields['username'], 'U_REGISTER' => s_link('my register a', $invite_code)) ); $emailer->send(); $emailer->reset(); } } } // Send confirm email $emailer->from('info'); $emailer->use_template('user_welcome'); $emailer->email_address($v_fields['email']); $emailer->assign_vars(array( 'USERNAME' => $v_fields['username'], 'U_ACTIVATE' => 'http:' . s_link('signup', $verification_code)) ); $emailer->send(); $emailer->reset(); $custom_vars = array( 'MESSAGE_TITLE' => lang('information'), 'MESSAGE_TEXT' => lang('membership_added') ); page_layout('INFORMATION', 'message', $custom_vars); /* $user->session_create($user_id, 0); redirect(s_link()); */ } } break; case 'r': if ($user->is('member')) { redirect(s_link('my profile')); } else if ($user->is('bot')) { redirect(s_link()); } $code = request_var('code', ''); if (request_var('r', 0)) { redirect(s_link()); } if (!empty($code)) { if (!preg_match('#([a-z0-9]+)#is', $code)) { fatal_error(); } $sql = 'SELECT c.*, m.user_id, m.username, m.username_base, m.user_email FROM _crypt_confirm c, _members m WHERE c.crypt_code = ? AND c.crypt_userid = m.user_id'; if (!$crypt_data = sql_fieldrow(sql_filter($sql, $code))) { fatal_error(); } if (_button()) { $password = request_var('newkey', ''); $password2 = request_var('newkey2', ''); if (!empty($password)) { if ($password === $password2) { $crypt_password = HashPassword($password); $sql = 'UPDATE _members SET user_password = ? WHERE user_id = ?'; sql_query(sql_filter($sql, $crypt_password, $crypt_data['user_id'])); $sql = 'DELETE FROM _crypt_confirm WHERE crypt_userid = ?'; sql_query(sql_filter($sql, $crypt_data['user_id'])); // Send email $emailer = new emailer(); $emailer->from('info'); $emailer->use_template('user_confirm_passwd', $config['default_lang']); $emailer->email_address($crypt_data['user_email']); $emailer->assign_vars(array( 'USERNAME' => $crypt_data['username'], 'PASSWORD' => $password, 'U_PROFILE' => s_link('m', $crypt_data['username_base'])) ); $emailer->send(); $emailer->reset(); // v_style(array( 'PAGE_MODE' => 'updated' )); } else { v_style(array( 'PAGE_MODE' => 'nomatch', 'S_CODE' => $code) ); } } else { v_style(array( 'PAGE_MODE' => 'nokey', 'S_CODE' => $code) ); } } else { v_style(array( 'PAGE_MODE' => 'verify', 'S_CODE' => $code) ); } } else if (_button()) { $email = request_var('address', ''); if (empty($email) || !email_format($email)) { fatal_error(); } $sql = 'SELECT * FROM _members WHERE user_email = ? AND user_active = 1 AND user_type NOT IN (??, ??) AND user_id NOT IN ( SELECT ban_userid FROM _banlist )'; if (!$userdata = sql_fieldrow(sql_filter($sql, $email, USER_INACTIVE, USER_FOUNDER))) { fatal_error(); } $emailer = new emailer(); $verification_code = md5(unique_id()); $sql = 'DELETE FROM _crypt_confirm WHERE crypt_userid = ?'; sql_query(sql_filter($sql, $userdata['user_id'])); $insert = array( 'crypt_userid' => $userdata['user_id'], 'crypt_code' => $verification_code, 'crypt_time' => $user->time ); sql_insert('crypt_confirm', $insert); // Send email $emailer->from('info'); $emailer->use_template('user_activate_passwd', $config['default_lang']); $emailer->email_address($userdata['user_email']); $emailer->assign_vars(array( 'USERNAME' => $userdata['username'], 'U_ACTIVATE' => s_link('signr', $verification_code)) ); $emailer->send(); $emailer->reset(); _style('reset_complete'); } break; default: break; } // // Signup data // if (sizeof($error)) { _style('error', array( 'MESSAGE' => parse_error($error)) ); } $s_genres_select = ''; $genres = array(1 => 'MALE', 2 => 'FEMALE'); foreach ($genres as $id => $value) { $s_genres_select .= '<option value="' . $id . '"' . (($v_fields['gender'] == $id) ? ' selected="true"' : '') . '>' . lang($value) . '</option>'; } $s_bday_select = ''; for ($i = 1; $i < 32; $i++) { $s_bday_select .= '<option value="' . $i . '"' . (($v_fields['birthday_day'] == $i) ? 'selected="true"' : '') . '>' . $i . '</option>'; } $s_bmonth_select = ''; $months = array(1 => 'January', 2 => 'February', 3 => 'March', 4 => 'April', 5 => 'May', 6 => 'June', 7 => 'July', 8 => 'August', 9 => 'September', 10 => 'October', 11 => 'November', 12 => 'December'); foreach ($months as $id => $value) { $s_bmonth_select .= '<option value="' . $id . '"' . (($v_fields['birthday_month'] == $id) ? ' selected="true"' : '') . '>' . $user->lang['datetime'][$value] . '</option>'; } $s_byear_select = ''; $current_year = date('Y'); for ($i = ($current_year - 1); $i > $current_year - 102; $i--) { $s_byear_select .= '<option value="' . $i . '"' . (($v_fields['birthday_year'] == $i) ? ' selected="true"' : '') . '>' . $i . '</option>'; } $v_fields['birthday'] = false; if (isset($error['birthday'])) { $v_fields['birthday'] = true; } $s_hidden = w(); if ($need_auth) { $s_hidden = array('admin' => 1); } if (!isset($v_fields['refby'])) { $v_fields['refby'] = ''; } $layout_vars = array( 'IS_NEED_AUTH' => $need_auth, 'IS_LOGIN' => $login, 'CUSTOM_MESSAGE' => $box_text, 'S_HIDDEN_FIELDS' => s_hidden($s_hidden), 'U_SIGNIN' => s_link('signin'), 'U_SIGNUP' => s_link('signup'), 'U_SIGNOUT' => s_link('signout'), 'U_PASSWORD' => s_link('signr'), 'V_USERNAME' => $v_fields['username'], 'V_KEY' => $v_fields['key'], 'V_KEY_CONFIRM' => $v_fields['key_confirm'], 'V_EMAIL' => $v_fields['email'], 'V_REFBY' => $v_fields['refby'], 'V_GENDER' => $s_genres_select, 'V_BIRTHDAY_DAY' => $s_bday_select, 'V_BIRTHDAY_MONTH' => $s_bmonth_select, 'V_BIRTHDAY_YEAR' => $s_byear_select, 'V_TOS' => ($v_fields['tos']) ? ' checked="true"' : '', 'PAGE_MODE' => '' ); foreach ($v_fields as $k => $v) { $layout_vars['E_' . strtoupper($k)] = (isset($error[$k])) ? true : false; } if ($login) { $ref = request_var('ref', ''); _style('error', array( 'LASTPAGE' => ($ref != '') ? $ref : s_link()) ); } $box_text = (!empty($box_text)) ? lang($box_text, $box_text) : ''; page_layout('LOGIN2', 'login', $layout_vars); }
$errors = array(); $username = request_var('un', ''); $password = request_var('upw', ''); if (empty($username) || empty($password)) { $errors[] = 'Debe completar todos los datos requeridos.'; } if (!sizeof($errors)) { $sql = 'SELECT * FROM _users WHERE username = ?'; if (!($userdata = sql_fieldrow(sql_filter($sql, $username)))) { $errors[] = 'El nombre de usuario es inválido.'; } } if (isset($userdata) && sizeof($userdata) && !sizeof($errors)) { if (ValidatePassword($password, $userdata['user_password'])) { $user->session_create($userdata['user_id']); $user->auth = $user->get_auth($user->data['user_id']); if (!$user->auth['auth_access']) { $user->session_kill(); } $user->session_auth(); redirect('cover'); } else { $errors[] = 'La contraseña es inválida.'; } } // if (sizeof($errors)) { login($errors); }
function UpdatePassword($Action) { $Email = ValidateSession($Action); $OldPassword = stripslashes($_POST["D1"]); $NewPassword = stripslashes($_POST["D2"]); $UserData = FetchUser($Action, $Email); $HashedPassword = $UserData['Password']; $PasswordResponse = ValidatePassword($OldPassword, $HashedPassword); if ($Email == $UserData['Email'] && $PasswordResponse == 1) { $NewHashedPassword = HashIt($NewPassword); global $PDOconn; $Query = 'CALL UpdatePassword (?, ?)'; $Statement = $PDOconn->prepare($Query); $Statement->bindParam(1, $NewHashedPassword, PDO::PARAM_STR, 64); $Statement->bindParam(2, $Email, PDO::PARAM_STR, 45); Execute($Action, $Statement); $ActivityMSG = "Your password was changed."; AddActivity($Action, $Email, $ActivityMSG); mail($Email, "Password was changed", "Your password was changed."); echo json_encode("pupdated"); $PDOconn = null; } else { echo json_encode("xupdated"); } }
protected function _in_home() { global $bio, $core, $warning; if (!_button()) { return; } $v = $this->__(w('page address key')); if ($bio->v('auth_member')) { redirect($v->page); } if (empty($v->address)) { $warning->set('LOGIN_ERROR'); } if (_button('recovery')) { $sql = 'SELECT bio_id, bio_name, bio_address, bio_recovery FROM _bio WHERE bio_address = ? AND bio_id <> ? AND bio_id NOT IN ( SELECT ban_userid FROM _banlist )'; if ($recovery = sql_fieldrow(sql_filter($sql, $v->address, 1))) { $email = array('USERNAME' => $recovery->bio_name, 'U_RECOVERY' => _link('my', array('recovery', 'k' => _rainbow_create($recovery->bio_id))), 'U_PROFILE' => _link('-', $recovery->bio_nickname)); $core->email->init('info', 'bio_recovery', $email); $core->email->send($recovery->bio_address); $sql = 'UPDATE _bio SET bio_recovery = bio_recovery + 1 WHERE bio_id = ?'; sql_query(sql_filter($sql, $recovery->bio_id)); } $this->_stop('RECOVERY_LEGEND'); } if (empty($v->key)) { $warning->set('login_fail'); } $v->register = false; $v->field = email_format($v->address) ? 'address' : 'name'; $sql = 'SELECT address_bio FROM _bio_address WHERE address_name = ?'; if ($bio_address = sql_field(sql_filter($sql, $v->address), 'address_bio', 0)) { $sql = 'SELECT bio_id, bio_key, bio_fails FROM _bio WHERE bio_id = ? AND bio_active = ?'; if ($_bio = sql_fieldrow(sql_filter($sql, $bio_address, 1))) { if (ValidatePassword($v->key, $_bio->bio_key)) { if ($_bio->bio_fails) { $sql = 'UPDATE _bio SET bio_fails = 0 WHERE bio_id = ?'; sql_query(sql_filter($sql, $_bio->bio_id)); } $bio->session_create($_bio->bio_id); redirect($v->page); } if ($_bio->bio_fails == $core->v('account_failcount')) { // TODO: Captcha system if failcount reached // TODO: Notification about blocked account _fatal(508); } $sql = 'UPDATE _bio SET bio_fails = bio_fails + 1 WHERE bio_id = ?'; sql_query(sql_filter($sql, $_bio->bio_id)); sleep(5); for ($i = 1; $i < 32; $i++) { if ($i == 1) { _style('birth_day'); } _style('birth_day.row', array('DAY' => $i)); } for ($i = 1; $i < 13; $i++) { if ($i == 1) { _style('birth_month'); } _style('birth_month.row', array('MONTH' => $i)); } for ($i = date('Y'); $i > 1900; $i--) { if ($i == date('Y')) { _style('birth_year'); } _style('birth_year.row', array('YEAR' => $i)); } _style('error', array('MESSAGE' => 'Los datos ingresados son inválidos, por favor intenta nuevamente.')); return; } } else { $v->register = true; } if ($v->register) { $this->_up_home(); } return; }