} else { $update_process = 1; } $action = "editprofile"; } if ($action == "updatepassword") { $txt_clickstream = $lang['control_panel']; if ($user_info['user_level'] == GUEST) { show_error_page($lang['no_permission']); exit; } $error = 0; $current_user_password = trim($HTTP_POST_VARS['current_user_password']); $user_password = trim($HTTP_POST_VARS['user_password']); $user_password2 = trim($HTTP_POST_VARS['user_password2']); if (!compare_passwords($current_user_password, $user_info['user_password'])) { $msg .= ($msg != "" ? "<br />" : "") . $lang['update_password_error']; $error = 1; } if ($user_password != $user_password2 || $user_password == "") { $msg .= ($msg != "" ? "<br />" : "") . $lang['update_password_confirm_error']; $error = 1; } if (!$error) { $user_password_hashed = salted_hash($user_password); $sql = "UPDATE " . USERS_TABLE . "\n SET " . get_user_table_field("", "user_password") . " = '" . $user_password_hashed . "'\n WHERE " . get_user_table_field("", "user_id") . " = " . $user_info['user_id']; $site_db->query($sql); $msg = $lang['update_password_success']; $user_info = $site_sess->load_user_info($user_info['user_id']); } $action = "editprofile";
function login($user_name = "", $user_password = "", $auto_login = 0, $set_auto_login = 1) { global $site_db, $user_table_fields; if (empty($user_name) || empty($user_password)) { return false; } $sql = "SELECT " . get_user_table_field("", "user_id") . get_user_table_field(", ", "user_password") . "\n FROM " . USERS_TABLE . "\n WHERE " . get_user_table_field("", "user_name") . " = '{$user_name}' AND " . get_user_table_field("", "user_level") . " <> " . USER_AWAITING; $row = $site_db->query_firstrow($sql); $user_id = isset($row[$user_table_fields['user_id']]) ? $row[$user_table_fields['user_id']] : GUEST; if ($user_id != GUEST) { if (compare_passwords($user_password, $row[$user_table_fields['user_password']])) { $sql = "UPDATE " . SESSIONS_TABLE . "\n SET session_user_id = {$user_id}\n WHERE session_id = '" . addslashes($this->session_id) . "'"; $site_db->query($sql); if ($set_auto_login) { $this->set_cookie_data("userpass", $auto_login ? md5($row[$user_table_fields['user_password']]) : ""); } $this->start_session($user_id, 1); return true; } } return false; }