function admin__check_login($username, $password)
{
global $lang;
$pars = array(':adminname' => $username);
$query = "SELECT * FROM " . table('admin') . " \n WHERE adminname= :adminname";
$admin = orsee_query($query, $pars);
$continue = true;
$not_allowed = false;
$locked = false;
if ($continue) {
if (!isset($admin['admin_id'])) {
$continue = false;
log__admin('login_admin_wrong_username', 'used_username:'******'id');
}
}
if ($continue) {
$admin = admin__check_has_lockout($admin);
if ($admin['locked']) {
$continue = false;
log__admin('login_admin_locked_out', 'username:'******'locked');
}
}
if ($continue) {
$check_pw = crypt_verify($password, $admin['password_crypt']);
if (!$check_pw) {
$continue = false;
log__admin('login_admin_wrong_password', 'username:'******'wrong_pw');
}
}
if ($continue) {
$expadmindata = $admin;
// load admin rights
$expadmindata['rights'] = admin__load_admin_rights($expadmindata['admin_type']);
if (!$expadmindata['rights']['login'] || $expadmindata['disabled'] == 'y') {
$continue = false;
$not_allowed = true;
//message('not_allowed');
}
}
if ($continue) {
$_SESSION['expadmindata'] = $expadmindata;
$done = admin__track_successful_login($admin);
return true;
} else {
//if ($locked) message(lang('error_locked_out'));
if ($not_allowed) {
message(lang('error_not_allowed_to_login'));
}
return false;
}
}
if (isset($_REQUEST['password2'])) {
$password2 = $_REQUEST['password2'];
} else {
$password2 = "";
}
// password tests
$continue = true;
if (!$passold || !$password || !$password2) {
message(lang('error_please_fill_in_all_fields'));
$continue = false;
}
if ($password != $password2) {
message(lang('error_password_repetition_does_not_match'));
$continue = false;
}
if (!crypt_verify($passold, $expadmindata['password_crypt'])) {
message(lang('error_old_password_wrong'));
$continue = false;
}
if ($password == $expadmindata['adminname']) {
message(lang('error_do_not_use_username_as_password'));
$continue = false;
}
if ($settings['admin_password_change_require_different'] == 'y') {
if ($passold == $password) {
message(lang('error_new_password_must_be_different_from_old_password'));
$continue = false;
}
}
if (!preg_match('/' . $settings['admin_password_regexp'] . '/', $password)) {
message(lang('error_password_does_not_meet_requirements'));
}
if (isset($_REQUEST['password2'])) {
$password2 = $_REQUEST['password2'];
} else {
$password2 = "";
}
// password tests
$continue = true;
if ($continue) {
if (!$passold) {
message(lang('error_please_fill_in_all_fields'));
$continue = false;
}
}
if ($continue) {
if (!crypt_verify($passold, $participant['password_crypted'])) {
message(lang('error_old_password_wrong'));
message(lang('for_security_reasons_we_logged_you_out'));
$continue = false;
participant__logout();
redirect("public/participant_login.php");
}
}
if ($continue) {
$continue = participant__check_password($password, $password2);
}
if ($continue == false) {
message(lang('error_password_not_changed'));
redirect("public/participant_change_pw.php");
} else {
participant__set_password($password, $participant['participant_id']);
function participant__check_login($email, $password)
{
global $lang;
$pars = array(':email' => $email);
$query = "SELECT * FROM " . table('participants') . "\n WHERE email= :email";
$participant = orsee_query($query, $pars);
$continue = true;
if ($continue) {
if (!isset($participant['participant_id'])) {
$continue = false;
log__participant('login_participant_wrong_username', 0, 'used_username:'******'error_password_or_username'));
}
}
if ($continue) {
$participant = participant__check_has_lockout($participant);
if ($participant['locked']) {
$continue = false;
log__participant('login_participant_locked_out', $participant['participant_id'], 'username:'******'error_password_or_username'));
}
}
if ($continue) {
$check_pw = crypt_verify($password, $participant['password_crypted']);
if (!$check_pw) {
$continue = false;
log__participant('login_participant_wrong_password', $participant['participant_id'], 'username:'******'error_password_or_username'));
}
}
if ($continue) {
$statuses = participant_status__get_statuses();
$statuses_profile = participant_status__get("access_to_profile");
if (!in_array($participant['status_id'], $statuses_profile)) {
log__participant('login_participant_not_active_anymore', $participant['participant_id'], 'username:'******'status_id']]['error'] . " " . lang('if_you_have_questions_write_to') . " " . support_mail_link());
$continue = false;
}
}
if ($continue) {
$_SESSION['pauthdata']['user_logged_in'] = true;
$_SESSION['pauthdata']['participant_id'] = $participant['participant_id'];
$done = participant__track_successful_login($participant);
return true;
} else {
if (isset($locked) && $locked) {
message(lang('error_locked_out'));
}
return false;
}
}
