function check_admin_pass($password)
{
global $settings, $userdata;
if ($settings['login_method'] == "cookies") {
if (isset($_COOKIE[COOKIE_PREFIX . 'admin']) && encrypt_pw_part2($_COOKIE[COOKIE_PREFIX . 'admin']) == $userdata['user_admin_password'] || encrypt_pw($password) == $userdata['user_admin_password']) {
return true;
} else {
return false;
}
} elseif ($settings['login_method'] == "sessions") {
if (isset($_SESSION[COOKIE_PREFIX . 'admin']) && encrypt_pw_part2($_SESSION[COOKIE_PREFIX . 'admin']) == $userdata['user_admin_password'] || encrypt_pw($password) == $userdata['user_admin_password']) {
return true;
} else {
return false;
}
}
}
function encrypt_pw($string)
{
return encrypt_pw_part2(encrypt_pw_part1($string));
}
}
} else {
$result = dbquery("SELECT user_id FROM " . DB_USERS . " WHERE user_name='" . $user_name . "' LIMIT 1");
// Pimped ->
if (dbrows($result)) {
$data = dbarray($result);
dbquery("INSERT INTO " . DB_FAILED_LOGINS . " (user_id, datestamp, logged_ip) VALUES ('" . $data['user_id'] . "', '" . time() . "', '" . USER_IP . "')");
}
// Pimped <-
redirect(BASEDIR . "setuser.php?error=8");
}
}
if (isset($_SESSION[COOKIE_PREFIX . 'user_id']) && isset($_SESSION[COOKIE_PREFIX . 'user_pass'])) {
$cookie_1 = isnum($_SESSION[COOKIE_PREFIX . 'user_id']) ? $_SESSION[COOKIE_PREFIX . 'user_id'] : "0";
$cookie_2 = preg_check("/^[0-9a-z]{32}\$/", $_SESSION[COOKIE_PREFIX . 'user_pass']) ? $_SESSION[COOKIE_PREFIX . 'user_pass'] : "";
$result = dbquery("SELECT * FROM " . DB_USERS . " WHERE user_id='" . $cookie_1 . "' AND user_password='******' LIMIT 1");
unset($cookie_2);
// Pimped
if (dbrows($result)) {
$userdata = dbarray($result);
if ($userdata['user_status'] == 0) {
if ($userdata['user_theme'] != "Default" && file_exists(THEMES . $userdata['user_theme'] . "/theme.php") && ($settings['userthemes'] == 1 || $userdata['user_level'] >= nADMIN)) {
if (!theme_exists($userdata['user_theme'])) {
echo "<strong>" . $settings['sitename'] . " - " . $locale['global_300'] . ".</strong><br /><br />\n";
echo $locale['global_301'];
die;
}
} else {
if (!theme_exists($settings['theme'])) {
echo "<strong>" . $settings['sitename'] . " - " . $locale['global_300'] . ".</strong><br /><br />\n";
echo $locale['global_301'];
// anonymized/deleted
$page_content .= "<strong>" . $locale['global_412'] . "</strong><br /><br />\n";
$page_refresh = "10";
} elseif (isset($_GET['error']) && $_GET['error'] == 8) {
// username/password does not match
$page_content .= "<strong>" . $locale['global_196'] . "</strong><br /><br />\n";
} else {
if ($settings['login_method'] == "cookies" && isset($_COOKIE[COOKIE_PREFIX . 'user']) || $settings['login_method'] == "sessions" && isset($_SESSION[COOKIE_PREFIX . 'user_id']) && isset($_SESSION[COOKIE_PREFIX . 'user_pass'])) {
if ($settings['login_method'] == "cookies") {
$cookie_vars = explode(".", $_COOKIE[COOKIE_PREFIX . 'user']);
$user_pass = preg_check("/^[0-9a-z]{32}\$/", $cookie_vars['1']) ? $cookie_vars['1'] : "";
} elseif ($settings['login_method'] == "sessions") {
$user_pass = preg_check("/^[0-9a-z]{32}\$/", $_SESSION[COOKIE_PREFIX . 'user_pass']) ? $_SESSION[COOKIE_PREFIX . 'user_pass'] : "";
}
$user_name = preg_replace(array("/\\=/", "/\\#/", "/\\sOR\\s/"), "", stripinput($_GET['user']));
if (!dbcount("(user_id)", DB_USERS, "user_name='" . $user_name . "' AND user_password='******'")) {
$page_content .= "<strong>" . $locale['global_196'] . "</strong><br /><br />\n";
} else {
$result = dbquery("DELETE FROM " . DB_ONLINE . " WHERE online_user='******' AND online_ip='" . USER_IP . "'");
$page_content .= "<strong>" . $locale['global_193'] . $_GET['user'] . "</strong><br /><br />\n";
}
}
}
}
echo "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>\n";
echo "<html>\n<head>\n";
echo "<title>" . $settings['sitename'] . "</title>\n";
echo "<meta http-equiv='Content-Type' content='text/html; charset=" . $locale['charset'] . "' />\n";
echo "<meta http-equiv='refresh' content='" . $page_refresh . "; url=" . REDIRECT_TO . "' />\n";
echo "<meta name='description' content='" . $settings['description'] . "' />\n";
echo "<meta name='keywords' content='" . $settings['keywords'] . "' />\n";
