function logincheck()
{
if ($_SESSION['admin'] == '') {
login_failed();
}
if ($_SESSION['adminid'] == '') {
login_failed();
}
if ($_SESSION['ip'] != $_SERVER['REMOTE_ADDR']) {
login_failed();
}
if ($_SESSION['browser'] != $_SERVER['HTTP_USER_AGENT']) {
login_failed();
}
}
function logincheck()
{
if ($_SESSION['user']['timeout'] < date('U')) {
login_failed();
}
if ($_SESSION['user']['name'] == '') {
login_failed();
}
if ($_SESSION['user']['omni'] == '') {
login_failed();
}
if ($_SESSION['user']['ip'] != $_SERVER['REMOTE_ADDR']) {
login_failed();
}
if ($_SESSION['user']['browser'] != $_SERVER['HTTP_USER_AGENT']) {
login_failed();
}
}
function logInMember()
{
$redir = 'index.php';
if ($_POST['signIn'] != '') {
if ($_POST['username'] != '' && $_POST['password'] != '') {
$username = makeSafe(strtolower($_POST['username']));
$password = md5($_POST['password']);
if (sqlValue("select count(1) from membership_users where lcase(memberID)='{$username}' and passMD5='{$password}' and isApproved=1 and isBanned=0") == 1) {
$_SESSION['memberID'] = $username;
$_SESSION['memberGroupID'] = sqlValue("select groupID from membership_users where lcase(memberID)='{$username}'");
if ($_POST['rememberMe'] == 1) {
@setcookie('FWLDBA_rememberMe', md5($username . $password), time() + 86400 * 30);
} else {
@setcookie('FWLDBA_rememberMe', '', time() - 86400 * 30);
}
// hook: login_ok
if (function_exists('login_ok')) {
$args = array();
if (!($redir = login_ok(getMemberInfo(), $args))) {
$redir = 'index.php';
}
}
redirect($redir);
exit;
}
}
// hook: login_failed
if (function_exists('login_failed')) {
$args = array();
login_failed(array('username' => $_POST['username'], 'password' => $_POST['password'], 'IP' => $_SERVER['REMOTE_ADDR']), $args);
}
if (!headers_sent()) {
header('HTTP/1.0 403 Forbidden');
}
redirect("index.php?loginFailed=1");
exit;
} elseif ((!$_SESSION['memberID'] || $_SESSION['memberID'] == $adminConfig['anonymousMember']) && $_COOKIE['FWLDBA_rememberMe'] != '') {
$chk = makeSafe($_COOKIE['FWLDBA_rememberMe']);
if ($username = sqlValue("select memberID from membership_users where convert(md5(concat(memberID, passMD5)), char)='{$chk}' and isBanned=0")) {
$_SESSION['memberID'] = $username;
$_SESSION['memberGroupID'] = sqlValue("select groupID from membership_users where lcase(memberID)='{$username}'");
}
}
}
} else {
gotoindex();
}
$db = new mydb();
$query = "select * from member where login_name=\$1";
$result = $db->query($query, array($login_name));
if (pg_num_rows($result) == 1) {
$row = pg_fetch_assoc($result, 0);
if (password_verify($pwd, $row['pwd'])) {
$_SESSION['login_name'] = $row['login_name'];
$_SESSION['id'] = $row['id'];
$_SESSION['ipaddress'] = $_SERVER['REMOTE_ADDR'];
login_success();
} else {
login_failed();
}
} else {
login_failed();
}
function login_success()
{
header("Location: top.php");
}
function post_check()
{
return isset($_POST['login_name']) & isset($_POST['pwd']);
}
function login_failed()
{
include "login_failed.php";
}
