function login($user, $is_cookie, $pwd = '') { require __DIR__ . '/../conf/database.php'; if (!function_exists('my_rsa')) { require __DIR__ . '/checkpwd.php'; } $user = mysqli_real_escape_string($con, $user); $res = mysqli_query($con, "select password,user_id,language,defunct,email,privilege from users where user_id='{$user}' or email='{$user}' limit 1"); $r = mysqli_fetch_row($res); if (!$r) { return _('There\'s no such user...'); } if ($r[3] != 'N') { return _('Your account is still being reviewed...'); } if (!$is_cookie && !password_right($user, $pwd)) { return _('Wrong Username/Password...'); } //Clear guest session. session_unset(); if (!function_exists('clear_cookie')) { require __DIR__ . '/cookie.php'; } clear_cookie('SID'); //Create new session. $_SESSION['user'] = $r[1]; $_SESSION['lang'] = $r[2]; $_SESSION['email'] = $r[4]; $_SESSION['priv'] = $r[5]; //Initialize user preference. if (!class_exists('preferences')) { require __DIR__ . '/preferences.php'; } global $pref; $pref = new preferences(); $res = mysqli_query($con, "select property,value from preferences where user_id='{$user}'"); while ($r = mysqli_fetch_row($res)) { $property = $r[0]; $pref->{$property} = $r[1]; } $_SESSION['pref'] = serialize($pref); require __DIR__ . '/userinfo.php'; $ip = mysqli_escape_string($con, get_ip()); mysqli_query($con, "update users set accesstime=NOW(),ip='{$ip}' where user_id='{$user}'"); return TRUE; }
function login($user, $is_cookie, $pwd = '') { $user = mysql_real_escape_string($user); $res = mysql_query("select password,user_id,language,defunct from users where user_id='{$user}'"); $r = mysql_fetch_row($res); if (!$r) { return "No such user"; } if ($r[3] != 'N') { return "User is disabled"; } if (!$is_cookie && !password_right($user, $pwd)) { return "Password is incorrect"; } session_unset(); setcookie('SID', '', 31415926); $_SESSION['user'] = $r[1]; $_SESSION['lang'] = $r[2]; $res = mysql_query("select rightstr from privilege where user_id='{$user}'"); while ($r = mysql_fetch_row($res)) { if ($r[0] == 'administrator' || $r[0] == 'source_browser' || $r[0] == 'insider') { $_SESSION[$r[0]] = true; } } require_once 'inc/preferences.php'; $pref = new preferences(); $res = mysql_query("select property,value from preferences where user_id='{$user}'"); while ($r = mysql_fetch_row($res)) { $property = $r[0]; $pref->{$property} = $r[1]; } $_SESSION['pref'] = serialize($pref); $ip = mysql_escape_string($_SERVER["REMOTE_ADDR"]); mysql_query("update users set accesstime=NOW(),ip='{$ip}' where user_id='{$user}'"); return TRUE; }
<?php require 'inc/checklogin.php'; if (!isset($_SESSION['user'], $_SESSION['administrator'])) { die('<div class="center">You are not administrator.</div>'); } require 'inc/database.php'; if (isset($_POST['paswd'])) { require_once 'inc/checkpwd.php'; if (password_right($_SESSION['user'], $_POST['paswd'])) { $_SESSION['admin_tfa'] = 1; if (isset($_SESSION['admin_retpage'])) { $ret = $_SESSION['admin_retpage']; } else { $ret = "index.php"; } header("Location: {$ret}"); exit(0); } } $Title = "Admin Verification"; ?> <!DOCTYPE html> <html> <?php require 'head.php'; ?> <body> <?php require 'page_header.php'; ?>
} if (strlen($_POST['email']) > 60) { die('E-mail is too long!'); } if ($_POST['type'] == 'profile') { if (!isset($_POST['oldpwd'])) { die('Invalid argument.'); } session_start(); if (!isset($_SESSION['user'])) { die('Not logged in.'); } $user = $_SESSION['user']; require 'inc/database.php'; require_once 'inc/checkpwd.php'; if (!password_right($user, $_POST['oldpwd'])) { die('Old password is not correct!'); } $query = 'update users set email=\'' . mysql_real_escape_string($_POST['email']) . '\',school=\'' . mysql_real_escape_string($_POST['school']) . '\',nick=\'' . mysql_real_escape_string($_POST['nick']) . '\''; if (isset($_POST['newpwd']) && $_POST['newpwd'] != '') { $len = strlen($_POST['newpwd']); if ($len < 6 || $len > 20) { die('Password is too long or too short!'); } $query .= ',password=\'' . mysql_real_escape_string(my_rsa($_POST['newpwd'])) . '\''; } $query .= " where user_id='{$user}'"; mysql_query($query); echo "User infomation updated successfully!"; } else { if ($_POST['type'] == 'reg') {