if (isset($_REQUEST["action"]) && $_REQUEST["action"] == "login") { require_once ROOT_PATH . "/accounts.php"; $user = trim($_REQUEST["login_user"]); $pass = trim($_REQUEST["login_pass"]); if (!isset($bb_accounts["users"][$user]) || $bb_accounts["users"][$user]["pass"] != sha1($user . ":" . $pass)) { echo "<span class=\"error\">Incorrect username or password.</span>"; exit; } BB_DeleteExpiredUserSessions(); if (isset($_REQUEST["login_reset"]) && $_REQUEST["login_reset"] == "yes") { BB_SetUserPassword($user, $pass); } require_once ROOT_PATH . "/" . SUPPORT_PATH . "/cookie.php"; $id = BB_NewUserSession($user, isset($_REQUEST["bbl"]) ? $_REQUEST["bbl"] : ""); if ($id === false) { $id = BB_NewUserSession($user, ""); } if ($id === false) { echo "<span class=\"error\">Unable to create session.</span>"; exit; } SetCookieFixDomain("bbl", $id, $bb_accounts["sessions"][$id]["expire"], ROOT_URL . "/", "", USE_HTTPS, true); SetCookieFixDomain("bbq", "1", $bb_accounts["sessions"][$id]["expire"], ROOT_URL . "/", ""); ?> <span class="success">Successfully logged in.</span><br /> <a href="<?php echo htmlspecialchars(BB_GetFullRootURLBase("http")); ?> /">Click here to continue</a> <script type="text/javascript"> window.location = '<?php
if ($pass != "") { if ($bb_account["pass"] !== sha1($bb_account["user"] . ":" . $pass)) { BB_PropertyFormError("'Current Password' is incorrect."); } if ($_REQUEST["newpass"] === "") { BB_PropertyFormError("New password field not filled out."); } if ($_REQUEST["newpass"] !== $_REQUEST["newpass2"]) { BB_PropertyFormError("New password fields are not the same."); } BB_SetUserPassword($bb_account["user"], $_REQUEST["newpass"]); // BB_SetUserPassword wipes out the existing session. Create a new session. require_once ROOT_PATH . "/" . SUPPORT_PATH . "/cookie.php"; $id = BB_NewUserSession($bb_account["user"], $_REQUEST["bbl"]); if ($id === false) { $id = BB_NewUserSession($bb_account["user"], ""); } if ($id === false) { echo "<span class=\"error\">Unable to create session.</span>"; exit; } SetCookieFixDomain("bbl", $id, $bb_accounts["sessions"][$id]["expire"], ROOT_URL . "/", "", USE_HTTPS, true); unset($id); } ?> <div class="success"><?php echo htmlspecialchars(BB_Translate("Account Saved.")); ?> </div> <script type="text/javascript"> ReloadPage();