echo "Successful Registration, Please Login.";
}else{ echo "An account with these details already exists."; }
}else if(isset($_GET['logout'])){
setcookie("username","");
setcookie("password","");
}else if(isset($_GET['createcharacter'])){
$charname = strip_tags($_GET['createcharacter']);
$class = strip_tags($_GET['class']);
$username = $_COOKIE['username'];
$password = $_COOKIE['password'];
$row = $mysql->query("select * from accounts where username = '******' and password = '******'",true);
if($row['id'] == ""){ die('error'); }
$row1 = $mysql->query("select * from players where account = ".$row['id']);
if($mysql->num_rows($row1) == 3){ die('error'); }
$mysql->query("insert into players (name,sprite,map,position,items,account)values('$charname',120,$start_map,'$start_position','','".$row['id']."')");
DoLogin($mysql,$username,$password);
}
function DoLogin($mysql,$username,$password){
$map = $mysql->query("select id from accounts where username = '******' and password = '******' and banned = 0");
if($mysql->num_rows($map) > 0){
while($row = $mysql->fetch_array($map)){
$userid = $row['id'];
$map = $mysql->query("select * from players where account = $userid");
if($mysql->num_rows($map) > 0){
$count = 0;
while($row2 = $mysql->fetch_array($map)){
echo '<table style="cursor:pointer;width:100%" onclick="InitiallyLoadPlayer('.$row2['id'].');" onmouseout="$(this).css(\'background-color\',\'transparent\')" onmouseover="$(this).css(\'background-color\',\'#FFFFFF\')"><tr><td width="32"><div style="width:32px;height:32px" id="charselectimg-'.$count.'"></div><div style="display:none" id="charselectsprite-'.$count.'">'.$row2['sprite'].'</div></td><td>'.$row2['name'].'</td></tr></table>';
$count++;
}
}else{ echo "No Characters."; }
function Login2()
{
global $txt, $scripturl, $user_info, $user_settings, $smcFunc;
global $cookiename, $maintenance, $modSettings, $context, $sc, $sourcedir;
// Load cookie authentication stuff.
require_once $sourcedir . '/Subs-Auth.php';
if (isset($_GET['sa']) && $_GET['sa'] == 'salt' && !$user_info['is_guest']) {
if (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\\{i:0;(i:\\d{1,6}|s:[1-8]:"\\d{1,8}");i:1;s:(0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\\d{1,14};(i:3;i:\\d;)?\\}$~', $_COOKIE[$cookiename]) === 1) {
list(, , $timeout) = @unserialize($_COOKIE[$cookiename]);
} elseif (isset($_SESSION['login_' . $cookiename])) {
list(, , $timeout) = @unserialize($_SESSION['login_' . $cookiename]);
} else {
trigger_error('Login2(): Cannot be logged in without a session or cookie', E_USER_ERROR);
}
$user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
updateMemberData($user_info['id'], array('password_salt' => $user_settings['password_salt']));
setLoginCookie($timeout - time(), $user_info['id'], sha1($user_settings['passwd'] . $user_settings['password_salt']));
redirectexit('action=login2;sa=check;member=' . $user_info['id'], $context['server']['needs_login_fix']);
} elseif (isset($_GET['sa']) && $_GET['sa'] == 'check') {
// Strike! You're outta there!
if ($_GET['member'] != $user_info['id']) {
fatal_lang_error('login_cookie_error', false);
}
// Some whitelisting for login_url...
if (empty($_SESSION['login_url'])) {
redirectexit();
} else {
// Best not to clutter the session data too much...
$temp = $_SESSION['login_url'];
unset($_SESSION['login_url']);
redirectexit($temp);
}
}
// Beyond this point you are assumed to be a guest trying to login.
if (!$user_info['is_guest']) {
redirectexit();
}
// Set the login_url if it's not already set (but careful not to send us to an attachment).
if (empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) {
$_SESSION['login_url'] = $_SESSION['old_url'];
}
// Are you guessing with a script that doesn't keep the session id?
spamProtection('login');
// Been guessing a lot, haven't we?
if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3) {
fatal_lang_error('login_threshold_fail', 'critical');
}
// Set up the cookie length. (if it's invalid, just fall through and use the default.)
if (isset($_POST['cookieneverexp']) || !empty($_POST['cookielength']) && $_POST['cookielength'] == -1) {
$modSettings['cookieTime'] = 3153600;
} elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 || $_POST['cookielength'] <= 525600)) {
$modSettings['cookieTime'] = (int) $_POST['cookielength'];
}
loadLanguage('Login');
// Load the template stuff - wireless or normal.
if (WIRELESS) {
$context['sub_template'] = WIRELESS_PROTOCOL . '_login';
} else {
loadTemplate('Login');
$context['sub_template'] = 'login';
}
// Set up the default/fallback stuff.
$context['default_username'] = isset($_REQUEST['user']) ? preg_replace('~&#(\\d{1,7}|x[0-9a-fA-F]{1,6});~', '&#\\1;', htmlspecialchars($_REQUEST['user'])) : '';
$context['default_password'] = '';
$context['never_expire'] = $modSettings['cookieTime'] == 525600 || $modSettings['cookieTime'] == 3153600;
$context['login_errors'] = array($txt['error_occured']);
$context['page_title'] = $txt['login'];
// Add the login chain to the link tree.
$context['linktree'][] = array('url' => $scripturl . '?action=login', 'name' => $txt['login']);
if (!empty($_REQUEST['openid_identifier']) && !empty($modSettings['enableOpenID'])) {
require_once $sourcedir . '/Subs-OpenID.php';
return smf_openID_validate($_REQUEST['openid_identifier']);
}
// You forgot to type your username, dummy!
if (!isset($_REQUEST['user']) || $_REQUEST['user'] == '') {
$context['login_errors'] = array($txt['need_username']);
return;
}
// Hmm... maybe 'admin' will login with no password. Uhh... NO!
if ((!isset($_POST['passwrd']) || $_POST['passwrd'] == '') && (!isset($_REQUEST['hash_passwrd']) || strlen($_REQUEST['hash_passwrd']) != 40)) {
$context['login_errors'] = array($txt['no_password']);
return;
}
// No funky symbols either.
if (preg_match('~[<>&"\'=\\\\]~', preg_replace('~(&#(\\d{1,7}|x[0-9a-fA-F]{1,6});)~', '', $_REQUEST['user'])) != 0) {
$context['login_errors'] = array($txt['error_invalid_characters_username']);
return;
}
// Are we using any sort of integration to validate the login?
if (isset($modSettings['integrate_validate_login']) && is_callable($modSettings['integrate_validate_login'])) {
if (call_user_func(strpos($modSettings['integrate_validate_login'], '::') === false ? $modSettings['integrate_validate_login'] : explode('::', $modSettings['integrate_validate_login']), $_REQUEST['user'], isset($_REQUEST['hash_passwrd']) && strlen($_REQUEST['hash_passwrd']) == 40 ? $_REQUEST['hash_passwrd'] : null, $modSettings['cookieTime']) == 'retry') {
$context['login_errors'] = array($txt['login_hash_error']);
$context['disable_login_hashing'] = true;
return;
}
}
// Load the data up!
$request = $smcFunc['db_query']('', '
SELECT passwd, id_member, id_group, lngfile, is_activated, email_address, additional_groups, member_name, password_salt,
openid_uri, passwd_flood
FROM {db_prefix}members
WHERE ' . ($smcFunc['db_case_sensitive'] ? 'LOWER(member_name) = LOWER({string:user_name})' : 'member_name = {string:user_name}') . '
LIMIT 1', array('user_name' => $smcFunc['db_case_sensitive'] ? strtolower($_REQUEST['user']) : $_REQUEST['user']));
// Probably mistyped or their email, try it as an email address. (member_name first, though!)
if ($smcFunc['db_num_rows']($request) == 0) {
$smcFunc['db_free_result']($request);
$request = $smcFunc['db_query']('', '
SELECT passwd, id_member, id_group, lngfile, is_activated, email_address, additional_groups, member_name, password_salt, openid_uri,
passwd_flood
FROM {db_prefix}members
WHERE email_address = {string:user_name}
LIMIT 1', array('user_name' => $_REQUEST['user']));
// Let them try again, it didn't match anything...
if ($smcFunc['db_num_rows']($request) == 0) {
$context['login_errors'] = array($txt['username_no_exist']);
return;
}
}
$user_settings = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
// Figure out the password using SMF's encryption - if what they typed is right.
if (isset($_REQUEST['hash_passwrd']) && strlen($_REQUEST['hash_passwrd']) == 40) {
// Needs upgrading?
if (strlen($user_settings['passwd']) != 40) {
$context['login_errors'] = array($txt['login_hash_error']);
$context['disable_login_hashing'] = true;
unset($user_settings);
return;
} elseif ($_REQUEST['hash_passwrd'] == sha1($user_settings['passwd'] . $sc)) {
$sha_passwd = $user_settings['passwd'];
} else {
// Don't allow this!
validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood']);
$_SESSION['failed_login'] = @$_SESSION['failed_login'] + 1;
if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) {
redirectexit('action=reminder');
} else {
log_error($txt['incorrect_password'] . ' - <span class="remove">' . $user_settings['member_name'] . '</span>', 'user');
$context['disable_login_hashing'] = true;
$context['login_errors'] = array($txt['incorrect_password']);
unset($user_settings);
return;
}
}
} else {
$sha_passwd = sha1(strtolower($user_settings['member_name']) . un_htmlspecialchars($_POST['passwrd']));
}
// Bad password! Thought you could fool the database?!
if ($user_settings['passwd'] != $sha_passwd) {
// Let's be cautious, no hacking please. thanx.
validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood']);
// Maybe we were too hasty... let's try some other authentication methods.
$other_passwords = array();
// None of the below cases will be used most of the time (because the salt is normally set.)
if ($user_settings['password_salt'] == '') {
// YaBB SE, Discus, MD5 (used a lot), SHA-1 (used some), SMF 1.0.x, IkonBoard, and none at all.
$other_passwords[] = crypt($_POST['passwrd'], substr($_POST['passwrd'], 0, 2));
$other_passwords[] = crypt($_POST['passwrd'], substr($user_settings['passwd'], 0, 2));
$other_passwords[] = md5($_POST['passwrd']);
$other_passwords[] = sha1($_POST['passwrd']);
$other_passwords[] = md5_hmac($_POST['passwrd'], strtolower($user_settings['member_name']));
$other_passwords[] = md5($_POST['passwrd'] . strtolower($user_settings['member_name']));
$other_passwords[] = $_POST['passwrd'];
// This one is a strange one... MyPHP, crypt() on the MD5 hash.
$other_passwords[] = crypt(md5($_POST['passwrd']), md5($_POST['passwrd']));
// Snitz style - SHA-256. Technically, this is a downgrade, but most PHP configurations don't support sha256 anyway.
if (strlen($user_settings['passwd']) == 64 && function_exists('mhash') && defined('MHASH_SHA256')) {
$other_passwords[] = bin2hex(mhash(MHASH_SHA256, $_POST['passwrd']));
}
// phpBB3 users new hashing. We now support it as well ;).
$other_passwords[] = phpBB3_password_check($_POST['passwrd'], $user_settings['passwd']);
// APBoard 2 Login Method.
$other_passwords[] = md5(crypt($_REQUEST['passwrd'], 'CRYPT_MD5'));
} elseif (strlen($user_settings['passwd']) == 32) {
// vBulletin 3 style hashing? Let's welcome them with open arms \o/.
$other_passwords[] = md5(md5($_POST['passwrd']) . $user_settings['password_salt']);
// Hmm.. p'raps it's Invision 2 style?
$other_passwords[] = md5(md5($user_settings['password_salt']) . md5($_POST['passwrd']));
// Some common md5 ones.
$other_passwords[] = md5($user_settings['password_salt'] . $_POST['passwrd']);
$other_passwords[] = md5($_POST['passwrd'] . $user_settings['password_salt']);
$other_passwords[] = md5($_POST['passwrd']);
$other_passwords[] = md5(md5($_POST['passwrd']));
} elseif (strlen($user_settings['passwd']) == 40) {
// Maybe they are using a hash from before the password fix.
$other_passwords[] = sha1(strtolower($user_settings['member_name']) . un_htmlspecialchars($_POST['passwrd']));
// BurningBoard3 style of hashing.
$other_passwords[] = sha1($user_settings['password_salt'] . sha1($user_settings['password_salt'] . sha1($_REQUEST['passwrd'])));
// Perhaps we converted to UTF-8 and have a valid password being hashed differently.
if ($context['character_set'] == 'utf8' && !empty($modSettings['previousCharacterSet']) && $modSettings['previousCharacterSet'] != 'utf8') {
// Try iconv first, for no particular reason.
if (function_exists('iconv')) {
$other_passwords['iconv'] = sha1(strtolower(iconv('UTF-8', $modSettings['previousCharacterSet'], $user_settings['member_name'])) . un_htmlspecialchars(iconv('UTF-8', $modSettings['previousCharacterSet'], $_POST['passwrd'])));
}
// Say it aint so, iconv failed!
if (empty($other_passwords['iconv']) && function_exists('mb_convert_encoding')) {
$other_passwords[] = sha1(strtolower(mb_convert_encoding($user_settings['member_name'], 'UTF-8', $modSettings['previousCharacterSet'])) . un_htmlspecialchars(mb_convert_encoding($_POST['passwrd'], 'UTF-8', $modSettings['previousCharacterSet'])));
}
}
}
// SMF's sha1 function can give a funny result on Linux (Not our fault!). If we've now got the real one let the old one be valid!
if (strpos(strtolower(PHP_OS), 'win') !== 0) {
require_once $sourcedir . '/Subs-Compat.php';
$other_passwords[] = sha1_smf(strtolower($user_settings['member_name']) . un_htmlspecialchars($_POST['passwrd']));
}
// Whichever encryption it was using, let's make it use SMF's now ;).
if (in_array($user_settings['passwd'], $other_passwords)) {
$user_settings['passwd'] = $sha_passwd;
$user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
// Update the password and set up the hash.
updateMemberData($user_settings['id_member'], array('passwd' => $user_settings['passwd'], 'password_salt' => $user_settings['password_salt']));
} else {
// They've messed up again - keep a count to see if they need a hand.
$_SESSION['failed_login'] = @$_SESSION['failed_login'] + 1;
// Hmm... don't remember it, do you? Here, try the password reminder ;).
if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) {
redirectexit('action=reminder');
} else {
// Log an error so we know that it didn't go well in the error log.
log_error($txt['incorrect_password'] . ' - <span class="remove">' . $user_settings['member_name'] . '</span>', 'user');
$context['login_errors'] = array($txt['incorrect_password']);
return;
}
}
} elseif (!empty($user_settings['passwd_flood'])) {
// Let's be sure they wern't a little hacker.
validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood'], true);
// If we got here then we can reset the flood counter.
updateMemberData($user_settings['id_member'], array('passwd_flood' => ''));
}
// Correct password, but they've got no salt; fix it!
if ($user_settings['password_salt'] == '') {
$user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
updateMemberData($user_settings['id_member'], array('password_salt' => $user_settings['password_salt']));
}
// Check their activation status.
if (!checkActivation()) {
return;
}
DoLogin();
}
function smf_openID_return()
{
global $smcFunc, $user_info, $user_profile, $sourcedir, $modSettings, $context, $sc, $user_settings;
// Is OpenID even enabled?
if (empty($modSettings['enableOpenID'])) {
fatal_lang_error('no_access', false);
}
if (!isset($_GET['openid_mode'])) {
fatal_lang_error('openid_return_no_mode', false);
}
// @todo Check for error status!
if ($_GET['openid_mode'] != 'id_res') {
fatal_lang_error('openid_not_resolved');
}
// SMF has this annoying habit of removing the + from the base64 encoding. So lets put them back.
foreach (array('openid_assoc_handle', 'openid_invalidate_handle', 'openid_sig', 'sf') as $key) {
if (isset($_GET[$key])) {
$_GET[$key] = str_replace(' ', '+', $_GET[$key]);
}
}
// Did they tell us to remove any associations?
if (!empty($_GET['openid_invalidate_handle'])) {
smf_openid_removeAssociation($_GET['openid_invalidate_handle']);
}
$server_info = smf_openid_getServerInfo($_GET['openid_identity']);
// Get the association data.
$assoc = smf_openID_getAssociation($server_info['server'], $_GET['openid_assoc_handle'], true);
if ($assoc === null) {
fatal_lang_error('openid_no_assoc');
}
$secret = base64_decode($assoc['secret']);
$signed = explode(',', $_GET['openid_signed']);
$verify_str = '';
foreach ($signed as $sign) {
$verify_str .= $sign . ':' . strtr($_GET['openid_' . str_replace('.', '_', $sign)], array('&' => '&')) . "\n";
}
$verify_str = base64_encode(sha1_hmac($verify_str, $secret));
if ($verify_str != $_GET['openid_sig']) {
fatal_lang_error('openid_sig_invalid', 'critical');
}
if (!isset($_SESSION['openid']['saved_data'][$_GET['t']])) {
fatal_lang_error('openid_load_data');
}
$openid_uri = $_SESSION['openid']['saved_data'][$_GET['t']]['openid_uri'];
$modSettings['cookieTime'] = $_SESSION['openid']['saved_data'][$_GET['t']]['cookieTime'];
if (empty($openid_uri)) {
fatal_lang_error('openid_load_data');
}
// Any save fields to restore?
$context['openid_save_fields'] = isset($_GET['sf']) ? unserialize(base64_decode($_GET['sf'])) : array();
// Is there a user with this OpenID_uri?
$result = $smcFunc['db_query']('', '
SELECT passwd, id_member, id_group, lngfile, is_activated, email_address, additional_groups, member_name, password_salt,
openid_uri
FROM {db_prefix}members
WHERE openid_uri = {string:openid_uri}', array('openid_uri' => $openid_uri));
$member_found = $smcFunc['db_num_rows']($result);
if (!$member_found && isset($_GET['sa']) && $_GET['sa'] == 'change_uri' && !empty($_SESSION['new_openid_uri']) && $_SESSION['new_openid_uri'] == $openid_uri) {
// Update the member.
updateMemberData($user_settings['id_member'], array('openid_uri' => $openid_uri));
unset($_SESSION['new_openid_uri']);
$_SESSION['openid'] = array('verified' => true, 'openid_uri' => $openid_uri);
// Send them back to profile.
redirectexit('action=profile;area=authentication;updated');
} elseif (!$member_found) {
// Store the received openid info for the user when returned to the registration page.
$_SESSION['openid'] = array('verified' => true, 'openid_uri' => $openid_uri);
if (isset($_GET['openid_sreg_nickname'])) {
$_SESSION['openid']['nickname'] = $_GET['openid_sreg_nickname'];
}
if (isset($_GET['openid_sreg_email'])) {
$_SESSION['openid']['email'] = $_GET['openid_sreg_email'];
}
if (isset($_GET['openid_sreg_dob'])) {
$_SESSION['openid']['dob'] = $_GET['openid_sreg_dob'];
}
if (isset($_GET['openid_sreg_gender'])) {
$_SESSION['openid']['gender'] = $_GET['openid_sreg_gender'];
}
// Were we just verifying the registration state?
if (isset($_GET['sa']) && $_GET['sa'] == 'register2') {
require_once $sourcedir . '/Register.php';
return Register2(true);
} else {
redirectexit('action=register');
}
} elseif (isset($_GET['sa']) && $_GET['sa'] == 'revalidate' && $user_settings['openid_uri'] == $openid_uri) {
$_SESSION['openid_revalidate_time'] = time();
// Restore the get data.
require_once $sourcedir . '/Subs-Auth.php';
$_SESSION['openid']['saved_data'][$_GET['t']]['get']['openid_restore_post'] = $_GET['t'];
$query_string = construct_query_string($_SESSION['openid']['saved_data'][$_GET['t']]['get']);
redirectexit($query_string);
} else {
$user_settings = $smcFunc['db_fetch_assoc']($result);
$smcFunc['db_free_result']($result);
$user_settings['passwd'] = sha1(strtolower($user_settings['member_name']) . $secret);
$user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
updateMemberData($user_settings['id_member'], array('passwd' => $user_settings['passwd'], 'password_salt' => $user_settings['password_salt']));
// Cleanup on Aisle 5.
$_SESSION['openid'] = array('verified' => true, 'openid_uri' => $openid_uri);
require_once $sourcedir . '/LogInOut.php';
if (!checkActivation()) {
return;
}
DoLogin();
}
}
/**
* Set session variables and permissions after login via Facebook
*
*/
function AfterFBLogIn($pUsername, $pPassword)
{
global $conn, $cUserNameFieldType, $cPasswordFieldType, $cUserNameField, $cDisplayNameField, $globalEvents;
$logged = false;
$strUsername = (string) $pUsername;
$sUsername = $strUsername;
if (NeedQuotes($cUserNameFieldType)) {
$strUsername = db_prepare_string($strUsername);
} else {
$strUsername = 0 + $strUsername;
}
$strSQL = "select * from " . AddTableWrappers("") . " where " . AddFieldWrappers($cUserNameField) . "=" . $strUsername . "";
$rs = db_query($strSQL, $conn);
$data = db_fetch_array($rs);
if ($data) {
$logged = true;
$pDisplayUsername = $data[$cDisplayNameField] != '' ? $data[$cDisplayNameField] : $sUsername;
DoLogin(false, $pUsername, $pDisplayUsername, "", ACCESS_LEVEL_USER, $pPassword);
SetAuthSessionData($pUsername, $data, true, $pPassword);
}
}
/**
* Set session variables and permissions after login via Facebook
* @intellisense
*/
function AfterFBLogIn($pUsername, $pPassword, &$pageObject = null)
{
global $cman, $cUserNameFieldType, $cPasswordFieldType, $cUserNameField, $cDisplayNameField, $globalEvents;
$logged = false;
$strUsername = (string) $pUsername;
$sUsername = $strUsername;
$connection = $cman->getForLogin();
if (NeedQuotes($cUserNameFieldType)) {
$strUsername = $connection->prepareString($strUsername);
} else {
$strUsername = 0 + $strUsername;
}
$strSQL = "select * from " . $connection->addTableWrappers("ConsolidatedStockEnquiry_users") . " where " . $connection->addFieldWrappers($cUserNameField) . "=" . $strUsername . "";
$data = $connection->query($strSQL)->fetchAssoc();
if (count($data)) {
$logged = true;
$pDisplayUsername = $data[$cDisplayNameField] != '' ? $data[$cDisplayNameField] : $sUsername;
DoLogin(false, $pUsername, $pDisplayUsername, "", ACCESS_LEVEL_USER, $pPassword, $pageObject);
SetAuthSessionData($pUsername, $data, true, $pPassword, $pageObject);
}
}
function CheckLogin($username, $password)
{
$validlogin = false;
//if ($GLOBALS['cfg']['enablecas']){
// Debug(__FILE__, __LINE__,"Checking against CAS server");
// echo "Using CAS authentication<br>";
// $username = AuthenticateCASUser();
// exit(0);
// if ($username != "") {
// $validlogin = true;
// }
//}
//else {
if (AuthenticateUnixUser($username, $password) && !$GLOBALS['ispublic']) {
Debug(__FILE__, __LINE__, "This is a Unix user account");
$validlogin = true;
} else {
Debug(__FILE__, __LINE__, "Not a unix user account");
if (AuthenticateStandardUser($username, $password)) {
$validlogin = true;
} else {
return false;
}
}
//}
if ($validlogin) {
DoLogin($username);
return true;
}
}
} else {
return "";
}
}
function Logout()
{
// destroy the session
session_destroy();
return "Cierre De Sesion Existoso";
}
$possible_url = array("session", "login", "logout");
$value = "An error has occurred";
if (isset($_GET["action"]) && in_array($_GET["action"], $possible_url)) {
switch ($_GET["action"]) {
case "session":
$value = session();
break;
case "logout":
$value = Logout();
break;
case "login":
if (isset($_GET["id"])) {
$value = DoLogin($_GET["id"]);
} else {
$value = "Missing argument";
}
break;
}
}
//return JSON array
exit(json_encode($value));
if(mlang_getcurrentlang()=="")
{
}
set_error_handler("connect_error_handler");
$conn = db_connect();
restore_error_handler();
if(!isLogged())
{
$allowGuest = true;
$scriptname = getFileNameFromURL();
if($allowGuest && $scriptname!="login.php" && $scriptname!="remind.php" && $scriptname!="register.php")
{
DoLogin(true);
}
}
$isGroupSecurity = true;
$isUseRTEBasic = true;
$isUseRTECK = false;
$isUseRTEInnova = false;
$caseInsensitiveUsername = 0;
include(getabspath('classes/projectsettings.php'));
/**
* Login method
* @param String pUsername
* @param String pPassword
*/
function LogIn($pUsername, $pPassword)
{
// username and password are stored in the database
global $cUserNameFieldType, $cPasswordFieldType, $cUserNameField, $cPasswordField, $cDisplayNameField;
$logged = false;
$strUsername = (string) $pUsername;
$strPassword = (string) $pPassword;
$loginSet = ProjectSettings::getForLogin();
$cipherer = RunnerCipherer::getForLogin($loginSet);
$sUsername = $strUsername;
$sPassword = $strPassword;
if ($cipherer->isFieldEncrypted($cUserNameField)) {
$strUsername = $cipherer->MakeDBValue($cUserNameField, $strUsername, "", true);
} else {
if (NeedQuotes($cUserNameFieldType)) {
$strUsername = $this->connection->prepareString($strUsername);
} else {
$strUsername = 0 + $strUsername;
}
}
if ($cipherer->isFieldEncrypted($cPasswordField)) {
$strPassword = $cipherer->MakeDBValue($cPasswordField, $strPassword, "", true);
} else {
if (NeedQuotes($cPasswordFieldType)) {
$strPassword = $this->connection->prepareString($strPassword);
} else {
$strPassword = 0 + $strPassword;
}
}
if ($loginSet) {
if (!$this->pSet->isCaseInsensitiveUsername()) {
$where = $this->getFieldSQLDecrypt($cUserNameField) . "=" . $strUsername . " and " . $this->getFieldSQLDecrypt($cPasswordField) . "=" . $strPassword;
} else {
$where = $this->connection->upper($this->getFieldSQLDecrypt($cUserNameField)) . "=" . $this->pSet->getCaseSensitiveUsername($strUsername) . " and " . $this->getFieldSQLDecrypt($cPasswordField) . "=" . $strPassword;
}
$tempSQLQuery = $loginSet->GetTableData(".sqlquery");
$tempSQLQuery->addWhere($where);
$tempSQLQuery->addWhere($this->connection->addFieldWrappers("active1") . "=1");
$strSQL = $tempSQLQuery->toSql();
} else {
$strSQL = "select * from " . $this->connection->addTableWrappers("ConsolidatedStockEnquiry_users") . " where " . $this->connection->addFieldWrappers($cUserNameField) . "=" . $strUsername . " and " . $this->connection->addFieldWrappers($cPasswordField) . "=" . $strPassword;
$strSQL .= " and " . $this->connection->addFieldWrappers("active1") . "=1";
}
$data = $cipherer->DecryptFetchedArray($this->connection->query($strSQL)->fetchAssoc());
if ($data) {
if ($this->pSet->getCaseSensitiveUsername(@$data[$cUserNameField]) == $this->pSet->getCaseSensitiveUsername($sUsername) && @$data[$cPasswordField] == $sPassword) {
$logged = true;
$pDisplayUsername = $data[$cDisplayNameField] != '' ? $data[$cDisplayNameField] : $sUsername;
}
}
if ($logged && $this->isCaptchaOk) {
DoLogin(false, $pUsername, $pDisplayUsername, "", ACCESS_LEVEL_USER, $pPassword, $this);
SetAuthSessionData($pUsername, $data, $this->fromFacebook, $pPassword, $this);
return true;
}
if ($this->auditObj) {
$this->auditObj->LogLoginFailed($pUsername);
$this->auditObj->LoginUnsuccessful($pUsername);
}
return false;
}
$action = GetVariable("action");
/* edit variables */
$username = GetVariable("username");
$password = GetVariable("password");
//$persistent = GetVariable("persistent");
/* database connection */
$link = mysql_connect($GLOBALS['cfg']['mysqlhost'],$GLOBALS['cfg']['mysqluser'],$GLOBALS['cfg']['mysqlpassword']) or die ("Could not connect: " . mysql_error());
mysql_select_db($GLOBALS['cfg']['mysqldatabase']) or die ("Could not select database<br>");
/* ----- determine which action to take ----- */
if ($action == "login") {
if (!DoLogin($username, $password))
DisplayLogin("Incorrect login. Make sure Caps Lock is not on");
else {
header("Location: index.php");
}
}
elseif ($action =="logout") {
DoLogout();
DisplayLogin("You have been logged out");
}
else {
DisplayLogin("");
}
/* -------------------------------------------- */
/**
* Login method
*
*/
function LogIn($pUsername,$pPassword){
// username and password are stored in the database
global $conn, $cUserNameFieldType, $cPasswordFieldType, $cUserNameField, $cPasswordField, $cDisplayNameField;
$logged = false;
$strUsername = (string)$pUsername;
$strPassword = (string)$pPassword;
$cipherer = new RunnerCipherer("webreport_users");
$sUsername = $strUsername;
$sPassword = $strPassword;
if($cipherer->isFieldEncrypted($cUserNameField))
$strUsername = $cipherer->MakeDBValue($cUserNameField,$strUsername,"","",true);
else
{
if(NeedQuotes($cUserNameFieldType))
$strUsername = db_prepare_string($strUsername);
else
$strUsername = (0+$strUsername);
}
if($cipherer->isFieldEncrypted($cPasswordField))
$strPassword = $cipherer->MakeDBValue($cPasswordField,$strPassword,"","",true);
else
{
if(NeedQuotes($cPasswordFieldType))
$strPassword = db_prepare_string($strPassword);
else
$strPassword = (0+$strPassword);
}
$fieldList = "";
$lSet = new ProjectSettings("webreport_users", PAGE_LIST);
if($lSet->GetTableData(".sqlquery"))
$fieldList = $lSet->GetTableData(".sqlquery")->toSql();
if($fieldList)
{
if(!$this->pSet->isCaseInsensitiveUsername()) {
$where = AddTableWrappers(GetFullFieldName($cUserNameField,"webreport_users",false)).
"=".$strUsername." and ".AddTableWrappers(GetFullFieldName($cPasswordField,"webreport_users",false))."=".$strPassword;
} else {
$where = db_upper(getFullFieldName($cUserNameField,"webreport_users",false)).
"=".$this->pSet->getCaseSensitiveUsername($strUsername)." and ".GetFullFieldName($cPasswordField,"webreport_users",false).
"=".$strPassword;
}
$tempSQLQuery = $lSet->GetTableData(".sqlquery");
$tempSQLQuery->addWhere($where);
$strSQL = $tempSQLQuery->toSql();
}
else
{
$strSQL = "select * from ".AddTableWrappers("webreport_users")." where ".AddFieldWrappers($cUserNameField)."=".$strUsername." and ".AddFieldWrappers($cPasswordField)."=".$strPassword;
}
$rs = db_query($strSQL,$conn);
$data = $cipherer->DecryptFetchedArray($rs);
if($data){
if($this->pSet->getCaseSensitiveUsername(@$data[$cUserNameField])==$this->pSet->getCaseSensitiveUsername($sUsername) && @$data[$cPasswordField]==$sPassword){
$logged=true;
$pDisplayUsername = $data[$cDisplayNameField]!='' ? $data[$cDisplayNameField] : $sUsername;
}
}
if($logged && $this->isCaptchaOk)
{
DoLogin(false, $pUsername, $pDisplayUsername, "", ACCESS_LEVEL_USER, $pPassword);
SetAuthSessionData($pUsername, $data, $this->fromFacebook, $pPassword);
return true;
}
else {
if($this->auditObj)
{
$this->auditObj->LogLoginFailed($pUsername);
$this->auditObj->LoginUnsuccessful($pUsername);
}
return false;
}
}
