function check_admin_pass($password) { global $settings, $userdata; if ($settings['login_method'] == "cookies") { if (isset($_COOKIE[COOKIE_PREFIX . 'admin']) && encrypt_pw_part2($_COOKIE[COOKIE_PREFIX . 'admin']) == $userdata['user_admin_password'] || encrypt_pw($password) == $userdata['user_admin_password']) { return true; } else { return false; } } elseif ($settings['login_method'] == "sessions") { if (isset($_SESSION[COOKIE_PREFIX . 'admin']) && encrypt_pw_part2($_SESSION[COOKIE_PREFIX . 'admin']) == $userdata['user_admin_password'] || encrypt_pw($password) == $userdata['user_admin_password']) { return true; } else { return false; } } }
function encrypt_pw($string) { return encrypt_pw_part2(encrypt_pw_part1($string)); }
} } else { $result = dbquery("SELECT user_id FROM " . DB_USERS . " WHERE user_name='" . $user_name . "' LIMIT 1"); // Pimped -> if (dbrows($result)) { $data = dbarray($result); dbquery("INSERT INTO " . DB_FAILED_LOGINS . " (user_id, datestamp, logged_ip) VALUES ('" . $data['user_id'] . "', '" . time() . "', '" . USER_IP . "')"); } // Pimped <- redirect(BASEDIR . "setuser.php?error=8"); } } if (isset($_SESSION[COOKIE_PREFIX . 'user_id']) && isset($_SESSION[COOKIE_PREFIX . 'user_pass'])) { $cookie_1 = isnum($_SESSION[COOKIE_PREFIX . 'user_id']) ? $_SESSION[COOKIE_PREFIX . 'user_id'] : "0"; $cookie_2 = preg_check("/^[0-9a-z]{32}\$/", $_SESSION[COOKIE_PREFIX . 'user_pass']) ? $_SESSION[COOKIE_PREFIX . 'user_pass'] : ""; $result = dbquery("SELECT * FROM " . DB_USERS . " WHERE user_id='" . $cookie_1 . "' AND user_password='******' LIMIT 1"); unset($cookie_2); // Pimped if (dbrows($result)) { $userdata = dbarray($result); if ($userdata['user_status'] == 0) { if ($userdata['user_theme'] != "Default" && file_exists(THEMES . $userdata['user_theme'] . "/theme.php") && ($settings['userthemes'] == 1 || $userdata['user_level'] >= nADMIN)) { if (!theme_exists($userdata['user_theme'])) { echo "<strong>" . $settings['sitename'] . " - " . $locale['global_300'] . ".</strong><br /><br />\n"; echo $locale['global_301']; die; } } else { if (!theme_exists($settings['theme'])) { echo "<strong>" . $settings['sitename'] . " - " . $locale['global_300'] . ".</strong><br /><br />\n"; echo $locale['global_301'];
// anonymized/deleted $page_content .= "<strong>" . $locale['global_412'] . "</strong><br /><br />\n"; $page_refresh = "10"; } elseif (isset($_GET['error']) && $_GET['error'] == 8) { // username/password does not match $page_content .= "<strong>" . $locale['global_196'] . "</strong><br /><br />\n"; } else { if ($settings['login_method'] == "cookies" && isset($_COOKIE[COOKIE_PREFIX . 'user']) || $settings['login_method'] == "sessions" && isset($_SESSION[COOKIE_PREFIX . 'user_id']) && isset($_SESSION[COOKIE_PREFIX . 'user_pass'])) { if ($settings['login_method'] == "cookies") { $cookie_vars = explode(".", $_COOKIE[COOKIE_PREFIX . 'user']); $user_pass = preg_check("/^[0-9a-z]{32}\$/", $cookie_vars['1']) ? $cookie_vars['1'] : ""; } elseif ($settings['login_method'] == "sessions") { $user_pass = preg_check("/^[0-9a-z]{32}\$/", $_SESSION[COOKIE_PREFIX . 'user_pass']) ? $_SESSION[COOKIE_PREFIX . 'user_pass'] : ""; } $user_name = preg_replace(array("/\\=/", "/\\#/", "/\\sOR\\s/"), "", stripinput($_GET['user'])); if (!dbcount("(user_id)", DB_USERS, "user_name='" . $user_name . "' AND user_password='******'")) { $page_content .= "<strong>" . $locale['global_196'] . "</strong><br /><br />\n"; } else { $result = dbquery("DELETE FROM " . DB_ONLINE . " WHERE online_user='******' AND online_ip='" . USER_IP . "'"); $page_content .= "<strong>" . $locale['global_193'] . $_GET['user'] . "</strong><br /><br />\n"; } } } } echo "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>\n"; echo "<html>\n<head>\n"; echo "<title>" . $settings['sitename'] . "</title>\n"; echo "<meta http-equiv='Content-Type' content='text/html; charset=" . $locale['charset'] . "' />\n"; echo "<meta http-equiv='refresh' content='" . $page_refresh . "; url=" . REDIRECT_TO . "' />\n"; echo "<meta name='description' content='" . $settings['description'] . "' />\n"; echo "<meta name='keywords' content='" . $settings['keywords'] . "' />\n";