function login()
{
site_title(lang('login_t'));
page_title(lang('login_t'));
$out = '';
// Try to login?
if (@$_POST['sub_login']) {
$mail = @$_POST['mail'];
$pass = @$_POST['pass'];
$red = @$_POST['red'];
if (!$red) {
$red = URL . '/';
}
// has user?
$data = ldb_select('user', '*', '`mail`=\'' . ldb_escape($mail) . '\' AND `passwd`=\'' . md5(md5(md5($pass))) . '\' LIMIT 1');
if (!$data) {
// User is not found...
// Drop cookie
setcookie(cfg('auth_int_cookie_name'), '', time() - 86400, '/', COOKIE_DOMAIN);
// Error message
//core_error_lng('login_e_p');
$out .= '<div class="error_div"><p>' . lang('login_e_p') . '</p></div><br/>';
} else {
$data = $data[0];
// Status is OK?
if ($data['status'] != 'ACTIVE') {
if ($data['status'] == 'NOT_ACTIVATED') {
// Not activated...
$out .= '<div class="error_div">' . lang('login_e_a') . '</div>';
}
if ($data['status'] == 'BANNED') {
// Not activated...
$out .= '<div class="error_div">' . lang('login_e_b') . '</div>';
}
} else {
// User exists...
/*
// Generate LoginKey
$lk = sha1(md5($_SERVER['HTTP_USER_AGENT']).mt_rand().md5($mail).md5($pass).time());
// Update DB
db_update_by_id('site_users', $data['id'], array('login_key'=>md5($lk),'last_login'=>time(),'last_ip'=>$_SERVER['REMOTE_ADDR']));
// All ok, set cookie and redirect;
$c_data = base64_encode($data['id'].':'.base64_encode($lk));
setcookie (cfg('auth_int_cookie_name'), $c_data, time()+intval(cfg('auth_int_session_time')), '/', COOKIE_DOMAIN);
*/
$this->create_session($data['id']);
$msg = lang('login_ok');
$msg = str_replace('{NAME}', $data['name'], $msg);
redirect_msg($red, $msg);
exit;
}
}
}
// Template
/*$tpl = new tpl ('login_form');
$tpl->v ('post',array_map('htmlspecialchars',$_POST));
$out .= $tpl->get ();*/
$fg = new lform();
$fg->add_title('Авторизироваться в системе');
$fg->add_input('text', lang('register_mail'), 'mail');
$fg->add_input('password', lang('register_password'), 'pass');
$fg->add_input('submit', '', 'sub_login', 'Войти');
$fg->add_input('raw', '<tr><td align="center" colspan="2" class="formgen_input_area"><a href="' . URL . '/user/lost_password/">' . lang('t_lostp') . '</a> / <a href="' . register_link() . '">' . lang('t_register') . '</a></td></tr>');
$out .= $fg->get_form();
return $out;
}
function update()
{
$id = intval($_GET['id']);
$data = ldb_select_one('upload', '*', $id);
if (!$data || @$data['uid'] != $this->uid) {
return $this->error('UPLOAD_NF', 'Upload is not found...');
}
$ttl = $GLOBALS['ttl_def'];
if (isset($GLOBALS['ttl'][@$_GET['ttl']])) {
$ttl = $_GET['ttl'];
}
$prol = @$_GET['prol'] == 'Y' ? true : false;
if ($prol) {
$tms_del = time() + $ttl;
} else {
$tms_del = $data['tms_upload'] + $ttl;
}
ldb_query('UPDATE `upload` SET `comment`=\'' . ldb_escape(@$_GET['comment']) . '\',`prolong`=\'' . ($prol ? 'Y' : 'N') . '\',`tms_delete`=' . $tms_del . ',`ttl`=' . $ttl . ' WHERE `id`=' . $id);
$data = ldb_select_one('upload', '*', $id);
echo '<update status="ok" tms_delete="' . $data['tms_delete'] . '" ttl="' . $data['ttl'] . '" prolong="' . $data['prolong'] . '" tms_last="' . $data['tms_last'] . '"/>' . "\n";
}
function user_password($login, $password, $is_md5 = false)
{
if (!$is_md5) {
$password = md5($password);
}
if ($u_data = ldb_select('user', array('id'), '`mail`=\'' . ldb_escape($login) . '\' AND `passwd`=\'' . md5(md5($password)) . '\' LIMIT 1')) {
return $u_data[0]['id'];
} else {
return false;
}
}
