}
if (isset($_POST['code'])) {
$code = $_POST['code'];
}
if (isset($_SESSION['ssid'])) {
$ssid = $_SESSION['ssid'];
$code = $_SESSION['code'];
}
if (isset($_GET['ajax'])) {
$ajax = true;
header("Content-Type: application/json");
$api_caller;
if (!check_api_access($api_caller)) {
die(json_encode($api_caller));
}
log_api_action($api_caller['id'], "logging out of session: " . $ssid);
}
$status = false;
$active = 0;
$session_deactivate_q = $mysql->prepare("UPDATE loginsessions set active = ? where id = ? and sessioncode = ?");
$session_deactivate_q->bind_param("iii", $active, $ssid, $code);
$session_deactivate_q->execute();
$session_deactivate_q->close();
unset($_SESSION['id']);
unset($_SESSION['ip']);
unset($_SESSION['username']);
unset($_SESSION['email']);
unset($_SESSION['ssid']);
unset($_SESSION['title']);
unset($_SESSION['code']);
session_destroy();
if (isset($_GET['username']) and isset($_GET['password'])) {
$username = stripslashes($_GET['username']);
$password = stripslashes($_GET['password']);
}
if (isset($_POST['username']) and isset($_POST['password'])) {
$username = stripslashes($_POST['username']);
$password = stripslashes($_POST['password']);
}
if (isset($_GET['ajax'])) {
$ajax = true;
header("Content-Type: application/json");
$api_caller;
if (!check_api_access($api_caller)) {
die(json_encode($api_caller));
}
log_api_action($api_caller['id'], "logging in to user: "******"SELECT state,password,password_salt,id from users where (username = ? or email = ?)");
$stmt->bind_param('ss', $username, $username);
$stmt->execute();
$stmt->bind_result($method, $password_h, $password_salt, $uid);
$stmt->fetch();
$stmt->close();
if (isValidMd5($password_h)) {
$cv_hash = cv_hash($password);
if ($password_h == $cv_hash) {
updatePassword($uid, $password);
$login = true;
$param_keys[] = "img = ?";
} elseif ($key == "info") {
$param_keys[] = "info = ?";
}
}
$sql_q = "UPDATE users SET " . implode(',', $param_keys) . " WHERE id = ?";
$sql_s = $mysql->prepare($sql_q);
$params = new BindParam();
foreach ($change as $key => $value) {
if ($key == "username") {
$params->add('s', $value);
} elseif ($key == "email") {
$params->add('s', $value);
} elseif ($key == "password") {
$passhash = hashpass($value);
$params->add('s', $params);
} elseif ($key == "img") {
$params->add('s', $value);
} elseif ($key == "info") {
$params->add('s', $value);
}
}
$params->add('i', $uid);
call_user_func_array(array($sql_s, "bind_param"), refValues($params->get()));
$sql_s->execute();
$sql_s->close();
if (isset($change['password'])) {
$change['password'] = '******';
}
log_api_action($api_caller['id'], "editing user: "******" change data: " . http_build_query($change));
}
$code = $_GET['code'];
}
if (isset($_POST['code'])) {
$code = $_POST['code'];
}
if (isset($_GET['logincheck'])) {
$q = $mysql->prepare("SELECT active from loginsessions where id = ? and sessioncode = ?");
$q->bind_param("ss", $ssid, $code);
$q->execute();
$q->bind_result($active);
$q->fetch();
$q->close();
log_api_action($api_caller['id'], "checking for active session: " . $ssid);
die(json_encode(array("active" => $active)));
}
log_api_action($api_caller['id'], "fetching session info for session: " . $ssid);
if ($ssid != 0 && $code != 0) {
//Get uid
$session_uid_q = $mysql->prepare("SELECT uid from loginsessions where id = ? and sessioncode = ? and active = '1'");
$session_uid_q->bind_param("ii", $ssid, $code);
$session_uid_q->execute();
$session_uid_q->bind_result($uid);
$session_uid_q->fetch();
if ($uid != "") {
$session_uid_q->close();
//Get user info
$user_info_q = $mysql->prepare("SELECT users.id as id,username,email,rank,user_titles.title as title from users left join user_titles on user_titles.id = users.rank where users.id = ?");
$user_info_q->bind_param("i", $uid);
$user_info_q->execute();
$user_info_q->bind_result($id, $qusername, $qemail, $qrank, $qtitle);
$user_info_q->fetch();
